diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json index d5c8a6a1b93..839a5dc99a9 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6004.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6004", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-03T17:15:11.623", - "lastModified": "2024-01-11T19:18:22.313", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-16T12:15:45.247", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -41,7 +41,7 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -49,12 +49,12 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 3.9, - "baseSeverity": "LOW" + "availabilityImpact": "HIGH", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" }, "exploitabilityScore": 1.3, - "impactScore": 2.5 + "impactScore": 4.7 } ] }, diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0553.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0553.json new file mode 100644 index 00000000000..bfc8cdba472 --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0553.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-0553", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-01-16T12:15:45.557", + "lastModified": "2024-01-16T12:15:45.557", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0553", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412", + "source": "secalert@redhat.com" + }, + { + "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522", + "source": "secalert@redhat.com" + }, + { + "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0554.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0554.json new file mode 100644 index 00000000000..d63afc1f595 --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0554.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0554", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-16T11:15:07.933", + "lastModified": "2024-01-16T11:15:07.933", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad de Cross-site scripting (XSS) en WIC1200, que afecta a la versi\u00f3n 1.1. Un usuario autenticado podr\u00eda almacenar un payload de JavaScript malicioso en el par\u00e1metro device model a trav\u00e9s de '/setup/diags_ir_learn.asp', lo que permitir\u00eda al atacante recuperar los detalles de la sesi\u00f3n de otro usuario." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0555.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0555.json new file mode 100644 index 00000000000..88f6ef60f5d --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0555.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0555", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-16T11:15:08.493", + "lastModified": "2024-01-16T11:15:08.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad de Cross-Site Request Forgery (CSRF) en WIC1200, que afecta a la versi\u00f3n 1.1. Un usuario autenticado podr\u00eda llevar a otro usuario a ejecutar acciones no deseadas dentro de la aplicaci\u00f3n en la que inici\u00f3 sesi\u00f3n. Esta vulnerabilidad es posible debido a la falta de una implementaci\u00f3n adecuada del token CSRF." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0556.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0556.json new file mode 100644 index 00000000000..d56bb862ec0 --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0556.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0556", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-01-16T11:15:08.700", + "lastModified": "2024-01-16T11:15:08.700", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text." + }, + { + "lang": "es", + "value": "Se ha detectado una vulnerabilidad de criptograf\u00eda d\u00e9bil para contrase\u00f1as en WIC200 que afecta a la versi\u00f3n 1.1. Esta vulnerabilidad permite a un usuario remoto interceptar el tr\u00e1fico y recuperar las credenciales de otro usuario y decodificarlas en base64, lo que permite al atacante ver las credenciales en texto plano." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-261" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1497374c912..200f27709fb 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-16T11:00:24.934079+00:00 +2024-01-16T13:00:24.754103+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-16T10:15:07.933000+00:00 +2024-01-16T12:15:45.557000+00:00 ``` ### Last Data Feed Release @@ -29,34 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235979 +235983 ``` ### CVEs added in the last Commit -Recently added CVEs: `15` +Recently added CVEs: `4` -* [CVE-2023-52098](CVE-2023/CVE-2023-520xx/CVE-2023-52098.json) (`2024-01-16T09:15:07.610`) -* [CVE-2023-52107](CVE-2023/CVE-2023-521xx/CVE-2023-52107.json) (`2024-01-16T09:15:07.750`) -* [CVE-2023-52108](CVE-2023/CVE-2023-521xx/CVE-2023-52108.json) (`2024-01-16T09:15:07.840`) -* [CVE-2023-52114](CVE-2023/CVE-2023-521xx/CVE-2023-52114.json) (`2024-01-16T09:15:07.883`) -* [CVE-2023-52115](CVE-2023/CVE-2023-521xx/CVE-2023-52115.json) (`2024-01-16T09:15:07.933`) -* [CVE-2023-52116](CVE-2023/CVE-2023-521xx/CVE-2023-52116.json) (`2024-01-16T09:15:08.017`) -* [CVE-2023-34063](CVE-2023/CVE-2023-340xx/CVE-2023-34063.json) (`2024-01-16T10:15:07.347`) -* [CVE-2023-52099](CVE-2023/CVE-2023-520xx/CVE-2023-52099.json) (`2024-01-16T10:15:07.553`) -* [CVE-2023-52100](CVE-2023/CVE-2023-521xx/CVE-2023-52100.json) (`2024-01-16T10:15:07.600`) -* [CVE-2023-52101](CVE-2023/CVE-2023-521xx/CVE-2023-52101.json) (`2024-01-16T10:15:07.650`) -* [CVE-2023-52102](CVE-2023/CVE-2023-521xx/CVE-2023-52102.json) (`2024-01-16T10:15:07.693`) -* [CVE-2023-52103](CVE-2023/CVE-2023-521xx/CVE-2023-52103.json) (`2024-01-16T10:15:07.743`) -* [CVE-2023-52104](CVE-2023/CVE-2023-521xx/CVE-2023-52104.json) (`2024-01-16T10:15:07.830`) -* [CVE-2023-52105](CVE-2023/CVE-2023-521xx/CVE-2023-52105.json) (`2024-01-16T10:15:07.880`) -* [CVE-2023-52106](CVE-2023/CVE-2023-521xx/CVE-2023-52106.json) (`2024-01-16T10:15:07.933`) +* [CVE-2024-0554](CVE-2024/CVE-2024-05xx/CVE-2024-0554.json) (`2024-01-16T11:15:07.933`) +* [CVE-2024-0555](CVE-2024/CVE-2024-05xx/CVE-2024-0555.json) (`2024-01-16T11:15:08.493`) +* [CVE-2024-0556](CVE-2024/CVE-2024-05xx/CVE-2024-0556.json) (`2024-01-16T11:15:08.700`) +* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-01-16T12:15:45.557`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2023-6004](CVE-2023/CVE-2023-60xx/CVE-2023-6004.json) (`2024-01-16T12:15:45.247`) ## Download and Usage