From dc9ffbb477208e15aa1c04e079c8db9ff4a1e8b8 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 13 Feb 2024 03:00:27 +0000 Subject: [PATCH] Auto-Update: 2024-02-13T03:00:23.830766+00:00 --- CVE-2023/CVE-2023-376xx/CVE-2023-37611.json | 8 +- CVE-2023/CVE-2023-423xx/CVE-2023-42374.json | 28 +++++++ CVE-2023/CVE-2023-431xx/CVE-2023-43183.json | 76 +++++++++++++++-- CVE-2023/CVE-2023-437xx/CVE-2023-43770.json | 6 +- CVE-2023/CVE-2023-440xx/CVE-2023-44031.json | 74 +++++++++++++++-- CVE-2023/CVE-2023-476xx/CVE-2023-47620.json | 6 +- CVE-2023/CVE-2023-476xx/CVE-2023-47623.json | 6 +- CVE-2023/CVE-2023-493xx/CVE-2023-49339.json | 24 ++++++ CVE-2023/CVE-2023-520xx/CVE-2023-52059.json | 24 ++++++ CVE-2023/CVE-2023-520xx/CVE-2023-52060.json | 24 ++++++ CVE-2024/CVE-2024-202xx/CVE-2024-20290.json | 10 ++- CVE-2024/CVE-2024-221xx/CVE-2024-22126.json | 59 ++++++++++++++ CVE-2024/CVE-2024-221xx/CVE-2024-22128.json | 59 ++++++++++++++ CVE-2024/CVE-2024-222xx/CVE-2024-22290.json | 47 ++++++++++- CVE-2024/CVE-2024-235xx/CVE-2024-23550.json | 90 ++++++++++++++++++++- CVE-2024/CVE-2024-254xx/CVE-2024-25407.json | 20 +++++ README.md | 51 +++++------- 17 files changed, 557 insertions(+), 55 deletions(-) create mode 100644 CVE-2023/CVE-2023-423xx/CVE-2023-42374.json create mode 100644 CVE-2023/CVE-2023-493xx/CVE-2023-49339.json create mode 100644 CVE-2023/CVE-2023-520xx/CVE-2023-52059.json create mode 100644 CVE-2023/CVE-2023-520xx/CVE-2023-52060.json create mode 100644 CVE-2024/CVE-2024-221xx/CVE-2024-22126.json create mode 100644 CVE-2024/CVE-2024-221xx/CVE-2024-22128.json create mode 100644 CVE-2024/CVE-2024-254xx/CVE-2024-25407.json diff --git a/CVE-2023/CVE-2023-376xx/CVE-2023-37611.json b/CVE-2023/CVE-2023-376xx/CVE-2023-37611.json index 8d633a5f83e..c8b764d5e2c 100644 --- a/CVE-2023/CVE-2023-376xx/CVE-2023-37611.json +++ b/CVE-2023/CVE-2023-376xx/CVE-2023-37611.json @@ -2,8 +2,8 @@ "id": "CVE-2023-37611", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-18T22:15:45.803", - "lastModified": "2023-09-19T21:24:44.943", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-13T01:15:07.807", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -68,6 +68,10 @@ } ], "references": [ + { + "url": "https://github.com/neos/neos-development-collection/pull/4812", + "source": "cve@mitre.org" + }, { "url": "https://rodelllemit.medium.com/stored-xss-in-neo-cms-8-3-3-9bd1cb973c5b", "source": "cve@mitre.org", diff --git a/CVE-2023/CVE-2023-423xx/CVE-2023-42374.json b/CVE-2023/CVE-2023-423xx/CVE-2023-42374.json new file mode 100644 index 00000000000..020410127ef --- /dev/null +++ b/CVE-2023/CVE-2023-423xx/CVE-2023-42374.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-42374", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-13T01:15:07.913", + "lastModified": "2024-02-13T01:15:07.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-crash?lang=en-US", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e9", + "source": "cve@mitre.org" + }, + { + "url": "https://medium.com/%40Beosin_com/memory-bomb-vulnerability-causes-sui-node-to-crash-7e8e3ef5057c", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-431xx/CVE-2023-43183.json b/CVE-2023/CVE-2023-431xx/CVE-2023-43183.json index a808df75edb..78af0ef5f67 100644 --- a/CVE-2023/CVE-2023-431xx/CVE-2023-43183.json +++ b/CVE-2023/CVE-2023-431xx/CVE-2023-43183.json @@ -2,23 +2,89 @@ "id": "CVE-2023-43183", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-03T09:15:11.050", - "lastModified": "2024-02-05T02:09:37.420", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T00:57:25.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account." + }, + { + "lang": "es", + "value": "Control de acceso incorrecto en el software de administraci\u00f3n de licencias Reprise Reprise License Manager v15.1 permite a los usuarios de solo lectura cambiar arbitrariamente la contrase\u00f1a de un administrador y secuestrar su cuenta." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reprise:license_manager:15.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5BA43898-A476-46F0-A53B-86BA25D3AB87" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jan/43", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://packetstormsecurity.com/files/176841/Reprise-License-Manager-15.1-Privilege-Escalation-File-Write.