diff --git a/CVE-2023/CVE-2023-25xx/CVE-2023-2585.json b/CVE-2023/CVE-2023-25xx/CVE-2023-2585.json index 3e4ff9eb693..0bc4227a5a4 100644 --- a/CVE-2023/CVE-2023-25xx/CVE-2023-2585.json +++ b/CVE-2023/CVE-2023-25xx/CVE-2023-2585.json @@ -2,8 +2,8 @@ "id": "CVE-2023-2585", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-21T10:15:34.533", - "lastModified": "2023-12-21T13:22:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T18:28:16.777", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,34 +80,172 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:single_sign-on:7.6:*:*:*:*:*:*:*", + "matchCriteriaId": "2DEC61BC-E699-456E-99B6-C049F2A5F23F" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", + "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*", + "matchCriteriaId": "EA983F8C-3A06-450A-AEFF-9429DE9A3454" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*", + "matchCriteriaId": "40449571-22F8-44FA-B57B-B43F71AB25E2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "01B0F191-ADDB-4AAE-A5C5-5CC16909E64A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_ibm_z:4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "FD75BCB4-F0E1-4C05-A2D7-001503C805C9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "B02036DD-4489-480B-B7D4-4EB08952377B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "C7E78C55-45B6-4E01-9773-D3468F8EA9C3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*", + "matchCriteriaId": "30E2CF79-2D56-48AB-952E-5DDAFE471073" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*", + "matchCriteriaId": "54E24055-813B-4E6D-94B7-FAD5F78B8537" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*", + "matchCriteriaId": "341E6313-20D5-44CB-9719-B20585DC5AD6" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/errata/RHSA-2023:3883", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:3884", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:3885", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:3888", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/errata/RHSA-2023:3892", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://access.redhat.com/security/cve/CVE-2023-2585", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196335", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-42xx/CVE-2023-4280.json b/CVE-2023/CVE-2023-42xx/CVE-2023-4280.json new file mode 100644 index 00000000000..e211110e16a --- /dev/null +++ b/CVE-2023/CVE-2023-42xx/CVE-2023-4280.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2023-4280", + "sourceIdentifier": "product-security@silabs.com", + "published": "2024-01-02T17:15:09.520", + "lastModified": "2024-01-02T17:15:09.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An unvalidated input in Silicon Labs TrustZone implementation in v4.3.x and earlier of the Gecko SDK allows an attacker to access the trusted region of memory from the untrusted region." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@silabs.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "product-security@silabs.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + }, + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://community.silabs.com/069Vm0000004NinIAE", + "source": "product-security@silabs.com" + }, + { + "url": "https://github.com/SiliconLabs/gecko_sdk", + "source": "product-security@silabs.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45324.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45324.json index 44bfd277c7b..98d0ab919eb 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45324.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45324.json @@ -2,96 +2,14 @@ "id": "CVE-2023-45324", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:11.627", - "lastModified": "2023-11-09T15:41:17.147", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T17:15:08.850", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'price' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'price' del recurso routers/add-item.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45329.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45329.json index 6505c47799d..8427feeb9dd 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45329.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45329.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45329", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.023", - "lastModified": "2023-11-09T15:42:07.307", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T17:15:08.970", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'role' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'role' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45331.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45331.json index 82100656afc..a0f77c2e1a8 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45331.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45331.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45331", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.170", - "lastModified": "2023-11-09T15:42:33.977", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T17:15:09.060", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'contact' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'contact' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45332.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45332.json index ff86b97b3b5..a78688133bf 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45332.