admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-24T19:00:25.942114+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-24 19:00:29 +00:00
parent 66c6df1297
commit c7a469b9ea
63 changed files with 2577 additions and 165 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2020/CVE-2020-366xx/CVE-2020-36641.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-36641",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-01-05T12:15:09.287",
"lastModified": "2023-11-16T02:32:54.750",
"lastModified": "2024-01-24T18:21:09.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -82,7 +82,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
@ -100,9 +100,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:axmlrpc_project:axmlrpc:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.12.1",
"matchCriteriaId": "1D4F01CD-473F-48FC-9B62-1130D803A6EB"
"criteria": "cpe:2.3:a:gturri:axmlrpc:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.12.1",
"matchCriteriaId": "558325E2-5195-409E-8E1A-A0D1F6806FED"
}
]
}

20
CVE-2021/CVE-2021-421xx/CVE-2021-42143.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-42143",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.080",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Contiki-NG tinyDTLS through master branch 53a0d97. An infinite loop bug exists during the handling of a ClientHello handshake message. This bug allows remote attackers to cause a denial of service by sending a malformed ClientHello handshake message with an odd length of cipher suites, which triggers an infinite loop (consuming all resources) and a buffer over-read that can disclose sensitive information."
}
],
"metrics": {},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2024/Jan/16",
"source": "cve@mitre.org"
}
]
}

20
CVE-2021/CVE-2021-421xx/CVE-2021-42144.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2021-42144",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.150",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer over-read vulnerability in Contiki-NG tinyDTLS through master branch 53a0d97 allows attackers obtain sensitive information via crafted input to dtls_ccm_decrypt_message()."
}
],
"metrics": {},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2024/Jan/17",
"source": "cve@mitre.org"
}
]
}

69
CVE-2022/CVE-2022-37xx/CVE-2022-3739.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2022-3739",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-16T16:15:09.980",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T17:26:01.377",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Best Quiz WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": "El complemento de WordPress WP Best Quiz hasta la versi\u00f3n 1.0 no sanitiza ni escapa a algunos par\u00e1metros, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como Autor realizar ataques de cross site scripting."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:subina:wp_best_quiz:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0",
"matchCriteriaId": "A7643D19-8257-4C58-8F1A-134ABA400597"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/b9f39ced-1e0f-4559-b861-39ddcbcd1249/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

51
CVE-2022/CVE-2022-381xx/CVE-2022-38141.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-38141",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T16:15:46.033",
"lastModified": "2024-01-17T17:35:08.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:45:13.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Zorem Sales Report Email for WooCommerce.This issue affects Sales Report Email for WooCommerce: from n/a through 2.8.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Zorem Sales Report Email para WooCommerce. Este problema afecta a Report Email para WooCommerce: desde n/a hasta 2.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zorem:sales_report_email_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.8",
"matchCriteriaId": "D5AB5FA0-C314-4293-9594-AF12D798B320"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-advanced-sales-report-email/wordpress-sales-report-email-for-woocommerce-plugin-2-8-auth-test-email-submission-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2022/CVE-2022-407xx/CVE-2022-40702.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-40702",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T17:15:09.120",
"lastModified": "2024-01-17T17:35:02.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:44:35.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Zorem Advanced Local Pickup for WooCommerce. Este problema afecta a Local Pickup for WooCommerce: desde n/a hasta 1.5.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zorem:advanced_local_pickup_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.5.2",
"matchCriteriaId": "21E5281B-1E5E-4E44-BAA0-25F0BD31B17C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/advanced-local-pickup-for-woocommerce/wordpress-advanced-local-pickup-for-woocommerce-plugin-1-5-2-broken-access-control?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2022/CVE-2022-417xx/CVE-2022-41786.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-41786",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T18:15:45.000",
"lastModified": "2024-01-17T19:22:17.977",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:00:51.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WP Job Portal WP Job Portal \u2013 A Complete Job Board.This issue affects WP Job Portal \u2013 A Complete Job Board: from n/a through 2.0.1.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en WP Job Portal WP Job Portal \u2013 A Complete Job Board. Este problema afecta a WP Job Portal \u2013 A Complete Job Board: desde n/a hasta 2.0.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpjobportal:wp_job_portal:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.1",
"matchCriteriaId": "D0AC0724-D009-4D93-BB6C-EA022BB1C84B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-job-portal/wordpress-wp-job-portal-plugin-1-1-9-unauthorized-plugin-settings-change-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2022/CVE-2022-419xx/CVE-2022-41990.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-41990",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T17:15:09.757",
"lastModified": "2024-01-17T17:35:02.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:44:19.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Vinoj Cardoza 3D Tag Cloud permite XSS almacenado. Este problema afecta a 3D Tag Cloud: desde n/a hasta 3.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cardozatechnologies:cardoza-3d-tag-cloud:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.8",
"matchCriteriaId": "F500AE9B-1FE5-4D08-AB2A-673B2D696A6F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cardoza-3d-tag-cloud/wordpress-3d-tag-cloud-plugin-3-8-stored-cross-site-scripting-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2022/CVE-2022-428xx/CVE-2022-42884.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2022-42884",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T19:15:08.017",
"lastModified": "2024-01-17T19:22:17.977",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:13:46.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de falta de autorizaci\u00f3n en ThemeinProgress WIP Custom Login. Este problema afecta a WIP Custom Login: desde n/a hasta 1.2.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeinprogress:wip_custom_login:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.7",
"matchCriteriaId": "7F204C3E-4032-4C1E-90F9-60F41D85E56A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wip-custom-login/wordpress-wip-custom-login-plugin-1-2-7-multiple-broken-access-control-vulnerabilities?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-202xx/CVE-2023-20257.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20257",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-01-17T17:15:09.960",
"lastModified": "2024-01-17T17:35:02.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:43:42.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Prime Infrastructure podr\u00eda permitir que un atacante remoto autenticado realice ataques de cross site scripting. Esta vulnerabilidad se debe a una validaci\u00f3n inadecuada de la entrada proporcionada por el usuario en la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando entradas maliciosas que contengan scripts o contenido HTML dentro de las solicitudes que se almacenar\u00edan en la interfaz de la aplicaci\u00f3n. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar ataques de cross site scripting contra otros usuarios de la aplicaci\u00f3n afectada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.1",
"matchCriteriaId": "2AEC9133-19C1-4CC5-A1F4-187D2EF36B40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.10.4",
"matchCriteriaId": "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*",
"matchCriteriaId": "8E76E81B-A235-4A19-AAE4-319CB7840673"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*",
"matchCriteriaId": "774C7557-0D83-40A9-815C-4E32419A3B6F"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-202xx/CVE-2023-20258.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20258",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-01-17T17:15:10.147",
"lastModified": "2024-01-17T17:35:02.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:43:13.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the attacker to cause the application to execute arbitrary commands."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Prime Infrastructure podr\u00eda permitir que un atacante remoto autenticado ejecute comandos arbitrarios en el sistema operativo subyacente. Esta vulnerabilidad se debe al procesamiento inadecuado de objetos Java serializados por parte de la aplicaci\u00f3n afectada. Un atacante podr\u00eda aprovechar esta vulnerabilidad cargando un documento que contenga objetos Java serializados maliciosos para que los procese la aplicaci\u00f3n afectada. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante hacer que la aplicaci\u00f3n ejecute comandos arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.1",
"matchCriteriaId": "2AEC9133-19C1-4CC5-A1F4-187D2EF36B40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.10.4",
"matchCriteriaId": "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*",
"matchCriteriaId": "8E76E81B-A235-4A19-AAE4-319CB7840673"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*",
"matchCriteriaId": "774C7557-0D83-40A9-815C-4E32419A3B6F"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-202xx/CVE-2023-20260.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20260",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-01-17T17:15:10.323",
"lastModified": "2024-01-17T17:35:02.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:41:03.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la CLI de la aplicaci\u00f3n de Cisco Prime Infrastructure y Cisco Evolved Programmable Network Manager podr\u00eda permitir que un atacante local autenticado obtenga privilegios aumentados. Esta vulnerabilidad se debe al procesamiento inadecuado de los argumentos de la l\u00ednea de comando en los scripts de la aplicaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad emitiendo un comando en la CLI con opciones maliciosas. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obtener privilegios aumentados del usuario root en el sistema operativo subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.1",
"matchCriteriaId": "2AEC9133-19C1-4CC5-A1F4-187D2EF36B40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.10.4",
"matchCriteriaId": "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*",
"matchCriteriaId": "8E76E81B-A235-4A19-AAE4-319CB7840673"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*",
"matchCriteriaId": "774C7557-0D83-40A9-815C-4E32419A3B6F"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