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-437xx/CVE-2023-43770.json b/CVE-2023/CVE-2023-437xx/CVE-2023-43770.json index d1c4a07eeda..22153eb7454 100644 --- a/CVE-2023/CVE-2023-437xx/CVE-2023-43770.json +++ b/CVE-2023/CVE-2023-437xx/CVE-2023-43770.json @@ -2,8 +2,12 @@ "id": "CVE-2023-43770", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-22T06:15:10.090", - "lastModified": "2023-09-26T15:42:07.133", + "lastModified": "2024-02-13T02:00:01.627", "vulnStatus": "Analyzed", + "cisaExploitAdd": "2024-02-12", + "cisaActionDue": "2024-03-04", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-440xx/CVE-2023-44031.json b/CVE-2023/CVE-2023-440xx/CVE-2023-44031.json index 6f5f95e211e..e3176860ea0 100644 --- a/CVE-2023/CVE-2023-440xx/CVE-2023-44031.json +++ b/CVE-2023/CVE-2023-440xx/CVE-2023-44031.json @@ -2,23 +2,87 @@ "id": "CVE-2023-44031", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-03T09:15:11.140", - "lastModified": "2024-02-05T02:09:37.420", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T00:57:11.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request." + }, + { + "lang": "es", + "value": "Control de acceso incorrecto en el software de administraci\u00f3n de licencias Reprise Reprise License Manager v15.1 permite a los atacantes guardar arbitrariamente archivos confidenciales en ubicaciones inseguras mediante una solicitud POST manipulada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:reprise:license_manager:15.1:*:*:*:*:*:*:*", + "matchCriteriaId": "5BA43898-A476-46F0-A53B-86BA25D3AB87" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "http://seclists.org/fulldisclosure/2024/Jan/43", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://packetstormsecurity.com/files/176841/Reprise-License-Manager-15.1-Privilege-Escalation-File-Write.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json index 5096240b140..4a6fb8cc691 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47620.json @@ -2,12 +2,12 @@ "id": "CVE-2023-47620", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T22:15:43.197", - "lastModified": "2023-12-20T21:27:11.537", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-13T01:15:07.983", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available." + "value": "Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json index e697f0764c3..112fb819fbc 100644 --- a/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47623.json @@ -2,12 +2,12 @@ "id": "CVE-2023-47623", "sourceIdentifier": "security-advisories@github.com", "published": "2023-12-13T22:15:43.417", - "lastModified": "2023-12-20T21:27:16.323", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-13T01:15:08.143", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available." + "value": "Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-493xx/CVE-2023-49339.json b/CVE-2023/CVE-2023-493xx/CVE-2023-49339.json new file mode 100644 index 00000000000..03bae124b24 --- /dev/null +++ b/CVE-2023/CVE-2023-493xx/CVE-2023-49339.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49339", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-13T01:15:08.287", + "lastModified": "2024-02-13T01:15:08.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/3zizme/CVE-2023-49339/", + "source": "cve@mitre.org" + }, + { + "url": "https://www.ellucian.com/solutions/ellucian-banner", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52059.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52059.json new file mode 100644 index 00000000000..3d650376bf7 --- /dev/null +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52059.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-52059", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-13T01:15:08.353", + "lastModified": "2024-02-13T01:15:08.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.46&type=patch", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2023-52059/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-520xx/CVE-2023-52060.json b/CVE-2023/CVE-2023-520xx/CVE-2023-52060.json new file mode 100644 index 00000000000..8ad2cd70a82 --- /dev/null +++ b/CVE-2023/CVE-2023-520xx/CVE-2023-52060.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-52060", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-13T01:15:08.413", + "lastModified": "2024-02-13T01:15:08.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.46&type=patch", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2023-52060/README.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json b/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json index 7f2d7b05c16..3bf93469c70 100644 --- a/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json +++ b/CVE-2024/CVE-2024-202xx/CVE-2024-20290.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20290", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-02-07T17:15:10.517", - "lastModified": "2024-02-07T17:38:33.990", + "lastModified": "2024-02-13T02:15:07.987", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog ." