From cb7cb861f2c5d6ab4f1c6b872447998939d265e3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 13 Feb 2024 17:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-02-13T17:00:24.588427+00:00 --- CVE-2001/CVE-2001-14xx/CVE-2001-1481.json | 64 +++++++-- CVE-2001/CVE-2001-15xx/CVE-2001-1537.json | 47 ++++++- CVE-2002/CVE-2002-04xx/CVE-2002-0495.json | 21 ++- CVE-2002/CVE-2002-16xx/CVE-2002-1696.json | 85 +++++++++--- CVE-2003/CVE-2003-03xx/CVE-2003-0377.json | 16 ++- CVE-2003/CVE-2003-03xx/CVE-2003-0395.json | 20 ++- CVE-2004/CVE-2004-23xx/CVE-2004-2397.json | 96 +++++++------ CVE-2005/CVE-2005-04xx/CVE-2005-0496.json | 67 +++++---- CVE-2005/CVE-2005-18xx/CVE-2005-1828.json | 50 ++++++- CVE-2005/CVE-2005-18xx/CVE-2005-1876.json | 40 ++++-- CVE-2005/CVE-2005-18xx/CVE-2005-1894.json | 29 +++- CVE-2005/CVE-2005-21xx/CVE-2005-2160.json | 33 ++++- CVE-2005/CVE-2005-22xx/CVE-2005-2209.json | 40 +++++- CVE-2005/CVE-2005-37xx/CVE-2005-3716.json | 65 ++++++++- CVE-2005/CVE-2005-38xx/CVE-2005-3803.json | 77 ++++++++++- CVE-2006/CVE-2006-71xx/CVE-2006-7142.json | 35 ++++- CVE-2007/CVE-2007-47xx/CVE-2007-4786.json | 2 +- CVE-2008/CVE-2008-09xx/CVE-2008-0961.json | 73 ++++++++-- CVE-2008/CVE-2008-11xx/CVE-2008-1160.json | 75 ++++++++-- CVE-2008/CVE-2008-14xx/CVE-2008-1440.json | 76 +++++----- CVE-2008/CVE-2008-23xx/CVE-2008-2369.json | 33 ++++- CVE-2008/CVE-2008-23xx/CVE-2008-2374.json | 145 ++++++++++++++++---- CVE-2009/CVE-2009-22xx/CVE-2009-2272.json | 51 ++++++- CVE-2010/CVE-2010-15xx/CVE-2010-1573.json | 80 +++++++++-- CVE-2010/CVE-2010-20xx/CVE-2010-2073.json | 56 ++++++-- CVE-2010/CVE-2010-27xx/CVE-2010-2772.json | 116 ++++++++++++---- CVE-2012/CVE-2012-35xx/CVE-2012-3503.json | 78 +++++++++-- CVE-2021/CVE-2021-219xx/CVE-2021-21972.json | 7 +- CVE-2021/CVE-2021-375xx/CVE-2021-37555.json | 2 +- CVE-2022/CVE-2022-299xx/CVE-2022-29953.json | 2 +- CVE-2022/CVE-2022-299xx/CVE-2022-29959.json | 4 +- CVE-2022/CVE-2022-299xx/CVE-2022-29960.json | 4 +- CVE-2022/CVE-2022-299xx/CVE-2022-29964.json | 2 +- CVE-2022/CVE-2022-300xx/CVE-2022-30018.json | 2 +- CVE-2022/CVE-2022-302xx/CVE-2022-30271.json | 2 +- CVE-2022/CVE-2022-302xx/CVE-2022-30276.json | 2 +- CVE-2022/CVE-2022-303xx/CVE-2022-30313.json | 2 +- CVE-2022/CVE-2022-303xx/CVE-2022-30314.json | 2 +- CVE-2022/CVE-2022-303xx/CVE-2022-30317.json | 2 +- CVE-2022/CVE-2022-309xx/CVE-2022-30997.json | 2 +- CVE-2022/CVE-2022-352xx/CVE-2022-35248.json | 2 +- CVE-2023/CVE-2023-265xx/CVE-2023-26562.json | 28 ++++ CVE-2023/CVE-2023-44xx/CVE-2023-4408.json | 8 +- CVE-2023/CVE-2023-452xx/CVE-2023-45206.json | 28 ++++ CVE-2023/CVE-2023-452xx/CVE-2023-45207.json | 28 ++++ CVE-2023/CVE-2023-463xx/CVE-2023-46359.json | 81 ++++++++++- CVE-2023/CVE-2023-473xx/CVE-2023-47355.json | 73 +++++++++- CVE-2023/CVE-2023-484xx/CVE-2023-48432.json | 28 ++++ CVE-2023/CVE-2023-520xx/CVE-2023-52046.json | 6 +- CVE-2023/CVE-2023-55xx/CVE-2023-5517.json | 8 +- CVE-2023/CVE-2023-56xx/CVE-2023-5679.json | 8 +- CVE-2023/CVE-2023-56xx/CVE-2023-5680.json | 4 +- CVE-2023/CVE-2023-65xx/CVE-2023-6516.json | 8 +- CVE-2023/CVE-2023-69xx/CVE-2023-6982.json | 69 +++++++++- CVE-2023/CVE-2023-69xx/CVE-2023-6989.json | 69 +++++++++- CVE-2023/CVE-2023-69xx/CVE-2023-6996.json | 69 +++++++++- CVE-2023/CVE-2023-70xx/CVE-2023-7014.json | 69 +++++++++- CVE-2024/CVE-2024-03xx/CVE-2024-0323.json | 51 ++++++- CVE-2024/CVE-2024-04xx/CVE-2024-0428.json | 68 ++++++++- CVE-2024/CVE-2024-06xx/CVE-2024-0612.json | 68 ++++++++- CVE-2024/CVE-2024-06xx/CVE-2024-0630.json | 68 ++++++++- CVE-2024/CVE-2024-06xx/CVE-2024-0659.json | 68 ++++++++- CVE-2024/CVE-2024-06xx/CVE-2024-0668.json | 78 ++++++++++- CVE-2024/CVE-2024-06xx/CVE-2024-0678.json | 68 ++++++++- CVE-2024/CVE-2024-06xx/CVE-2024-0691.json | 68 ++++++++- CVE-2024/CVE-2024-06xx/CVE-2024-0699.json | 68 ++++++++- CVE-2024/CVE-2024-10xx/CVE-2024-1096.json | 59 ++++++++ CVE-2024/CVE-2024-11xx/CVE-2024-1140.json | 59 ++++++++ CVE-2024/CVE-2024-11xx/CVE-2024-1163.json | 59 ++++++++ CVE-2024/CVE-2024-13xx/CVE-2024-1309.json | 4 +- CVE-2024/CVE-2024-220xx/CVE-2024-22024.json | 115 +++++++++++++++- CVE-2024/CVE-2024-229xx/CVE-2024-22923.json | 24 ++++ CVE-2024/CVE-2024-234xx/CVE-2024-23439.json | 59 ++++++++ CVE-2024/CVE-2024-234xx/CVE-2024-23440.json | 59 ++++++++ CVE-2024/CVE-2024-243xx/CVE-2024-24398.json | 79 ++++++++++- CVE-2024/CVE-2024-247xx/CVE-2024-24781.json | 4 +- CVE-2024/CVE-2024-247xx/CVE-2024-24782.json | 4 +- README.md | 79 +++++------ 78 files changed, 2927 insertions(+), 473 deletions(-) create mode 100644 CVE-2023/CVE-2023-265xx/CVE-2023-26562.json create mode 100644 CVE-2023/CVE-2023-452xx/CVE-2023-45206.json create mode 100644 CVE-2023/CVE-2023-452xx/CVE-2023-45207.json create mode 100644 CVE-2023/CVE-2023-484xx/CVE-2023-48432.json create mode 100644 CVE-2024/CVE-2024-10xx/CVE-2024-1096.json create mode 100644 CVE-2024/CVE-2024-11xx/CVE-2024-1140.json create mode 100644 CVE-2024/CVE-2024-11xx/CVE-2024-1163.json create mode 100644 CVE-2024/CVE-2024-229xx/CVE-2024-22923.json create mode 100644 CVE-2024/CVE-2024-234xx/CVE-2024-23439.json create mode 100644 CVE-2024/CVE-2024-234xx/CVE-2024-23440.json diff --git a/CVE-2001/CVE-2001-14xx/CVE-2001-1481.json b/CVE-2001/CVE-2001-14xx/CVE-2001-1481.json index c57987e2381..69c96f87557 100644 --- a/CVE-2001/CVE-2001-14xx/CVE-2001-1481.json +++ b/CVE-2001/CVE-2001-14xx/CVE-2001-1481.json @@ -2,8 +2,8 @@ "id": "CVE-2001-1481", "sourceIdentifier": "cve@mitre.org", "published": "2001-12-31T05:00:00.000", - "lastModified": "2017-07-11T01:29:09.587", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:20:07.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,7 +66,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-312" } ] } @@ -58,18 +80,15 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:imatix:xitami:2.4:*:*:*:*:*:*:*", - "matchCriteriaId": "2DE649DA-2818-4E06-9BD5-EBBD4A6B3861" + "criteria": "cpe:2.3:a:xitami:xitami:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.4", + "versionEndIncluding": "2.5", + "matchCriteriaId": "55683377-9A11-4C09-836A-72C525E9C7C9" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:imatix:xitami:2.5:*:*:*:*:*:*:*", - "matchCriteriaId": "D3DE159E-C488-4354-B571-C1DE0D920819" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:imatix:xitami:2.5_b4:*:*:*:*:*:*:*", - "matchCriteriaId": "65FF9B19-8A3D-4CB6-9AF2-3196AF204E44" + "criteria": "cpe:2.3:a:xitami:xitami:2.5:beta4:*:*:*:*:*:*", + "matchCriteriaId": "D0B58243-45AD-4E73-B790-557648A88D45" } ] } @@ -81,21 +100,36 @@ "url": "http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0109.html", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Exploit", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/archive/1/242375", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/bid/3582", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7600", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2001/CVE-2001-15xx/CVE-2001-1537.json b/CVE-2001/CVE-2001-15xx/CVE-2001-1537.json index d9e595d1f0e..79622f69f17 100644 --- a/CVE-2001/CVE-2001-15xx/CVE-2001-1537.json +++ b/CVE-2001/CVE-2001-15xx/CVE-2001-1537.json @@ -2,7 +2,7 @@ "id": "CVE-2001-1537", "sourceIdentifier": "cve@mitre.org", "published": "2001-12-31T05:00:00.000", - "lastModified": "2008-09-05T20:26:48.387", + "lastModified": "2024-02-13T16:19:41.493", "vulnStatus": "Analyzed", "descriptions": [ { @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,7 +66,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-312" } ] } @@ -58,9 +80,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:twig:webmail:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:symfony:twig:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.7.4", - "matchCriteriaId": "43B84A40-0E2F-428F-AD25-7B8AFD2C7EE0" + "matchCriteriaId": "70F56BAA-E4DF-49D6-950D-073A728B97C6" } ] } @@ -70,15 +92,26 @@ "references": [ { "url": "http://archives.neohapsis.com/archives/bugtraq/2001-11/0245.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.iss.net/security_center/static/7619.php", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/bid/3591", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2002/CVE-2002-04xx/CVE-2002-0495.json b/CVE-2002/CVE-2002-04xx/CVE-2002-0495.json index 41cb3d2a4e1..d0e6f7cf91d 100644 --- a/CVE-2002/CVE-2002-04xx/CVE-2002-0495.json +++ b/CVE-2002/CVE-2002-04xx/CVE-2002-0495.json @@ -2,7 +2,7 @@ "id": "CVE-2002-0495", "sourceIdentifier": "cve@mitre.org", "published": "2002-08-12T04:00:00.000", - "lastModified": "2008-09-05T20:28:10.570", + "lastModified": "2024-02-13T16:20:12.450", "vulnStatus": "Analyzed", "descriptions": [ { @@ -44,7 +44,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-94" } ] } @@ -58,8 +58,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cgiscript.net:cssearch:2.3:*:*:*:*:*:*:*", - "matchCriteriaId": "AE0DCE4A-11B8-408B-970C-0E000976C808" + "criteria": "cpe:2.3:a:cgiscript:cssearch_professional:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.3", + "matchCriteriaId": "C278C82B-A954-4468-AA06-D139D03DBE5D" } ] } @@ -69,12 +70,16 @@ "references": [ { "url": "http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "http://www.iss.net/security_center/static/8636.php", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Patch", "Vendor Advisory" ] @@ -83,6 +88,9 @@ "url": "http://www.securityfocus.com/archive/1/264169", "source": "cve@mitre.org", "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry", "Vendor Advisory" ] }, @@ -90,8 +98,11 @@ "url": "http://www.securityfocus.com/bid/4368", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Exploit", "Patch", + "Third Party Advisory", + "VDB Entry", "Vendor Advisory" ] } diff --git a/CVE-2002/CVE-2002-16xx/CVE-2002-1696.json b/CVE-2002/CVE-2002-16xx/CVE-2002-1696.json index 66f26574ffe..60d514aee63 100644 --- a/CVE-2002/CVE-2002-16xx/CVE-2002-1696.json +++ b/CVE-2002/CVE-2002-16xx/CVE-2002-1696.json @@ -2,8 +2,8 @@ "id": "CVE-2002-1696", "sourceIdentifier": "cve@mitre.org", "published": "2002-12-31T05:00:00.000", - "lastModified": "2017-07-11T01:29:20.667", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:20:20.100", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,13 +66,14 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-312" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -58,23 +81,29 @@ "cpeMatch": [ { "vulnerable": true, + "criteria": "cpe:2.3:a:pgp:personal_privacy:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F0276A24-52AA-423B-8D52-B9D56685198D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pgp:personal_privacy:7.0.3:*:*:*:*:*:*:*", + "matchCriteriaId": "61DDF378-20C8-4502-BE6A-85F3C579DBE3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pgp:personal_privacy:7.0.4:*:*:*:*:*:*:*", + "matchCriteriaId": "477D315D-D040-463A-B1B5-43F3FF5CF1F9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, "criteria": "cpe:2.3:a:microsoft:outlook:98:*:*:*:*:*:*:*", "matchCriteriaId": "52970A43-173E-477B-80BF-6FDBB6B0EECD" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pgp:pgp:7.0:*:*:*:*:*:*:*", - "matchCriteriaId": "A50605E3-3955-44C8-883C-B5D7598FF8C6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pgp:pgp:7.0.3:*:*:*:*:*:*:*", - "matchCriteriaId": "7991F5E4-8302-417A-81B8-BBD5D3B87BB6" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:pgp:pgp:7.0.4:*:*:*:*:*:*:*", - "matchCriteriaId": "6276F384-4A11-43C6-9863-87C401295E9F" } ] } @@ -82,13 +111,29 @@ } ], "references": [ + { + "url": "http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=528", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, { "url": "http://www.securityfocus.com/bid/3825", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7900", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2003/CVE-2003-03xx/CVE-2003-0377.json b/CVE-2003/CVE-2003-03xx/CVE-2003-0377.json index 9ae9d413c9e..642e6ee5079 100644 --- a/CVE-2003/CVE-2003-03xx/CVE-2003-0377.json +++ b/CVE-2003/CVE-2003-03xx/CVE-2003-0377.json @@ -2,8 +2,8 @@ "id": "CVE-2003-0377", "sourceIdentifier": "cve@mitre.org", "published": "2003-06-16T04:00:00.000", - "lastModified": "2016-10-18T02:33:09.387", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:47:26.647", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -48,7 +48,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-89" } ] } @@ -62,8 +62,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:iisprotect:iisprotect:2.2_r4:*:*:*:*:*:*:*", - "matchCriteriaId": "CD53BCD3-10D6-478D-8992-219E9C96383D" + "criteria": "cpe:2.3:a:iisprotect:iisprotect:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.2", + "matchCriteriaId": "E8E46860-7D7D-4020-A163-064C6F8F2BCC" } ] } @@ -73,7 +74,10 @@ "references": [ { "url": "http://marc.info/?l=bugtraq&m=105370528728225&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2003/CVE-2003-03xx/CVE-2003-0395.json b/CVE-2003/CVE-2003-03xx/CVE-2003-0395.json index c3bacc1d411..896e010a0f4 100644 --- a/CVE-2003/CVE-2003-03xx/CVE-2003-0395.json +++ b/CVE-2003/CVE-2003-03xx/CVE-2003-0395.json @@ -2,8 +2,8 @@ "id": "CVE-2003-0395", "sourceIdentifier": "cve@mitre.org", "published": "2003-07-02T04:00:00.000", - "lastModified": "2016-10-18T02:33:21.310", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:14:50.843", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -48,7 +48,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-94" } ] } @@ -62,8 +62,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:php_outburst:ultimate_php_board_upb:1.9:*:*:*:*:*:*:*", - "matchCriteriaId": "9DBFC874-222F-4434-BAE8-FB8CF1AF82FD" + "criteria": "cpe:2.3:a:myupb:ultimate_php_board:1.9:*:*:*:*:*:*:*", + "matchCriteriaId": "17CE89DE-FFD5-41F2-B968-0C5A4A9E19DB" } ] } @@ -73,11 +73,17 @@ "references": [ { "url": "http://f0kp.iplus.ru/bz/024.en.txt", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://marc.info/?l=bugtraq&m=105379741528925&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2004/CVE-2004-23xx/CVE-2004-2397.json b/CVE-2004/CVE-2004-23xx/CVE-2004-2397.json index 315ca6e5a90..587fcfda98b 100644 --- a/CVE-2004/CVE-2004-23xx/CVE-2004-2397.json +++ b/CVE-2004/CVE-2004-23xx/CVE-2004-2397.json @@ -2,8 +2,8 @@ "id": "CVE-2004-2397", "sourceIdentifier": "cve@mitre.org", "published": "2004-12-31T05:00:00.000", - "lastModified": "2017-07-11T01:31:51.780", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:17:43.783", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,7 +66,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-312" } ] } @@ -58,43 +80,15 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:bluecoat:security_gateway_os:3.0:*:*:*:*:*:*:*", - "matchCriteriaId": "863A9F8D-4A81-45D2-83B9-6847372456E0" + "criteria": "cpe:2.3:o:broadcom:bluecoat_security_gateway:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.0", + "versionEndIncluding": "3.1.3.13", + "matchCriteriaId": "9D36D10A-620C-4D8F-A4B4-50BC2C43AEF5" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:bluecoat:security_gateway_os:3.1:*:*:*:*:*:*:*", - "matchCriteriaId": "35CB1103-6811-46F7-A461-6AFEEBF70B60" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:bluecoat:security_gateway_os:3.1.2:*:*:*:*:*:*:*", - "matchCriteriaId": "D50CBFD7-F700-4622-B4B3-6C284AEBBF89" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:bluecoat:security_gateway_os:3.1.2.2:*:*:*:*:*:*:*", - "matchCriteriaId": "0E415758-A354-4C66-A2F2-4E6CEABB198F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:bluecoat:security_gateway_os:3.1.3.2:*:*:*:*:*:*:*", - "matchCriteriaId": "59B74B64-3DA5-48C8-8EAF-FD117F4E715F" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:bluecoat:security_gateway_os:3.1.3.7:*:*:*:*:*:*:*", - "matchCriteriaId": "87327EF6-E74E-45B8-8584-25317D3D9E15" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:bluecoat:security_gateway_os:3.1.3.13:*:*:*:*:*:*:*", - "matchCriteriaId": "C01296B5-3D2A-4B0F-A345-266C1F70E7CF" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:bluecoat:security_gateway_os:3.2.1:*:*:*:*:*:*:*", - "matchCriteriaId": "350121FE-7A0A-4610-A038-18134C47EB68" + "criteria": "cpe:2.3:o:broadcom:bluecoat_security_gateway:3.2.1:*:*:*:*:*:*:*", + "matchCriteriaId": "4750874F-6408-440B-B4A2-D9413CE48CE9" } ] } @@ -102,24 +96,48 @@ } ], "references": [ + { + "url": "http://secunia.com/advisories/11627", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Patch", + "Vendor Advisory" + ] + }, { "url": "http://www.bluecoat.com/support/knowledge/advisory_private_key_compromise.html", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Patch", "Vendor Advisory" ] }, + { + "url": "http://www.osvdb.org/6218", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, { "url": "http://www.securityfocus.com/bid/10371", "source": "cve@mitre.org", "tags": [ - "Patch" + "Broken Link", + "Patch", + "Third Party Advisory", + "VDB Entry" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/16182", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2005/CVE-2005-04xx/CVE-2005-0496.json b/CVE-2005/CVE-2005-04xx/CVE-2005-0496.json index 19cfcc49484..120380630c2 100644 --- a/CVE-2005/CVE-2005-04xx/CVE-2005-0496.json +++ b/CVE-2005/CVE-2005-04xx/CVE-2005-0496.json @@ -2,8 +2,8 @@ "id": "CVE-2005-0496", "sourceIdentifier": "cve@mitre.org", "published": "2005-02-21T05:00:00.000", - "lastModified": "2017-07-11T01:32:19.687", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:48:37.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,7 +66,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-798" } ] } @@ -58,28 +80,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:knox_software:arkeia:4.0:*:*:*:*:*:*:*", - "matchCriteriaId": "E4C2000A-26CC-4CC6-B2DD-73BD1C57D60C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:knox_software:arkeia:4.1:*:*:*:*:*:*:*", - "matchCriteriaId": "89C0FD29-7836-4566-AB30-1EB455F2DB54" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:knox_software:arkeia:4.2:*:*:*:*:*:*:*", - "matchCriteriaId": "D77845A3-D9BF-4C82-9F8A-F6799FBACFB0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:knox_software:arkeia:5.2:*:*:*:*:*:*:*", - "matchCriteriaId": "9B181B69-A3C0-4EEC-BE6B-F084EF4CD762" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:a:knox_software:arkeia:5.3:*:*:*:*:*:*:*", - "matchCriteriaId": "1EA01DFB-FC66-49A9-89C1-4A1772A364D2" + "criteria": "cpe:2.3:a:arkeia:network_backup:5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "27E68C91-5706-445A-B88C-9F2ECF39D9DC" } ] } @@ -89,12 +91,16 @@ "references": [ { "url": "http://marc.info/?l=bugtraq&m=110900879826004&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] }, { "url": "http://metasploit.com/research/arkeia_agent/", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Vendor Advisory" ] }, @@ -102,12 +108,19 @@ "url": "http://securitytracker.com/id?1013256", "source": "cve@mitre.org", "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry", "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/20667", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2005/CVE-2005-18xx/CVE-2005-1828.json b/CVE-2005/CVE-2005-18xx/CVE-2005-1828.json index 85660b3590e..e1709e24bf5 100644 --- a/CVE-2005/CVE-2005-18xx/CVE-2005-1828.json +++ b/CVE-2005/CVE-2005-18xx/CVE-2005-1828.json @@ -2,8 +2,8 @@ "id": "CVE-2005-1828", "sourceIdentifier": "cve@mitre.org", "published": "2005-05-26T04:00:00.000", - "lastModified": "2016-10-18T03:22:45.553", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:17:56.640", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,13 +66,14 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-312" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -58,8 +81,19 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:h:d-link:dsl-504t:v1.00b01t16.eu.2004-02-17:*:*:*:*:*:*:*", - "matchCriteriaId": "92ECE3FD-3932-4BB5-B674-797C9BA33DF7" + "criteria": "cpe:2.3:o:dlink:dsl-504t_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A0B3048F-760E-42BF-8C33-D845E0EBA8B2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:dlink:dsl-504t:-:*:*:*:*:*:*:*", + "matchCriteriaId": "893741B3-B4C4-4BB3-A4FD-764AF8D5DB44" } ] } @@ -69,7 +103,11 @@ "references": [ { "url": "http://marc.info/?l=bugtraq&m=111722515805478&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2005/CVE-2005-18xx/CVE-2005-1876.json b/CVE-2005/CVE-2005-18xx/CVE-2005-1876.json index 4a10fc586c3..a37ef3ca383 100644 --- a/CVE-2005/CVE-2005-18xx/CVE-2005-1876.json +++ b/CVE-2005/CVE-2005-18xx/CVE-2005-1876.json @@ -2,8 +2,8 @@ "id": "CVE-2005-1876", "sourceIdentifier": "cve@mitre.org", "published": "2005-06-09T04:00:00.000", - "lastModified": "2016-10-18T03:23:10.730", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:19:22.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -17,23 +17,23 @@ "type": "Primary", "cvssData": { "version": "2.0", - "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", + "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "LOCAL", - "accessComplexity": "LOW", + "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", - "baseScore": 4.6 + "baseScore": 4.4 }, "baseSeverity": "MEDIUM", - "exploitabilityScore": 3.9, + "exploitabilityScore": 3.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, - "userInteractionRequired": false + "userInteractionRequired": true } ] }, @@ -44,7 +44,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-94" } ] } @@ -58,8 +58,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:cutephp:cutenews:1.3.6:*:*:*:*:*:*:*", - "matchCriteriaId": "EF7BF20D-34F9-453A-A54A-3A0B39EAAD58" + "criteria": "cpe:2.3:a:cutephp:cutenews:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.3.6", + "matchCriteriaId": "424436A1-A2C9-4B6B-90B1-4A491EED73C5" } ] } @@ -69,7 +70,24 @@ "references": [ { "url": "http://marc.info/?l=bugtraq&m=111773528322711&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/15594", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://www.osvdb.org/17030", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2005/CVE-2005-18xx/CVE-2005-1894.json b/CVE-2005/CVE-2005-18xx/CVE-2005-1894.json index d2763713288..076a1c2d71c 100644 --- a/CVE-2005/CVE-2005-18xx/CVE-2005-1894.json +++ b/CVE-2005/CVE-2005-18xx/CVE-2005-1894.json @@ -2,8 +2,8 @@ "id": "CVE-2005-1894", "sourceIdentifier": "cve@mitre.org", "published": "2005-06-09T04:00:00.000", - "lastModified": "2011-03-08T02:23:03.360", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:19:12.887", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -44,7 +44,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-94" } ] } @@ -71,21 +71,35 @@ "url": "http://flatnuke.sourceforge.net/index.php?mod=read&id=1117979256", "source": "cve@mitre.org", "tags": [ - "Patch" + "Patch", + "Product" + ] + }, + { + "url": "http://secunia.com/advisories/15603", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Patch", + "Vendor Advisory" ] }, { "url": "http://securitytracker.com/id?1014114", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Exploit", - "Patch" + "Patch", + "Third Party Advisory", + "VDB Entry" ] }, { "url": "http://secwatch.org/advisories/secwatch/20050604_flatnuke.txt", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Exploit", "Patch", "Vendor Advisory" @@ -93,7 +107,10 @@ }, { "url": "http://www.vupen.com/english/advisories/2005/0697", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2005/CVE-2005-21xx/CVE-2005-2160.json b/CVE-2005/CVE-2005-21xx/CVE-2005-2160.json index f2cb6e85a1b..1cd20ae9236 100644 --- a/CVE-2005/CVE-2005-21xx/CVE-2005-2160.json +++ b/CVE-2005/CVE-2005-21xx/CVE-2005-2160.json @@ -2,8 +2,8 @@ "id": "CVE-2005-2160", "sourceIdentifier": "cve@mitre.org", "published": "2005-07-06T04:00:00.000", - "lastModified": "2016-10-18T03:25:19.140", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:19:26.000", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,7 +66,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-312" } ] } @@ -69,7 +91,10 @@ "references": [ { "url": "http://marc.info/?l=bugtraq&m=112060187204457&w=2", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2005/CVE-2005-22xx/CVE-2005-2209.json b/CVE-2005/CVE-2005-22xx/CVE-2005-2209.json index f1cdf10ecb7..fe1d36094ff 100644 --- a/CVE-2005/CVE-2005-22xx/CVE-2005-2209.json +++ b/CVE-2005/CVE-2005-22xx/CVE-2005-2209.json @@ -2,7 +2,7 @@ "id": "CVE-2005-2209", "sourceIdentifier": "cve@mitre.org", "published": "2005-07-11T04:00:00.000", - "lastModified": "2008-09-05T20:51:10.210", + "lastModified": "2024-02-13T16:09:15.073", "vulnStatus": "Analyzed", "descriptions": [ { @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,7 +66,7 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-312" } ] } @@ -58,8 +80,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:capturix:scanshare:1.06_build_50:*:*:*:*:*:*:*", - "matchCriteriaId": "8654C317-4BDA-44BF-98E2-0815E7004B83" + "criteria": "cpe:2.3:a:capturix:scanshare:1.06:build_50:*:*:*:*:*:*", + "matchCriteriaId": "6FEA346E-C1F4-4CCC-AB84-FB2CEF73AECB" } ] } @@ -67,11 +89,21 @@ } ], "references": [ + { + "url": "http://secunia.com/advisories/15995", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, { "url": "http://securitytracker.com/id?1014409", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Exploit", + "Third Party Advisory", + "VDB Entry", "Vendor Advisory" ] } diff --git a/CVE-2005/CVE-2005-37xx/CVE-2005-3716.json b/CVE-2005/CVE-2005-37xx/CVE-2005-3716.json index 95bc1fdd77f..80b09ca9ad6 100644 --- a/CVE-2005/CVE-2005-37xx/CVE-2005-3716.json +++ b/CVE-2005/CVE-2005-37xx/CVE-2005-3716.json @@ -2,8 +2,8 @@ "id": "CVE-2005-3716", "sourceIdentifier": "cve@mitre.org", "published": "2005-11-21T11:03:00.000", - "lastModified": "2011-03-08T02:27:01.687", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:48:43.