79
CVE-2023/CVE-2023-202xx/CVE-2023-20271.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-20271",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-01-17T17:15:10.540",
"lastModified": "2024-01-17T17:35:02.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:16:54.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web de Cisco Prime Infrastructure y Cisco Evolved Programmable Network Manager (EPNM) podr\u00eda permitir que un atacante remoto autenticado realice ataques de inyecci\u00f3n SQL en un sistema afectado. Esta vulnerabilidad se debe a una validaci\u00f3n incorrecta de los par\u00e1metros enviados por el usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad autentic\u00e1ndose en la aplicaci\u00f3n y enviando solicitudes maliciosas a un sistema afectado. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante obtener y modificar informaci\u00f3n confidencial almacenada en la base de datos subyacente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -34,10 +58,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:evolved_programmable_network_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.1.1",
"matchCriteriaId": "2AEC9133-19C1-4CC5-A1F4-187D2EF36B40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.10.4",
"matchCriteriaId": "5CC17E6B-D7AB-40D7-AEC5-F5B555AC4D7F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:-:*:*:*:*:*:*",
"matchCriteriaId": "8E76E81B-A235-4A19-AAE4-319CB7840673"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:prime_infrastructure:3.10.4:update_1:*:*:*:*:*:*",
"matchCriteriaId": "774C7557-0D83-40A9-815C-4E32419A3B6F"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-wkZJeyeq",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2023/CVE-2023-238xx/CVE-2023-23882.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-23882",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T17:15:10.720",
"lastModified": "2024-01-17T17:35:02.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:16:34.363",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder \u2013 Lite.This issue affects Ultimate Addons for Beaver Builder \u2013 Lite: from n/a through 1.5.5.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en Brainstorm Force Ultimate Addons para Beaver Builder \u2013 Lite. Este problema afecta a Ultimate Addons para Beaver Builder \u2013 Lite: desde n/a hasta 1.5.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:brainstormforce:ultimate_addons_for_beaver_builder:*:*:*:*:lite:wordpress:*:*",
"versionEndIncluding": "1.5.5",
"matchCriteriaId": "DDC3500D-D587-46A8-89E7-209D2E9E87D9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ultimate-addons-for-beaver-builder-lite/wordpress-ultimate-addons-for-beaver-builder-lite-plugin-1-5-5-broken-access-control-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-343xx/CVE-2023-34379.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34379",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-17T16:15:46.427",
"lastModified": "2024-01-17T17:35:08.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:45:01.177",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en MagneticOne Cart2Cart: Magento to WooCommerce Migration. Este problema afecta a Cart2Cart: Magento to WooCommerce Migration: desde n/a hasta 2.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magneticone:magento_to_woocommerce_migration:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.0",
"matchCriteriaId": "1AEF4925-8A86-42F2-9ED5-EBB8AACFBC50"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cart2cart-magento-to-woocommerce-migration/wordpress-cart2cart-magento-to-woocommerce-migration-plugin-2-0-0-broken-access-control?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2023/CVE-2023-362xx/CVE-2023-36235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-36235",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T03:15:07.947",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:17:24.737",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,81 @@
"value": "Un problema en webkul qloapps anterior a v1.6.0 permite a un atacante obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro id_order."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webkul:qloapps:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.6.0",
"matchCriteriaId": "BBDD822D-1128-4E41-9139-9668B41514E8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Ek-Saini/security/blob/main/IDOR-Qloapps",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/webkul/hotelcommerce/pull/537",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://qloapps.com/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

