From c6813817203b374064c5ee2ba230659915343c40 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 15 Feb 2024 17:00:34 +0000 Subject: [PATCH] Auto-Update: 2024-02-15T17:00:30.542461+00:00 --- CVE-2005/CVE-2005-09xx/CVE-2005-0918.json | 56 +++-- CVE-2014/CVE-2014-31xx/CVE-2014-3185.json | 151 ++++++++++-- CVE-2018/CVE-2018-201xx/CVE-2018-20169.json | 71 +++++- CVE-2019/CVE-2019-115xx/CVE-2019-11599.json | 201 +++++++++++++--- CVE-2020/CVE-2020-293xx/CVE-2020-29368.json | 35 ++- CVE-2022/CVE-2022-19xx/CVE-2022-1916.json | 6 +- CVE-2023/CVE-2023-18xx/CVE-2023-1838.json | 92 +++++++- CVE-2023/CVE-2023-253xx/CVE-2023-25365.json | 69 +++++- CVE-2023/CVE-2023-270xx/CVE-2023-27001.json | 68 +++++- CVE-2023/CVE-2023-31xx/CVE-2023-3106.json | 27 ++- CVE-2023/CVE-2023-386xx/CVE-2023-38646.json | 6 +- CVE-2023/CVE-2023-402xx/CVE-2023-40265.json | 69 +++++- CVE-2023/CVE-2023-402xx/CVE-2023-40266.json | 69 +++++- CVE-2023/CVE-2023-42xx/CVE-2023-4206.json | 57 ++++- CVE-2023/CVE-2023-42xx/CVE-2023-4208.json | 56 ++++- CVE-2023/CVE-2023-458xx/CVE-2023-45887.json | 8 +- CVE-2023/CVE-2023-471xx/CVE-2023-47131.json | 90 +++++++- CVE-2023/CVE-2023-477xx/CVE-2023-47700.json | 56 ++++- CVE-2023/CVE-2023-491xx/CVE-2023-49101.json | 83 ++++++- CVE-2023/CVE-2023-49xx/CVE-2023-4993.json | 55 +++++ CVE-2023/CVE-2023-515xx/CVE-2023-51505.json | 6 +- CVE-2023/CVE-2023-51xx/CVE-2023-5155.json | 55 +++++ CVE-2023/CVE-2023-62xx/CVE-2023-6255.json | 55 +++++ CVE-2023/CVE-2023-63xx/CVE-2023-6356.json | 227 +++++++++++++++++- CVE-2023/CVE-2023-65xx/CVE-2023-6535.json | 227 +++++++++++++++++- CVE-2023/CVE-2023-65xx/CVE-2023-6536.json | 227 +++++++++++++++++- CVE-2023/CVE-2023-70xx/CVE-2023-7014.json | 6 +- CVE-2023/CVE-2023-70xx/CVE-2023-7081.json | 55 +++++ CVE-2024/CVE-2024-01xx/CVE-2024-0164.json | 61 ++++- CVE-2024/CVE-2024-01xx/CVE-2024-0165.json | 61 ++++- CVE-2024/CVE-2024-01xx/CVE-2024-0166.json | 63 ++++- CVE-2024/CVE-2024-01xx/CVE-2024-0167.json | 61 ++++- CVE-2024/CVE-2024-01xx/CVE-2024-0170.json | 61 ++++- CVE-2024/CVE-2024-09xx/CVE-2024-0985.json | 79 ++++++- CVE-2024/CVE-2024-202xx/CVE-2024-20252.json | 61 ++++- CVE-2024/CVE-2024-202xx/CVE-2024-20254.json | 61 ++++- CVE-2024/CVE-2024-202xx/CVE-2024-20255.json | 61 ++++- CVE-2024/CVE-2024-202xx/CVE-2024-20290.json | 100 +++++++- CVE-2024/CVE-2024-220xx/CVE-2024-22012.json | 67 +++++- CVE-2024/CVE-2024-226xx/CVE-2024-22637.json | 6 +- CVE-2024/CVE-2024-228xx/CVE-2024-22836.json | 78 ++++++- CVE-2024/CVE-2024-234xx/CVE-2024-23448.json | 66 +++++- CVE-2024/CVE-2024-236xx/CVE-2024-23660.json | 74 +++++- CVE-2024/CVE-2024-237xx/CVE-2024-23756.json | 68 +++++- CVE-2024/CVE-2024-237xx/CVE-2024-23769.json | 74 +++++- CVE-2024/CVE-2024-241xx/CVE-2024-24115.json | 64 +++++- CVE-2024/CVE-2024-242xx/CVE-2024-24202.json | 74 +++++- CVE-2024/CVE-2024-242xx/CVE-2024-24213.json | 82 ++++++- CVE-2024/CVE-2024-245xx/CVE-2024-24590.json | 60 ++++- CVE-2024/CVE-2024-245xx/CVE-2024-24591.json | 63 ++++- CVE-2024/CVE-2024-245xx/CVE-2024-24592.json | 61 ++++- CVE-2024/CVE-2024-245xx/CVE-2024-24593.json | 59 ++++- CVE-2024/CVE-2024-245xx/CVE-2024-24594.json | 61 ++++- CVE-2024/CVE-2024-248xx/CVE-2024-24815.json | 72 +++++- CVE-2024/CVE-2024-248xx/CVE-2024-24822.json | 61 ++++- CVE-2024/CVE-2024-248xx/CVE-2024-24823.json | 69 +++++- CVE-2024/CVE-2024-248xx/CVE-2024-24824.json | 87 ++++++- CVE-2024/CVE-2024-251xx/CVE-2024-25145.json | 241 +++++++++++++++++++- CVE-2024/CVE-2024-252xx/CVE-2024-25200.json | 69 +++++- CVE-2024/CVE-2024-252xx/CVE-2024-25201.json | 70 +++++- README.md | 88 +++---- 61 files changed, 4206 insertions(+), 360 deletions(-) create mode 100644 CVE-2023/CVE-2023-49xx/CVE-2023-4993.json create mode 100644 CVE-2023/CVE-2023-51xx/CVE-2023-5155.json create mode 100644 CVE-2023/CVE-2023-62xx/CVE-2023-6255.json create mode 100644 CVE-2023/CVE-2023-70xx/CVE-2023-7081.json diff --git a/CVE-2005/CVE-2005-09xx/CVE-2005-0918.json b/CVE-2005/CVE-2005-09xx/CVE-2005-0918.json index 741897c4187..2171f19cfee 100644 --- a/CVE-2005/CVE-2005-09xx/CVE-2005-0918.json +++ b/CVE-2005/CVE-2005-09xx/CVE-2005-0918.json @@ -2,7 +2,7 @@ "id": "CVE-2005-0918", "sourceIdentifier": "cve@mitre.org", "published": "2005-05-05T04:00:00.000", - "lastModified": "2008-09-05T20:47:41.270", + "lastModified": "2024-02-15T15:19:52.240", "vulnStatus": "Analyzed", "descriptions": [ { @@ -44,13 +44,14 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-203" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -58,28 +59,20 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:adobe:svg_viewer:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "AB514A64-3F7E-445D-B2A2-0BCC2D70A851" - }, + "criteria": "cpe:2.3:a:adobe:svg_viewer:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.02", + "matchCriteriaId": "9C1FE08B-07BF-4393-AC21-26590D219EE6" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:a:adobe:svg_viewer:2.0:*:*:*:*:*:*:*", - "matchCriteriaId": "37D81AEF-432E-4111-A2CD-292B54C959BB" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:adobe:svg_viewer:3.0:*:*:*:*:*:*:*", - "matchCriteriaId": "A06BCEE0-275C-41C8-8FBC-FCC838CF4D1B" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:adobe:svg_viewer:3.01:*:*:*:*:*:*:*", - "matchCriteriaId": "CC526B50-EC02-48DD-AD5D-6BDCAC67C004" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:adobe:svg_viewer:3.02:*:*:*:*:*:*:*", - "matchCriteriaId": "1E1145D3-28F5-4F5B-9F54-20DCBB1CFF3E" + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:internet_explorer:-:*:*:*:*:*:*:*", + "matchCriteriaId": "C37BA825-679F-4257-9F2B-CE2318B75396" } ] } @@ -87,14 +80,28 @@ } ], "references": [ + { + "url": "http://secunia.com/advisories/15255", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, { "url": "http://securitytracker.com/id?1013890", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.adobe.com/support/techdocs/323585.html", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Patch" ] }, @@ -102,6 +109,7 @@ "url": "http://www.hyperdose.com/advisories/H2005-07.txt", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Exploit", "Patch" ] diff --git a/CVE-2014/CVE-2014-31xx/CVE-2014-3185.json b/CVE-2014/CVE-2014-31xx/CVE-2014-3185.json index 11a46bf8f55..ae7c0a0c133 100644 --- a/CVE-2014/CVE-2014-31xx/CVE-2014-3185.json +++ b/CVE-2014/CVE-2014-31xx/CVE-2014-3185.json @@ -2,8 +2,8 @@ "id": "CVE-2014-3185", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2014-09-28T10:55:10.283", - "lastModified": "2023-11-07T02:19:57.607", - "vulnStatus": "Modified", + "lastModified": "2024-02-15T15:58:06.067", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -63,13 +63,43 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndIncluding": "3.16.1", - "matchCriteriaId": "8452407A-5074-4385-B9A1-9E49042CCAEB" + "versionStartExcluding": "3.2.63", + "matchCriteriaId": "7C80D391-F3B3-4EFA-AB8D-6AFF448F906C" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:3.16.0:*:*:*:*:*:*:*", - "matchCriteriaId": "3CFFCDFC-AE4F-47EE-B1DA-05A6865D1745" + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.3", + "versionEndExcluding": "3.4.104", + "matchCriteriaId": "95E0847B-5988-4925-98FF-29EEE803ECC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.5", + "versionEndExcluding": "3.10.54", + "matchCriteriaId": "F9ACBC23-0CDB-475C-A567-6A4D9F322B31" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.11", + "versionEndExcluding": "3.12.29", + "matchCriteriaId": "BBF71F21-E234-4CDD-87E7-D0F9ADDEFAD3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.13", + "versionEndExcluding": "3.14.18", + "matchCriteriaId": "8E47EF9D-62CE-4AF1-A8C9-14E0D9AB3A76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.15", + "versionEndExcluding": "3.16.2", + "matchCriteriaId": "4DAD07BE-4260-45D8-A744-53DE4E3DC346" } ] } @@ -79,79 +109,150 @@ "references": [ { "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6817ae225cd650fb1c3295d769298c38b1eba818", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00000.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00020.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2014-1318.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2015-0284.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.16.2", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2014/09/11/21", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://www.securityfocus.com/bid/69781", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.ubuntu.com/usn/USN-2374-1", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.ubuntu.com/usn/USN-2375-1", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.ubuntu.com/usn/USN-2376-1", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.ubuntu.com/usn/USN-2377-1", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.ubuntu.com/usn/USN-2378-1", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.ubuntu.com/usn/USN-2379-1", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1141400", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://code.google.com/p/google-security-research/issues/detail?id=98", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/torvalds/linux/commit/6817ae225cd650fb1c3295d769298c38b1eba818", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2018/CVE-2018-201xx/CVE-2018-20169.json b/CVE-2018/CVE-2018-201xx/CVE-2018-20169.json index 229e56934e3..b454bd5c65f 100644 --- a/CVE-2018/CVE-2018-201xx/CVE-2018-20169.json +++ b/CVE-2018/CVE-2018-201xx/CVE-2018-20169.json @@ -2,8 +2,8 @@ "id": "CVE-2018-20169", "sourceIdentifier": "cve@mitre.org", "published": "2018-12-17T07:29:00.653", - "lastModified": "2019-08-13T19:15:13.593", - "vulnStatus": "Modified", + "lastModified": "2024-02-15T15:56:15.670", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -85,8 +85,43 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartExcluding": "3.16.63", + "matchCriteriaId": "130870FD-48F8-416B-8243-1635BCAF703E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.17", + "versionEndExcluding": "3.18.129", + "matchCriteriaId": "DB109F34-BDC4-4BD8-BF8E-B0219637CA44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.19", + "versionEndExcluding": "4.4.167", + "matchCriteriaId": "91D67486-8327-45D1-BCE8-F6765A134C66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5", + "versionEndExcluding": "4.9.145", + "matchCriteriaId": "1443F599-242F-4D82-A137-C3F534A1D4B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.88", + "matchCriteriaId": "3ACB6D3C-AA01-41A7-9A30-7387B0104C70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", "versionEndExcluding": "4.19.9", - "matchCriteriaId": "8BFB21C0-9AA2-4122-907F-D95E8D3E2C89" + "matchCriteriaId": "14AFABA8-6411-4647-A0C5-7C5FF13256D0" } ] } @@ -140,11 +175,19 @@ }, { "url": "https://access.redhat.com/errata/RHSA-2019:3309", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2019:3517", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.9", @@ -203,11 +246,19 @@ }, { "url": "https://usn.ubuntu.com/4094-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://usn.ubuntu.com/4118-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2019/CVE-2019-115xx/CVE-2019-11599.json b/CVE-2019/CVE-2019-115xx/CVE-2019-11599.json index 5187e486c25..230e8c74477 100644 --- a/CVE-2019/CVE-2019-115xx/CVE-2019-11599.json +++ b/CVE-2019/CVE-2019-115xx/CVE-2019-11599.json @@ -2,8 +2,8 @@ "id": "CVE-2019-11599", "sourceIdentifier": "cve@mitre.org", "published": "2019-04-29T18:29:00.243", - "lastModified": "2023-11-07T03:03:03.567", - "vulnStatus": "Modified", + "lastModified": "2024-02-15T15:56:20.