admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-13T00:55:25.285972+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-13 00:55:29 +00:00
parent 832989529b
commit ca5bda0685
24 changed files with 1885 additions and 121 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

79
CVE-2018/CVE-2018-250xx/CVE-2018-25098.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2018-25098",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-04T17:15:07.880",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:39:20.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in blockmason credit-protocol. It has been declared as problematic. Affected by this vulnerability is the function executeUcacTx of the file contracts/CreditProtocol.sol of the component UCAC Handler. The manipulation leads to denial of service. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The patch is named 082e01f18707ef995e80ebe97fcedb229a55efc5. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252799. NOTE: This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "es",
"value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad en el protocolo de cr\u00e9dito blockmason. Ha sido declarado problem\u00e1tico. La funci\u00f3n ejecutarUcacTx del archivo contracts/CreditProtocol.sol del componente UCAC Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la denegaci\u00f3n del servicio. Este producto no utiliza versiones. Esta es la raz\u00f3n por la que la informaci\u00f3n sobre las versiones afectadas y no afectadas no est\u00e1 disponible. El parche se llama 082e01f18707ef995e80ebe97fcedb229a55efc5. Se recomienda aplicar un parche para solucionar este problema. El identificador asociado de esta vulnerabilidad es VDB-252799. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-672"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,22 +105,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:blockmason:credit-protocol:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2018-04-11",
"matchCriteriaId": "5C5EDCFF-8C24-41FD-B648-8DAEF7B07CDC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/blockmason/credit-protocol/commit/082e01f18707ef995e80ebe97fcedb229a55efc5",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/blockmason/credit-protocol/pull/33",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://vuldb.com/?ctiid.252799",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252799",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2020/CVE-2020-367xx/CVE-2020-36773.json
View File

@ -2,31 +2,105 @@
"id": "CVE-2020-36773",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-04T18:16:00.713",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:39:04.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a single character code in a PDF document can map to more than one Unicode code point (e.g., for a ligature)."
},
{
"lang": "es",
"value": "Artifex Ghostscript anterior a 9.53.0 tiene una escritura y un use-after-free fuera de los l\u00edmites en devices/vector/gdevtxtw.c (para txtwrite) porque un c\u00f3digo de un solo car\u00e1cter en un documento PDF se puede asignar a m\u00e1s de un punto de c\u00f3digo Unicode. (por ejemplo, para una ligadura)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.53.0",
"matchCriteriaId": "350CC6F3-2230-4434-AFF3-29F4B9FC70C5"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=702229",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://bugzilla.opensuse.org/show_bug.cgi?id=1177922",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://git.ghostscript.com/?p=ghostpdl.git%3Ba=commit%3Bh=8c7bd787defa071c96289b7da9397f673fddb874",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs9530",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

76
CVE-2021/CVE-2021-44xx/CVE-2021-4435.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2021-4435",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-02-04T20:15:45.657",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:38:56.303",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An untrusted search path vulnerability was found in Yarn. When a victim runs certain Yarn commands in a directory with attacker-controlled content, malicious commands could be executed in unexpected ways."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de ruta de b\u00fasqueda no confiable en Yarn. Cuando una v\u00edctima ejecuta ciertos comandos de Yarn en un directorio con contenido controlado por un atacante, se podr\u00edan ejecutar comandos maliciosos de formas inesperadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
},
{
"source": "patrick@puiterwijk.org",
"type": "Secondary",
@ -46,22 +80,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:yarnpkg:yarn:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.22.13",
"matchCriteriaId": "BCBACDE9-403C-4A92-8F39-ABCF4216F7AA"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2021-4435",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262284",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/yarnpkg/yarn/commit/67fcce88935e45092ffa2674c08053f1ef5268a1",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/yarnpkg/yarn/releases/tag/v1.22.13",
"source": "patrick@puiterwijk.org"
"source": "patrick@puiterwijk.org",
"tags": [
"Release Notes"
]
}
]
}