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,6 +11,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -44,13 +66,14 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-798" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -58,8 +81,19 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:h:utstarcom:f1000_wi-fi_handset:2.0:*:*:*:*:*:*:*", - "matchCriteriaId": "601784B2-1DB5-4A38-B3B6-9A1D58AAB437" + "criteria": "cpe:2.3:o:utstarcom:f1000_wi-fi_firmware:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1013A51A-5EAE-4EEA-9058-051B134E02B1" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:utstarcom:f1000_wi-fi:-:*:*:*:*:*:*:*", + "matchCriteriaId": "0D8D25BE-2AAF-4046-AA13-E3891A25653C" } ] } @@ -71,16 +105,33 @@ "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-November/038834.html", "source": "cve@mitre.org", "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/17629", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/15476", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.vupen.com/english/advisories/2005/2472", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2005/CVE-2005-38xx/CVE-2005-3803.json b/CVE-2005/CVE-2005-38xx/CVE-2005-3803.json index 4e573369818..3ddd6f40994 100644 --- a/CVE-2005/CVE-2005-38xx/CVE-2005-3803.json +++ b/CVE-2005/CVE-2005-38xx/CVE-2005-3803.json @@ -2,8 +2,8 @@ "id": "CVE-2005-3803", "sourceIdentifier": "cve@mitre.org", "published": "2005-11-24T11:03:00.000", - "lastModified": "2017-07-11T01:33:19.110", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:48:53.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,13 +70,14 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-798" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -62,8 +85,19 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:h:cisco:7920_wireless_ip_phone:1.0\\(8\\):*:*:*:*:*:*:*", - "matchCriteriaId": "EC49CD76-8263-4F8A-830E-A96F64B180F3" + "criteria": "cpe:2.3:o:cisco:unified_wireless_ip_phone_7920_firmware:1.0\\(8\\):*:*:*:*:*:*:*", + "matchCriteriaId": "180F4593-7F86-4702-B248-A3D0AB20D675" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:cisco:unified_wireless_ip_phone_7920:-:*:*:*:*:*:*:*", + "matchCriteriaId": "8CDDEF21-AD60-4F0C-9F59-BF34788D026B" } ] } @@ -71,10 +105,22 @@ } ], "references": [ + { + "url": "http://secunia.com/advisories/17604/", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Patch", + "Vendor Advisory" + ] + }, { "url": "http://securitytracker.com/id?1015232", "source": "cve@mitre.org", "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry", "Vendor Advisory" ] }, @@ -82,17 +128,34 @@ "url": "http://www.cisco.com/warp/public/707/cisco-sa-20051116-7920.shtml", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Patch", "Vendor Advisory" ] }, + { + "url": "http://www.osvdb.org/20966", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, { "url": "http://www.securityfocus.com/bid/15454", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/23067", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2006/CVE-2006-71xx/CVE-2006-7142.json b/CVE-2006/CVE-2006-71xx/CVE-2006-7142.json index 1ceb0c0d371..1681e8d809d 100644 --- a/CVE-2006/CVE-2006-71xx/CVE-2006-7142.json +++ b/CVE-2006/CVE-2006-71xx/CVE-2006-7142.json @@ -2,7 +2,7 @@ "id": "CVE-2006-7142", "sourceIdentifier": "cve@mitre.org", "published": "2007-03-07T20:19:00.000", - "lastModified": "2022-09-22T15:58:11.480", + "lastModified": "2024-02-13T16:45:26.067", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -62,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:utimaco_safeware:safeguard_easy:4.30:*:*:*:*:*:*:*", - "matchCriteriaId": "CB115995-67F9-4599-8B34-E06F010C41DD" + "criteria": "cpe:2.3:a:utimaco:safeguard:4.30:*:*:*:*:*:*:*", + "matchCriteriaId": "4DA59D49-45CE-4775-AB77-B69EBEFCC8F5" } ] } @@ -97,6 +119,13 @@ "Third Party Advisory", "VDB Entry" ] + }, + { + "url": "http://www.utimaco.fi/servlets/ActionDispatcher?action:ws3_content_get_binary=true&scope=domain&domain_id=www.utimaco.fi&page_id=/templates/ajankohtaisteksti.jsp?ws3_page_id=tiedoteartikkeli_103&form_id=&component_id=linkin_dokumentti_104", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2007/CVE-2007-47xx/CVE-2007-4786.json b/CVE-2007/CVE-2007-47xx/CVE-2007-4786.json index 3d4bb3d4f2f..b8eb596914b 100644 --- a/CVE-2007/CVE-2007-47xx/CVE-2007-4786.json +++ b/CVE-2007/CVE-2007-47xx/CVE-2007-4786.json @@ -2,7 +2,7 @@ "id": "CVE-2007-4786", "sourceIdentifier": "cve@mitre.org", "published": "2007-09-10T21:17:00.000", - "lastModified": "2024-01-25T20:59:39.773", + "lastModified": "2024-02-13T16:09:38.673", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2008/CVE-2008-09xx/CVE-2008-0961.json b/CVE-2008/CVE-2008-09xx/CVE-2008-0961.json index 737c5ced3e7..7e0740548c1 100644 --- a/CVE-2008/CVE-2008-09xx/CVE-2008-0961.json +++ b/CVE-2008/CVE-2008-09xx/CVE-2008-0961.json @@ -2,8 +2,8 @@ "id": "CVE-2008-0961", "sourceIdentifier": "cve@mitre.org", "published": "2008-04-14T16:05:00.000", - "lastModified": "2017-08-08T01:29:47.463", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:46:34.827", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-287" + "value": "CWE-798" } ] } @@ -73,23 +95,58 @@ "references": [ { "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/29778", + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://www.osvdb.org/44419", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/bid/28727", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securitytracker.com/id?1019827", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.vupen.com/english/advisories/2008/1198/references", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41772", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2008/CVE-2008-11xx/CVE-2008-1160.json b/CVE-2008/CVE-2008-11xx/CVE-2008-1160.json index 9fefeded64b..8b56910d46e 100644 --- a/CVE-2008/CVE-2008-11xx/CVE-2008-1160.json +++ b/CVE-2008/CVE-2008-11xx/CVE-2008-1160.json @@ -2,8 +2,8 @@ "id": "CVE-2008-1160", "sourceIdentifier": "cve@mitre.org", "published": "2008-03-25T00:44:00.000", - "lastModified": "2023-11-07T02:01:53.450", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:46:30.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,13 +70,14 @@ "description": [ { "lang": "en", - "value": "NVD-CWE-Other" + "value": "CWE-798" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -62,8 +85,19 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:zyxel:zywall:1050:*:*:*:*:*:*:*", - "matchCriteriaId": "89413506-1729-4BFB-AAC0-500E96B09D37" + "criteria": "cpe:2.3:o:zyxel:zywall_1050_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "12CA66DC-CD33-4EBA-8762-2F0D3591F3D9" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:zyxel:zywall_1050:-:*:*:*:*:*:*:*", + "matchCriteriaId": "51AF5F07-6FE1-4080-817B-55E63D62753A" } ] } @@ -73,37 +107,58 @@ "references": [ { "url": "http://packetstormsecurity.org/0803-exploits/ZyWALL.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://secunia.com/advisories/29237", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Vendor Advisory" ] }, { "url": "http://www.secumania.org/exploits/remote/zyxel-zywall-quagga_zebra-%28default-pass%29-remote-root-vulnerability-2008032143791/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/bid/28184", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.vupen.com/english/advisories/2008/0990/references", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Vendor Advisory" ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41424", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://www.exploit-db.com/exploits/5289", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2008/CVE-2008-14xx/CVE-2008-1440.json b/CVE-2008/CVE-2008-14xx/CVE-2008-1440.json index 28494566d7d..1c776a480c9 100644 --- a/CVE-2008/CVE-2008-14xx/CVE-2008-1440.json +++ b/CVE-2008/CVE-2008-14xx/CVE-2008-1440.json @@ -2,8 +2,8 @@ "id": "CVE-2008-1440", "sourceIdentifier": "secure@microsoft.com", "published": "2008-06-12T02:32:00.000", - "lastModified": "2018-10-12T21:45:26.023", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:09:43.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -48,7 +48,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" + "value": "CWE-1284" } ] } @@ -62,48 +62,23 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows:server_2003:*:*:*:*:*:*:*", - "matchCriteriaId": "34D1E02A-54AF-4B8B-8EA3-F29BE3FD5AFE" + "criteria": "cpe:2.3:o:microsoft:windows_server_2003:*:sp1:*:*:*:*:*:*", + "matchCriteriaId": "DA778424-6F70-4AB6-ADD5-5D4664DFE463" }, { "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows:server_2003:*:x64:*:*:*:*:*", - "matchCriteriaId": "46EBD805-C0EB-4F5E-948A-60E5CBB45C04" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows:server_2003:sp1:*:*:*:*:*:*", - "matchCriteriaId": "79F860DB-9616-4B63-A850-F5E950F667B0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows:server_2003:sp1:itanium:*:*:*:*:*", - "matchCriteriaId": "C9AF89B4-69D3-4E28-BC05-782266145C96" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows:server_2003:sp2:*:*:*:*:*:*", - "matchCriteriaId": "227A166A-39D3-49F5-89E7-0F75C7B5285C" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows:server_2003:sp2:itanium:*:*:*:*:*", - "matchCriteriaId": "CD6F46BF-46DD-477C-94CF-88DC15BE19B4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows:server_2003:sp2:x64:*:*:*:*:*", - "matchCriteriaId": "97F081F6-6E4C-47D6-86E9-4DBA520ECDC0" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp1:*:*:*:*:*:*", - "matchCriteriaId": "A74985B6-BCA5-49E3-878B-77D7FA43070C" + "criteria": "cpe:2.3:o:microsoft:windows_server_2003:-:sp2:*:*:*:*:*:*", + "matchCriteriaId": "1D929AA2-EE0B-4AA1-805D-69BCCA11B77F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*", "matchCriteriaId": "9B339C33-8896-4896-88FF-88E74FDBC543" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*", + "matchCriteriaId": "CE477A73-4EE4-41E9-8694-5A3D5DC88656" } ] } @@ -111,10 +86,20 @@ } ], "references": [ + { + "url": "http://secunia.com/advisories/30587", + "source": "secure@microsoft.com", + "tags": [ + "Broken Link", + "Permissions Required", + "Vendor Advisory" + ] + }, { "url": "http://securitytracker.com/id?1020230", "source": "secure@microsoft.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -123,13 +108,17 @@ "url": "http://www.securityfocus.com/bid/29508", "source": "secure@microsoft.com", "tags": [ - "Patch" + "Broken Link", + "Patch", + "Third Party Advisory", + "VDB Entry" ] }, { "url": "http://www.us-cert.gov/cas/techalerts/TA08-162B.html", "source": "secure@microsoft.com", "tags": [ + "Broken Link", "Third Party Advisory", "US Government Resource" ] @@ -143,11 +132,18 @@ }, { "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2008/ms08-036", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5473", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Broken Link" + ] } ] } \ No newline at end of file diff --git a/CVE-2008/CVE-2008-23xx/CVE-2008-2369.json b/CVE-2008/CVE-2008-23xx/CVE-2008-2369.json index 2344465e291..3b307dadbaa 100644 --- a/CVE-2008/CVE-2008-23xx/CVE-2008-2369.json +++ b/CVE-2008/CVE-2008-23xx/CVE-2008-2369.json @@ -2,7 +2,7 @@ "id": "CVE-2008-2369", "sourceIdentifier": "secalert@redhat.com", "published": "2008-08-14T20:41:00.000", - "lastModified": "2022-02-03T19:57:26.777", + "lastModified": "2024-02-13T16:46:38.403", "vulnStatus": "Analyzed", "descriptions": [ { @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -79,10 +101,18 @@ "Vendor Advisory" ] }, + { + "url": "http://secunia.com/advisories/31493", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, { "url": "http://securitytracker.com/id?1020694", "source": "secalert@redhat.