4
CVE-2023/CVE-2023-442xx/CVE-2023-44281.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-44281",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-01-24T16:15:08.110",
"lastModified": "2024-01-24T16:15:08.110",
"vulnStatus": "Received",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

69
CVE-2023/CVE-2023-50xx/CVE-2023-5006.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5006",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-17T15:15:10.803",
"lastModified": "2024-01-17T17:35:08.140",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T17:16:48.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request."
},
{
"lang": "es",
"value": "El complemento de WordPress WP Discord Invite anterior a 2.5.1 no protege algunas de sus acciones contra ataques CSRF, lo que permite a un atacante no autenticado realizar acciones en su nombre enga\u00f1ando a un administrador conectado para que env\u00ede una solicitud manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sarveshmrao:wp_discord_invite:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.1",
"matchCriteriaId": "79EAD90C-042B-44D0-9754-D0A14172EEEC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/d29bcc1c-241b-4867-a0c8-4ae5f9d1c8e8",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2023/CVE-2023-518xx/CVE-2023-51804.json
View File

@ -2,19 +2,81 @@
"id": "CVE-2023-51804",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T02:15:07.257",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T17:31:25.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file."
},
{
"lang": "es",
"value": "Un problema en rymcu forest v.0.02 permite a un atacante remoto obtener informaci\u00f3n confidencial mediante la manipulaci\u00f3n de la URL del cuerpo HTTP en el archivo com.rymcu.forest.web.api.common.UploadController."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rymcu:forest:0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "D7E2A207-8139-4AD2-840D-80DC0532F40E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/rymcu/forest/issues/149",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
]
}
]
}

20
CVE-2023/CVE-2023-518xx/CVE-2023-51885.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51885",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T17:15:08.257",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via the length of the LaTeX string component."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-518xx/CVE-2023-51886.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51886",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T17:15:08.313",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in the main() function in Mathtex 1.05 and before allows a remote attacker to cause a denial of service when using \\convertpath."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-518xx/CVE-2023-51887.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51887",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T17:15:08.360",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Command Injection vulnerability in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in application URL."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-518xx/CVE-2023-51888.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51888",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.240",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in the nomath() function in Mathtex v.1.05 and before allows a remote attacker to cause a denial of service via a crafted string in the application URL."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-518xx/CVE-2023-51889.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51889",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.320",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Stack Overflow vulnerability in the validate() function in Mathtex v.1.05 and before allows a remote attacker to execute arbitrary code via crafted string in the application URL."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-518xx/CVE-2023-51890.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-51890",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.380",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An infinite loop issue discovered in Mathtex 1.05 and before allows a remote attackers to consume CPU resources via crafted string in the application URL."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.yulun.ac.cn/posts/2023/fuzzing-mathtex/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-520xx/CVE-2023-52038.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-52038",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.443",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415C80 function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/1/1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-520xx/CVE-2023-52039.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-52039",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.500",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_415AA4 function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/2/2.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-520xx/CVE-2023-52040.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-52040",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.557",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in TOTOLINK X6000R v9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the sub_41284C function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Beckaf/vunl/blob/main/TOTOLINK/X6000R/3/3.md",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-522xx/CVE-2023-52285.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52285",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-17T08:15:39.013",
"lastModified": "2024-01-17T14:01:37.163",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T17:16:50.880",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "ExamSys 9150244 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro /Support/action/Pages.php s_score2."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lrx0014:examsys:9150244:*:*:*:*:*:*:*",
"matchCriteriaId": "6FFF85DA-AFA7-44DB-8F73-60A4E7CFA1DE"
}
]
}
]
}
],
"references": [
{
"url": "https://fh4ntke.medium.com/examsys-multiple-sql-injections-ef94d84e440c",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/lrx0014/ExamSys/commit/915024448428867f2228cf7f06abd1b6e65e9397",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