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV30": [ + "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -85,8 +85,44 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.16.12", + "versionEndExcluding": "3.16.66", + "matchCriteriaId": "E19B1AD5-F2B9-42A0-8DEA-D1523A006A62" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.17", + "versionEndExcluding": "4.4.183", + "matchCriteriaId": "048C641C-0C59-4039-B43F-98D9D1D80331" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5", + "versionEndExcluding": "4.9.188", + "matchCriteriaId": "4FA14762-EEF0-47BF-9AEF-B4EA7F8370C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.114", + "matchCriteriaId": "A8435063-EEF3-4473-8F06-76341B7A06A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.37", + "matchCriteriaId": "ABC4CBFF-ED77-45EE-8543-A217F9762929" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", "versionEndExcluding": "5.0.10", - "matchCriteriaId": "995B7430-4BA4-4979-BD8E-8907622852A8" + "matchCriteriaId": "C0ACE181-99FA-47C7-898B-810936A33C08" } ] } @@ -96,11 +132,19 @@ "references": [ { "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00014.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00025.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://packetstormsecurity.com/files/152663/Linux-Missing-Lockdown.html", @@ -113,7 +157,11 @@ }, { "url": "http://packetstormsecurity.com/files/153702/Slackware-Security-Advisory-Slackware-14.2-kernel-Updates.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2019/04/29/1", @@ -149,35 +197,67 @@ }, { "url": "https://access.redhat.com/errata/RHSA-2019:2029", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2019:2043", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2019:3309", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2019:3517", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0100", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0103", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0179", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2020:0543", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1790", @@ -231,63 +311,115 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00041.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00042.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://lists.debian.org/debian-lts-announce/2019/06/msg00011.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://seclists.org/bugtraq/2019/Jul/33", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://seclists.org/bugtraq/2019/Jun/26", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20190517-0002/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20200608-0001/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://support.f5.com/csp/article/K51674118", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://support.f5.com/csp/article/K51674118?utm_source=f5support&%3Butm_medium=RSS", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://usn.ubuntu.com/4069-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://usn.ubuntu.com/4069-2/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://usn.ubuntu.com/4095-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://usn.ubuntu.com/4115-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://usn.ubuntu.com/4118-1/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.debian.org/security/2019/dsa-4465", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.exploit-db.com/exploits/46781/", @@ -300,7 +432,10 @@ }, { "url": "https://www.oracle.com/security-alerts/cpuApr2021.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2020/CVE-2020-293xx/CVE-2020-29368.json b/CVE-2020/CVE-2020-293xx/CVE-2020-29368.json index f3ebe3843e3..8d1e3e15de7 100644 --- a/CVE-2020/CVE-2020-293xx/CVE-2020-29368.json +++ b/CVE-2020/CVE-2020-293xx/CVE-2020-29368.json @@ -2,7 +2,7 @@ "id": "CVE-2020-29368", "sourceIdentifier": "cve@mitre.org", "published": "2020-11-28T07:15:11.460", - "lastModified": "2022-04-26T16:34:29.487", + "lastModified": "2024-02-15T15:56:34.797", "vulnStatus": "Analyzed", "descriptions": [ { @@ -77,7 +77,6 @@ ], "configurations": [ { - "operator": "AND", "nodes": [ { "operator": "OR", @@ -86,15 +85,43 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5.5", + "versionEndExcluding": "4.9.228", + "matchCriteriaId": "9F533643-6482-466F-87F2-9446C8214FF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.14.185", + "matchCriteriaId": "82A795AE-6C0D-4C70-93E8-CB1183C8F147" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.129", + "matchCriteriaId": "96593438-C71A-47FD-B19B-F54C6E65BDA5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.48", + "matchCriteriaId": "55E407BF-74C3-42AB-8591-2385D5732960" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", "versionEndExcluding": "5.7.5", - "matchCriteriaId": "1473B179-9D2A-4105-9E31-6B1C2C8C144F" + "matchCriteriaId": "45E1B7E8-BF1C-4AFA-9862-DAE3916A8846" } ] } ] }, { - "operator": "AND", "nodes": [ { "operator": "OR", diff --git a/CVE-2022/CVE-2022-19xx/CVE-2022-1916.json b/CVE-2022/CVE-2022-19xx/CVE-2022-1916.json index 070bee62320..54b56d1171e 100644 --- a/CVE-2022/CVE-2022-19xx/CVE-2022-1916.json +++ b/CVE-2022/CVE-2022-19xx/CVE-2022-1916.json @@ -2,7 +2,7 @@ "id": "CVE-2022-1916", "sourceIdentifier": "contact@wpscan.com", "published": "2022-06-27T09:15:10.283", - "lastModified": "2022-07-06T17:15:40.673", + "lastModified": "2024-02-15T15:17:27.737", "vulnStatus": "Analyzed", "descriptions": [ { @@ -84,9 +84,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:pluginus:active_products_tables_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "1.0.5", - "matchCriteriaId": "24FBB09D-55E9-47E4-A773-DD0400617003" + "matchCriteriaId": "C7EB1C72-D0C0-4C65-A17C-FC8E94558B26" } ] } diff --git a/CVE-2023/CVE-2023-18xx/CVE-2023-1838.json b/CVE-2023/CVE-2023-18xx/CVE-2023-1838.json index 98aac9ff555..c9dd5eb6de9 100644 --- a/CVE-2023/CVE-2023-18xx/CVE-2023-1838.json +++ b/CVE-2023/CVE-2023-18xx/CVE-2023-1838.json @@ -2,8 +2,8 @@ "id": "CVE-2023-1838", "sourceIdentifier": "secalert@redhat.com", "published": "2023-04-05T19:15:07.793", - "lastModified": "2023-11-07T04:05:03.377", - "vulnStatus": "Modified", + "lastModified": "2024-02-15T15:56:40.963", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -46,7 +46,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -66,8 +66,79 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "5.18_25", - "matchCriteriaId": "1D18FD7E-DA12-4F2B-90B3-7C90E81B42FF" + "versionStartIncluding": "4.13", + "versionEndExcluding": "4.14.317", + "matchCriteriaId": "4656B60F-29E8-4D7E-B827-28CC2223B5C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.245", + "matchCriteriaId": "239757EB-B2DF-4DD4-8EEE-97141186DA12" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.196", + "matchCriteriaId": "87FC1554-2185-4ED6-BF1C-293AA14FFC32" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.118", + "matchCriteriaId": "CA790029-5DF7-42D7-962E-C810540457A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.42", + "matchCriteriaId": "555641B6-5319-4C13-9CC9-50B1CCF9E816" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "5.17.10", + "matchCriteriaId": "6D0772F5-6B38-4D6C-B29E-A04E7CC5CB9F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CDDF61B7-EC5C-467C-B710-B89F502CD04F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*", + "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F" } ] } @@ -77,11 +148,18 @@ "references": [ { "url": "https://lore.kernel.org/netdev/20220516084213.26854-1-jasowang%40redhat.com/T/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://security.netapp.com/advisory/ntap-20230517-0003/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-253xx/CVE-2023-25365.json b/CVE-2023/CVE-2023-253xx/CVE-2023-25365.json index 2f954acef86..a76d67d9a13 100644 --- a/CVE-2023/CVE-2023-253xx/CVE-2023-25365.json +++ b/CVE-2023/CVE-2023-253xx/CVE-2023-25365.json @@ -2,19 +2,80 @@ "id": "CVE-2023-25365", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T22:15:08.410", - "lastModified": "2024-02-09T01:37:59.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:01:16.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability found in October CMS v.3.2.0 allows local attacker to execute arbitrary code via the file type .mp3" + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Scripting encontrada en October CMS v.3.2.0 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s del tipo de archivo .mp3" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:octobercms:october:3.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "B008F340-B11C-4D76-9A46-34F4B3B03904" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://cupc4k3.medium.com/cve-2023-25365-xss-via-file-upload-bypass-ddf4d2a106a7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Press/Media Coverage", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-270xx/CVE-2023-27001.json b/CVE-2023/CVE-2023-270xx/CVE-2023-27001.json index 0e5a58aba20..46832f55a55 100644 --- a/CVE-2023/CVE-2023-270xx/CVE-2023-27001.json +++ b/CVE-2023/CVE-2023-270xx/CVE-2023-27001.json @@ -2,19 +2,79 @@ "id": "CVE-2023-27001", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T22:15:08.463", - "lastModified": "2024-02-09T01:37:59.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:01:02.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue discovered in Egerie Risk Manager v4.0.5 allows attackers to bypass the signature mechanism and tamper with the values inside the JWT payload resulting in privilege escalation." + }, + { + "lang": "es", + "value": "Un problema descubierto en Egerie Risk Manager v4.0.5 permite a los atacantes eludir el mecanismo de firma y alterar los valores dentro de el payload de JWT, lo que resulta en una escalada de privilegios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:egerie:egerie:4.0.5:*:*:*:*:*:*:*", + "matchCriteriaId": "0916E437-CD3F-41D9-93AD-80B081282EC2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/post-cyberlabs/CVE-Advisory/blob/main/CVE-2023-27001.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-31xx/CVE-2023-3106.json b/CVE-2023/CVE-2023-31xx/CVE-2023-3106.json index ebee0d30471..2448d29d9e4 100644 --- a/CVE-2023/CVE-2023-31xx/CVE-2023-3106.json +++ b/CVE-2023/CVE-2023-31xx/CVE-2023-3106.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3106", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-12T09:15:14.550", - "lastModified": "2023-11-07T04:17:55.303", - "vulnStatus": "Modified", + "lastModified": "2024-02-15T16:03:47.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -33,7 +33,7 @@ "impactScore": 5.9 }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "cvssData": { "version": "3.1", @@ -66,7 +66,7 @@ ] }, { - "source": "53f830b8-0a3f-465b-8143-3b8a9948e749", + "source": "secalert@redhat.com", "type": "Secondary", "description": [ { @@ -86,8 +86,23 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "4.8", - "matchCriteriaId": "28EB12EC-3BC4-4DCC-9A6A-5F810F17E8FE" + "versionStartIncluding": "3.15", + "versionEndExcluding": "3.16.39", + "matchCriteriaId": "7C441EE1-EC9F-4D9D-95A4-3FD494363278" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.17", + "versionEndExcluding": "4.4.223", + "matchCriteriaId": "8C132AFE-2E0B-47FD-BBAB-B5D5E3AC6DD1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.5", + "versionEndExcluding": "4.7.10", + "matchCriteriaId": "C6C1817C-C779-47B1-B9F7-A77838991F27" }, { "vulnerable": true, diff --git a/CVE-2023/CVE-2023-386xx/CVE-2023-38646.json b/CVE-2023/CVE-2023-386xx/CVE-2023-38646.json index 9dbf8732f31..b57225b6ff2 100644 --- a/CVE-2023/CVE-2023-386xx/CVE-2023-38646.json +++ b/CVE-2023/CVE-2023-386xx/CVE-2023-38646.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38646", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-21T15:15:10.003", - "lastModified": "2023-08-09T18:15:13.213", + "lastModified": "2024-02-15T16:15:45.380", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "url": "http://packetstormsecurity.com/files/174091/Metabase-Remote-Code-Execution.html", "source": "cve@mitre.org" }, + { + "url": "http://packetstormsecurity.com/files/177138/Metabase-0.46.6-Remote-Code-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/metabase/metabase/issues/32552", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40265.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40265.json index 9815780577f..da18ad45648 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40265.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40265.json @@ -2,19 +2,80 @@ "id": "CVE-2023-40265", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T22:15:08.770", - "lastModified": "2024-02-09T01:37:59.