75
CVE-2021/CVE-2021-469xx/CVE-2021-46902.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2021-46902",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-04T21:15:07.840",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:38:32.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. Path validation is mishandled, and thus an admin can read or delete files in violation of expected access controls."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en LTOS-Web-Interface en Meinberg LANTIME-Firmware antes de 6.24.029 MBGID-9343 y 7 antes de 7.04.008 MBGID-6303. La validaci\u00f3n de rutas se maneja mal y, por lo tanto, un administrador puede leer o eliminar archivos en violaci\u00f3n de los controles de acceso esperados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.24.029",
"matchCriteriaId": "02A03972-B937-4084-B6CA-327E93DBCF78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.04.008",
"matchCriteriaId": "581CBF60-2825-428A-B284-ABA0912728B7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-03-meinberg-lantime-firmware-v7-04-008-und-v6-24-029.htm",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2021/CVE-2021-469xx/CVE-2021-46903.json
View File

@ -2,19 +2,86 @@
"id": "CVE-2021-46903",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-04T21:15:07.900",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:38:22.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in LTOS-Web-Interface in Meinberg LANTIME-Firmware before 6.24.029 MBGID-9343 and 7 before 7.04.008 MBGID-6303. An admin can delete required user accounts (in violation of expected access control)."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en LTOS-Web-Interface en Meinberg LANTIME-Firmware antes de 6.24.029 MBGID-9343 y 7 antes de 7.04.008 MBGID-6303. Un administrador puede eliminar las cuentas de usuario requeridas (en violaci\u00f3n del control de acceso esperado)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.24.029",
"matchCriteriaId": "02A03972-B937-4084-B6CA-327E93DBCF78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:meinbergglobal:lantime_firmware:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.04.008",
"matchCriteriaId": "581CBF60-2825-428A-B284-ABA0912728B7"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.meinberg.de/german/news/meinberg-security-advisory-mbgsa-2021-03-meinberg-lantime-firmware-v7-04-008-und-v6-24-029.htm",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-280xx/CVE-2023-28018.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-28018",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-12T23:15:08.100",
"lastModified": "2024-02-12T23:15:08.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL Connections is vulnerable to a denial of service, caused by improper validation on certain requests. Using a specially-crafted request an attacker could exploit this vulnerability to cause denial of service for affected users.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0108430",
"source": "psirt@hcl.com"
}
]
}

74
CVE-2023/CVE-2023-499xx/CVE-2023-49950.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-49950",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-03T09:15:11.193",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:42:06.777",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Jinja templating in Logpoint SIEM 6.10.0 through 7.x before 7.3.0 does not correctly sanitize log data being displayed when using a custom Jinja template in the Alert view. A remote attacker can craft a cross-site scripting (XSS) payload and send it to any system or device that sends logs to the SIEM. If an alert is created, the payload will execute upon the alert data being viewed with that template, which can lead to sensitive data disclosure."
},
{
"lang": "es",
"value": "La plantilla de Jinja en Logpoint SIEM 6.10.0 a 7.x anterior a 7.3.0 no sanitiza correctamente los datos de registro que se muestran cuando se utiliza una plantilla de Jinja personalizada en la vista de alerta. Un atacante remoto puede crear un payload de Cross-Site Scripting (XSS) y enviarla a cualquier sistema o dispositivo que env\u00ede registros al SIEM. Si se crea una alerta, el payload se ejecutar\u00e1 cuando los datos de la alerta se vean con esa plantilla, lo que puede dar lugar a la divulgaci\u00f3n de datos confidenciales."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10.0",
"versionEndExcluding": "7.3.0",
"matchCriteriaId": "0CA92BDA-28DF-48A6-8FDF-93B959F8CE3E"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shrikeinfosec/cve-2023-49950/blob/main/cve-2023-49950.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://servicedesk.logpoint.com/hc/en-us/articles/14124495377437-Stored-XSS-Vulnerability-in-Alerts-via-Log-Injection",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-521xx/CVE-2023-52138.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-52138",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-05T15:15:08.393",
"lastModified": "2024-02-05T18:25:58.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:37:13.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.\n"
},
{
"lang": "es",
"value": "Engrampa es un administrador de archivos para el entorno MATE. Se descubre que Engrampa es vulnerable a una vulnerabilidad de Path Traversa que se puede aprovechar para lograr una ejecuci\u00f3n remota de comandos (RCE) completa en el objetivo. Mientras maneja archivos CPIO, el administrador de archivos de Engrampa sigue el enlace simb\u00f3lico, cpio de forma predeterminada seguir\u00e1 los enlaces simb\u00f3licos almacenados durante la extracci\u00f3n y el Archiver no verificar\u00e1 la ubicaci\u00f3n del enlace simb\u00f3lico, lo que conduce a escrituras arbitrarias de archivos en ubicaciones no deseadas. Cuando la v\u00edctima extrae el archivo, el atacante puede crear un archivo cpio o ISO malicioso para lograr RCE en el sistema de destino. Esta vulnerabilidad se solucion\u00f3 en el commit 63d5dfa."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,22 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +84,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mate-desktop:engrampa:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.26.2",
"matchCriteriaId": "FE120BC0-C0A9-48DB-B5CB-7C2596320D91"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-524xx/CVE-2023-52430.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52430",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T23:15:08.353",
"lastModified": "2024-02-12T23:15:08.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring."
}
],
"metrics": {},
"references": [
{
"url": "https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/greenpau/caddy-security/issues/264",
"source": "cve@mitre.org"
}
]
}