68
CVE-2023/CVE-2023-522xx/CVE-2023-52288.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-52288",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T04:15:08.193",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:40:15.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en flaskcode package hasta la versi\u00f3n 0.0.8 para Python. Un directory traversal no autenticado, explotable con una solicitud GET a un URI /resource-data/.txt (de views.py), permite a los atacantes leer archivos arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sujeetkv:flaskcode:*:*:*:*:*:python:*:*",
"versionEndIncluding": "0.0.8",
"matchCriteriaId": "19FE006D-1BAA-40E4-BB02-2498D26BC50A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-522xx/CVE-2023-52289.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-52289",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-13T04:15:08.240",
"lastModified": "2024-01-14T21:42:17.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:48:24.283",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en flaskcode package hasta la versi\u00f3n 0.0.8 para Python. Un directory traversal no autenticado, explotable con una solicitud POST a un URI /update-resource-data/ (desde views.py), permite a los atacantes escribir en archivos arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sujeetkv:flaskcode:*:*:*:*:*:python:*:*",
"versionEndIncluding": "0.0.8",
"matchCriteriaId": "19FE006D-1BAA-40E4-BB02-2498D26BC50A"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitlab.com/daniele_m/cve-list/-/blob/main/README.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-61xx/CVE-2023-6147.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6147",
"sourceIdentifier": "bugreport@qualys.com",
"published": "2024-01-09T08:15:36.100",
"lastModified": "2024-01-12T19:40:20.017",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-24T18:15:08.623",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -99,6 +99,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "bugreport@qualys.com"
},
{
"url": "https://www.qualys.com/security-advisories/",
"source": "bugreport@qualys.com",

8
CVE-2023/CVE-2023-61xx/CVE-2023-6148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6148",
"sourceIdentifier": "bugreport@qualys.com",
"published": "2024-01-09T09:15:42.530",
"lastModified": "2024-01-12T20:12:53.267",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-24T18:15:08.733",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -99,6 +99,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "bugreport@qualys.com"
},
{
"url": "https://www.qualys.com/security-advisories/",
"source": "bugreport@qualys.com",

122
CVE-2023/CVE-2023-61xx/CVE-2023-6184.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6184",
"sourceIdentifier": "secure@citrix.com",
"published": "2024-01-18T01:15:43.723",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T17:41:06.617",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "secure@citrix.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "secure@citrix.com",
"type": "Secondary",
@ -50,10 +80,96 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:*:*:*:*:-:*:*:*",
"versionEndIncluding": "2311",
"matchCriteriaId": "145B0427-AFE9-4C0E-AABB-A460F4D4A690"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "F9330183-B04B-46F1-9DA6-5EAF216DFCC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu1:*:*:ltsr:*:*:*",
"matchCriteriaId": "A2486FD4-AF16-4F57-836A-42A2D11012C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu2:*:*:ltsr:*:*:*",
"matchCriteriaId": "1BF66372-CFDC-42DD-87FA-480DC0565977"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:*:*:*:*",
"matchCriteriaId": "3DE66CEF-6D57-429A-9776-E5ED73827A8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu3:*:*:ltsr:*:*:*",
"matchCriteriaId": "AE1E7523-EEB7-46CE-A01E-04FACB407395"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu4:*:*:ltsr:*:*:*",
"matchCriteriaId": "0B60552E-923B-4064-96D9-0F565C58695C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu5:*:*:ltsr:*:*:*",
"matchCriteriaId": "21EC9092-FCA9-41AA-9A9B-83D7E3DABB2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu6:*:*:ltsr:*:*:*",
"matchCriteriaId": "5353646C-E3FB-4315-83C7-D6EEE258C964"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:1912:cu7:*:*:ltsr:*:*:*",
"matchCriteriaId": "0A7169FA-E416-436B-B9D1-6249E0E1BC16"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:-:*:*:ltsr:*:*:*",
"matchCriteriaId": "8AE1E7FC-9E2C-45BC-9F12-43149210D261"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu1:*:*:ltsr:*:*:*",
"matchCriteriaId": "0AEBE958-3A73-4F9D-932E-62495408A609"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu2:*:*:ltsr:*:*:*",
"matchCriteriaId": "BBD9FA8E-333E-4231-9F7D-08A604D065AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:citrix:virtual_apps_and_desktops:2203:cu3:*:*:ltsr:*:*:*",
"matchCriteriaId": "9E928A6F-EEAF-4142-BA77-30845345C28D"
}
]
}
]
}
],
"references": [
{
"url": "https://support.citrix.com/article/CTX583930/citrix-session-recording-security-bulletin-for-cve20236184",
"source": "secure@citrix.com"
"source": "secure@citrix.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2023/CVE-2023-66xx/CVE-2023-6697.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6697",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-24T14:15:08.320",
"lastModified": "2024-01-24T14:15:08.320",
"vulnStatus": "Received",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

74
CVE-2024/CVE-2024-04xx/CVE-2024-0405.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0405",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-17T05:15:08.913",
"lastModified": "2024-01-17T14:01:41.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T17:23:09.773",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -38,22 +58,64 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:burst-statistics:burst_statistics:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.5.3",
"matchCriteriaId": "9F853FB9-9EFB-4C32-8B72-14D6082A48C7"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L380",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L926",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-06xx/CVE-2024-0647.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0647",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-17T19:15:08.480",
"lastModified": "2024-01-22T06:15:07.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:05:58.343",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sparksuite:simplemde:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.11.2",
"matchCriteriaId": "FAC48EE7-035E-4516-B0EA-8EA1475752C0"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.251373",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251373",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.youtube.com/watch?v=KtDjoJlrpAc",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
}
]
}

59
CVE-2024/CVE-2024-06xx/CVE-2024-0650.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0650",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-18T00:15:38.183",
"lastModified": "2024-01-18T13:42:01.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:18:06.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oretnom23:visitor_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0D9DBF1C-8589-4C4B-BAAB-BEDF11FD03D9"
}
]
}
]
}
],
"references": [
{
"url": "https://torada.notion.site/XSS-at-datatest-php-660aabd1437d4df7a492d19a461a1f3c?pvs=4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.251376",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.251376",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