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:00:56.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows authenticated remote code execution via file upload." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Atos Unify OpenScape Xpressions WebAssistant V7 anterior a V7R1 FR5 HF42 P911. Permite la ejecuci\u00f3n remota de c\u00f3digo autenticado mediante la carga de archivos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mitel:unify_openscape_xpressions_webassistant:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0", + "versionEndExcluding": "7r1_fr5_hf42_p911", + "matchCriteriaId": "659DD56F-AF9C-4B12-963E-FE33E39386E7" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://networks.unify.com/security/advisories/OBSO-2305-03.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-402xx/CVE-2023-40266.json b/CVE-2023/CVE-2023-402xx/CVE-2023-40266.json index 8477d8287ed..5586e48dbe0 100644 --- a/CVE-2023/CVE-2023-402xx/CVE-2023-40266.json +++ b/CVE-2023/CVE-2023-402xx/CVE-2023-40266.json @@ -2,19 +2,80 @@ "id": "CVE-2023-40266", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T22:15:08.840", - "lastModified": "2024-02-09T01:37:59.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:00:49.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered in Atos Unify OpenScape Xpressions WebAssistant V7 before V7R1 FR5 HF42 P911. It allows path traversal." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en Atos Unify OpenScape Xpressions WebAssistant V7 anterior a V7R1 FR5 HF42 P911. Permite el path traversal." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mitel:unify_openscape_xpressions_webassistant:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0", + "versionEndExcluding": "7r1_fr5_hf42_p911", + "matchCriteriaId": "659DD56F-AF9C-4B12-963E-FE33E39386E7" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://networks.unify.com/security/advisories/OBSO-2305-03.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4206.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4206.json index 6e6a4596373..70880dcb78f 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4206.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4206.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4206", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:11.280", - "lastModified": "2024-01-11T19:15:11.627", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-15T15:57:06.697", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -90,8 +90,51 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "6.5", - "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + "versionStartIncluding": "3.18", + "versionEndExcluding": "4.14.322", + "matchCriteriaId": "1F7D3B5B-3896-4B9A-A0DF-07217A321EA9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.291", + "matchCriteriaId": "D2D2CA9F-4CC4-4AF5-8C6D-E58415AB782E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.253", + "matchCriteriaId": "0707E9FF-8CDE-4AC1-98F3-5BB74EF88F8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.190", + "matchCriteriaId": "B8DECE4F-2D62-4976-B338-963015198AC8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.126", + "matchCriteriaId": "C552AC9E-23B8-4D7D-AA26-57985BD93962" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.45", + "matchCriteriaId": "A0CA013D-55AF-4494-A931-AFC8EA64E875" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.4.10", + "matchCriteriaId": "7BB0D94C-4FCE-46F4-A8D4-062D6A84627A" } ] } @@ -134,7 +177,11 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5492", diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json index 0c4359c3e2d..d71a1c9ad84 100644 --- a/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4208.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4208", "sourceIdentifier": "cve-coordination@google.com", "published": "2023-09-06T14:15:11.627", - "lastModified": "2024-01-11T19:15:11.887", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-15T15:57:17.537", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -90,8 +90,51 @@ { "vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "6.5", - "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + "versionStartIncluding": "3.18", + "versionEndExcluding": "4.14.322", + "matchCriteriaId": "1F7D3B5B-3896-4B9A-A0DF-07217A321EA9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.15", + "versionEndExcluding": "4.19.291", + "matchCriteriaId": "D2D2CA9F-4CC4-4AF5-8C6D-E58415AB782E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.253", + "matchCriteriaId": "0707E9FF-8CDE-4AC1-98F3-5BB74EF88F8A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.190", + "matchCriteriaId": "B8DECE4F-2D62-4976-B338-963015198AC8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.126", + "matchCriteriaId": "C552AC9E-23B8-4D7D-AA26-57985BD93962" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.45", + "matchCriteriaId": "A0CA013D-55AF-4494-A931-AFC8EA64E875" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.4.10", + "matchCriteriaId": "7BB0D94C-4FCE-46F4-A8D4-062D6A84627A" } ] } @@ -130,7 +173,10 @@ }, { "url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html", - "source": "cve-coordination@google.com" + "source": "cve-coordination@google.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.debian.org/security/2023/dsa-5492", diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45887.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45887.json index fcdf884ea0c..4f5c18b0da0 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45887.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45887.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45887", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-20T00:15:08.613", - "lastModified": "2024-01-02T14:32:56.787", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-15T16:15:45.510", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -73,6 +73,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/177135/DS-Wireless-Communication-Code-Execution.html", + "source": "cve@mitre.org" + }, { "url": "https://github.com/MikeIsAStar/DS-Wireless-Communication-Remote-Code-Execution", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47131.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47131.json index 25cc1e3bd97..d5f023fe59d 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47131.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47131.json @@ -2,19 +2,101 @@ "id": "CVE-2023-47131", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T23:15:09.827", - "lastModified": "2024-02-09T01:37:53.353", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:59:41.410", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The N-able PassPortal extension before 3.29.2 for Chrome inserts sensitive information into a log file." + }, + { + "lang": "es", + "value": "La extensi\u00f3n N-able PassPortal anterior a 3.29.2 para Chrome inserta informaci\u00f3n confidencial en un archivo de registro." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:n-able:passportal:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.29.2", + "matchCriteriaId": "8DD54E0D-DB4D-474D-8DDA-3A9B2C90011A" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:a:google:chrome:-:*:*:*:*:*:*:*", + "matchCriteriaId": "39B565E1-C2F1-44FC-A517-E3130332B17C" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:microsoft:edge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "77D197D7-57FB-4898-8C70-B19D5F0D5BE0" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:a:mozilla:firefox:-:*:*:*:*:*:*:*", + "matchCriteriaId": "97D4FFCF-5309-43B6-9FD5-680C6D535A7F" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://me.n-able.com/s/security-advisory/aArHs000000M8CCKA0/cve202347131-passportal-browser-extension-logs-sensitive-data", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47700.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47700.json index b49f5f89d54..b94730cb6eb 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47700.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47700.json @@ -2,16 +2,40 @@ "id": "CVE-2023-47700", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-07T17:15:09.677", - "lastModified": "2024-02-07T17:38:33.990", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:09:10.133", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.6 products could allow a remote attacker to spoof a trusted system that would not be correctly validated by the Storwize server. This could lead to a user connecting to a malicious host, believing that it was a trusted system and deceived into accepting spoofed data. IBM X-Force ID: 271016." + }, + { + "lang": "es", + "value": "Los productos IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem e IBM Storage Virtualize 8.6 podr\u00edan permitir a un atacante remoto falsificar un sistema confiable que no ser\u00eda validado correctamente por el servidor Storwize. Esto podr\u00eda llevar a que un usuario se conecte a un host malicioso, creyendo que se trata de un sistema confiable y siendo enga\u00f1ado para que acepte datos falsificados. ID de IBM X-Force: 271016." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "42E2161E-7444-43FE-BA82-DA2103104A5E" + } + ] + } + ] + } + ], "references": [ { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/271016", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "VDB Entry", + "Vendor Advisory" + ] }, { "url": "https://www.ibm.com/support/pages/node/7114767", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-491xx/CVE-2023-49101.json b/CVE-2023/CVE-2023-491xx/CVE-2023-49101.json index 71164d0bc2c..d426db464b1 100644 --- a/CVE-2023/CVE-2023-491xx/CVE-2023-49101.json +++ b/CVE-2023/CVE-2023-491xx/CVE-2023-49101.json @@ -2,19 +2,94 @@ "id": "CVE-2023-49101", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T22:15:08.940", - "lastModified": "2024-02-09T01:37:59.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:00:44.567", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "WebAdmin in Axigen 10.3.x before 10.3.3.61, 10.4.x before 10.4.24, and 10.5.x before 10.5.10 allows XSS attacks against admins because of mishandling of viewing the usage of SSL certificates." + }, + { + "lang": "es", + "value": "WebAdmin en Axigen 10.3.x anterior a 10.3.3.61, 10.4.x anterior a 10.4.24 y 10.5.x anterior a 10.5.10 permite ataques XSS contra administradores debido al mal manejo de la visualizaci\u00f3n del uso de certificados SSL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:axigen:axigen_mobile_webmail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.3.3.0", + "versionEndExcluding": "10.3.3.61", + "matchCriteriaId": "28DC928C-7974-4B07-B970-DD6B841D2E79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:axigen:axigen_mobile_webmail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.4.0", + "versionEndExcluding": "10.4.24", + "matchCriteriaId": "95DDC008-B95F-4D5F-8E11-979BB0A5796B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:axigen:axigen_mobile_webmail:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.5.0", + "versionEndExcluding": "10.5.10", + "matchCriteriaId": "94798C71-063F-4867-98E7-25E318C597AD" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.axigen.com/kb/show/400", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4993.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4993.json new file mode 100644 index 00000000000..e61aeeb50f5 --- /dev/null +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4993.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-4993", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-02-15T16:15:45.643", + "lastModified": "2024-02-15T16:15:45.643", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Privilege Management vulnerability in Utarit Information Technologies SoliPay Mobile App allows Collect Data as Provided by Users.This issue affects SoliPay Mobile App: before 5.0.8.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0104", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51505.