70
CVE-2023/CVE-2023-52xx/CVE-2023-5249.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5249",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-02-05T10:15:08.310",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:37:35.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Vulnerabilidad de Use After Free en Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria inadecuadas para explotar una condici\u00f3n de ejecuci\u00f3n del software. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez provocar\u00e1 un use-after-free. Este problema afecta al controlador del kernel de GPU Bifrost: de r35p0 a r40p0; Controlador del kernel de GPU Valhall: desde r35p0 hasta r40p0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "arm-security@arm.com",
"type": "Secondary",
@ -27,10 +60,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r35p0",
"versionEndIncluding": "r40p0",
"matchCriteriaId": "3D212CD6-A1C4-4602-A76B-C2A10750F1EC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r35p0",
"versionEndIncluding": "r40p0",
"matchCriteriaId": "CC3FF97F-21F8-451D-B134-028693DC4083"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
"source": "arm-security@arm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-56xx/CVE-2023-5643.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5643",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-02-05T10:15:08.410",
"lastModified": "2024-02-05T13:54:19.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:37:21.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,8 +14,41 @@
"value": "Vulnerabilidad de escritura fuera de los l\u00edmites en Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria GPU inadecuadas. Dependiendo de la configuraci\u00f3n del controlador del kernel de GPU de Mali, y si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podr\u00eda escribir en la memoria fuera de los l\u00edmites del b\u00fafer. Este problema afecta al controlador del kernel de GPU Bifrost: desde r41p0 hasta r45p0; Controlador del kernel de GPU Valhall: desde r41p0 hasta r45p0; Controlador del kernel de arquitectura de GPU Arm de quinta generaci\u00f3n: desde r41p0 hasta r45p0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "arm-security@arm.com",
"type": "Secondary",
@ -27,10 +60,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:5th_gen_gpu_architecture_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r41p0",
"versionEndExcluding": "r46p0",
"matchCriteriaId": "79D3B082-B9E0-4E02-B523-E6A040ACD88D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:bifrost_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r41p0",
"versionEndExcluding": "r46p0",
"matchCriteriaId": "B078B3A1-B574-4D0A-B0D1-F91E9A00AB21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arm:valhall_gpu_kernel_driver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "r41p0",
"versionEndExcluding": "r46p0",
"matchCriteriaId": "9553CB81-5990-4701-86D9-6F66E6AF8E77"
}
]
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
"source": "arm-security@arm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