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el analizador de formato de archivo OLE2 de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una comprobaci\u00f3n incorrecta de los valores de fin de cadena durante el an\u00e1lisis, lo que puede provocar una sobrelectura del b\u00fafer de almacenamiento din\u00e1mico. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un archivo manipulado que contenga contenido OLE2 para que ClamAV lo analice en un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante provocar que finalice el proceso de escaneo de ClamAV, lo que resultar\u00eda en una condici\u00f3n DoS en el software afectado y consumir\u00eda los recursos disponibles del sistema. Para obtener una descripci\u00f3n de esta vulnerabilidad, consulte el blog de ClamAV." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/", + "source": "ykramarz@cisco.com" + }, { "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t", "source": "ykramarz@cisco.com" diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22126.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22126.json new file mode 100644 index 00000000000..6a3c3243c75 --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22126.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-22126", + "sourceIdentifier": "cna@sap.com", + "published": "2024-02-13T02:15:08.107", + "lastModified": "2024-02-13T02:15:08.107", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes\u00a0the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3417627", + "source": "cna@sap.com" + }, + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22128.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22128.json new file mode 100644 index 00000000000..890c156b1d9 --- /dev/null +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22128.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-22128", + "sourceIdentifier": "cna@sap.com", + "published": "2024-02-13T02:15:08.323", + "lastModified": "2024-02-13T02:15:08.323", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3396109", + "source": "cna@sap.com" + }, + { + "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22290.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22290.json index d8a55af1817..5c4ba17246d 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22290.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22290.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22290", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T12:16:05.580", - "lastModified": "2024-01-31T14:05:19.990", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T00:57:51.120", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:custom_dashboard_widgets_project:custom_dashboard_widgets:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3.1", + "matchCriteriaId": "49781F71-73B8-43E0-A488-126A2C23A35E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/custom-dashboard-widgets/wordpress-custom-dashboard-widgets-plugin-1-3-1-csrf-to-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23550.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23550.json index 2b4cf23248b..af24c8a3b32 100644 --- a/CVE-2024/CVE-2024-235xx/CVE-2024-23550.json +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23550.json @@ -2,16 +2,40 @@ "id": "CVE-2024-23550", "sourceIdentifier": "psirt@hcl.com", "published": "2024-02-03T06:15:48.290", - "lastModified": "2024-02-05T02:09:43.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-13T00:57:33.613", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.\n" + }, + { + "lang": "es", + "value": "HCL DevOps Deploy/HCL Launch (UCD) podr\u00eda revelar informaci\u00f3n confidencial del usuario al instalar el agente de Windows." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + }, { "source": "psirt@hcl.com", "type": "Secondary", @@ -34,10 +58,70 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_devops_deploy:8.0.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6C5CDAE7-67EF-441C-9364-01F57401ABA6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0.0", + "versionEndExcluding": "7.0.5.20", + "matchCriteriaId": "F46E5B0F-66AB-4E51-8614-373294B31CEE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.1.0.0", + "versionEndExcluding": "7.1.2.16", + "matchCriteriaId": "D093121F-1C5F-4CDE-9B92-38501C66AE2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0.0", + "versionEndExcluding": "7.2.3.9", + "matchCriteriaId": "A065445B-13F4-4400-BC39-8E1D5B93D39B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.3.0.0", + "versionEndExcluding": "7.3.2.4", + "matchCriteriaId": "8CD0DB1A-F26E-4D5A-BA6B-3B38F8F1811D" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110334", - "source": "psirt@hcl.com" + "source": "psirt@hcl.