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45332.json @@ -2,96 +2,14 @@ "id": "CVE-2023-45332", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.247", - "lastModified": "2023-11-09T15:42:45.393", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T17:15:09.133", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'deleted' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'deleted' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45333.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45333.json index 0b5110bb2e2..4879ee27fd0 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45333.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45333.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45333", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.323", - "lastModified": "2023-11-09T15:42:55.660", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T17:15:09.213", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'verified' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'verified' del recurso routers/add-users.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45335.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45335.json index c0314aea2d9..a7785299792 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45335.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45335.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45335", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.473", - "lastModified": "2023-11-09T15:43:18.037", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T17:15:09.287", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'id' del recurso routers/edit-orders.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45337.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45337.json index 43529280b7d..903866a4c83 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45337.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45337.json @@ -2,96 +2,14 @@ "id": "CVE-2023-45337", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.627", - "lastModified": "2023-11-30T19:26:09.433", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T17:15:09.363", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'username' del recurso routers/router.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - }, - { - "source": "help@fluidattacks.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-453xx/CVE-2023-45339.json b/CVE-2023/CVE-2023-453xx/CVE-2023-45339.json index 40730f43d12..6a66c6a59c8 100644 --- a/CVE-2023/CVE-2023-453xx/CVE-2023-45339.json +++ b/CVE-2023/CVE-2023-453xx/CVE-2023-45339.json @@ -2,86 +2,14 @@ "id": "CVE-2023-45339", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-02T14:15:12.713", - "lastModified": "2023-11-30T19:26:06.280", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-02T17:15:09.447", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'type' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.\n\n" - }, - { - "lang": "es", - "value": "Online Food Ordering System v1.0 es afectado por m\u00faltiples vulnerabilidades de inyecci\u00f3n SQL no autenticada. El par\u00e1metro 'type' del recurso routers/add-ticket.php no valida los caracteres recibidos y se env\u00edan sin filtrar a la base de datos." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "help@fluidattacks.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:a:projectworlds:online_food_ordering_system:1.0:*:*:*:*:*:*:*", - "matchCriteriaId": "EC5341DF-BF6E-450B-B216-A427E5FE8F98" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://fluidattacks.com/advisories/hann", - "source": "help@fluidattacks.com", - "tags": [ - "Exploit", - "Third Party Advisory" - ] - }, - { - "url": "https://projectworlds.in/", - "source": "help@fluidattacks.com", - "tags": [ - "Product" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50724.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50724.json index 10311c39958..f43a78bb97d 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50724.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50724.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50724", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-21T15:15:10.573", - "lastModified": "2023-12-21T18:15:38.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T18:40:50.497", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Resque (pronounced like \"rescue\") is a Redis-backed library for creating background jobs, placing those jobs on multiple queues, and processing them later. resque-web in resque versions before 2.1.0 are vulnerable to reflected XSS through the current_queue parameter in the path of the queues endpoint. This issue has been patched in version 2.1.0.\n" + }, + { + "lang": "es", + "value": "Resque (pronunciado como \"rescue\") es una biblioteca respaldada por Redis para crear trabajos en segundo plano, colocar esos trabajos en varias colas y procesarlos m\u00e1s tarde. resque-web en versiones de resque anteriores a 2.1.0 es vulnerable al XSS reflejado a trav\u00e9s del par\u00e1metro current_queue en la ruta de las colas del endpoint. Este problema se solucion\u00f3 en la versi\u00f3n 2.1.