50
CVE-2024/CVE-2024-216xx/CVE-2024-21670.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-21670",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-16T22:15:45.810",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:14:10.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being \"not revoked\" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected."
},
{
"lang": "es",
"value": "Ursa es una librer\u00eda criptogr\u00e1fica para usar con blockchains. El esquema de revocaci\u00f3n que forma parte de las implementaciones de Ursa CL-Signatures tiene un fallo que podr\u00eda afectar las garant\u00edas de privacidad definidas por el modelo de credencial verificable de AnonCreds, permitiendo a un titular malicioso de una credencial revocada generar una prueba de no revocaci\u00f3n v\u00e1lida para esa credencial como parte de una presentaci\u00f3n de AnonCreds. Un verificador puede verificar que una credencial de un titular est\u00e1 \"not revoked\" cuando, en realidad, la credencial del titular ha sido revocada. Ursa ha pasado al estado de fin de vida \u00fatil y no se espera ninguna soluci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hyperledger:ursa:0.1.0:*:*:*:*:rust:*:*",
"matchCriteriaId": "8997F554-6E18-4F21-B042-4954CD22436D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-221xx/CVE-2024-22141.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22141",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-24T15:15:08.730",
"lastModified": "2024-01-24T15:15:08.730",
"vulnStatus": "Received",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

65
CVE-2024/CVE-2024-221xx/CVE-2024-22191.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22191",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-16T22:15:46.020",
"lastModified": "2024-01-18T16:15:08.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:13:53.947",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +70,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avohq:avo:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "2.47.0",
"matchCriteriaId": "C6D742CC-21F8-4D5B-BA37-6A3273DEEE5E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avohq:avo:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.3.0",
"matchCriteriaId": "05D03894-17B7-4A0F-B580-9BA3F9D71F7B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/avo-hq/avo/security/advisories/GHSA-ghjv-mh6x-7q6h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

50
CVE-2024/CVE-2024-221xx/CVE-2024-22192.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22192",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-16T22:15:46.220",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:13:38.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected."
},
{
"lang": "es",
"value": "Ursa es una librer\u00eda criptogr\u00e1fica para usar con blockchains. El esquema de revocaci\u00f3n que forma parte de las implementaciones de Ursa CL-Signatures tiene un fallo que podr\u00eda afectar las garant\u00edas de privacidad definidas por el modelo de credenciales verificables de AnonCreds. En particular, un verificador malicioso puede generar un identificador \u00fanico para un titular que proporcione una presentaci\u00f3n verificable que incluya una prueba de no revocaci\u00f3n. El impacto del fallo es que un verificador malicioso puede determinar un identificador \u00fanico para un titular que presenta una prueba de no revocaci\u00f3n. Ursa ha pasado al estado de fin de vida \u00fatil y no se espera ninguna soluci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hyperledger:ursa:0.1.0:*:*:*:*:rust:*:*",
"matchCriteriaId": "8997F554-6E18-4F21-B042-4954CD22436D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-222xx/CVE-2024-22229.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22229",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-01-24T17:15:08.410",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-117"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

51
CVE-2024/CVE-2024-224xx/CVE-2024-22406.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22406",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-16T23:15:08.233",
"lastModified": "2024-01-17T00:03:29.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T17:04:06.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the \u201caggregations\u201d object. The \u2018name\u2019 field in this \u201caggregations\u201d object is vulnerable SQL-injection and can be exploited using time-based SQL-queries. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version."
},
{
"lang": "es",
"value": "Shopware es una plataforma de comercio abierta y sin cabeza. La API de la aplicaci\u00f3n Shopware contiene una funci\u00f3n de b\u00fasqueda que permite a los usuarios buscar informaci\u00f3n almacenada en su instancia de Shopware. Las b\u00fasquedas realizadas por esta funci\u00f3n se pueden agregar utilizando los par\u00e1metros del objeto \u201caggregations\u201d. El campo 'name' en este objeto de \"aggregations\" es vulnerable a una inyecci\u00f3n SQL y puede explotarse mediante consultas SQL basadas en tiempo. Este problema se solucion\u00f3 y se recomienda a los usuarios que actualicen a Shopware 6.5.7.4. Para versiones anteriores de 6.1, 6.2, 6.3 y 6.4, las medidas de seguridad correspondientes tambi\u00e9n est\u00e1n disponibles a trav\u00e9s de un complemento. Para obtener la gama completa de funciones, recomendamos actualizar a la \u00faltima versi\u00f3n de Shopware."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.7.4",
"matchCriteriaId": "0B083B7F-D749-44B1-8C9C-2A28013E210E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-224xx/CVE-2024-22407.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22407",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-16T23:15:08.453",
"lastModified": "2024-01-17T00:03:29.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T17:03:42.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order state. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version."
},
{
"lang": "es",
"value": "Shopware es una plataforma de comercio abierta y sin cabeza. En Shopware CMS, el controlador de estado de los pedidos no verifica suficientemente las autorizaciones del usuario para las acciones que modifican el pago, la entrega y/o el estado del pedido. Debido a esta implementaci\u00f3n inadecuada, los usuarios que carecen de permisos de \"write\" para pedidos a\u00fan pueden cambiar el estado del pedido. Este problema se solucion\u00f3 y se recomienda a los usuarios que actualicen a Shopware 6.5.7.4. Para versiones anteriores de 6.1, 6.2, 6.3 y 6.4, las medidas de seguridad correspondientes tambi\u00e9n est\u00e1n disponibles a trav\u00e9s de un complemento. Para obtener la gama completa de funciones, recomendamos actualizar a la \u00faltima versi\u00f3n de Shopware."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shopware:shopware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5.7.4",
"matchCriteriaId": "0B083B7F-D749-44B1-8C9C-2A28013E210E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/shopware/shopware/security/advisories/GHSA-3867-jc5c-66qf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-224xx/CVE-2024-22411.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22411",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-16T22:15:46.420",
"lastModified": "2024-01-19T18:15:08.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T18:54:46.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,26 +70,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avohq:avo:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "2.47.0",
"matchCriteriaId": "C6D742CC-21F8-4D5B-BA37-6A3273DEEE5E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avohq:avo:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "3.0.2",
"versionEndExcluding": "3.3.0",
"matchCriteriaId": "37F0D6C0-F1CD-4FD1-BA3B-C44080BE2770"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avohq:avo:3.0.0:pre12:*:*:*:ruby:*:*",
"matchCriteriaId": "33F74798-D928-4FA3-B890-81C43DAC8F91"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/avo-hq/avo/releases/tag/v2.47.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/avo-hq/avo/releases/tag/v3.3.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/avo-hq/avo/security/advisories/GHSA-g8vp-2v5p-9qfh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-226xx/CVE-2024-22651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22651",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T16:15:08.630",
"lastModified": "2024-01-24T16:15:08.630",
"vulnStatus": "Received",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