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51505.json index 9afb665dfe9..9ecdfd8400f 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51505.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51505.json @@ -2,7 +2,7 @@ "id": "CVE-2023-51505", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T13:15:10.820", - "lastModified": "2024-01-05T18:05:27.917", + "lastModified": "2024-02-15T15:08:24.430", "vulnStatus": "Analyzed", "descriptions": [ { @@ -89,9 +89,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:pluginus:active_products_tables_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*", "versionEndIncluding": "1.0.6", - "matchCriteriaId": "30D66AEA-E69E-47C1-AADA-122FEA8355A3" + "matchCriteriaId": "573AA7BD-EB43-41C2-96DB-142251E723FB" } ] } diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5155.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5155.json new file mode 100644 index 00000000000..4847b9f7783 --- /dev/null +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5155.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-5155", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-02-15T16:15:45.910", + "lastModified": "2024-02-15T16:15:45.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Utarit Information Technologies SoliPay Mobile App allows SQL Injection.This issue affects SoliPay Mobile App: before 5.0.8.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0104", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6255.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6255.json new file mode 100644 index 00000000000..dba67fea562 --- /dev/null +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6255.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6255", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-02-15T16:15:46.117", + "lastModified": "2024-02-15T16:15:46.117", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Use of Hard-coded Credentials vulnerability in Utarit Information Technologies SoliPay Mobile App allows Read Sensitive Strings Within an Executable.This issue affects SoliPay Mobile App: before 5.0.8.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0104", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6356.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6356.json index 3f749558561..176bb87c09a 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6356.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6356.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6356", "sourceIdentifier": "secalert@redhat.com", "published": "2024-02-07T21:15:08.317", - "lastModified": "2024-02-07T22:02:11.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:39:38.967", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a denial of service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado env\u00ede un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe y provoca un p\u00e1nico en el kernel y una denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,26 +70,215 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "8BE16CC2-C6B4-4B73-98A1-F28475A92F49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "78680986-99FE-4817-BF78-65D7164DFB19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "9A879F9F-F087-45D4-BD65-2990276477D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "73455AA0-6962-462D-8AA8-2C644BC9951F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "AD9E97F6-56E0-4C26-8F01-D57002917A6D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "6C138DAF-9769-43B0-A9E6-320738EB3415" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2024:0723", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:0724", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:0725", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6356", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254054", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6535.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6535.json index 0fe868ef545..5d537df044c 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6535.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6535.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6535", "sourceIdentifier": "secalert@redhat.com", "published": "2024-02-07T21:15:08.530", - "lastModified": "2024-02-07T22:02:11.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:39:43.167", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado env\u00ede un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe, lo que provoca p\u00e1nico en el kernel y una denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,26 +70,215 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "8BE16CC2-C6B4-4B73-98A1-F28475A92F49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "78680986-99FE-4817-BF78-65D7164DFB19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "9A879F9F-F087-45D4-BD65-2990276477D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "73455AA0-6962-462D-8AA8-2C644BC9951F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "AD9E97F6-56E0-4C26-8F01-D57002917A6D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "6C138DAF-9769-43B0-A9E6-320738EB3415" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2024:0723", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:0724", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:0725", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6535", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254053", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6536.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6536.json index 133ab0629a8..a4987136d16 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6536.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6536.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6536", "sourceIdentifier": "secalert@redhat.com", "published": "2024-02-07T21:15:08.733", - "lastModified": "2024-02-07T22:02:11.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:25:07.397", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial of service." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en el controlador NVMe del kernel de Linux. Este problema puede permitir que un actor malicioso no autenticado env\u00ede un conjunto de paquetes TCP manipulados cuando usa NVMe sobre TCP, lo que lleva al controlador NVMe a una desreferencia del puntero NULL en el controlador NVMe, lo que provoca p\u00e1nico en el kernel y una denegaci\u00f3n de servicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,26 +70,215 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "8BE16CC2-C6B4-4B73-98A1-F28475A92F49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "78680986-99FE-4817-BF78-65D7164DFB19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "37B7CE5C-BFEA-4F96-9759-D511EF189059" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:9.2_aarch64:*:*:*:*:*:*:*", + "matchCriteriaId": "9A879F9F-F087-45D4-BD65-2990276477D2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", + "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "73455AA0-6962-462D-8AA8-2C644BC9951F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_real_time_for_nfv:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "AD9E97F6-56E0-4C26-8F01-D57002917A6D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", + "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "6C138DAF-9769-43B0-A9E6-320738EB3415" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:9.2_ppc64le:*:*:*:*:*:*:*", + "matchCriteriaId": "CC6A25CB-907A-4D05-8460-A2488938A8BE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", + "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2024:0723", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:0724", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2024:0725", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6536", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254052", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7014.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7014.json index fa7a246180a..ce6169f2b55 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7014.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7014.json @@ -2,7 +2,7 @@ "id": "CVE-2023-7014", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:15:58.943", - "lastModified": "2024-02-13T16:18:27.937", + "lastModified": "2024-02-15T15:07:55.347", "vulnStatus": "Analyzed", "descriptions": [ { @@ -79,9 +79,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:molongui:authorship:*:*:*:*:*:wordpress:*:*", + "criteria": "cpe:2.3:a:amitzy:molongui_authorship:*:*:*:*:*:wordpress:*:*", "versionEndExcluding": "4.7.5", - "matchCriteriaId": "F110C079-3E25-4DA9-B768-77342962D2B5" + "matchCriteriaId": "94A0B084-131E-48A2-9BBC-E9220BE7B6C8" } ] } diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7081.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7081.json new file mode 100644 index 00000000000..b31935bcd9d --- /dev/null +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7081.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-7081", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-02-15T16:15:46.373", + "lastModified": "2024-02-15T16:15:46.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in POSTAHS\u0130L Online Payment System allows SQL Injection.This issue affects Online Payment System: before 14.02.2024.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-0103", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0164.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0164.json index d1a04004770..cbb1e0d61a9 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0164.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0164.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0164", "sourceIdentifier": "security_alert@emc.com", "published": "2024-02-12T19:15:09.473", - "lastModified": "2024-02-12T20:39:09.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:55:31.620", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges.\n\n" + }, + { + "lang": "es", + "value": "Dell Unity, versiones anteriores a la 5.4, contienen una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_topstats. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios con privilegios elevados." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.0.0.5.094", + "matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0165.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0165.json index be0f7985628..b63ef6de9af 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0165.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0165.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0165", "sourceIdentifier": "security_alert@emc.com", "published": "2024-02-12T19:15:09.700", - "lastModified": "2024-02-12T20:39:09.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:55:25.687", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.\n\n" + }, + { + "lang": "es", + "value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_acldb_dump. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo con privilegios de root." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.0.0.5.094", + "matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0166.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0166.json index 6c90adb880e..06c0c71a9a7 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0166.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0166.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0166", "sourceIdentifier": "security_alert@emc.com", "published": "2024-02-12T19:15:09.960", - "lastModified": "2024-02-12T20:39:09.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:55:20.360", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges.\n\n" + }, + { + "lang": "es", + "value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_tcpdump. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la ejecuci\u00f3n de comandos arbitrarios del sistema operativo con privilegios elevados." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -34,10 +58,43 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.0.0.5.094", + "matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0167.