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,18 +70,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:resque:resque:*:*:*:*:*:ruby:*:*", + "versionEndExcluding": "2.1.0", + "matchCriteriaId": "3748B26E-DE1D-4B6B-8A6E-C79BC6DBD0BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/resque/resque/issues/1679", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://github.com/resque/resque/pull/1687", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/resque/resque/security/advisories/GHSA-r8xx-8vm8-x6wj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51656.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51656.json index 7adfe1f28b6..11c18113feb 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51656.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51656.json @@ -2,15 +2,42 @@ "id": "CVE-2023-51656", "sourceIdentifier": "security@apache.org", "published": "2023-12-21T12:15:08.050", - "lastModified": "2023-12-21T15:15:13.863", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T17:59:52.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Deserialization of Untrusted Data vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 through 0.13.4.\n\nUsers are recommended to upgrade to version 1.2.2, which fixes the issue.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en Apache IoTDB. Este problema afecta a Apache IoTDB: desde 0.13.0 hasta 0.13.4. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.2.2, que soluciona el problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", @@ -23,14 +50,42 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:iotdb:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.13.0", + "versionEndIncluding": "0.13.4", + "matchCriteriaId": "03B8DAB3-4F6B-4FE2-862C-6A0162CFC333" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2023/12/21/5", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/zy3klwpv11vl5n65josbfo2fyzxg3dxc", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Issue Tracking", + "Mailing List", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7025.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7025.json index 4f713fe7d57..c1131d27bd0 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7025.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7025.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7025", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-21T03:15:07.857", - "lastModified": "2023-12-21T13:22:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T18:31:31.617", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,11 +11,31 @@ }, { "lang": "es", - "value": "Se encontr\u00f3 una vulnerabilidad en KylinSoft hedron-domain-hook hasta 3.8.0.12-0k0.5. Ha sido declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n init_kcm del componente DBus Handler. La manipulaci\u00f3n conduce a controles de acceso inadecuados. Atacar localmente es un requisito. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-248578 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor tempranamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." + "value": "Se encontr\u00f3 una vulnerabilidad en KylinSoft hedron-domain-hook hasta 3.8.0.12-0k0.5. Ha sido declarado cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n init_kcm del componente DBus Handler. La manipulaci\u00f3n conduce a controles de acceso inadecuados. Es requerido atacar localmente. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-248578 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 al proveedor r\u00e1pidamente sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna forma." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -65,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -75,18 +105,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kylinos:hedron-domain-hook:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.8.0.12-0k0.5", + "matchCriteriaId": "6BD5F9AD-A8F4-44EB-AF10-B2CBBCA99CFB" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/B05NqMPvEqoU", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.248578", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248578", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7026.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7026.json index b3005aa2db2..a29cea4d932 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7026.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7026.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7026", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-21T05:15:08.733", - "lastModified": "2023-12-21T13:22:15.910", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-02T17:48:23.077", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lightxun:iptv_gateway:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20231208", + "matchCriteriaId": "7B0BF0FE-5769-4BF8-860E-4580C9AFD4F8" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/willchen0011/cve/blob/main/upload2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.248579", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.248579", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0189.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0189.json new file mode 100644 index 00000000000..f257160837d --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0189.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0189", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-02T18:15:08.037", + "lastModified": "2024-01-02T18:15:08.