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] @@ -91,6 +121,7 @@ "url": "http://www.securityfocus.com/bid/30679", "source": "secalert@redhat.com", "tags": [ + "Broken Link", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2008/CVE-2008-23xx/CVE-2008-2374.json b/CVE-2008/CVE-2008-23xx/CVE-2008-2374.json index e508d2fb22a..bc1d25f78ed 100644 --- a/CVE-2008/CVE-2008-23xx/CVE-2008-2374.json +++ b/CVE-2008/CVE-2008-23xx/CVE-2008-2374.json @@ -2,8 +2,8 @@ "id": "CVE-2008-2374", "sourceIdentifier": "secalert@redhat.com", "published": "2008-07-07T23:41:00.000", - "lastModified": "2017-09-29T01:31:08.913", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:09:59.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -48,11 +48,7 @@ "description": [ { "lang": "en", - "value": "CWE-20" - }, - { - "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "CWE-1284" } ] } @@ -66,15 +62,35 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:bluez:bluez_libs:*:*:*:*:*:*:*:*", - "versionEndIncluding": "3.30", - "matchCriteriaId": "F4AA090E-32D6-406E-9EF5-DE7DB52DF9F9" + "criteria": "cpe:2.3:a:bluez:bluez-libs:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.34", + "matchCriteriaId": "E07F4288-8279-44F6-A0CA-CBBAB38B9CC0" }, { "vulnerable": true, - "criteria": "cpe:2.3:a:bluez:bluez_utils:*:*:*:*:*:*:*:*", - "versionEndIncluding": "3.33", - "matchCriteriaId": "AF1A11DD-7D85-4FAD-9E8C-C2E9D027559D" + "criteria": "cpe:2.3:a:bluez:bluez-utils:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.34", + "matchCriteriaId": "1DF2F11E-16A5-40DF-9D61-886FFFD1834D" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*", + "matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*", + "matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140" } ] } @@ -84,54 +100,135 @@ "references": [ { "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/30957", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Vendor Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/31057", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/31833", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/32099", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/32279", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] + }, + { + "url": "http://secunia.com/advisories/34280", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://security.gentoo.org/glsa/glsa-200903-29.xml", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://sourceforge.net/mailarchive/message.php?msg_name=b32d44000806161327u680c290au54fd21f2fef1d58e%40mail.gmail.com", "source": "secalert@redhat.com", "tags": [ + "Broken Link", "Exploit" ] }, { "url": "http://www.bluez.org/bluez-334/", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Product" + ] }, { "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:145", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.redhat.com/support/errata/RHSA-2008-0581.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/bid/30105", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securitytracker.com/id?1020479", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.vupen.com/english/advisories/2008/2096/references", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9973", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00396.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00233.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2009/CVE-2009-22xx/CVE-2009-2272.json b/CVE-2009/CVE-2009-22xx/CVE-2009-2272.json index fdd67540fd3..1d76f245df3 100644 --- a/CVE-2009/CVE-2009-22xx/CVE-2009-2272.json +++ b/CVE-2009/CVE-2009-22xx/CVE-2009-2272.json @@ -2,8 +2,8 @@ "id": "CVE-2009-2272", "sourceIdentifier": "cve@mitre.org", "published": "2009-07-01T13:00:01.530", - "lastModified": "2018-10-10T19:39:31.883", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:10:07.367", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,13 +70,14 @@ "description": [ { "lang": "en", - "value": "CWE-310" + "value": "CWE-312" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -62,8 +85,19 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:h:huawei:d100_router:*:*:*:*:*:*:*:*", - "matchCriteriaId": "2EBDF7BC-3F37-4876-B97D-98E5A722C758" + "criteria": "cpe:2.3:o:huawei:d100_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3888666F-8B81-4535-A654-A9F5A5C3C5CB" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:huawei:d100:-:*:*:*:*:*:*:*", + "matchCriteriaId": "4A83378E-CAC4-4D97-A765-6DA634B1194A" } ] } @@ -73,7 +107,12 @@ "references": [ { "url": "http://www.securityfocus.com/archive/1/504645/100/0/threaded", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2010/CVE-2010-15xx/CVE-2010-1573.json b/CVE-2010/CVE-2010-15xx/CVE-2010-1573.json index 816866ca3b3..4ccb184d825 100644 --- a/CVE-2010/CVE-2010-15xx/CVE-2010-1573.json +++ b/CVE-2010/CVE-2010-15xx/CVE-2010-1573.json @@ -2,8 +2,8 @@ "id": "CVE-2010-1573", "sourceIdentifier": "ykramarz@cisco.com", "published": "2010-06-10T00:30:07.503", - "lastModified": "2018-10-10T19:57:31.370", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:43:20.297", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,13 +70,14 @@ "description": [ { "lang": "en", - "value": "CWE-255" + "value": "CWE-798" } ] } ], "configurations": [ { + "operator": "AND", "nodes": [ { "operator": "OR", @@ -62,14 +85,20 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:h:linksys:wap54gv3:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:o:linksys:wap54g_firmware:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.04.03", - "matchCriteriaId": "436C7351-5B61-401C-940A-88036A361525" - }, + "matchCriteriaId": "64E0DAFE-EB62-4946-90E9-A217B13BDC17" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:h:linksys:wap54gv3:3.05.03:*:*:*:*:*:*:*", - "matchCriteriaId": "BBF9E57D-6EFE-46AC-8AC6-BD5D7F9D28C3" + "vulnerable": false, + "criteria": "cpe:2.3:h:linksys:wap54g:3:*:*:*:*:*:*:*", + "matchCriteriaId": "F083058D-4127-46DE-865D-B58BDEA70688" } ] } @@ -77,10 +106,18 @@ } ], "references": [ + { + "url": "http://secunia.com/advisories/40103", + "source": "ykramarz@cisco.com", + "tags": [ + "Broken Link" + ] + }, { "url": "http://tools.cisco.com/security/center/viewAlert.x?alertId=20682", "source": "ykramarz@cisco.com", "tags": [ + "Broken Link", "Vendor Advisory" ] }, @@ -93,19 +130,36 @@ }, { "url": "http://www.securityfocus.com/archive/1/511733/100/0/threaded", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.securityfocus.com/bid/40648", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.vupen.com/english/advisories/2010/1419", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59286", - "source": "ykramarz@cisco.com" + "source": "ykramarz@cisco.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2010/CVE-2010-20xx/CVE-2010-2073.json b/CVE-2010/CVE-2010-20xx/CVE-2010-2073.json index 1baea09f7fd..92c38392084 100644 --- a/CVE-2010/CVE-2010-20xx/CVE-2010-2073.json +++ b/CVE-2010/CVE-2010-20xx/CVE-2010-2073.json @@ -2,8 +2,8 @@ "id": "CVE-2010-2073", "sourceIdentifier": "secalert@redhat.com", "published": "2010-06-16T20:30:02.577", - "lastModified": "2017-08-17T01:32:36.460", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:44:33.337", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-255" + "value": "CWE-798" } ] } @@ -62,8 +84,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:radovan_garabik:pyftpd:0.8.4:*:*:*:*:*:*:*", - "matchCriteriaId": "7F7CEFA7-9368-4A15-B395-5FB7ABC37902" + "criteria": "cpe:2.3:a:debian:pyftpd:0.8.4:*:*:*:*:*:*:*", + "matchCriteriaId": "A0248E1A-E990-489B-9DCF-1DE6AA22E18F" } ] } @@ -73,19 +95,35 @@ "references": [ { "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=585776", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "http://www.openwall.com/lists/oss-security/2010/06/13/2", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List" + ] }, { "url": "http://www.securityfocus.com/bid/40839", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59431", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2010/CVE-2010-27xx/CVE-2010-2772.json b/CVE-2010/CVE-2010-27xx/CVE-2010-2772.json index f483200a216..b5612102051 100644 --- a/CVE-2010/CVE-2010-27xx/CVE-2010-2772.json +++ b/CVE-2010/CVE-2010-27xx/CVE-2010-2772.json @@ -2,8 +2,8 @@ "id": "CVE-2010-2772", "sourceIdentifier": "cve@mitre.org", "published": "2010-07-22T05:43:58.250", - "lastModified": "2017-08-17T01:32:49.383", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:44:42.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-255" + "value": "CWE-798" } ] } @@ -60,11 +82,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:siemens:simatic_wincc:*:*:*:*:*:*:*:*", - "matchCriteriaId": "5BFCEB87-D585-40D0-8978-7697F3F038E0" - }, { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:simatic_wincc:6.2:*:*:*:*:*:*:*", @@ -85,11 +102,6 @@ "operator": "OR", "negate": false, "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:*:*:*:*:*:*:*:*", - "matchCriteriaId": "13E3BDF0-B691-4A97-A74A-A65EC910480E" - }, { "vulnerable": true, "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:6.0:*:*:*:*:*:*:*", @@ -102,8 +114,8 @@ }, { "vulnerable": true, - "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:7.0:*:*:*:*:*:*:*", - "matchCriteriaId": "D8524A6A-B9B0-40D8-BF67-3355722194A6" + "criteria": "cpe:2.3:a:siemens:simatic_pcs_7:7.0:-:*:*:*:*:*:*", + "matchCriteriaId": "BD419DE7-CB43-42E7-ACCC-82EA4913E8D2" }, { "vulnerable": true, @@ -128,58 +140,108 @@ "references": [ { "url": "http://ics-cert.us-cert.gov/advisories/ICSA-12-205-01", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "http://infoworld.com/d/security-central/new-weaponized-virus-targets-industrial-secrets-725", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Press/Media Coverage" + ] }, { "url": "http://infoworld.com/d/security-central/siemens-warns-users-dont-change-passwords-after-worm-attack-915?sourcefssr", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Press/Media Coverage" + ] }, { "url": "http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Press/Media Coverage" + ] + }, + { + "url": "http://secunia.com/advisories/40682", + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&caller=viewhttp://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=43876783&c", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "http://www.automation.siemens.com/forum/guests/PostShow.aspx?PostID=16127&16127&Language=en&PageIndex=1", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.f-secure.com/weblog/archives/00001987.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "http://www.sea.siemens.com/us/News/Industrial/Pages/WinCC_Update.aspx", "source": "cve@mitre.org", "tags": [ + "Broken Link", "Vendor Advisory" ] }, { "url": "http://www.securityfocus.com/bid/41753", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "http://www.vupen.com/english/advisories/2010/1893", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.wilderssecurity.com/showpost.php?p=1712134&postcount=22", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] }, { "url": "http://www.wired.com/threatlevel/2010/07/siemens-scada/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Press/Media Coverage", + "Third Party Advisory" + ] }, { "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/60587", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2012/CVE-2012-35xx/CVE-2012-3503.json b/CVE-2012/CVE-2012-35xx/CVE-2012-3503.json index 3f9101e9f2f..96bf4a38d13 100644 --- a/CVE-2012/CVE-2012-35xx/CVE-2012-3503.json +++ b/CVE-2012/CVE-2012-35xx/CVE-2012-3503.json @@ -2,8 +2,8 @@ "id": "CVE-2012-3503", "sourceIdentifier": "secalert@redhat.com", "published": "2012-08-25T10:29:52.693", - "lastModified": "2013-03-22T03:11:38.613", - "vulnStatus": "Modified", + "lastModified": "2024-02-13T16:44:47.863", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -48,7 +70,7 @@ "description": [ { "lang": "en", - "value": "CWE-264" + "value": "CWE-798" } ] } @@ -62,9 +84,24 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:katello:katello:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:theforeman:katello:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.0", - "matchCriteriaId": "8B6C3E1B-D83E-44AF-B993-DAB3F510BDA8" + "matchCriteriaId": "F34B126E-E093-4F11-A230-6104EE2457FF" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0" } ] } @@ -74,27 +111,48 @@ "references": [ { "url": "http://rhn.redhat.com/errata/RHSA-2012-1186.