351
CVE-2023/CVE-2023-56xx/CVE-2023-5677.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5677",
"sourceIdentifier": "product-security@axis.com",
"published": "2024-02-05T06:15:46.690",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:38:00.893",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "product-security@axis.com",
"type": "Secondary",
@ -38,10 +58,335 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:m3024-lve_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.7.7",
"matchCriteriaId": "5CD58564-8A6D-4A4A-94BC-1163A7512951"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:m3024-lve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "51A676F7-81A2-470F-B5AE-0684596CD13F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:m3025-ve_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.7.7",
"matchCriteriaId": "19DB8F9A-73CB-48EE-B493-0C89BE2338FE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:m3025-ve:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB751571-D477-4D70-90DE-7B956A752072"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:m7014_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.7.7",
"matchCriteriaId": "096D5F50-DFCB-436F-B17F-59DAB4CCDB11"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:m7014:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37A5B7B4-9C9B-48A7-8EF6-B511BEA39456"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:m7016_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.7.7",
"matchCriteriaId": "55063889-8669-4EEA-AAFD-AC8C37F61A99"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:m7016:-:*:*:*:*:*:*:*",
"matchCriteriaId": "36508E54-ED34-4706-AF59-49ACBB21B60A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:p1214-e_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.7.7",
"matchCriteriaId": "D7535314-78B5-403A-BC93-FBBDB769821C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:p1214-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0562D86-35D8-42A2-9784-BEF72209C2A0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:p7214_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.7.7",
"matchCriteriaId": "722C5352-15D9-48DD-B64A-B8EC10DA15EC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:p7214:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F038A16-4542-4249-A06E-80E5456C70BC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:p7216_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.7.7",
"matchCriteriaId": "BC60D72C-6B09-4629-A28B-D0F4248F81C0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:p7216:-:*:*:*:*:*:*:*",
"matchCriteriaId": "056BA315-23A3-431A-9F7B-A1758808DB6E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:q7401_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.7.7",
"matchCriteriaId": "4B802948-6660-49AC-BBA9-7441A525D60C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:q7401:-:*:*:*:*:*:*:*",
"matchCriteriaId": "15FBB812-E5B2-4152-AA6C-64138094FF90"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:q7404_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.7.7",
"matchCriteriaId": "087E2F65-B69A-42DA-A354-EAE4D83EDB6D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:q7404:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6021F9F-3109-4D52-9C41-478AC758DBFC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:q7414_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.7.7",
"matchCriteriaId": "AF8E6DBA-575D-4DC7-847D-4E626617A199"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:q7414:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C5592008-9957-49AD-975A-C1F6F77817AA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:q7424-r_mk_ii_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.51.3.9",
"matchCriteriaId": "75C0A14B-E3E8-4942-B87C-D71158B87905"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:axis:q7424-r_mk_ii:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6093F4BD-5C7E-4EE9-BA75-76FDA3D245FB"
}
]
}
]
}
],
"references": [
{
"url": "https://www.axis.com/dam/public/a9/dd/f1/cve-2023-5677-en-US-424335.pdf",
"source": "product-security@axis.com"
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2023/CVE-2023-58xx/CVE-2023-5800.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5800",
"sourceIdentifier": "product-security@axis.com",
"published": "2024-02-05T06:15:46.863",
"lastModified": "2024-02-05T13:54:33.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:37:47.070",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "product-security@axis.com",
"type": "Secondary",
@ -38,10 +58,65 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:axis_os:*:*:*:*:active:*:*:*",
"versionEndExcluding": "11.8.61",
"matchCriteriaId": "BB6705C7-3875-40DB-9491-A20683CDEE21"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:axis_os_2020:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "9.80.55",
"matchCriteriaId": "03238E64-BBDB-4DBE-A51C-F378C63708BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:axis:axis_os_2022:*:*:*:*:lts:*:*:*",
"versionEndExcluding": "10.12.220",
"matchCriteriaId": "FA06BD2A-7430-410E-A726-AFF0074F8692"
}
]
}
]
}
],
"references": [
{
"url": "https://www.axis.com/dam/public/89/d9/99/cve-2023-5800-en-US-424339.pdf",
"source": "product-security@axis.com"
"source": "product-security@axis.com",
"tags": [
"Vendor Advisory"
]
}
]
}

100
CVE-2023/CVE-2023-62xx/CVE-2023-6240.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6240",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-04T14:15:47.787",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:40:57.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A Marvin vulnerability side-channel leakage was found in the RSA decryption operation in the Linux Kernel. This issue may allow a network attacker to decrypt ciphertexts or forge signatures, limiting the services that use that private key."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una fuga de canal lateral de vulnerabilidad de Marvin en la operaci\u00f3n de descifrado RSA en el kernel de Linux. Este problema puede permitir que un atacante de red descifre textos cifrados o falsifique firmas, limitando los servicios que utilizan esa clave privada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 4.2
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,22 +80,76 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6240",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2250843",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://people.redhat.com/~hkario/marvin/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://securitypitfalls.wordpress.com/2023/10/16/experiment-with-side-channel-attacks-yourself/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Technical Description"
]
}
]
}

98
CVE-2023/CVE-2023-72xx/CVE-2023-7216.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7216",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-05T15:15:08.903",
"lastModified": "2024-02-05T18:25:55.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:37:01.273",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de path traversal en la utilidad CPIO. Este problema podr\u00eda permitir que un atacante remoto no autenticado enga\u00f1e a un usuario para que abra un archivo especialmente manipulado. Durante el proceso de extracci\u00f3n, el archivador podr\u00eda seguir enlaces simb\u00f3licos fuera del directorio deseado, que podr\u00edan utilizarse para ejecutar comandos arbitrarios en el sistema de destino."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -36,8 +60,22 @@
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +84,64 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gnu:cpio:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5A9AFD9F-BFA4-4007-8CF8-95927079983E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-7216",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249901",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-08xx/CVE-2024-0853.json
View File