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0167.json index 153398af671..6ee2f6e2b4f 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0167.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0167.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0167", "sourceIdentifier": "security_alert@emc.com", "published": "2024-02-12T19:15:10.133", - "lastModified": "2024-02-12T20:39:09.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:55:14.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges.\n\n" + }, + { + "lang": "es", + "value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la utilidad svc_topstats. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, lo que permitir\u00eda sobrescribir archivos arbitrarios en el sistema de archivos con privilegios de root." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.0.0.5.094", + "matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0170.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0170.json index c0e2be2e7a9..7d52676277d 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0170.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0170.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0170", "sourceIdentifier": "security_alert@emc.com", "published": "2024-02-12T19:15:10.800", - "lastModified": "2024-02-12T20:39:09.773", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:55:09.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nDell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.\n\n" + }, + { + "lang": "es", + "value": "Dell Unity, versiones anteriores a la 5.4, contiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en su utilidad svc_cava. Un atacante autenticado podr\u00eda explotar esta vulnerabilidad, escapar del shell restringido y ejecutar comandos arbitrarios del sistema operativo con privilegios de root." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dell:unity_operating_environment:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.0.0.5.094", + "matchCriteriaId": "AEF07188-4E6D-44FD-BEE2-C1A571080C2B" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0985.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0985.json index 908c458043b..1f0a06f977f 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0985.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0985.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0985", "sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "published": "2024-02-08T13:15:08.927", - "lastModified": "2024-02-08T13:44:11.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:23:49.287", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + }, { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", "type": "Secondary", @@ -50,10 +80,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "12.0", + "versionEndExcluding": "12.18", + "matchCriteriaId": "6515DD96-8226-4C7A-9731-75C62F781ADD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "13.0", + "versionEndExcluding": "13.14", + "matchCriteriaId": "36C5A43F-5861-460E-912B-BC70C232DEED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "14.0", + "versionEndExcluding": "14.11", + "matchCriteriaId": "170AC44C-3970-46BF-8071-4B29F5EF20F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", + "versionStartIncluding": "15.0", + "versionEndExcluding": "15.6", + "matchCriteriaId": "AF8DDD13-1879-4298-855A-F2FC236CB846" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.postgresql.org/support/security/CVE-2024-0985/", - "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007" + "source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20252.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20252.json index 45dad27c7fc..78bdda1bb51 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20252.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20252.json @@ -2,16 +2,40 @@ "id": "CVE-2024-20252", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-02-07T17:15:09.913", - "lastModified": "2024-02-07T17:38:33.990", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:54:43.420", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory." + }, + { + "lang": "es", + "value": "M\u00faltiples vulnerabilidades en Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) podr\u00edan permitir que un atacante remoto no autenticado realice ataques de cross-site request forgery (CSRF) que realicen acciones arbitrarias en un dispositivo afectado. Nota: \"Serie Cisco Expressway\" se refiere a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E). Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles [\"#details\"] de este aviso." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*", + "versionEndIncluding": "15.0", + "matchCriteriaId": "0A7F785F-B9AD-4036-B752-61CB9F69B16C" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20254.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20254.json index c97ec7b98af..80196fe7992 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20254.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20254.json @@ -2,16 +2,40 @@ "id": "CVE-2024-20254", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-02-07T17:15:10.130", - "lastModified": "2024-02-07T17:38:33.990", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:54:33.153", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. \r\n\r Note: \"Cisco Expressway Series\" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices.\r\n\r For more information about these vulnerabilities, see the Details [\"#details\"] section of this advisory." + }, + { + "lang": "es", + "value": "M\u00faltiples vulnerabilidades en Cisco Expressway Series y Cisco TelePresence Video Communication Server (VCS) podr\u00edan permitir que un atacante remoto no autenticado realice ataques de cross-site request forgery (CSRF) que realicen acciones arbitrarias en un dispositivo afectado. Nota: \"Serie Cisco Expressway\" se refiere a los dispositivos Cisco Expressway Control (Expressway-C) y Cisco Expressway Edge (Expressway-E). Para obtener m\u00e1s informaci\u00f3n sobre estas vulnerabilidades, consulte la secci\u00f3n Detalles [\"#details\"] de este aviso." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*", + "versionEndIncluding": "15.0", + "matchCriteriaId": "0A7F785F-B9AD-4036-B752-61CB9F69B16C" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20255.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20255.json index 45d8f1de694..8c4a5b64d1b 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20255.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20255.json @@ -2,16 +2,40 @@ "id": "CVE-2024-20255", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-02-07T17:15:10.327", - "lastModified": "2024-02-07T17:38:33.990", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:54:19.960", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la API SOAP de Cisco Expressway Series y Cisco TelePresence Video Communication Server podr\u00eda permitir que un atacante remoto no autenticado lleve a cabo un ataque de cross-site request forgery (CSRF) en un sistema afectado. Esta vulnerabilidad se debe a protecciones CSRF insuficientes para la interfaz de administraci\u00f3n basada en web de un sistema afectado. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario de la API REST para que siga un enlace manipulado. Un exploit exitoso podr\u00eda permitir al atacante hacer que el sistema afectado se recargue." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:expressway:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.0", + "matchCriteriaId": "7131565E-A9DB-4C80-9935-5312E2BE2994" + } + ] + } + ] + } + ], "references": [ { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json index fa0109f9ebe..566a254f7ff 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20290", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-02-07T17:15:10.517", - "lastModified": "2024-02-14T03:15:14.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:43:27.240", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "ykramarz@cisco.com", "type": "Secondary", @@ -50,18 +80,78 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", + "versionEndExcluding": "7.5.17", + "matchCriteriaId": "107EAB90-71E6-4FF7-BAA5-71F21C4FE683" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_endpoint:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "8.0.1.21160", + "versionEndExcluding": "8.2.3.30119", + "matchCriteriaId": "2EA4AF93-6973-4F23-A173-99701A2FB637" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cisco:secure_endpoint_private_cloud:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.8.0", + "matchCriteriaId": "D10B7EE9-96DE-4761-834A-FA5C31326A23" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22012.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22012.json index 3f981932aec..f37f5af473b 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22012.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22012.json @@ -2,19 +2,78 @@ "id": "CVE-2024-22012", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-02-07T16:15:47.687", - "lastModified": "2024-02-07T17:04:54.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:10:05.857", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "In TBD of TBD, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\n\n" + }, + { + "lang": "es", + "value": "En TBD de TBD, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", + "matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2024-02-01", - "source": "dsap-vuln-management@google.com" + "source": "dsap-vuln-management@google.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-226xx/CVE-2024-22637.json b/CVE-2024/CVE-2024-226xx/CVE-2024-22637.json index 0ec404d4678..e42fe1a01ac 100644 --- a/CVE-2024/CVE-2024-226xx/CVE-2024-22637.json +++ b/CVE-2024/CVE-2024-226xx/CVE-2024-22637.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22637", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T21:15:09.427", - "lastModified": "2024-01-29T15:57:38.163", + "lastModified": "2024-02-15T15:19:44.187", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:formtools:form_toools:3.1.1:*:*:*:*:*:*:*", - "matchCriteriaId": "AF5EBA2C-5B01-4C27-B786-973A45D0A4A8" + "criteria": "cpe:2.3:a:formtools:form_tools:3.1.1:*:*:*:*:*:*:*", + "matchCriteriaId": "FD2FECB7-93EA-4F34-AD68-A96EED343AF6" } ] } diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22836.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22836.json index 4440def41a7..465486907cd 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22836.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22836.json @@ -2,27 +2,93 @@ "id": "CVE-2024-22836", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T20:15:52.830", - "lastModified": "2024-02-08T21:03:22.000", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:00:38.090", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en Akaunting v3.1.3 y versiones anteriores. Un atacante puede manipular la configuraci\u00f3n regional de la empresa al instalar una aplicaci\u00f3n para ejecutar comandos del sistema en el servidor de alojamiento." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:akaunting:akaunting:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.1.4", + "matchCriteriaId": "187ED3B4-BC97-413C-801B-0671E38DAEFA" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://akaunting.com/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/akaunting/akaunting/releases/tag/3.1.4", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/u32i/cve/tree/main/CVE-2024-22836", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23448.