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Third Party Advisory" + ] }, { "url": "http://rhn.redhat.com/errata/RHSA-2012-1187.html", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] + }, + { + "url": "http://secunia.com/advisories/50344", + "source": "secalert@redhat.com", + "tags": [ + "Broken Link" + ] }, { "url": "http://www.securityfocus.com/bid/55140", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Broken Link", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/Katello/katello/commit/7c256fef9d75029d0ffff58ff1dcda915056d3a3", "source": "secalert@redhat.com", "tags": [ - "Exploit", "Patch" ] }, { "url": "https://github.com/Katello/katello/pull/499", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2021/CVE-2021-219xx/CVE-2021-21972.json b/CVE-2021/CVE-2021-219xx/CVE-2021-21972.json index 1fa985282e8..0afc7c68011 100644 --- a/CVE-2021/CVE-2021-219xx/CVE-2021-21972.json +++ b/CVE-2021/CVE-2021-219xx/CVE-2021-21972.json @@ -2,7 +2,7 @@ "id": "CVE-2021-21972", "sourceIdentifier": "security@vmware.com", "published": "2021-02-24T17:15:15.833", - "lastModified": "2022-07-12T17:42:04.277", + "lastModified": "2024-02-13T16:44:51.980", "vulnStatus": "Analyzed", "cisaExploitAdd": "2021-11-03", "cisaActionDue": "2021-11-17", @@ -75,10 +75,6 @@ { "lang": "en", "value": "CWE-22" - }, - { - "lang": "en", - "value": "CWE-306" } ] } @@ -319,6 +315,7 @@ "url": "http://packetstormsecurity.com/files/161590/VMware-vCenter-Server-7.0-Arbitrary-File-Upload.html", "source": "security@vmware.com", "tags": [ + "Exploit", "Third Party Advisory", "VDB Entry" ] diff --git a/CVE-2021/CVE-2021-375xx/CVE-2021-37555.json b/CVE-2021/CVE-2021-375xx/CVE-2021-37555.json index 32d3e417fa2..bc712f39d2c 100644 --- a/CVE-2021/CVE-2021-375xx/CVE-2021-37555.json +++ b/CVE-2021/CVE-2021-375xx/CVE-2021-37555.json @@ -2,7 +2,7 @@ "id": "CVE-2021-37555", "sourceIdentifier": "cve@mitre.org", "published": "2021-07-26T21:15:17.047", - "lastModified": "2021-08-09T17:56:01.450", + "lastModified": "2024-02-13T16:47:03.003", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2022/CVE-2022-299xx/CVE-2022-29953.json b/CVE-2022/CVE-2022-299xx/CVE-2022-29953.json index 22f7c930e90..79751b93b67 100644 --- a/CVE-2022/CVE-2022-299xx/CVE-2022-29953.json +++ b/CVE-2022/CVE-2022-299xx/CVE-2022-29953.json @@ -2,7 +2,7 @@ "id": "CVE-2022-29953", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-26T22:15:10.883", - "lastModified": "2022-08-02T20:50:44.867", + "lastModified": "2024-02-13T15:56:40.490", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2022/CVE-2022-299xx/CVE-2022-29959.json b/CVE-2022/CVE-2022-299xx/CVE-2022-29959.json index 5593a7f34f9..e122d2f7e4e 100644 --- a/CVE-2022/CVE-2022-299xx/CVE-2022-29959.json +++ b/CVE-2022/CVE-2022-299xx/CVE-2022-29959.json @@ -2,7 +2,7 @@ "id": "CVE-2022-29959", "sourceIdentifier": "cve@mitre.org", "published": "2022-08-16T13:15:09.100", - "lastModified": "2022-11-09T06:07:22.397", + "lastModified": "2024-02-13T16:26:08.207", "vulnStatus": "Analyzed", "descriptions": [ { @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-327" + "value": "CWE-522" } ] } diff --git a/CVE-2022/CVE-2022-299xx/CVE-2022-29960.json b/CVE-2022/CVE-2022-299xx/CVE-2022-29960.json index 521089489f8..92dd00e7d3e 100644 --- a/CVE-2022/CVE-2022-299xx/CVE-2022-29960.json +++ b/CVE-2022/CVE-2022-299xx/CVE-2022-29960.json @@ -2,7 +2,7 @@ "id": "CVE-2022-29960", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-26T22:15:11.007", - "lastModified": "2022-08-16T17:55:16.160", + "lastModified": "2024-02-13T15:57:46.467", "vulnStatus": "Analyzed", "descriptions": [ { @@ -45,7 +45,7 @@ "description": [ { "lang": "en", - "value": "CWE-327" + "value": "CWE-798" } ] } diff --git a/CVE-2022/CVE-2022-299xx/CVE-2022-29964.json b/CVE-2022/CVE-2022-299xx/CVE-2022-29964.json index 0790d4bd1db..dbdb4be65b1 100644 --- a/CVE-2022/CVE-2022-299xx/CVE-2022-29964.json +++ b/CVE-2022/CVE-2022-299xx/CVE-2022-29964.json @@ -2,7 +2,7 @@ "id": "CVE-2022-29964", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-26T22:15:11.140", - "lastModified": "2022-08-04T15:55:34.923", + "lastModified": "2024-02-13T15:57:56.543", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2022/CVE-2022-300xx/CVE-2022-30018.json b/CVE-2022/CVE-2022-300xx/CVE-2022-30018.json index fcf7e0b894b..dabfb90746a 100644 --- a/CVE-2022/CVE-2022-300xx/CVE-2022-30018.json +++ b/CVE-2022/CVE-2022-300xx/CVE-2022-30018.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30018", "sourceIdentifier": "cve@mitre.org", "published": "2022-05-19T14:15:08.003", - "lastModified": "2022-06-01T19:57:39.043", + "lastModified": "2024-02-13T16:47:14.693", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2022/CVE-2022-302xx/CVE-2022-30271.json b/CVE-2022/CVE-2022-302xx/CVE-2022-30271.json index 1bdb456dd85..72b2644cafc 100644 --- a/CVE-2022/CVE-2022-302xx/CVE-2022-30271.json +++ b/CVE-2022/CVE-2022-302xx/CVE-2022-30271.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30271", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-26T23:15:08.177", - "lastModified": "2022-08-02T20:46:49.600", + "lastModified": "2024-02-13T16:21:02.103", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2022/CVE-2022-302xx/CVE-2022-30276.json b/CVE-2022/CVE-2022-302xx/CVE-2022-30276.json index e1a50f016d1..3a09be69d48 100644 --- a/CVE-2022/CVE-2022-302xx/CVE-2022-30276.json +++ b/CVE-2022/CVE-2022-302xx/CVE-2022-30276.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30276", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-26T23:15:08.293", - "lastModified": "2022-08-09T14:30:13.127", + "lastModified": "2024-02-13T16:25:57.067", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2022/CVE-2022-303xx/CVE-2022-30313.json b/CVE-2022/CVE-2022-303xx/CVE-2022-30313.json index 82a828cbc73..c7d38a03420 100644 --- a/CVE-2022/CVE-2022-303xx/CVE-2022-30313.json +++ b/CVE-2022/CVE-2022-303xx/CVE-2022-30313.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30313", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-28T16:15:10.557", - "lastModified": "2022-08-05T22:28:00.043", + "lastModified": "2024-02-13T16:26:03.807", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2022/CVE-2022-303xx/CVE-2022-30314.json b/CVE-2022/CVE-2022-303xx/CVE-2022-30314.json index 9327a07e58e..12f5dfaf13c 100644 --- a/CVE-2022/CVE-2022-303xx/CVE-2022-30314.json +++ b/CVE-2022/CVE-2022-303xx/CVE-2022-30314.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30314", "sourceIdentifier": "cve@mitre.org", "published": "2022-07-28T16:15:10.857", - "lastModified": "2022-08-05T22:29:00.907", + "lastModified": "2024-02-13T15:58:01.707", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2022/CVE-2022-303xx/CVE-2022-30317.json b/CVE-2022/CVE-2022-303xx/CVE-2022-30317.json index 5e166345a03..f07dafab64f 100644 --- a/CVE-2022/CVE-2022-303xx/CVE-2022-30317.json +++ b/CVE-2022/CVE-2022-303xx/CVE-2022-30317.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30317", "sourceIdentifier": "cve@mitre.org", "published": "2022-08-31T16:15:11.580", - "lastModified": "2022-09-09T03:41:53.457", + "lastModified": "2024-02-13T16:43:00.487", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2022/CVE-2022-309xx/CVE-2022-30997.json b/CVE-2022/CVE-2022-309xx/CVE-2022-30997.json index e2f9326ef8a..31d2be366ab 100644 --- a/CVE-2022/CVE-2022-309xx/CVE-2022-30997.json +++ b/CVE-2022/CVE-2022-309xx/CVE-2022-30997.json @@ -2,7 +2,7 @@ "id": "CVE-2022-30997", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2022-06-28T13:15:12.607", - "lastModified": "2022-07-08T03:15:18.027", + "lastModified": "2024-02-13T15:56:20.097", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2022/CVE-2022-352xx/CVE-2022-35248.json b/CVE-2022/CVE-2022-352xx/CVE-2022-35248.json index 46dc70e197d..f82441c6576 100644 --- a/CVE-2022/CVE-2022-352xx/CVE-2022-35248.json +++ b/CVE-2022/CVE-2022-352xx/CVE-2022-35248.json @@ -2,7 +2,7 @@ "id": "CVE-2022-35248", "sourceIdentifier": "support@hackerone.com", "published": "2022-09-23T19:15:14.007", - "lastModified": "2022-09-26T18:20:28.497", + "lastModified": "2024-02-13T15:58:08.510", "vulnStatus": "Analyzed", "descriptions": [ { diff --git a/CVE-2023/CVE-2023-265xx/CVE-2023-26562.json b/CVE-2023/CVE-2023-265xx/CVE-2023-26562.json new file mode 100644 index 00000000000..9202cb0b54e --- /dev/null +++ b/CVE-2023/CVE-2023-265xx/CVE-2023-26562.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-26562", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-13T16:15:08.187", + "lastModified": "2024-02-13T16:15:08.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Zimbra Collaboration (ZCS) 8.8.15 and 9.0, a closed account (with 2FA and generated passwords) can send e-mail messages when configured for Imap/smtp." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4408.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4408.json index d4be57e627b..589e9c358dc 100644 --- a/CVE-2023/CVE-2023-44xx/CVE-2023-4408.json +++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4408.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4408", "sourceIdentifier": "security-officer@isc.org", "published": "2024-02-13T14:15:45.253", - "lastModified": "2024-02-13T14:15:45.253", - "vulnStatus": "Received", + "lastModified": "2024-02-13T16:15:08.450", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -35,6 +35,10 @@ ] }, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1", + "source": "security-officer@isc.org" + }, { "url": "https://kb.isc.org/docs/cve-2023-4408", "source": "security-officer@isc.org" diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45206.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45206.json new file mode 100644 index 00000000000..5987eb4af04 --- /dev/null +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45206.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-45206", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-13T16:15:08.257", + "lastModified": "2024-02-13T16:15:08.257", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45207.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45207.json new file mode 100644 index 00000000000..4e1757ba9e8 --- /dev/null +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45207.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-45207", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-13T16:15:08.313", + "lastModified": "2024-02-13T16:15:08.313", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. An attacker can send a PDF document through mail that contains malicious JavaScript. While previewing this file in webmail in the Chrome browser, the stored XSS payload is executed. (This has been mitigated by sanitising the JavaScript code present in a PDF document.)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46359.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46359.json index 57c933705c2..362c1902824 100644 --- a/CVE-2023/CVE-2023-463xx/CVE-2023-46359.json +++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46359.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46359", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-06T01:15:07.877", - "lastModified": "2024-02-06T13:53:38.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T16:06:48.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,86 @@ "value": "Una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en Hardy Barth cPH2 eCharge Ladestation v1.87.0 y anteriores, puede permitir que un atacante remoto no autenticado ejecute comandos arbitrarios en el sistema a trav\u00e9s de argumentos espec\u00edficamente manipulados pasados a la funci\u00f3n de verificaci\u00f3n de conectividad." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:hardy-barth:cph2_echarge_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.87.0", + "matchCriteriaId": "F88153BC-C3E4-4BD6-9794-31DC88D09D6D" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:hardy-barth:cph2_echarge:-:*:*:*:*:*:*:*", + "matchCriteriaId": "317B39E6-9C7C-407B-8968-57923019265A" + } + ] + } + ] + } + ], "references": [ { "url": "http://hardy.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Not Applicable" + ] }, { "url": "https://www.offensity.com/en/blog/os-command-injection-in-cph2-charging-station-200-cve-2023-46359-and-cve-2023-46360/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-473xx/CVE-2023-47355.json b/CVE-2023/CVE-2023-473xx/CVE-2023-47355.json index 0844fb05a78..ee6f21479fa 100644 --- a/CVE-2023/CVE-2023-473xx/CVE-2023-47355.json +++ b/CVE-2023/CVE-2023-473xx/CVE-2023-47355.json @@ -2,23 +2,86 @@ "id": "CVE-2023-47355", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-05T16:15:54.910", - "lastModified": "2024-02-05T18:25:55.213", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T16:43:37.