@ -2,27 +2,94 @@
"id": "CVE-2024-0853",
"sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9",
"published": "2024-02-03T14:15:50.850",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:41:15.597",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to\nthe same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check."
},
{
"lang": "es",
"value": "curl inadvertidamente mantuvo el ID de sesi\u00f3n SSL para las conexiones en su cach\u00e9 incluso cuando fall\u00f3 la prueba de verificaci\u00f3n del estado (*OCSP stapling*). Una transferencia posterior al mismo nombre de host podr\u00eda tener \u00e9xito si la cach\u00e9 de ID de sesi\u00f3n a\u00fan estuviera actualizada, lo que luego omitir\u00eda la verificaci\u00f3n de estado de verificaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.6.0",
"matchCriteriaId": "708F32E1-FFEF-461B-BDF6-037FE54AE916"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://curl.se/docs/CVE-2024-0853.html",
"source": "2499f714-1537-4658-8207-48ae4bb9eae9"
"source": "2499f714-1537-4658-8207-48ae4bb9eae9",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://curl.se/docs/CVE-2024-0853.json",
"source": "2499f714-1537-4658-8207-48ae4bb9eae9"
"source": "2499f714-1537-4658-8207-48ae4bb9eae9",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://hackerone.com/reports/2298922",
"source": "2499f714-1537-4658-8207-48ae4bb9eae9"
"source": "2499f714-1537-4658-8207-48ae4bb9eae9",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

67
CVE-2024/CVE-2024-14xx/CVE-2024-1454.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-1454",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-12T23:15:08.410",
"lastModified": "2024-02-12T23:15:08.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.4,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1454",
"source": "secalert@redhat.com"
},
{
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263929",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9",
"source": "secalert@redhat.com"
}
]
}

70
CVE-2024/CVE-2024-247xx/CVE-2024-24762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24762",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-05T15:15:09.260",
"lastModified": "2024-02-09T19:15:24.483",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:36:41.277",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,18 +80,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tiangolo:fastapi:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.109.1",
"matchCriteriaId": "6E947690-B49E-4D5E-9511-FA2EB200CAC4"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/tiangolo/fastapi/releases/tag/0.109.1",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-247xx/CVE-2024-24768.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24768",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-05T15:15:09.607",
"lastModified": "2024-02-05T18:25:55.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:36:30.397",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.\n\n"
},
{
"lang": "es",
"value": "1Panel es un panel de gesti\u00f3n de operaci\u00f3n y mantenimiento de servidores Linux de c\u00f3digo abierto. La cookie HTTPS que viene con el panel no tiene la palabra clave Secure, lo que puede hacer que la cookie se env\u00ede en texto plano si se accede mediante HTTP. Este problema se solucion\u00f3 en la versi\u00f3n 1.9.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,18 +80,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:1panel:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B112F28A-9D5B-45B8-8201-1FA859875E7F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/1Panel-dev/1Panel/pull/3817",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-248xx/CVE-2024-24826.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24826",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-12T23:15:08.643",
"lastModified": "2024-02-12T23:15:08.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://github.com/Exiv2/exiv2/pull/2337",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w",
"source": "security-advisories@github.com"
}
]
}

81
CVE-2024/CVE-2024-250xx/CVE-2024-25062.json
View File

@ -2,23 +2,94 @@
"id": "CVE-2024-25062",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-04T16:15:45.120",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:40:40.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en libxml2 anterior a 2.11.7 y 2.12.x anterior a 2.12.5. Cuando se utiliza la interfaz del Lector XML con la validaci\u00f3n DTD y la expansi\u00f3n XInclude habilitada, el procesamiento de documentos XML manipulados puede generar un use-after-free de xmlValidatePopElement."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.11.7",
"matchCriteriaId": "971ACB1F-3D2E-4CBD-A75C-F58063898438"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xmlsoft:libxml2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.12.0",
"versionEndExcluding": "2.12.5",
"matchCriteriaId": "D4CEB958-63E0-4939-9520-406AB65425C9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/issues/604",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://gitlab.gnome.org/GNOME/libxml2/-/tags",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