20
CVE-2024/CVE-2024-227xx/CVE-2024-22720.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22720",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T18:15:08.820",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature."
}
],
"metrics": {},
"references": [
{
"url": "https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-227xx/CVE-2024-22725.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22725",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T16:15:08.687",
"lastModified": "2024-01-24T16:15:08.687",
"vulnStatus": "Received",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

85
CVE-2024/CVE-2024-229xx/CVE-2024-22916.json
View File

@ -2,23 +2,98 @@
"id": "CVE-2024-22916",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-16T22:15:46.613",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-24T17:04:22.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow."
},
{
"lang": "es",
"value": "En D-LINK Go-RT-AC750 v101b03, la funci\u00f3n sprintf en la funci\u00f3n sub_40E700 dentro de cgibin es susceptible al desbordamiento de pila."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:go-rt-ac750_firmware:101b03:*:*:*:*:*:*:*",
"matchCriteriaId": "11857770-E809-483A-993F-1C827428B334"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:go-rt-ac750:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE067003-B0B5-4419-8BB3-A31C015276D0"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://kee02p.github.io/2024/01/13/CVE-2024-22916/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

59
CVE-2024/CVE-2024-236xx/CVE-2024-23641.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23641",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-24T17:15:08.600",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-236xx/CVE-2024-23648.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23648",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-24T18:15:08.877",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the \"Host\" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a \"Host\" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-236xx/CVE-2024-23649.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-23649",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-24T18:15:09.103",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports.\n\nCreating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported:\n\nAny authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance.\n\nVersion 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://github.com/LemmyNet/lemmy/commit/bc32b408b523b9b64aa57b8e47748f96cce0dae5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/LemmyNet/lemmy/security/advisories/GHSA-r64r-5h43-26qv",
"source": "security-advisories@github.com"
}
]
}

24
CVE-2024/CVE-2024-238xx/CVE-2024-23897.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23897",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.370",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

24
CVE-2024/CVE-2024-238xx/CVE-2024-23898.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23898",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.420",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

24
CVE-2024/CVE-2024-238xx/CVE-2024-23899.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23899",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.467",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

24
CVE-2024/CVE-2024-239xx/CVE-2024-23900.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23900",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.523",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

24
CVE-2024/CVE-2024-239xx/CVE-2024-23901.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23901",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.563",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3040",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

24
CVE-2024/CVE-2024-239xx/CVE-2024-23902.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23902",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.610",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3251",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

24
CVE-2024/CVE-2024-239xx/CVE-2024-23903.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23903",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.653",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-2871",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

24
CVE-2024/CVE-2024-239xx/CVE-2024-23904.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23904",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.707",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3334",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

24
CVE-2024/CVE-2024-239xx/CVE-2024-23905.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23905",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-01-24T18:15:09.750",
"lastModified": "2024-01-24T18:45:30.823",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/6",
"source": "jenkinsci-cert@googlegroups.com"
},
{
"url": "https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3322",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