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://mega.nz/file/WNNSmRbR#ANdE-2h3pyJ8rEktaD2XlSyuksUiCPWBMGMJlJnhb9Q", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.249502", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.249502", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json new file mode 100644 index 00000000000..477c5280f44 --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0193", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-02T18:15:08.287", + "lastModified": "2024-01-02T18:15:08.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user to escalate their privileges on the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0193", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255653", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ed3b700f7c1..2c55fe1ce4e 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-02T17:00:25.237270+00:00 +2024-01-02T19:00:24.121322+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-02T16:47:07.460000+00:00 +2024-01-02T18:40:50.497000+00:00 ``` ### Last Data Feed Release @@ -29,48 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234690 +234693 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `3` -* [CVE-2017-20188](CVE-2017/CVE-2017-201xx/CVE-2017-20188.json) (`2024-01-02T15:15:08.377`) -* [CVE-2018-25097](CVE-2018/CVE-2018-250xx/CVE-2018-25097.json) (`2024-01-02T16:15:11.100`) -* [CVE-2023-48721](CVE-2023/CVE-2023-487xx/CVE-2023-48721.json) (`2024-01-02T16:15:12.337`) -* [CVE-2024-0188](CVE-2024/CVE-2024-01xx/CVE-2024-0188.json) (`2024-01-02T15:15:10.200`) +* [CVE-2023-4280](CVE-2023/CVE-2023-42xx/CVE-2023-4280.json) (`2024-01-02T17:15:09.520`) +* [CVE-2024-0189](CVE-2024/CVE-2024-01xx/CVE-2024-0189.json) (`2024-01-02T18:15:08.037`) +* [CVE-2024-0193](CVE-2024/CVE-2024-01xx/CVE-2024-0193.json) (`2024-01-02T18:15:08.287`) ### CVEs modified in the last Commit -Recently modified CVEs: `32` +Recently modified CVEs: `13` -* [CVE-2023-6478](CVE-2023/CVE-2023-64xx/CVE-2023-6478.json) (`2024-01-02T15:15:10.040`) -* [CVE-2023-6355](CVE-2023/CVE-2023-63xx/CVE-2023-6355.json) (`2024-01-02T15:26:45.317`) -* [CVE-2023-49819](CVE-2023/CVE-2023-498xx/CVE-2023-49819.json) (`2024-01-02T15:31:44.860`) -* [CVE-2023-6918](CVE-2023/CVE-2023-69xx/CVE-2023-6918.json) (`2024-01-02T16:00:10.647`) -* [CVE-2023-44982](CVE-2023/CVE-2023-449xx/CVE-2023-44982.json) (`2024-01-02T16:03:53.777`) -* [CVE-2023-25690](CVE-2023/CVE-2023-256xx/CVE-2023-25690.json) (`2024-01-02T16:15:11.563`) -* [CVE-2023-44484](CVE-2023/CVE-2023-444xx/CVE-2023-44484.json) (`2024-01-02T16:15:11.687`) -* [CVE-2023-44485](CVE-2023/CVE-2023-444xx/CVE-2023-44485.json) (`2024-01-02T16:15:11.810`) -* [CVE-2023-44486](CVE-2023/CVE-2023-444xx/CVE-2023-44486.json) (`2024-01-02T16:15:11.897`) -* [CVE-2023-45122](CVE-2023/CVE-2023-451xx/CVE-2023-45122.json) (`2024-01-02T16:15:11.970`) -* [CVE-2023-45123](CVE-2023/CVE-2023-451xx/CVE-2023-45123.json) (`2024-01-02T16:15:12.003`) -* [CVE-2023-45124](CVE-2023/CVE-2023-451xx/CVE-2023-45124.json) (`2024-01-02T16:15:12.043`) -* [CVE-2023-45125](CVE-2023/CVE-2023-451xx/CVE-2023-45125.json) (`2024-01-02T16:15:12.077`) -* [CVE-2023-45126](CVE-2023/CVE-2023-451xx/CVE-2023-45126.json) (`2024-01-02T16:15:12.113`) -* [CVE-2023-45127](CVE-2023/CVE-2023-451xx/CVE-2023-45127.json) (`2024-01-02T16:15:12.150`) -* [CVE-2023-48717](CVE-2023/CVE-2023-487xx/CVE-2023-48717.json) (`2024-01-02T16:15:12.190`) -* [CVE-2023-48719](CVE-2023/CVE-2023-487xx/CVE-2023-48719.json) (`2024-01-02T16:15:12.263`) -* [CVE-2023-48723](CVE-2023/CVE-2023-487xx/CVE-2023-48723.json) (`2024-01-02T16:15:12.377`) -* [CVE-2023-5306](CVE-2023/CVE-2023-53xx/CVE-2023-5306.json) (`2024-01-02T16:15:12.483`) -* [CVE-2023-45703](CVE-2023/CVE-2023-457xx/CVE-2023-45703.json) (`2024-01-02T16:18:39.287`) -* [CVE-2023-51390](CVE-2023/CVE-2023-513xx/CVE-2023-51390.json) (`2024-01-02T16:25:35.387`) -* [CVE-2023-3080](CVE-2023/CVE-2023-30xx/CVE-2023-3080.json) (`2024-01-02T16:28:55.030`) -* [CVE-2023-49032](CVE-2023/CVE-2023-490xx/CVE-2023-49032.json) (`2024-01-02T16:31:49.530`) -* [CVE-2023-46131](CVE-2023/CVE-2023-461xx/CVE-2023-46131.json) (`2024-01-02T16:39:07.700`) -* [CVE-2023-45700](CVE-2023/CVE-2023-457xx/CVE-2023-45700.json) (`2024-01-02T16:47:07.460`) +* [CVE-2023-45324](CVE-2023/CVE-2023-453xx/CVE-2023-45324.json) (`2024-01-02T17:15:08.850`) +* [CVE-2023-45329](CVE-2023/CVE-2023-453xx/CVE-2023-45329.json) (`2024-01-02T17:15:08.970`) +* [CVE-2023-45331](CVE-2023/CVE-2023-453xx/CVE-2023-45331.json) (`2024-01-02T17:15:09.060`) +* [CVE-2023-45332](CVE-2023/CVE-2023-453xx/CVE-2023-45332.json) (`2024-01-02T17:15:09.133`) +* [CVE-2023-45333](CVE-2023/CVE-2023-453xx/CVE-2023-45333.json) (`2024-01-02T17:15:09.213`) +* [CVE-2023-45335](CVE-2023/CVE-2023-453xx/CVE-2023-45335.json) (`2024-01-02T17:15:09.287`) +* [CVE-2023-45337](CVE-2023/CVE-2023-453xx/CVE-2023-45337.json) (`2024-01-02T17:15:09.363`) +* [CVE-2023-45339](CVE-2023/CVE-2023-453xx/CVE-2023-45339.json) (`2024-01-02T17:15:09.447`) +* [CVE-2023-7026](CVE-2023/CVE-2023-70xx/CVE-2023-7026.json) (`2024-01-02T17:48:23.077`) +* [CVE-2023-51656](CVE-2023/CVE-2023-516xx/CVE-2023-51656.json) (`2024-01-02T17:59:52.730`) +* [CVE-2023-2585](CVE-2023/CVE-2023-25xx/CVE-2023-2585.json) (`2024-01-02T18:28:16.777`) +* [CVE-2023-7025](CVE-2023/CVE-2023-70xx/CVE-2023-7025.json) (`2024-01-02T18:31:31.617`) +* [CVE-2023-50724](CVE-2023/CVE-2023-507xx/CVE-2023-50724.json) (`2024-01-02T18:40:50.497`) ## Download and Usage