73
CVE-2024/CVE-2024-250xx/CVE-2024-25089.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2024-25089",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-04T22:15:23.117",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:38:12.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes."
},
{
"lang": "es",
"value": "Malwarebytes Binisoft Windows Firewall Control anterior a 6.9.9.2 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de canalizaciones con nombre gRPC."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:malwarebytes:binisoft_windows_firewall_control:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9.9.2",
"matchCriteriaId": "86963D44-F4FE-4348-BF4F-5887508E0C86"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://hackerone.com/reports/2300061",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.binisoft.org/changelog.txt",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

63
CVE-2024/CVE-2024-251xx/CVE-2024-25112.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-25112",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-12T23:15:08.853",
"lastModified": "2024-02-12T23:15:08.853",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
},
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"references": [
{
"url": "https://github.com/Exiv2/exiv2/pull/2337",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36",
"source": "security-advisories@github.com"
}
]
}

58
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-12T23:00:24.509771+00:00
2024-02-13T00:55:25.285972+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-12T22:15:08.430000+00:00
2024-02-13T00:42:06.777000+00:00
```
### Last Data Feed Release
@ -29,44 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238210
238215
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `5`
* [CVE-2024-1250](CVE-2024/CVE-2024-12xx/CVE-2024-1250.json) (`2024-02-12T21:15:08.313`)
* [CVE-2024-1459](CVE-2024/CVE-2024-14xx/CVE-2024-1459.json) (`2024-02-12T21:15:08.533`)
* [CVE-2024-23833](CVE-2024/CVE-2024-238xx/CVE-2024-23833.json) (`2024-02-12T21:15:08.760`)
* [CVE-2024-23759](CVE-2024/CVE-2024-237xx/CVE-2024-23759.json) (`2024-02-12T22:15:08.087`)
* [CVE-2024-23760](CVE-2024/CVE-2024-237xx/CVE-2024-23760.json) (`2024-02-12T22:15:08.193`)
* [CVE-2024-23761](CVE-2024/CVE-2024-237xx/CVE-2024-23761.json) (`2024-02-12T22:15:08.247`)
* [CVE-2024-23762](CVE-2024/CVE-2024-237xx/CVE-2024-23762.json) (`2024-02-12T22:15:08.307`)
* [CVE-2024-23763](CVE-2024/CVE-2024-237xx/CVE-2024-23763.json) (`2024-02-12T22:15:08.367`)
* [CVE-2024-24337](CVE-2024/CVE-2024-243xx/CVE-2024-24337.json) (`2024-02-12T22:15:08.430`)
* [CVE-2023-28018](CVE-2023/CVE-2023-280xx/CVE-2023-28018.json) (`2024-02-12T23:15:08.100`)
* [CVE-2023-52430](CVE-2023/CVE-2023-524xx/CVE-2023-52430.json) (`2024-02-12T23:15:08.353`)
* [CVE-2024-1454](CVE-2024/CVE-2024-14xx/CVE-2024-1454.json) (`2024-02-12T23:15:08.410`)
* [CVE-2024-24826](CVE-2024/CVE-2024-248xx/CVE-2024-24826.json) (`2024-02-12T23:15:08.643`)
* [CVE-2024-25112](CVE-2024/CVE-2024-251xx/CVE-2024-25112.json) (`2024-02-12T23:15:08.853`)
### CVEs modified in the last Commit
Recently modified CVEs: `16`