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n com.eypcnnapps.quickreboot (tambi\u00e9n conocida como Eyuep Can Yilmaz {ROOT] Quick Reboot) 1.0.8 para Android ha expuesto receptores de transmisi\u00f3n para apagado, reinicio y recuperaci\u00f3n (por ejemplo, com.eypcnnapps.quickreboot.widget.PowerOff) que son susceptibles a transmisiones no autorizadas debido a la falta de validaci\u00f3n de entrada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:eyuepcanyilmaz:root_quick_reboot:1.0.8:*:*:*:*:*:android:*", + "matchCriteriaId": "6323C860-5079-437A-AA17-C6B0F66D11B4" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/actuator/com.eypcnnapps.quickreboot/blob/main/CWE-925.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://play.google.com/store/apps/details?id=com.eypcnnapps.quickreboot", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48432.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48432.json new file mode 100644 index 00000000000..c3f7b2efb57 --- /dev/null +++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48432.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-48432", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-13T16:15:08.380", + "lastModified": "2024-02-13T16:15:08.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. XSS, with resultant session stealing, can occur via JavaScript code in a link (for a webmail redirection endpoint) within en email message, e.g., if a victim clicks on that link within Zimbra webmail." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wiki.zimbra.com/wiki/Security_Center", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy", + "source": "cve@mitre.org" + }, + { + "url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52046.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52046.json index 2ff60b222ce..46b427db80a 100644 --- a/CVE-2023/CVE-2023-520xx/CVE-2023-52046.json +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52046.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52046", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-25T21:15:08.730", - "lastModified": "2024-01-29T15:56:54.287", + "lastModified": "2024-02-13T16:05:49.580", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,9 +59,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:gentoo:webmin:*:*:*:*:*:*:*:*", + "criteria": "cpe:2.3:a:webmin:webmin:*:*:*:*:*:*:*:*", "versionEndIncluding": "2.105", - "matchCriteriaId": "EAEA4269-E938-4716-A461-6DA9E6F37243" + "matchCriteriaId": "31EF125F-925E-4A9B-B100-2A9840924559" } ] } diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5517.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5517.json index 2857e92bde5..c8ecfb9c7f9 100644 --- a/CVE-2023/CVE-2023-55xx/CVE-2023-5517.json +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5517.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5517", "sourceIdentifier": "security-officer@isc.org", "published": "2024-02-13T14:15:45.510", - "lastModified": "2024-02-13T14:15:45.510", - "vulnStatus": "Received", + "lastModified": "2024-02-13T16:15:08.550", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -35,6 +35,10 @@ ] }, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1", + "source": "security-officer@isc.org" + }, { "url": "https://kb.isc.org/docs/cve-2023-5517", "source": "security-officer@isc.org" diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5679.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5679.json index 81929868afc..5fc8caa42aa 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5679.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5679.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5679", "sourceIdentifier": "security-officer@isc.org", "published": "2024-02-13T14:15:45.677", - "lastModified": "2024-02-13T14:15:45.677", - "vulnStatus": "Received", + "lastModified": "2024-02-13T16:15:08.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -35,6 +35,10 @@ ] }, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1", + "source": "security-officer@isc.org" + }, { "url": "https://kb.isc.org/docs/cve-2023-5679", "source": "security-officer@isc.org" diff --git a/CVE-2023/CVE-2023-56xx/CVE-2023-5680.json b/CVE-2023/CVE-2023-56xx/CVE-2023-5680.json index fc185558778..048a6eba9ed 100644 --- a/CVE-2023/CVE-2023-56xx/CVE-2023-5680.json +++ b/CVE-2023/CVE-2023-56xx/CVE-2023-5680.json @@ -2,8 +2,8 @@ "id": "CVE-2023-5680", "sourceIdentifier": "security-officer@isc.org", "published": "2024-02-13T14:15:45.850", - "lastModified": "2024-02-13T14:15:45.850", - "vulnStatus": "Received", + "lastModified": "2024-02-13T15:16:05.223", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6516.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6516.json index 06268bae39f..ccd1290e229 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6516.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6516.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6516", "sourceIdentifier": "security-officer@isc.org", "published": "2024-02-13T14:15:46.030", - "lastModified": "2024-02-13T14:15:46.030", - "vulnStatus": "Received", + "lastModified": "2024-02-13T16:15:08.743", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", @@ -35,6 +35,10 @@ ] }, "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/02/13/1", + "source": "security-officer@isc.org" + }, { "url": "https://kb.isc.org/docs/cve-2023-6516", "source": "security-officer@isc.org" diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6982.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6982.json index 8301edf7d38..eec09f9dcde 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6982.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6982.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6982", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:15:58.093", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T15:17:06.363", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Display custom fields in the frontend \u2013 Post and User Profile Fields plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode and postmeta in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Display custom fields in the frontend \u2013 Post and User Profile Fields para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado y postmeta del complemento en todas las versiones hasta la 1.2.1 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vegacorp:display_custom_fields_in_the_frontend_-_post_and_user_profile_fields:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.0", + "matchCriteriaId": "55834056-CF85-412B-B09C-28F57967A11D" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3077b84e-87af-4307-83c5-0e4b15d07ff1?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6989.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6989.json index d4ff2fb4ed3..e8c8757a373 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6989.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6989.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6989", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:15:58.603", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T15:23:09.840", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 18.5.9 via the render_action_template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files." + }, + { + "lang": "es", + "value": "El complemento Shield Security \u2013 Smart Bot Blocking & Intrusion Prevention Security para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 18.5.9 incluida, a trav\u00e9s del par\u00e1metro render_action_template. Esto hace posible que un atacante no autenticado incluya y ejecute archivos PHP en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getshieldsecurity:shield_security:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "18.5.10", + "matchCriteriaId": "03282E3D-3DAE-4357-AA03-B98C65EEA6B4" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3013699%40wp-simple-firewall&new=3013699%40wp-simple-firewall&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/063826cc-7ff3-4869-9831-f6a4a4bbe74c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6996.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6996.json index a0bdebe7738..a00a8c832ab 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6996.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6996.json @@ -2,16 +2,40 @@ "id": "CVE-2023-6996", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:15:58.773", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T16:11:03.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Display custom fields in the frontend \u2013 Post and User Profile Fields plugin for WordPress is vulnerable to Code Injection via the plugin's vg_display_data shortcode in all versions up to, and including, 1.2.1 due to insufficient input validation and restriction on access to that shortcode. This makes it possible for authenticated attackers with contributor-level and above permissions to call arbitrary functions and execute code." + }, + { + "lang": "es", + "value": "El complemento Display custom fields in the frontend \u2013 Post and User Profile Fields para WordPress es vulnerable a la inyecci\u00f3n de c\u00f3digo a trav\u00e9s del c\u00f3digo corto vg_display_data del complemento en todas las versiones hasta la 1.2.1 incluida, debido a una validaci\u00f3n de entrada insuficiente y a la restricci\u00f3n de acceso a ese c\u00f3digo corto. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores llamen a funciones arbitrarias y ejecuten c\u00f3digo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vegacorp:display_custom_fields_in_the_frontend_-_post_and_user_profile_fields:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.3.0", + "matchCriteriaId": "55834056-CF85-412B-B09C-28F57967A11D" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3021133%40shortcode-to-display-post-and-user-data&new=3021133%40shortcode-to-display-post-and-user-data&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0662c3a-5b82-4b9a-aa69-147094930d1f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7014.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7014.json index e1b9c69a9d3..fa7a246180a 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7014.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7014.json @@ -2,16 +2,40 @@ "id": "CVE-2023-7014", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:15:58.943", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T16:18:27.937", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.7.4 via the 'ma_debu' parameter. This makes it possible for unauthenticated attackers to extract sensitive data including post author emails and names if applicable." + }, + { + "lang": "es", + "value": "El complemento Author Box, Guest Author and Co-Authors for Your Posts \u2013 Molongui para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 4.7.4 incluida, a trav\u00e9s del par\u00e1metro 'ma_debu'. Esto hace posible que atacantes no autenticados extraigan datos confidenciales, incluidos los nombres y los correos electr\u00f3nicos de los autores de las publicaciones, si corresponde." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,51 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:molongui:authorship:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "4.7.5", + "matchCriteriaId": "F110C079-3E25-4DA9-B768-77342962D2B5" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3019084/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/538e9ce3-2d48-44ad-bd08-8eead3ef15c3?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0323.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0323.json index 410d549a152..b0e505bf5a8 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0323.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0323.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0323", "sourceIdentifier": "cybersecurity@ch.abb.com", "published": "2024-02-05T16:15:54.980", - "lastModified": "2024-02-05T18:25:55.213", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T15:38:16.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime (SDM modules).\n\n\n\nThe FTP server used on the B&R\nAutomation Runtime supports unsecure encryption mechanisms, such as SSLv3,\nTLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct\nman-in-the-middle attacks or to decrypt communications between the affected product\nclients. \u00a0\n\nThis issue affects Automation Runtime: from 14.0 before 14.93.\n\n" + }, + { + "lang": "es", + "value": "Uso de una vulnerabilidad de algoritmo criptogr\u00e1fico defectuoso o riesgoso en B&R Industrial Automation Automation Runtime (m\u00f3dulos SDM). El servidor FTP utilizado en B&R Automation Runtime admite mecanismos de cifrado no seguros, como SSLv3, TLSv1.0 y TLS1.1. Un atacante basado en red puede explotar las fallas para realizar ataques de intermediario o para descifrar las comunicaciones entre los clientes del producto afectado. Este problema afecta a Automation Runtime: desde 14.0 antes de 14.93." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cybersecurity@ch.abb.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:br-automation:automation_runtime:*:*:*:*:*:*:*:*", + "versionEndIncluding": "i4.93", + "matchCriteriaId": "B9413C6B-C322-4F68-8CA3-EA167591CED0" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf", - "source": "cybersecurity@ch.abb.com" + "source": "cybersecurity@ch.abb.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0428.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0428.json index eb44d8b7cb0..4d9dafb416f 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0428.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0428.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0428", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:16:01.710", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T16:02:08.357", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Index Now para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 2.6.3 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n 'reset_form'. Esto hace posible que atacantes no autenticados eliminen opciones arbitrarias del sitio mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kobzarev:index_now:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6.3", + "matchCriteriaId": "DB8750D6-DF2B-4A4F-8640-BE8B7D1CFA15" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3020958/mihdan-index-now/tags/2.6.4/src/Views/WPOSA.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c7641d52-e930-4143-9180-2903d018da91?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0612.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0612.json index 7420c4e9d4b..ada223a714d 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0612.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0612.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0612", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:16:03.003", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T15:26:17.997", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Content Views \u2013 Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El complemento Content Views \u2013 Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta la 3.6.2 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:contentviewspro:content_views:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.6.2", + "matchCriteriaId": "3C38497F-0265-44DF-A887-C5FD74327BA5" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3024861/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0630.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0630.json index 4fbf829ff28..4355b0ba925 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0630.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0630.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0630", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:16:03.170", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T15:42:35.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El complemento WP RSS Aggregator para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la fuente de alimentaci\u00f3n RSS en todas las versiones hasta la 4.23.4 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de administrador, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wprssaggregator:wp_rss_aggregator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.23.4", + "matchCriteriaId": "094F7C34-E577-4F7B-83F1-69B566E4E60A" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3026269/wp-rss-aggregator", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0659.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0659.json index 8617918fed9..66ba0577935 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0659.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0659.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0659", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:16:03.343", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T15:47:35.880", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Easy Digital Downloads \u2013 Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Easy Digital Downloads \u2013 Sell Digital Files (eCommerce Store & Payments Made Easy) para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del t\u00edtulo de la opci\u00f3n de precio variable en todas las versiones hasta la 3.2.6 incluida, debido a una sanitizaci\u00f3n de entrada insuficiente y la salida se escapa. Esto hace posible que atacantes autenticados, con acceso a nivel de administrador de tienda, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sandhillsdev:easy_digital_downloads:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.2.6", + "matchCriteriaId": "871AA9FA-B774-4439-91C1-C4687A865038" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?old_path=/easy-digital-downloads/tags/3.2.6&old=3030600&new_path=/easy-digital-downloads/tags/3.2.7&new=3030600&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0668.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0668.json index 2ec55691f2f..fc9cf3b1d32 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0668.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0668.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0668", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:16:03.700", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T16:24:26.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code." + }, + { + "lang": "es", + "value": "El complemento Advanced Database Cleaner para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en todas las versiones hasta la 3.1.3 incluida, a trav\u00e9s de la deserializaci\u00f3n de entradas que no son de confianza en la funci\u00f3n 'process_bulk_action'. Esto hace posible que un atacante autenticado, con acceso de administrador y superior, inyecte un objeto PHP. No hay ninguna cadena POP presente en el complemento vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,22 +58,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sigmaplugin:advanced_database_cleaner:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.3", + "matchCriteriaId": "D744BFB3-4A65-49E2-A503-CEC9617F231F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L224", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L298", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3025980/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b8c24b-3e51-4637-9d8e-da065077d082?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0678.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0678.json index bf6a969877a..960e3018979 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0678.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0678.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0678", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:16:03.867", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T16:36:49.713", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Order Delivery Date for WP e-Commerce para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'available-days-tf' en todas las versiones hasta la 1.2 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tychesoftwares:order_delivery_date_for_wp_e-commerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2", + "matchCriteriaId": "E30D5074-2D42-4B35-A058-7241986B8A05" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/order-delivery-date/trunk/order_delivery_date.php#L221", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Issue Tracking" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0691.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0691.json index 0bde246ed41..2fc50670728 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0691.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0691.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0691", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:16:04.037", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T16:57:26.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import." + }, + { + "lang": "es", + "value": "El complemento FileBird para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de t\u00edtulos de carpetas importados en todas las versiones hasta la 5.5.8.1 incluida, debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de administrador, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Tambi\u00e9n es posible dise\u00f1ar socialmente a un administrador para que cargue una importaci\u00f3n de carpeta maliciosa." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ninjateam:filebird:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.5.8.1", + "matchCriteriaId": "02AFAB21-063F-4AB7-8034-88DFC58CD16B" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3023924/filebird", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0699.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0699.json index 12c17dbf8b7..02d21a092be 100644 --- a/CVE-2024/CVE-2024-06xx/CVE-2024-0699.json +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0699.json @@ -2,16 +2,40 @@ "id": "CVE-2024-0699", "sourceIdentifier": "security@wordfence.com", "published": "2024-02-05T22:16:04.210", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T16:54:27.823", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n 'add_image_from_url' en todas las versiones hasta la 2.1.4 incluida. Esto hace posible que atacantes autenticados, con acceso de editor y superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security@wordfence.com", "type": "Secondary", @@ -34,14 +58,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:meowapps:ai_engine:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.1.4", + "matchCriteriaId": "4D3587CA-BA75-400E-958D-28AA4E33C4CA" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1096.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1096.json new file mode 100644 index 00000000000..d7a7ebd0f93 --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1096.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-1096", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2024-02-13T15:15:08.217", + "lastModified": "2024-02-13T15:16:05.223", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Twister Antivirus v8.17 allows Elevation of Privileges on the computer where it's installed by triggering the 0x80112067, 0x801120CB and 0x801120CC IOCTL codes of the fildds.sys driver." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "http://www.filseclab.com/en-us/products/twister.htm", + "source": "help@fluidattacks.com" + }, + { + "url": "https://fluidattacks.com/advisories/holiday/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1140.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1140.json new file mode 100644 index 00000000000..61f2ac4d7d8 --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1140.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-1140", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2024-02-13T15:15:08.437", + "lastModified": "2024-02-13T15:16:05.223", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "http://www.filseclab.com/en-us/products/twister.htm", + "source": "help@fluidattacks.com" + }, + { + "url": "https://fluidattacks.com/advisories/fitzgerald/", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1163.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1163.json new file mode 100644 index 00000000000..d363f2805b5 --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1163.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-1163", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-02-13T15:15:08.647", + "lastModified": "2024-02-13T15:16:05.223", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Path Traversal in GitHub repository mbloch/mapshaper prior to 0.6.44." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1309.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1309.json index 31266e18c11..877709b6806 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1309.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1309.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1309", "sourceIdentifier": "psirt@honeywell.com", "published": "2024-02-13T14:15:46.463", - "lastModified": "2024-02-13T14:15:46.463", - "vulnStatus": "Received", + "lastModified": "2024-02-13T15:16:05.223", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22024.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22024.json index 5f65c021b84..36f8f0f29b1 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22024.