89
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-24T17:00:26.068872+00:00
2024-01-24T19:00:25.942114+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-24T16:58:50.313000+00:00
2024-01-24T18:54:46.323000+00:00
```
### Last Data Feed Release
@ -29,48 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236737
236762
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `25`
* [CVE-2023-44281](CVE-2023/CVE-2023-442xx/CVE-2023-44281.json) (`2024-01-24T16:15:08.110`)
* [CVE-2024-22141](CVE-2024/CVE-2024-221xx/CVE-2024-22141.json) (`2024-01-24T15:15:08.730`)
* [CVE-2024-22651](CVE-2024/CVE-2024-226xx/CVE-2024-22651.json) (`2024-01-24T16:15:08.630`)
* [CVE-2024-22725](CVE-2024/CVE-2024-227xx/CVE-2024-22725.json) (`2024-01-24T16:15:08.687`)
* [CVE-2021-42143](CVE-2021/CVE-2021-421xx/CVE-2021-42143.json) (`2024-01-24T18:15:08.080`)
* [CVE-2021-42144](CVE-2021/CVE-2021-421xx/CVE-2021-42144.json) (`2024-01-24T18:15:08.150`)
* [CVE-2023-51888](CVE-2023/CVE-2023-518xx/CVE-2023-51888.json) (`2024-01-24T18:15:08.240`)
* [CVE-2023-51889](CVE-2023/CVE-2023-518xx/CVE-2023-51889.json) (`2024-01-24T18:15:08.320`)
* [CVE-2023-51890](CVE-2023/CVE-2023-518xx/CVE-2023-51890.json) (`2024-01-24T18:15:08.380`)
* [CVE-2023-52038](CVE-2023/CVE-2023-520xx/CVE-2023-52038.json) (`2024-01-24T18:15:08.443`)
* [CVE-2023-52039](CVE-2023/CVE-2023-520xx/CVE-2023-52039.json) (`2024-01-24T18:15:08.500`)
* [CVE-2023-52040](CVE-2023/CVE-2023-520xx/CVE-2023-52040.json) (`2024-01-24T18:15:08.557`)
* [CVE-2023-51885](CVE-2023/CVE-2023-518xx/CVE-2023-51885.json) (`2024-01-24T17:15:08.257`)
* [CVE-2023-51886](CVE-2023/CVE-2023-518xx/CVE-2023-51886.json) (`2024-01-24T17:15:08.313`)
* [CVE-2023-51887](CVE-2023/CVE-2023-518xx/CVE-2023-51887.json) (`2024-01-24T17:15:08.360`)
* [CVE-2024-22720](CVE-2024/CVE-2024-227xx/CVE-2024-22720.json) (`2024-01-24T18:15:08.820`)
* [CVE-2024-23648](CVE-2024/CVE-2024-236xx/CVE-2024-23648.json) (`2024-01-24T18:15:08.877`)
* [CVE-2024-23649](CVE-2024/CVE-2024-236xx/CVE-2024-23649.json) (`2024-01-24T18:15:09.103`)
* [CVE-2024-23897](CVE-2024/CVE-2024-238xx/CVE-2024-23897.json) (`2024-01-24T18:15:09.370`)
* [CVE-2024-23898](CVE-2024/CVE-2024-238xx/CVE-2024-23898.json) (`2024-01-24T18:15:09.420`)
* [CVE-2024-23899](CVE-2024/CVE-2024-238xx/CVE-2024-23899.json) (`2024-01-24T18:15:09.467`)
* [CVE-2024-23900](CVE-2024/CVE-2024-239xx/CVE-2024-23900.json) (`2024-01-24T18:15:09.523`)
* [CVE-2024-23901](CVE-2024/CVE-2024-239xx/CVE-2024-23901.json) (`2024-01-24T18:15:09.563`)
* [CVE-2024-23902](CVE-2024/CVE-2024-239xx/CVE-2024-23902.json) (`2024-01-24T18:15:09.610`)
* [CVE-2024-23903](CVE-2024/CVE-2024-239xx/CVE-2024-23903.json) (`2024-01-24T18:15:09.653`)
* [CVE-2024-23904](CVE-2024/CVE-2024-239xx/CVE-2024-23904.json) (`2024-01-24T18:15:09.707`)
* [CVE-2024-23905](CVE-2024/CVE-2024-239xx/CVE-2024-23905.json) (`2024-01-24T18:15:09.750`)
* [CVE-2024-22229](CVE-2024/CVE-2024-222xx/CVE-2024-22229.json) (`2024-01-24T17:15:08.410`)
* [CVE-2024-23641](CVE-2024/CVE-2024-236xx/CVE-2024-23641.json) (`2024-01-24T17:15:08.600`)
### CVEs modified in the last Commit
Recently modified CVEs: `25`
Recently modified CVEs: `37`
* [CVE-2021-4434](CVE-2021/CVE-2021-44xx/CVE-2021-4434.json) (`2024-01-24T16:02:27.587`)
* [CVE-2022-2413](CVE-2022/CVE-2022-24xx/CVE-2022-2413.json) (`2024-01-24T15:30:40.523`)
* [CVE-2022-3899](CVE-2022/CVE-2022-38xx/CVE-2022-3899.json) (`2024-01-24T15:40:49.577`)
* [CVE-2022-3836](CVE-2022/CVE-2022-38xx/CVE-2022-3836.json) (`2024-01-24T15:49:13.357`)
* [CVE-2022-3194](CVE-2022/CVE-2022-31xx/CVE-2022-3194.json) (`2024-01-24T15:55:36.690`)
* [CVE-2022-31021](CVE-2022/CVE-2022-310xx/CVE-2022-31021.json) (`2024-01-24T16:46:47.613`)
* [CVE-2022-3604](CVE-2022/CVE-2022-36xx/CVE-2022-3604.json) (`2024-01-24T16:58:49.413`)
* [CVE-2023-25295](CVE-2023/CVE-2023-252xx/CVE-2023-25295.json) (`2024-01-24T15:15:08.397`)