Recently modified CVEs: `18`
* [CVE-2023-32474](CVE-2023/CVE-2023-324xx/CVE-2023-32474.json) (`2024-02-12T21:37:18.687`)
* [CVE-2023-32451](CVE-2023/CVE-2023-324xx/CVE-2023-32451.json) (`2024-02-12T21:37:35.780`)
* [CVE-2023-52427](CVE-2023/CVE-2023-524xx/CVE-2023-52427.json) (`2024-02-12T21:39:34.807`)
* [CVE-2024-25318](CVE-2024/CVE-2024-253xx/CVE-2024-25318.json) (`2024-02-12T21:37:44.753`)
* [CVE-2024-25451](CVE-2024/CVE-2024-254xx/CVE-2024-25451.json) (`2024-02-12T21:37:54.227`)
* [CVE-2024-25452](CVE-2024/CVE-2024-254xx/CVE-2024-25452.json) (`2024-02-12T21:38:36.037`)
* [CVE-2024-25453](CVE-2024/CVE-2024-254xx/CVE-2024-25453.json) (`2024-02-12T21:38:53.453`)
* [CVE-2024-25454](CVE-2024/CVE-2024-254xx/CVE-2024-25454.json) (`2024-02-12T21:39:19.300`)
* [CVE-2024-25417](CVE-2024/CVE-2024-254xx/CVE-2024-25417.json) (`2024-02-12T21:39:48.423`)
* [CVE-2024-25418](CVE-2024/CVE-2024-254xx/CVE-2024-25418.json) (`2024-02-12T21:39:57.963`)
* [CVE-2024-25419](CVE-2024/CVE-2024-254xx/CVE-2024-25419.json) (`2024-02-12T21:40:04.610`)
* [CVE-2024-22208](CVE-2024/CVE-2024-222xx/CVE-2024-22208.json) (`2024-02-12T21:40:50.080`)
* [CVE-2024-24559](CVE-2024/CVE-2024-245xx/CVE-2024-24559.json) (`2024-02-12T21:40:56.547`)
* [CVE-2024-24574](CVE-2024/CVE-2024-245xx/CVE-2024-24574.json) (`2024-02-12T21:41:04.237`)
* [CVE-2024-24807](CVE-2024/CVE-2024-248xx/CVE-2024-24807.json) (`2024-02-12T21:41:24.647`)
* [CVE-2024-0685](CVE-2024/CVE-2024-06xx/CVE-2024-0685.json) (`2024-02-12T22:15:07.950`)
* [CVE-2018-25098](CVE-2018/CVE-2018-250xx/CVE-2018-25098.json) (`2024-02-13T00:39:20.100`)
* [CVE-2020-36773](CVE-2020/CVE-2020-367xx/CVE-2020-36773.json) (`2024-02-13T00:39:04.533`)
* [CVE-2021-46903](CVE-2021/CVE-2021-469xx/CVE-2021-46903.json) (`2024-02-13T00:38:22.293`)
* [CVE-2021-46902](CVE-2021/CVE-2021-469xx/CVE-2021-46902.json) (`2024-02-13T00:38:32.413`)
* [CVE-2021-4435](CVE-2021/CVE-2021-44xx/CVE-2021-4435.json) (`2024-02-13T00:38:56.303`)
* [CVE-2023-7216](CVE-2023/CVE-2023-72xx/CVE-2023-7216.json) (`2024-02-13T00:37:01.273`)
* [CVE-2023-52138](CVE-2023/CVE-2023-521xx/CVE-2023-52138.json) (`2024-02-13T00:37:13.493`)
* [CVE-2023-5643](CVE-2023/CVE-2023-56xx/CVE-2023-5643.json) (`2024-02-13T00:37:21.967`)
* [CVE-2023-5249](CVE-2023/CVE-2023-52xx/CVE-2023-5249.json) (`2024-02-13T00:37:35.327`)
* [CVE-2023-5800](CVE-2023/CVE-2023-58xx/CVE-2023-5800.json) (`2024-02-13T00:37:47.070`)
* [CVE-2023-5677](CVE-2023/CVE-2023-56xx/CVE-2023-5677.json) (`2024-02-13T00:38:00.893`)
* [CVE-2023-6240](CVE-2023/CVE-2023-62xx/CVE-2023-6240.json) (`2024-02-13T00:40:57.653`)
* [CVE-2023-49950](CVE-2023/CVE-2023-499xx/CVE-2023-49950.json) (`2024-02-13T00:42:06.777`)
* [CVE-2024-24768](CVE-2024/CVE-2024-247xx/CVE-2024-24768.json) (`2024-02-13T00:36:30.397`)
* [CVE-2024-24762](CVE-2024/CVE-2024-247xx/CVE-2024-24762.json) (`2024-02-13T00:36:41.277`)
* [CVE-2024-25089](CVE-2024/CVE-2024-250xx/CVE-2024-25089.json) (`2024-02-13T00:38:12.137`)
* [CVE-2024-25062](CVE-2024/CVE-2024-250xx/CVE-2024-25062.json) (`2024-02-13T00:40:40.503`)
* [CVE-2024-0853](CVE-2024/CVE-2024-08xx/CVE-2024-0853.json) (`2024-02-13T00:41:15.597`)
## Download and Usage