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22024.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22024", "sourceIdentifier": "support@hackerone.com", "published": "2024-02-13T04:15:07.943", - "lastModified": "2024-02-13T14:01:11.297", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-13T15:15:32.193", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -15,6 +15,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.7 + } + ], "cvssMetricV30": [ { "source": "support@hackerone.com", @@ -38,10 +60,97 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:*", + "matchCriteriaId": "06520C75-9326-4C21-8AD6-6DE1ED031959" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.2:*:*:*:*:*:*", + "matchCriteriaId": "8971445A-D65F-4C0E-906F-7AC4953C5689" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.3:*:*:*:*:*:*", + "matchCriteriaId": "014C7627-F211-48B1-80FA-3A7F608B4F23" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "C4F6AA81-68BC-40B1-9062-DD678B52AAC7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.5:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "5CF1705D-BE88-4B19-BE66-6628D8D8B688" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.5:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "49E6C8D1-612D-4C63-B3D4-D4AEE2747770" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.5:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "198A80DF-4BD5-4325-85FE-992324AB2166" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:zero_trust_access:22.6:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "E70E1C11-4209-49F0-952E-636F67187225" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-229xx/CVE-2024-22923.json b/CVE-2024/CVE-2024-229xx/CVE-2024-22923.json new file mode 100644 index 00000000000..d71c441d004 --- /dev/null +++ b/CVE-2024/CVE-2024-229xx/CVE-2024-22923.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-22923", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-13T16:15:08.847", + "lastModified": "2024-02-13T16:15:08.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://advradius.com/demo/", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/whiteman007/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23439.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23439.json new file mode 100644 index 00000000000..e3b7b6762cf --- /dev/null +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23439.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23439", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2024-02-13T15:15:08.850", + "lastModified": "2024-02-13T15:16:05.223", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/adderley/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.anti-virus.by/vba32", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-234xx/CVE-2024-23440.json b/CVE-2024/CVE-2024-234xx/CVE-2024-23440.json new file mode 100644 index 00000000000..d3c40837bbc --- /dev/null +++ b/CVE-2024/CVE-2024-234xx/CVE-2024-23440.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-23440", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2024-02-13T15:15:09.070", + "lastModified": "2024-02-13T15:16:05.223", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability.\u00a0The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/adderley/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.anti-virus.by/vba32", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-243xx/CVE-2024-24398.json b/CVE-2024/CVE-2024-243xx/CVE-2024-24398.json index 1db96afc072..9e409c34073 100644 --- a/CVE-2024/CVE-2024-243xx/CVE-2024-24398.json +++ b/CVE-2024/CVE-2024-243xx/CVE-2024-24398.json @@ -2,27 +2,94 @@ "id": "CVE-2024-24398", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-06T00:15:08.183", - "lastModified": "2024-02-06T01:00:55.997", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T16:06:17.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Directory Traversal en Stimulsoft GmbH Stimulsoft Dashboard.JS anterior a v.2024.1.2 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro fileName de la funci\u00f3n Guardar." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stimulsoft:dashboards.php:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2024.1.2", + "matchCriteriaId": "9A6C93C6-FBF3-41DA-83B3-091EA2D53F6D" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://stimulsoft.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Permissions Required" + ] }, { "url": "https://cves.at/posts/cve-2024-24398/writeup/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24781.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24781.json index 38f1f62e13d..0d43b38a89d 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24781.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24781.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24781", "sourceIdentifier": "info@cert.vde.com", "published": "2024-02-13T14:15:46.780", - "lastModified": "2024-02-13T14:15:46.780", - "vulnStatus": "Received", + "lastModified": "2024-02-13T15:16:05.223", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24782.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24782.json index 13cbb05ad88..d883a89ec11 100644 --- a/CVE-2024/CVE-2024-247xx/CVE-2024-24782.json +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24782.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24782", "sourceIdentifier": "info@cert.vde.com", "published": "2024-02-13T14:15:47.053", - "lastModified": "2024-02-13T14:15:47.053", - "vulnStatus": "Received", + "lastModified": "2024-02-13T15:16:05.223", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 7d843bc8836..29ee083c2ce 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-13T15:00:24.887578+00:00 +2024-02-13T17:00:24.588427+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-13T14:50:45.737000+00:00 +2024-02-13T16:57:26.083000+00:00 ``` ### Last Data Feed Release @@ -29,53 +29,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -238284 +238294 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `10` -* [CVE-2023-4408](CVE-2023/CVE-2023-44xx/CVE-2023-4408.json) (`2024-02-13T14:15:45.253`) -* [CVE-2023-5517](CVE-2023/CVE-2023-55xx/CVE-2023-5517.json) (`2024-02-13T14:15:45.510`) -* [CVE-2023-5679](CVE-2023/CVE-2023-56xx/CVE-2023-5679.json) (`2024-02-13T14:15:45.677`) -* [CVE-2023-5680](CVE-2023/CVE-2023-56xx/CVE-2023-5680.json) (`2024-02-13T14:15:45.850`) -* [CVE-2023-6516](CVE-2023/CVE-2023-65xx/CVE-2023-6516.json) (`2024-02-13T14:15:46.030`) -* [CVE-2024-0707](CVE-2024/CVE-2024-07xx/CVE-2024-0707.json) (`2024-02-13T14:15:46.257`) -* [CVE-2024-1309](CVE-2024/CVE-2024-13xx/CVE-2024-1309.json) (`2024-02-13T14:15:46.463`) -* [CVE-2024-24781](CVE-2024/CVE-2024-247xx/CVE-2024-24781.json) (`2024-02-13T14:15:46.780`) -* [CVE-2024-24782](CVE-2024/CVE-2024-247xx/CVE-2024-24782.json) (`2024-02-13T14:15:47.053`) +* [CVE-2023-26562](CVE-2023/CVE-2023-265xx/CVE-2023-26562.json) (`2024-02-13T16:15:08.187`) +* [CVE-2023-45206](CVE-2023/CVE-2023-452xx/CVE-2023-45206.json) (`2024-02-13T16:15:08.257`) +* [CVE-2023-45207](CVE-2023/CVE-2023-452xx/CVE-2023-45207.json) (`2024-02-13T16:15:08.313`) +* [CVE-2023-48432](CVE-2023/CVE-2023-484xx/CVE-2023-48432.json) (`2024-02-13T16:15:08.380`) +* [CVE-2024-1096](CVE-2024/CVE-2024-10xx/CVE-2024-1096.json) (`2024-02-13T15:15:08.217`) +* [CVE-2024-1140](CVE-2024/CVE-2024-11xx/CVE-2024-1140.json) (`2024-02-13T15:15:08.437`) +* [CVE-2024-1163](CVE-2024/CVE-2024-11xx/CVE-2024-1163.json) (`2024-02-13T15:15:08.647`) +* [CVE-2024-23439](CVE-2024/CVE-2024-234xx/CVE-2024-23439.json) (`2024-02-13T15:15:08.850`) +* [CVE-2024-23440](CVE-2024/CVE-2024-234xx/CVE-2024-23440.json) (`2024-02-13T15:15:09.070`) +* [CVE-2024-22923](CVE-2024/CVE-2024-229xx/CVE-2024-22923.json) (`2024-02-13T16:15:08.847`) ### CVEs modified in the last Commit -Recently modified CVEs: `87` +Recently modified CVEs: `67` -* [CVE-2024-24740](CVE-2024/CVE-2024-247xx/CVE-2024-24740.json) (`2024-02-13T14:01:40.577`) -* [CVE-2024-24742](CVE-2024/CVE-2024-247xx/CVE-2024-24742.json) (`2024-02-13T14:01:40.577`) -* [CVE-2024-24743](CVE-2024/CVE-2024-247xx/CVE-2024-24743.json) (`2024-02-13T14:01:40.577`) -* [CVE-2024-25642](CVE-2024/CVE-2024-256xx/CVE-2024-25642.json) (`2024-02-13T14:01:40.577`) -* [CVE-2024-22129](CVE-2024/CVE-2024-221xx/CVE-2024-22129.json) (`2024-02-13T14:01:40.577`) -* [CVE-2024-24741](CVE-2024/CVE-2024-247xx/CVE-2024-24741.json) (`2024-02-13T14:01:40.577`) -* [CVE-2024-1250](CVE-2024/CVE-2024-12xx/CVE-2024-1250.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-1459](CVE-2024/CVE-2024-14xx/CVE-2024-1459.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-23833](CVE-2024/CVE-2024-238xx/CVE-2024-23833.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-23759](CVE-2024/CVE-2024-237xx/CVE-2024-23759.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-23760](CVE-2024/CVE-2024-237xx/CVE-2024-23760.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-23761](CVE-2024/CVE-2024-237xx/CVE-2024-23761.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-23762](CVE-2024/CVE-2024-237xx/CVE-2024-23762.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-23763](CVE-2024/CVE-2024-237xx/CVE-2024-23763.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-24337](CVE-2024/CVE-2024-243xx/CVE-2024-24337.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-1454](CVE-2024/CVE-2024-14xx/CVE-2024-1454.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-24826](CVE-2024/CVE-2024-248xx/CVE-2024-24826.json) (`2024-02-13T14:01:49.147`) -* [CVE-2024-0585](CVE-2024/CVE-2024-05xx/CVE-2024-0585.json) (`2024-02-13T14:04:59.323`) -* [CVE-2024-0586](CVE-2024/CVE-2024-05xx/CVE-2024-0586.json) (`2024-02-13T14:05:10.647`) -* [CVE-2024-0597](CVE-2024/CVE-2024-05xx/CVE-2024-0597.json) (`2024-02-13T14:05:27.427`) -* [CVE-2024-0660](CVE-2024/CVE-2024-06xx/CVE-2024-0660.json) (`2024-02-13T14:05:53.893`) -* [CVE-2024-1177](CVE-2024/CVE-2024-11xx/CVE-2024-1177.json) (`2024-02-13T14:06:04.817`) -* [CVE-2024-1208](CVE-2024/CVE-2024-12xx/CVE-2024-1208.json) (`2024-02-13T14:06:24.090`) -* [CVE-2024-24595](CVE-2024/CVE-2024-245xx/CVE-2024-24595.json) (`2024-02-13T14:08:55.650`) -* [CVE-2024-1432](CVE-2024/CVE-2024-14xx/CVE-2024-1432.json) (`2024-02-13T14:15:46.667`) +* [CVE-2023-6982](CVE-2023/CVE-2023-69xx/CVE-2023-6982.json) (`2024-02-13T15:17:06.363`) +* [CVE-2023-6989](CVE-2023/CVE-2023-69xx/CVE-2023-6989.json) (`2024-02-13T15:23:09.840`) +* [CVE-2023-52046](CVE-2023/CVE-2023-520xx/CVE-2023-52046.json) (`2024-02-13T16:05:49.580`) +* [CVE-2023-46359](CVE-2023/CVE-2023-463xx/CVE-2023-46359.json) (`2024-02-13T16:06:48.480`) +* [CVE-2023-6996](CVE-2023/CVE-2023-69xx/CVE-2023-6996.json) (`2024-02-13T16:11:03.577`) +* [CVE-2023-4408](CVE-2023/CVE-2023-44xx/CVE-2023-4408.json) (`2024-02-13T16:15:08.450`) +* [CVE-2023-5517](CVE-2023/CVE-2023-55xx/CVE-2023-5517.json) (`2024-02-13T16:15:08.550`) +* [CVE-2023-5679](CVE-2023/CVE-2023-56xx/CVE-2023-5679.json) (`2024-02-13T16:15:08.647`) +* [CVE-2023-6516](CVE-2023/CVE-2023-65xx/CVE-2023-6516.json) (`2024-02-13T16:15:08.743`) +* [CVE-2023-7014](CVE-2023/CVE-2023-70xx/CVE-2023-7014.json) (`2024-02-13T16:18:27.937`) +* [CVE-2023-47355](CVE-2023/CVE-2023-473xx/CVE-2023-47355.json) (`2024-02-13T16:43:37.553`) +* [CVE-2024-22024](CVE-2024/CVE-2024-220xx/CVE-2024-22024.json) (`2024-02-13T15:15:32.193`) +* [CVE-2024-1309](CVE-2024/CVE-2024-13xx/CVE-2024-1309.json) (`2024-02-13T15:16:05.223`) +* [CVE-2024-24781](CVE-2024/CVE-2024-247xx/CVE-2024-24781.json) (`2024-02-13T15:16:05.223`) +* [CVE-2024-24782](CVE-2024/CVE-2024-247xx/CVE-2024-24782.json) (`2024-02-13T15:16:05.223`) +* [CVE-2024-0612](CVE-2024/CVE-2024-06xx/CVE-2024-0612.json) (`2024-02-13T15:26:17.997`) +* [CVE-2024-0323](CVE-2024/CVE-2024-03xx/CVE-2024-0323.json) (`2024-02-13T15:38:16.320`) +* [CVE-2024-0630](CVE-2024/CVE-2024-06xx/CVE-2024-0630.json) (`2024-02-13T15:42:35.563`) +* [CVE-2024-0659](CVE-2024/CVE-2024-06xx/CVE-2024-0659.json) (`2024-02-13T15:47:35.880`) +* [CVE-2024-0428](CVE-2024/CVE-2024-04xx/CVE-2024-0428.json) (`2024-02-13T16:02:08.357`) +* [CVE-2024-24398](CVE-2024/CVE-2024-243xx/CVE-2024-24398.json) (`2024-02-13T16:06:17.117`) +* [CVE-2024-0668](CVE-2024/CVE-2024-06xx/CVE-2024-0668.json) (`2024-02-13T16:24:26.927`) +* [CVE-2024-0678](CVE-2024/CVE-2024-06xx/CVE-2024-0678.json) (`2024-02-13T16:36:49.713`) +* [CVE-2024-0699](CVE-2024/CVE-2024-06xx/CVE-2024-0699.json) (`2024-02-13T16:54:27.823`) +* [CVE-2024-0691](CVE-2024/CVE-2024-06xx/CVE-2024-0691.json) (`2024-02-13T16:57:26.083`) ## Download and Usage