* [CVE-2023-50943](CVE-2023/CVE-2023-509xx/CVE-2023-50943.json) (`2024-01-24T15:15:08.537`)
* [CVE-2023-50944](CVE-2023/CVE-2023-509xx/CVE-2023-50944.json) (`2024-01-24T15:15:08.600`)
* [CVE-2023-51702](CVE-2023/CVE-2023-517xx/CVE-2023-51702.json) (`2024-01-24T15:15:08.663`)
* [CVE-2023-22527](CVE-2023/CVE-2023-225xx/CVE-2023-22527.json) (`2024-01-24T15:16:37.507`)
* [CVE-2023-50445](CVE-2023/CVE-2023-504xx/CVE-2023-50445.json) (`2024-01-24T16:15:08.313`)
* [CVE-2023-50919](CVE-2023/CVE-2023-509xx/CVE-2023-50919.json) (`2024-01-24T16:15:08.423`)
* [CVE-2023-38633](CVE-2023/CVE-2023-386xx/CVE-2023-38633.json) (`2024-01-24T16:41:49.187`)
* [CVE-2023-7234](CVE-2023/CVE-2023-72xx/CVE-2023-7234.json) (`2024-01-24T16:47:18.570`)
* [CVE-2023-49515](CVE-2023/CVE-2023-495xx/CVE-2023-49515.json) (`2024-01-24T16:48:09.680`)
* [CVE-2024-0204](CVE-2024/CVE-2024-02xx/CVE-2024-0204.json) (`2024-01-24T16:15:08.527`)
* [CVE-2024-0479](CVE-2024/CVE-2024-04xx/CVE-2024-0479.json) (`2024-01-24T16:41:00.007`)
* [CVE-2024-0480](CVE-2024/CVE-2024-04xx/CVE-2024-0480.json) (`2024-01-24T16:41:55.137`)
* [CVE-2024-0481](CVE-2024/CVE-2024-04xx/CVE-2024-0481.json) (`2024-01-24T16:43:30.163`)
* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-01-24T16:45:57.543`)
* [CVE-2024-0482](CVE-2024/CVE-2024-04xx/CVE-2024-0482.json) (`2024-01-24T16:52:03.103`)
* [CVE-2024-0483](CVE-2024/CVE-2024-04xx/CVE-2024-0483.json) (`2024-01-24T16:57:10.163`)
* [CVE-2024-22408](CVE-2024/CVE-2024-224xx/CVE-2024-22408.json) (`2024-01-24T16:58:50.313`)
* [CVE-2023-6148](CVE-2023/CVE-2023-61xx/CVE-2023-6148.json) (`2024-01-24T18:15:08.733`)
* [CVE-2023-23882](CVE-2023/CVE-2023-238xx/CVE-2023-23882.json) (`2024-01-24T18:16:34.363`)
* [CVE-2023-20271](CVE-2023/CVE-2023-202xx/CVE-2023-20271.json) (`2024-01-24T18:16:54.197`)
* [CVE-2023-36235](CVE-2023/CVE-2023-362xx/CVE-2023-36235.json) (`2024-01-24T18:17:24.737`)
* [CVE-2023-52288](CVE-2023/CVE-2023-522xx/CVE-2023-52288.json) (`2024-01-24T18:40:15.637`)
* [CVE-2023-20260](CVE-2023/CVE-2023-202xx/CVE-2023-20260.json) (`2024-01-24T18:41:03.997`)
* [CVE-2023-20258](CVE-2023/CVE-2023-202xx/CVE-2023-20258.json) (`2024-01-24T18:43:13.217`)
* [CVE-2023-20257](CVE-2023/CVE-2023-202xx/CVE-2023-20257.json) (`2024-01-24T18:43:42.877`)
* [CVE-2023-34379](CVE-2023/CVE-2023-343xx/CVE-2023-34379.json) (`2024-01-24T18:45:01.177`)
* [CVE-2023-6697](CVE-2023/CVE-2023-66xx/CVE-2023-6697.json) (`2024-01-24T18:45:34.830`)
* [CVE-2023-44281](CVE-2023/CVE-2023-442xx/CVE-2023-44281.json) (`2024-01-24T18:45:34.830`)
* [CVE-2023-52289](CVE-2023/CVE-2023-522xx/CVE-2023-52289.json) (`2024-01-24T18:48:24.283`)
* [CVE-2024-22407](CVE-2024/CVE-2024-224xx/CVE-2024-22407.json) (`2024-01-24T17:03:42.037`)
* [CVE-2024-22406](CVE-2024/CVE-2024-224xx/CVE-2024-22406.json) (`2024-01-24T17:04:06.093`)
* [CVE-2024-22916](CVE-2024/CVE-2024-229xx/CVE-2024-22916.json) (`2024-01-24T17:04:22.573`)
* [CVE-2024-0405](CVE-2024/CVE-2024-04xx/CVE-2024-0405.json) (`2024-01-24T17:23:09.773`)
* [CVE-2024-0647](CVE-2024/CVE-2024-06xx/CVE-2024-0647.json) (`2024-01-24T18:05:58.343`)
* [CVE-2024-22192](CVE-2024/CVE-2024-221xx/CVE-2024-22192.json) (`2024-01-24T18:13:38.807`)
* [CVE-2024-22191](CVE-2024/CVE-2024-221xx/CVE-2024-22191.json) (`2024-01-24T18:13:53.947`)
* [CVE-2024-21670](CVE-2024/CVE-2024-216xx/CVE-2024-21670.json) (`2024-01-24T18:14:10.497`)
* [CVE-2024-0650](CVE-2024/CVE-2024-06xx/CVE-2024-0650.json) (`2024-01-24T18:18:06.083`)
* [CVE-2024-22141](CVE-2024/CVE-2024-221xx/CVE-2024-22141.json) (`2024-01-24T18:45:34.830`)
* [CVE-2024-22651](CVE-2024/CVE-2024-226xx/CVE-2024-22651.json) (`2024-01-24T18:45:34.830`)
* [CVE-2024-22725](CVE-2024/CVE-2024-227xx/CVE-2024-22725.json) (`2024-01-24T18:45:34.830`)
* [CVE-2024-22411](CVE-2024/CVE-2024-224xx/CVE-2024-22411.json) (`2024-01-24T18:54:46.323`)
## Download and Usage