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23448.json index 8e6495d6c0f..f6e940720e3 100644 --- a/CVE-2024/CVE-2024-234xx/CVE-2024-23448.json +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23448.json @@ -2,16 +2,40 @@ "id": "CVE-2024-23448", "sourceIdentifier": "bressers@elastic.co", "published": "2024-02-07T22:15:09.987", - "lastModified": "2024-02-08T03:29:33.180", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:39:14.317", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema por el cual APM Server pod\u00eda iniciar sesi\u00f3n en el nivel ERROR, una respuesta de Elasticsearch indicaba que la indexaci\u00f3n del documento fall\u00f3 y que esa respuesta contendr\u00eda partes del documento original. Dependiendo de la naturaleza del documento que el servidor APM intent\u00f3 ingerir, esto podr\u00eda dar lugar a la inserci\u00f3n de informaci\u00f3n confidencial o privada en los registros del servidor APM." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + }, { "source": "bressers@elastic.co", "type": "Secondary", @@ -46,14 +80,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:elastic:apm_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.12.1", + "matchCriteriaId": "359F4AB6-DD4A-4B8E-B6AE-5879A047E448" + } + ] + } + ] + } + ], "references": [ { "url": "https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.elastic.co/community/security", - "source": "bressers@elastic.co" + "source": "bressers@elastic.co", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23660.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23660.json index 5b32c52d2eb..1514c5d86b6 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23660.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23660.json @@ -2,23 +2,87 @@ "id": "CVE-2024-23660", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T20:15:52.887", - "lastModified": "2024-02-08T21:03:22.000", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:01:29.370", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n Binance Trust Wallet para iOS en el commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 hace un mal uso de la librer\u00eda trezor-crypto y, en consecuencia, genera palabras mnemot\u00e9cnicas para las cuales el tiempo del dispositivo es la \u00fanica fuente de entrop\u00eda, lo que genera p\u00e9rdidas econ\u00f3micas, como se explot\u00f3 en julio 2023. Un atacante puede generar sistem\u00e1ticamente mnem\u00f3nicos para cada marca de tiempo dentro de un per\u00edodo de tiempo aplicable y vincularlos a direcciones de billetera espec\u00edficas para robar fondos de esas billeteras." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-338" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:binance:trust_wallet:0.0.4:*:*:*:*:iphone_os:*:*", + "matchCriteriaId": "45D1DFB6-967A-4455-9154-5929E18431E2" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://milksad.info/posts/research-update-5/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://secbit.io/blog/en/2024/01/19/trust-wallets-fomo3d-summer-vuln/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23756.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23756.json index 08c04a89b3a..1bbaeb2b5d2 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23756.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23756.json @@ -2,19 +2,79 @@ "id": "CVE-2024-23756", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T21:15:08.380", - "lastModified": "2024-02-09T01:37:59.330", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:01:08.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them." + }, + { + "lang": "es", + "value": "Los m\u00e9todos HTTP PUT y DELETE est\u00e1n habilitados en la versi\u00f3n 5.2.13 (5221) oficial de Docker de Plone, lo que permite a atacantes no autenticados ejecutar acciones peligrosas como cargar archivos al servidor o eliminarlos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:plone:plone:5.2.13:*:*:*:*:*:*:*", + "matchCriteriaId": "BAB57250-2183-41C5-9EC2-6D32A991516D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23769.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23769.json index e44968a2619..1c343c2f1e6 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23769.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23769.json @@ -2,16 +2,40 @@ "id": "CVE-2024-23769", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T19:15:08.437", - "lastModified": "2024-02-07T22:02:11.683", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:40:20.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data." + }, + { + "lang": "es", + "value": "El control de privilegios inadecuado para la canalizaci\u00f3n con nombre en Samsung Magician PC Software 8.0.0 (para Windows) permite a un atacante local leer datos privilegiados." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -34,10 +58,54 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:samsung:magician:8.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "34531F24-ABCD-49CF-BE71-4BC35AF27449" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24115.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24115.json index 4c6a210b249..505b4324993 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24115.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24115.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24115", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T20:15:52.933", - "lastModified": "2024-02-14T22:15:48.210", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:01:23.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en la funci\u00f3n Editar p\u00e1gina de Cotonti CMS v0.9.24 permite a atacantes autenticados ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cotonti:siena:0.9.24:*:*:*:*:*:*:*", + "matchCriteriaId": "53AB91EE-8789-4E70-B950-EBA76B57944D" + } + ] + } + ] + } + ], "references": [ { "url": "https://mechaneus.github.io/CVE-2024-24115.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24202.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24202.json index a83bd9be1f1..2377dda563b 100644 --- a/CVE-2024/CVE-2024-242xx/CVE-2024-24202.json +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24202.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24202", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T05:15:08.593", - "lastModified": "2024-02-08T13:44:21.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:24:30.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,77 @@ "value": "Una vulnerabilidad de carga de archivos arbitrarios en /upgrade/control.php de ZenTao Community Edition v18.10, ZenTao Biz v8.10 y ZenTao Max v4.10 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo .txt manipulado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easycorp:zentao:18.10:*:*:*:community:*:*:*", + "matchCriteriaId": "D6445254-1C39-4E80-8AFF-9E100F043E35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easycorp:zentao_biz:8.10:*:*:*:*:*:*:*", + "matchCriteriaId": "41C834A4-88A7-4F19-90B3-4214D321C568" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:easycorp:zentao_max:4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "EA51DA5A-3570-408E-9254-5E13D20DA145" + } + ] + } + ] + } + ], "references": [ { "url": "https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24213.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24213.json index 9bc346544e1..5bc61b00717 100644 --- a/CVE-2024/CVE-2024-242xx/CVE-2024-24213.json +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24213.json @@ -2,31 +2,99 @@ "id": "CVE-2024-24213", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T18:15:08.237", - "lastModified": "2024-02-08T18:42:36.577", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:00:32.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Supabase PostgreSQL v15.1 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente /pg_meta/default/query." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:postgresql:postgresql:15.1:*:*:*:*:*:*:*", + "matchCriteriaId": "B3B2D1C6-F9D3-46F9-988C-4E4BEDF498F5" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://app.flows.sh:8443/project/default%2C", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://postfixadmin.ballardini.com.ar:8443/project/default/logs/explorer.", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://reference1.example.com/project/default/logs/explorer%2C", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json index 432e2dabcfe..1c706b50fee 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24590", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-02-06T15:15:09.100", - "lastModified": "2024-02-13T20:15:52.953", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-15T15:43:23.723", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary", @@ -50,10 +80,34 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clear:clearml:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.17.0", + "versionEndIncluding": "1.14.2", + "matchCriteriaId": "E6977435-CDE5-4CE8-B6CA-A302E5841FF2" + } + ] + } + ] + } + ], "references": [ { "url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/", - "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json index a598f82bd07..4f5d338d8f9 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24591", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-02-06T15:15:09.367", - "lastModified": "2024-02-13T20:15:53.070", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-15T16:14:26.243", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary", @@ -50,10 +80,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clear:clearml:1.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "67B96EA1-2F78-43CC-9732-D22428A9C801" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clear:clearml:1.4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "931CB808-10A5-4656-A2A9-4BDAD84F06BE" + } + ] + } + ] + } + ], "references": [ { "url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/", - "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json index a45ac4928ef..ea680f8298c 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24592", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-02-06T15:15:09.730", - "lastModified": "2024-02-06T17:53:00.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:57:44.677", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Lack of authentication in all versions of the fileserver component of Allegro AI\u2019s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. \n" + }, + { + "lang": "es", + "value": "La falta de autenticaci\u00f3n en todas las versiones del componente del servidor de archivos de la plataforma ClearML de Allegro AI permite a un atacante remoto acceder, crear, modificar y eliminar archivos de forma arbitraria." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clear:clearml:*:*:*:*:*:*:*:*", + "matchCriteriaId": "103BE03A-14B9-47F2-89B2-C7AC238C8C1A" + } + ] + } + ] + } + ], "references": [ { "url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/", - "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json index 8d90656ba42..eaf5f217208 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24593", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-02-06T15:15:09.977", - "lastModified": "2024-02-13T20:15:53.243", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-15T16:55:09.417", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary", @@ -50,10 +80,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clear:clearml:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.14.1", + "matchCriteriaId": "774F9B65-A581-4DF9-8BA9-D7E84C2E5504" + } + ] + } + ] + } + ], "references": [ { "url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/", - "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "tags": [ + "Exploit", + "Technical Description", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json index bbe1f810cce..71656c55bec 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24594", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-02-06T15:15:10.203", - "lastModified": "2024-02-06T17:53:00.620", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T16:47:17.213", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI\u2019s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross-site scripting (XSS) en todas las versiones del componente del servidor web de la plataforma ClearML de Allegro AI, permite a un atacante remoto ejecutar un payload de JavaScript cuando un usuario ve la pesta\u00f1a Muestras de depuraci\u00f3n en la interfaz de usuario web." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:clear:clearml:-:*:*:*:*:*:*:*", + "matchCriteriaId": "AD8EB0BF-75B9-4B0E-9129-0508A2742B27" + } + ] + } + ] + } + ], "references": [ { "url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/", - "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24815.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24815.json index d0e4e412e84..69235d44dd5 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24815.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24815.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24815", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-07T16:15:47.753", - "lastModified": "2024-02-07T18:15:54.003", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:09:37.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts." + }, + { + "lang": "es", + "value": "CKEditor4 es un editor HTML de c\u00f3digo abierto de lo que ves es lo que obtienes. Se ha descubierto una vulnerabilidad de cross-site scripting en el m\u00f3dulo principal de an\u00e1lisis HTML en versiones de CKEditor4 anteriores a la 4.24.0-lts. Puede afectar a todas las instancias del editor que habilitaron el modo de edici\u00f3n de p\u00e1gina completa o habilitaron elementos CDATA en la configuraci\u00f3n de filtrado de contenido avanzado (los elementos predeterminados son `script` y `style`). La vulnerabilidad permite a los atacantes inyectar contenido HTML con formato incorrecto sin pasar por el mecanismo de filtrado de contenido avanzado, lo que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo JavaScript. Un atacante podr\u00eda abusar de la detecci\u00f3n de contenido CDATA defectuosa y utilizarla para preparar un ataque intencional al editor. Hay una soluci\u00f3n disponible en la versi\u00f3n 4.24.0-lts." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,26 +70,60 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ckeditor:ckeditor:*:*:*:*:lts:*:*:*", + "versionStartIncluding": "4.0", + "versionEndExcluding": "4.24.0", + "matchCriteriaId": "5070BF32-E186-434A-9640-21D43A3CDA38" + } + ] + } + ] + } + ], "references": [ { "url": "https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24822.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24822.json index 3bfe301d5d5..a70646d992e 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24822.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24822.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24822", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-07T18:15:54.147", - "lastModified": "2024-02-07T18:16:22.930", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:43:07.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually." + }, + { + "lang": "es", + "value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. Antes de la versi\u00f3n 1.3.3, un atacante pod\u00eda crear, eliminar, etc. etiquetas sin tener permiso para hacerlo. Hay una soluci\u00f3n disponible en la versi\u00f3n 1.3.3. Como workaround, se puede aplicar el parche manualmente." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*", + "versionEndExcluding": "1.3.3", + "matchCriteriaId": "23018350-7CBD-4A0F-8FC3-7591E52971B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/pimcore/admin-ui-classic-bundle/pull/412", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24823.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24823.json index 2fbdfe9cee3..d9cc3d370b7 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24823.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24823.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24823", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-07T18:15:54.870", - "lastModified": "2024-02-07T18:16:22.930", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:41:48.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable." + }, + { + "lang": "es", + "value": "Graylog es una plataforma de gesti\u00f3n de registros abierta y gratuita. A partir de la versi\u00f3n 4.3.0 y antes de las versiones 5.1.11 y 5.2.4, la nueva autenticaci\u00f3n con una cookie de sesi\u00f3n existente reutilizar\u00eda esa identificaci\u00f3n de sesi\u00f3n, incluso si se trata de credenciales de usuario diferentes. En este caso, la sesi\u00f3n preexistente podr\u00eda usarse para obtener acceso elevado a una sesi\u00f3n de inicio de sesi\u00f3n de Graylog existente, siempre que el usuario malintencionado pueda inyectar con \u00e9xito su cookie de sesi\u00f3n en el navegador de otra persona. La complejidad de un ataque de este tipo es alta, porque requiere presentar una pantalla de inicio de sesi\u00f3n falsificada e inyectar una cookie de sesi\u00f3n en un navegador existente, potencialmente a trav\u00e9s de un ataque de cross-site scripting. No se ha descubierto ning\u00fan ataque de este tipo. Graylog 5.1.11 y 5.2.4, y cualquier versi\u00f3n de la rama de desarrollo 6.0, contienen parches para no reutilizar sesiones bajo ninguna circunstancia. Algunos workarounds est\u00e1n disponibles. El uso de una caducidad corta de la sesi\u00f3n y cierres de sesi\u00f3n expl\u00edcitos de las sesiones no utilizadas pueden ayudar a limitar el vector de ataque. Esta vulnerabilidad no est\u00e1 parcheada, pero es relativamente dif\u00edcil de explotar. Se podr\u00eda aprovechar un proxy para borrar la cookie de \"autenticaci\u00f3n\" para la URL del servidor Graylog para el endpoint \"/api/system/sessions\", ya que ese es el \u00fanico vulnerable." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.3.0", + "versionEndExcluding": "5.1.11", + "matchCriteriaId": "924684AB-5E3A-4A6B-B607-1DB1124848EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.2.0", + "versionEndExcluding": "5.2.4", + "matchCriteriaId": "4A343880-1202-4534-AE60-F314473EABD9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Graylog2/graylog2-server/commit/1596b749db86368ba476662f23a0f0c5ec2b5097", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Graylog2/graylog2-server/commit/b93a66353f35a94a4e8f3f75ac4f5cdc5a2d4a6a", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3xf8-g8gr-g7rh", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24824.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24824.json index f129354eeb0..545aa6458c8 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24824.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24824.json @@ -2,16 +2,40 @@ "id": "CVE-2024-24824", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-07T18:15:55.330", - "lastModified": "2024-02-07T18:16:22.930", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:40:51.680", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue." + }, + { + "lang": "es", + "value": "Graylog es una plataforma de gesti\u00f3n de registros abierta y gratuita. A partir de la versi\u00f3n 2.0.0 y anteriores a las versiones 5.1.11 y 5.2.4, se pueden cargar y crear instancias de clases arbitrarias mediante una solicitud HTTP PUT al endpoint `/api/system/cluster_config/`. El sistema de configuraci\u00f3n del cl\u00faster de Graylog utiliza nombres de clases completos como claves de configuraci\u00f3n. Para validar la existencia de la clase solicitada antes de usarlas, Graylog carga la clase usando el cargador de clases. Si un usuario con los permisos adecuados realiza la solicitud, se pueden crear instancias de clases arbitrarias con constructores String de 1 argumento. Esto ejecutar\u00e1 c\u00f3digo arbitrario que se ejecuta durante la creaci\u00f3n de instancias de clase. En el caso de uso espec\u00edfico de `java.io.File`, el comportamiento de la pila interna del servidor web provocar\u00e1 la exposici\u00f3n de la informaci\u00f3n al incluir todo el contenido del archivo en la respuesta a la solicitud REST. Las versiones 5.1.11 y 5.2.4 contienen una soluci\u00f3n para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -50,22 +84,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.0.0", + "versionEndExcluding": "5.1.11", + "matchCriteriaId": "4FF51673-2704-4414-B5D1-2B49F75635B1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:graylog:graylog:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.2.0", + "versionEndExcluding": "5.2.4", + "matchCriteriaId": "4A343880-1202-4534-AE60-F314473EABD9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Graylog2/graylog2-server/commit/75ef2b8d60e7d67f859b79fe712c8ae7b2e861d8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Graylog2/graylog2-server/commit/7f8ef7fa8edf493106d5ef6f777d4da02c5194d9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-p6gg-5hf4-4rgj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25145.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25145.json index 962da902c33..c565ca2f0df 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25145.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25145.json @@ -2,16 +2,40 @@ "id": "CVE-2024-25145", "sourceIdentifier": "security@liferay.com", "published": "2024-02-07T15:15:09.097", - "lastModified": "2024-02-07T17:04:54.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:10:35.503", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application." + }, + { + "lang": "es", + "value": "Vulnerabilidad de cross-site scripting (XSS) almacenado en la aplicaci\u00f3n Resultados de b\u00fasqueda del m\u00f3dulo Portal Search en Liferay Portal 7.2.0 a 7.4.3.11 y versiones anteriores no compatibles, y Liferay DXP 7.4 antes de la actualizaci\u00f3n 8, 7.3 antes de la actualizaci\u00f3n 4, 7.2 antes del fixpack 17 y versiones anteriores no compatibles permiten a los usuarios autenticados remotamente inyectar scripts web o HTML arbitrario en el resultado de b\u00fasqueda de la aplicaci\u00f3n Resultados de b\u00fasqueda si el resaltado est\u00e1 deshabilitado agregando cualquier contenido que permita realizar b\u00fasquedas (por ejemplo, blog, mensaje en el tablero de mensajes, art\u00edculo de contenido web) a la aplicaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@liferay.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@liferay.com", "type": "Secondary", @@ -46,10 +80,211 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "7.2", + "matchCriteriaId": "5BC18F4F-2284-4E3E-B8AC-8EDE1649C635" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*", + "matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*", + "matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_10:*:*:*:*:*:*", + "matchCriteriaId": "F7CAAF53-AA8E-48CB-9398-35461BE590C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_11:*:*:*:*:*:*", + "matchCriteriaId": "6FB8482E-644B-4DA5-808B-8DBEAB6D8D09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_12:*:*:*:*:*:*", + "matchCriteriaId": "95EFE8B5-EE95-4186-AC89-E9AFD8649D01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_13:*:*:*:*:*:*", + "matchCriteriaId": "90A6E0AF-0B8A-462D-95EF-2239EEE4A50D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_14:*:*:*:*:*:*", + "matchCriteriaId": "48BBAE90-F668-49BF-89AF-2C9547B76836" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_15:*:*:*:*:*:*", + "matchCriteriaId": "74FAF597-EAAD-4BB5-AB99-8129476A7E89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*", + "matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*", + "matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*", + "matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*", + "matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*", + "matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*", + "matchCriteriaId": "51FBC8E0-34F8-475C-A1A8-571791CA05F9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*", + "matchCriteriaId": "1E73EAEA-FA88-46B9-B9D5-A41603957AD7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:*", + "matchCriteriaId": "CF9BC654-4E3F-4B40-A6E5-79A818A51BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*", + "matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.3:fix_pack_2:*:*:*:*:*:*", + "matchCriteriaId": "50EA838E-E234-4EE1-8193-5FAD0E093940" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.3:sp1:*:*:*:*:*:*", + "matchCriteriaId": "9D75A0FF-BAEA-471A-87B2-8EC2A9F0A6B5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.3:sp2:*:*:*:*:*:*", + "matchCriteriaId": "D86CDCC0-9655-477B-83FA-ADDBB5AF43A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.3:sp3:*:*:*:*:*:*", + "matchCriteriaId": "1CF5B84B-1719-4581-8474-C55CEFFD8305" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_1:*:*:*:*:*:*", + "matchCriteriaId": "D60CDAA3-6029-4904-9D08-BB221BCFD7C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_2:*:*:*:*:*:*", + "matchCriteriaId": "B66F47E9-3D82-497E-BD84-E47A65FAF8C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.3:update_3:*:*:*:*:*:*", + "matchCriteriaId": "A0BA4856-59DF-427C-959F-3B836314F5D5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.4:-:*:*:*:*:*:*", + "matchCriteriaId": "ADB5F13C-EE1E-4448-8FCF-5966F6874440" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_1:*:*:*:*:*:*", + "matchCriteriaId": "46AF397F-A95C-4FAD-A6EA-CB623B7A262A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_2:*:*:*:*:*:*", + "matchCriteriaId": "C2C2351E-BDEE-4A79-A00C-6520B54996EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_3:*:*:*:*:*:*", + "matchCriteriaId": "25F5C3E9-CBB0-4114-91A4-41F0E666026A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_4:*:*:*:*:*:*", + "matchCriteriaId": "5E2B5687-B311-460E-A562-D754AF271F8E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_5:*:*:*:*:*:*", + "matchCriteriaId": "B49D0CB9-8ED7-46AB-9BA5-7235A2CD9117" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_6:*:*:*:*:*:*", + "matchCriteriaId": "DF169364-096C-4294-B89F-C07AF1DCC9C4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:dxp:7.4:update_7:*:*:*:*:*:*", + "matchCriteriaId": "30CB2C54-1A20-4226-ACC6-AC8131899AE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", + "versionEndIncluding": "7.2.1", + "matchCriteriaId": "345F6776-E492-489C-AC23-760BBC693A4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.3.0", + "versionEndIncluding": "7.3.7", + "matchCriteriaId": "13F59EAA-9EC8-44CC-8F56-BC26981F584F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.4.0", + "versionEndExcluding": "7.4.3.12", + "matchCriteriaId": "9DCE033F-5706-4060-8ED1-BB386019325D" + } + ] + } + ] + } + ], "references": [ { "url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145", - "source": "security@liferay.com" + "source": "security@liferay.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json index 96d73d5d4a9..7bb3846bd3c 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25200.json @@ -2,19 +2,80 @@ "id": "CVE-2024-25200", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:53.013", - "lastModified": "2024-02-07T17:04:54.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:22:25.980", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Espruino 2v20 (commit fcc9ba4) conten\u00eda un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s de jspeFactorFunctionCall en src/jsparse.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:espruino:espruino:2.20:*:*:*:*:*:*:*", + "matchCriteriaId": "3EEF8D93-5F22-4DB9-B15D-EA860BD3F688" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/espruino/Espruino/issues/2457", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25201.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25201.json index e60e1680a35..002c616592f 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25201.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25201.json @@ -2,19 +2,81 @@ "id": "CVE-2024-25201", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-07T14:15:53.060", - "lastModified": "2024-02-07T17:04:54.407", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-15T15:21:30.993", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Espruino 2v20 (commit fcc9ba4) conten\u00eda una lectura fuera de los l\u00edmites a trav\u00e9s de jsvStringIteratorPrintfCallback en src/jsvar.c." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:espruino:espruino:2.20:*:*:*:*:*:*:*", + "matchCriteriaId": "3EEF8D93-5F22-4DB9-B15D-EA860BD3F688" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/espruino/Espruino/issues/2456", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 35ccd489c3a..5b457fa2098 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-15T15:01:55.619710+00:00 +2024-02-15T17:00:30.542461+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-15T14:54:09.117000+00:00 +2024-02-15T16:59:41.410000+00:00 ``` ### Last Data Feed Release @@ -29,68 +29,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -238685 +238689 ``` ### CVEs added in the last Commit -Recently added CVEs: `32` +Recently added CVEs: `4` -* [CVE-2023-39244](CVE-2023/CVE-2023-392xx/CVE-2023-39244.json) (`2024-02-15T13:15:45.770`) -* [CVE-2023-39245](CVE-2023/CVE-2023-392xx/CVE-2023-39245.json) (`2024-02-15T13:15:46.000`) -* [CVE-2024-20733](CVE-2024/CVE-2024-207xx/CVE-2024-20733.json) (`2024-02-15T13:15:47.700`) -* [CVE-2024-20734](CVE-2024/CVE-2024-207xx/CVE-2024-20734.json) (`2024-02-15T13:15:47.897`) -* [CVE-2024-20735](CVE-2024/CVE-2024-207xx/CVE-2024-20735.json) (`2024-02-15T13:15:48.100`) -* [CVE-2024-20736](CVE-2024/CVE-2024-207xx/CVE-2024-20736.json) (`2024-02-15T13:15:48.280`) -* [CVE-2024-20738](CVE-2024/CVE-2024-207xx/CVE-2024-20738.json) (`2024-02-15T13:15:48.473`) -* [CVE-2024-20739](CVE-2024/CVE-2024-207xx/CVE-2024-20739.json) (`2024-02-15T13:15:48.670`) -* [CVE-2024-20747](CVE-2024/CVE-2024-207xx/CVE-2024-20747.json) (`2024-02-15T13:15:48.860`) -* [CVE-2024-20748](CVE-2024/CVE-2024-207xx/CVE-2024-20748.json) (`2024-02-15T13:15:49.050`) -* [CVE-2024-20749](CVE-2024/CVE-2024-207xx/CVE-2024-20749.json) (`2024-02-15T13:15:49.237`) -* [CVE-2024-20750](CVE-2024/CVE-2024-207xx/CVE-2024-20750.json) (`2024-02-15T13:15:49.427`) -* [CVE-2024-20716](CVE-2024/CVE-2024-207xx/CVE-2024-20716.json) (`2024-02-15T14:15:45.463`) -* [CVE-2024-20717](CVE-2024/CVE-2024-207xx/CVE-2024-20717.json) (`2024-02-15T14:15:45.663`) -* [CVE-2024-20718](CVE-2024/CVE-2024-207xx/CVE-2024-20718.json) (`2024-02-15T14:15:45.870`) -* [CVE-2024-20719](CVE-2024/CVE-2024-207xx/CVE-2024-20719.json) (`2024-02-15T14:15:46.077`) -* [CVE-2024-20720](CVE-2024/CVE-2024-207xx/CVE-2024-20720.json) (`2024-02-15T14:15:46.283`) -* [CVE-2024-23113](CVE-2024/CVE-2024-231xx/CVE-2024-23113.json) (`2024-02-15T14:15:46.503`) -* [CVE-2024-1530](CVE-2024/CVE-2024-15xx/CVE-2024-1530.json) (`2024-02-15T13:15:46.210`) -* [CVE-2024-20726](CVE-2024/CVE-2024-207xx/CVE-2024-20726.json) (`2024-02-15T13:15:46.500`) -* [CVE-2024-20727](CVE-2024/CVE-2024-207xx/CVE-2024-20727.json) (`2024-02-15T13:15:46.697`) -* [CVE-2024-20728](CVE-2024/CVE-2024-207xx/CVE-2024-20728.json) (`2024-02-15T13:15:46.893`) -* [CVE-2024-20729](CVE-2024/CVE-2024-207xx/CVE-2024-20729.json) (`2024-02-15T13:15:47.087`) -* [CVE-2024-20730](CVE-2024/CVE-2024-207xx/CVE-2024-20730.json) (`2024-02-15T13:15:47.303`) -* [CVE-2024-20731](CVE-2024/CVE-2024-207xx/CVE-2024-20731.json) (`2024-02-15T13:15:47.500`) +* [CVE-2023-4993](CVE-2023/CVE-2023-49xx/CVE-2023-4993.json) (`2024-02-15T16:15:45.643`) +* [CVE-2023-5155](CVE-2023/CVE-2023-51xx/CVE-2023-5155.json) (`2024-02-15T16:15:45.910`) +* [CVE-2023-6255](CVE-2023/CVE-2023-62xx/CVE-2023-6255.json) (`2024-02-15T16:15:46.117`) +* [CVE-2023-7081](CVE-2023/CVE-2023-70xx/CVE-2023-7081.json) (`2024-02-15T16:15:46.373`) ### CVEs modified in the last Commit -Recently modified CVEs: `24` +Recently modified CVEs: `56` -* [CVE-2023-46183](CVE-2023/CVE-2023-461xx/CVE-2023-46183.json) (`2024-02-15T14:21:14.870`) -* [CVE-2023-4537](CVE-2023/CVE-2023-45xx/CVE-2023-4537.json) (`2024-02-15T14:28:31.380`) -* [CVE-2023-4538](CVE-2023/CVE-2023-45xx/CVE-2023-4538.json) (`2024-02-15T14:28:31.380`) -* [CVE-2023-4539](CVE-2023/CVE-2023-45xx/CVE-2023-4539.json) (`2024-02-15T14:28:31.380`) -* [CVE-2023-43609](CVE-2023/CVE-2023-436xx/CVE-2023-43609.json) (`2024-02-15T14:45:17.063`) -* [CVE-2023-49148](CVE-2023/CVE-2023-491xx/CVE-2023-49148.json) (`2024-02-15T14:46:21.340`) -* [CVE-2024-23344](CVE-2024/CVE-2024-233xx/CVE-2024-23344.json) (`2024-02-15T14:23:55.580`) -* [CVE-2024-20723](CVE-2024/CVE-2024-207xx/CVE-2024-20723.json) (`2024-02-15T14:28:26.433`) -* [CVE-2024-20724](CVE-2024/CVE-2024-207xx/CVE-2024-20724.json) (`2024-02-15T14:28:26.433`) -* [CVE-2024-20725](CVE-2024/CVE-2024-207xx/CVE-2024-20725.json) (`2024-02-15T14:28:26.433`) -* [CVE-2024-20740](CVE-2024/CVE-2024-207xx/CVE-2024-20740.json) (`2024-02-15T14:28:26.433`) -* [CVE-2024-20741](CVE-2024/CVE-2024-207xx/CVE-2024-20741.json) (`2024-02-15T14:28:26.433`) -* [CVE-2024-20742](CVE-2024/CVE-2024-207xx/CVE-2024-20742.json) (`2024-02-15T14:28:26.433`) -* [CVE-2024-20743](CVE-2024/CVE-2024-207xx/CVE-2024-20743.json) (`2024-02-15T14:28:26.433`) -* [CVE-2024-20744](CVE-2024/CVE-2024-207xx/CVE-2024-20744.json) (`2024-02-15T14:28:26.433`) -* [CVE-2024-0708](CVE-2024/CVE-2024-07xx/CVE-2024-0708.json) (`2024-02-15T14:28:31.380`) -* [CVE-2024-21727](CVE-2024/CVE-2024-217xx/CVE-2024-21727.json) (`2024-02-15T14:28:31.380`) -* [CVE-2024-0353](CVE-2024/CVE-2024-03xx/CVE-2024-0353.json) (`2024-02-15T14:28:31.380`) -* [CVE-2024-24256](CVE-2024/CVE-2024-242xx/CVE-2024-24256.json) (`2024-02-15T14:28:31.380`) -* [CVE-2024-24386](CVE-2024/CVE-2024-243xx/CVE-2024-24386.json) (`2024-02-15T14:28:31.380`) -* [CVE-2024-0390](CVE-2024/CVE-2024-03xx/CVE-2024-0390.json) (`2024-02-15T14:28:31.380`) -* [CVE-2024-20722](CVE-2024/CVE-2024-207xx/CVE-2024-20722.json) (`2024-02-15T14:28:31.380`) -* [CVE-2024-24575](CVE-2024/CVE-2024-245xx/CVE-2024-24575.json) (`2024-02-15T14:31:50.893`) -* [CVE-2024-24577](CVE-2024/CVE-2024-245xx/CVE-2024-24577.json) (`2024-02-15T14:54:09.117`) +* [CVE-2024-24202](CVE-2024/CVE-2024-242xx/CVE-2024-24202.json) (`2024-02-15T15:24:30.247`) +* [CVE-2024-23448](CVE-2024/CVE-2024-234xx/CVE-2024-23448.json) (`2024-02-15T15:39:14.317`) +* [CVE-2024-23769](CVE-2024/CVE-2024-237xx/CVE-2024-23769.json) (`2024-02-15T15:40:20.690`) +* [CVE-2024-24824](CVE-2024/CVE-2024-248xx/CVE-2024-24824.json) (`2024-02-15T15:40:51.680`) +* [CVE-2024-24823](CVE-2024/CVE-2024-248xx/CVE-2024-24823.json) (`2024-02-15T15:41:48.550`) +* [CVE-2024-24822](CVE-2024/CVE-2024-248xx/CVE-2024-24822.json) (`2024-02-15T15:43:07.647`) +* [CVE-2024-24590](CVE-2024/CVE-2024-245xx/CVE-2024-24590.json) (`2024-02-15T15:43:23.723`) +* [CVE-2024-20290](CVE-2024/CVE-2024-202xx/CVE-2024-20290.json) (`2024-02-15T15:43:27.240`) +* [CVE-2024-20255](CVE-2024/CVE-2024-202xx/CVE-2024-20255.json) (`2024-02-15T15:54:19.960`) +* [CVE-2024-20254](CVE-2024/CVE-2024-202xx/CVE-2024-20254.json) (`2024-02-15T15:54:33.153`) +* [CVE-2024-20252](CVE-2024/CVE-2024-202xx/CVE-2024-20252.json) (`2024-02-15T15:54:43.420`) +* [CVE-2024-24213](CVE-2024/CVE-2024-242xx/CVE-2024-24213.json) (`2024-02-15T16:00:32.213`) +* [CVE-2024-22836](CVE-2024/CVE-2024-228xx/CVE-2024-22836.json) (`2024-02-15T16:00:38.090`) +* [CVE-2024-23756](CVE-2024/CVE-2024-237xx/CVE-2024-23756.json) (`2024-02-15T16:01:08.870`) +* [CVE-2024-24115](CVE-2024/CVE-2024-241xx/CVE-2024-24115.json) (`2024-02-15T16:01:23.457`) +* [CVE-2024-23660](CVE-2024/CVE-2024-236xx/CVE-2024-23660.json) (`2024-02-15T16:01:29.370`) +* [CVE-2024-24591](CVE-2024/CVE-2024-245xx/CVE-2024-24591.json) (`2024-02-15T16:14:26.243`) +* [CVE-2024-24594](CVE-2024/CVE-2024-245xx/CVE-2024-24594.json) (`2024-02-15T16:47:17.213`) +* [CVE-2024-24593](CVE-2024/CVE-2024-245xx/CVE-2024-24593.json) (`2024-02-15T16:55:09.417`) +* [CVE-2024-0170](CVE-2024/CVE-2024-01xx/CVE-2024-0170.json) (`2024-02-15T16:55:09.957`) +* [CVE-2024-0167](CVE-2024/CVE-2024-01xx/CVE-2024-0167.json) (`2024-02-15T16:55:14.213`) +* [CVE-2024-0166](CVE-2024/CVE-2024-01xx/CVE-2024-0166.json) (`2024-02-15T16:55:20.360`) +* [CVE-2024-0165](CVE-2024/CVE-2024-01xx/CVE-2024-0165.json) (`2024-02-15T16:55:25.687`) +* [CVE-2024-0164](CVE-2024/CVE-2024-01xx/CVE-2024-0164.json) (`2024-02-15T16:55:31.620`) +* [CVE-2024-24592](CVE-2024/CVE-2024-245xx/CVE-2024-24592.json) (`2024-02-15T16:57:44.677`) ## Download and Usage