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25407.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25407.json new file mode 100644 index 00000000000..361b30c0c88 --- /dev/null +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25407.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-25407", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-13T01:15:08.470", + "lastModified": "2024-02-13T01:15:08.470", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/steve-community/steve/issues/1296", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 10317872197..135660274af 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-13T00:55:25.285972+00:00 +2024-02-13T03:00:23.830766+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-13T00:42:06.777000+00:00 +2024-02-13T02:15:08.323000+00:00 ``` ### Last Data Feed Release @@ -23,48 +23,41 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-02-12T01:00:28.269914+00:00 +2024-02-13T01:00:28.283503+00:00 ``` ### Total Number of included CVEs ```plain -238215 +238222 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `7` -* [CVE-2023-28018](CVE-2023/CVE-2023-280xx/CVE-2023-28018.json) (`2024-02-12T23:15:08.100`) -* [CVE-2023-52430](CVE-2023/CVE-2023-524xx/CVE-2023-52430.json) (`2024-02-12T23:15:08.353`) -* [CVE-2024-1454](CVE-2024/CVE-2024-14xx/CVE-2024-1454.json) (`2024-02-12T23:15:08.410`) -* [CVE-2024-24826](CVE-2024/CVE-2024-248xx/CVE-2024-24826.json) (`2024-02-12T23:15:08.643`) -* [CVE-2024-25112](CVE-2024/CVE-2024-251xx/CVE-2024-25112.json) (`2024-02-12T23:15:08.853`) +* [CVE-2023-42374](CVE-2023/CVE-2023-423xx/CVE-2023-42374.json) (`2024-02-13T01:15:07.913`) +* [CVE-2023-49339](CVE-2023/CVE-2023-493xx/CVE-2023-49339.json) (`2024-02-13T01:15:08.287`) +* [CVE-2023-52059](CVE-2023/CVE-2023-520xx/CVE-2023-52059.json) (`2024-02-13T01:15:08.353`) +* [CVE-2023-52060](CVE-2023/CVE-2023-520xx/CVE-2023-52060.json) (`2024-02-13T01:15:08.413`) +* [CVE-2024-25407](CVE-2024/CVE-2024-254xx/CVE-2024-25407.json) (`2024-02-13T01:15:08.470`) +* [CVE-2024-22126](CVE-2024/CVE-2024-221xx/CVE-2024-22126.json) (`2024-02-13T02:15:08.107`) +* [CVE-2024-22128](CVE-2024/CVE-2024-221xx/CVE-2024-22128.json) (`2024-02-13T02:15:08.323`) ### CVEs modified in the last Commit -Recently modified CVEs: `18` +Recently modified CVEs: `9` -* [CVE-2018-25098](CVE-2018/CVE-2018-250xx/CVE-2018-25098.json) (`2024-02-13T00:39:20.100`) -* [CVE-2020-36773](CVE-2020/CVE-2020-367xx/CVE-2020-36773.json) (`2024-02-13T00:39:04.533`) -* [CVE-2021-46903](CVE-2021/CVE-2021-469xx/CVE-2021-46903.json) (`2024-02-13T00:38:22.293`) -* [CVE-2021-46902](CVE-2021/CVE-2021-469xx/CVE-2021-46902.json) (`2024-02-13T00:38:32.413`) -* [CVE-2021-4435](CVE-2021/CVE-2021-44xx/CVE-2021-4435.json) (`2024-02-13T00:38:56.303`) -* [CVE-2023-7216](CVE-2023/CVE-2023-72xx/CVE-2023-7216.json) (`2024-02-13T00:37:01.273`) -* [CVE-2023-52138](CVE-2023/CVE-2023-521xx/CVE-2023-52138.json) (`2024-02-13T00:37:13.493`) -* [CVE-2023-5643](CVE-2023/CVE-2023-56xx/CVE-2023-5643.json) (`2024-02-13T00:37:21.967`) -* [CVE-2023-5249](CVE-2023/CVE-2023-52xx/CVE-2023-5249.json) (`2024-02-13T00:37:35.327`) -* [CVE-2023-5800](CVE-2023/CVE-2023-58xx/CVE-2023-5800.json) (`2024-02-13T00:37:47.070`) -* [CVE-2023-5677](CVE-2023/CVE-2023-56xx/CVE-2023-5677.json) (`2024-02-13T00:38:00.893`) -* [CVE-2023-6240](CVE-2023/CVE-2023-62xx/CVE-2023-6240.json) (`2024-02-13T00:40:57.653`) -* [CVE-2023-49950](CVE-2023/CVE-2023-499xx/CVE-2023-49950.json) (`2024-02-13T00:42:06.777`) -* [CVE-2024-24768](CVE-2024/CVE-2024-247xx/CVE-2024-24768.json) (`2024-02-13T00:36:30.397`) -* [CVE-2024-24762](CVE-2024/CVE-2024-247xx/CVE-2024-24762.json) (`2024-02-13T00:36:41.277`) -* [CVE-2024-25089](CVE-2024/CVE-2024-250xx/CVE-2024-25089.json) (`2024-02-13T00:38:12.137`) -* [CVE-2024-25062](CVE-2024/CVE-2024-250xx/CVE-2024-25062.json) (`2024-02-13T00:40:40.503`) -* [CVE-2024-0853](CVE-2024/CVE-2024-08xx/CVE-2024-0853.json) (`2024-02-13T00:41:15.597`) +* [CVE-2023-44031](CVE-2023/CVE-2023-440xx/CVE-2023-44031.json) (`2024-02-13T00:57:11.897`) +* [CVE-2023-43183](CVE-2023/CVE-2023-431xx/CVE-2023-43183.json) (`2024-02-13T00:57:25.583`) +* [CVE-2023-37611](CVE-2023/CVE-2023-376xx/CVE-2023-37611.json) (`2024-02-13T01:15:07.807`) +* [CVE-2023-47620](CVE-2023/CVE-2023-476xx/CVE-2023-47620.json) (`2024-02-13T01:15:07.983`) +* [CVE-2023-47623](CVE-2023/CVE-2023-476xx/CVE-2023-47623.json) (`2024-02-13T01:15:08.143`) +* [CVE-2023-43770](CVE-2023/CVE-2023-437xx/CVE-2023-43770.json) (`2024-02-13T02:00:01.627`) +* [CVE-2024-23550](CVE-2024/CVE-2024-235xx/CVE-2024-23550.json) (`2024-02-13T00:57:33.613`) +* [CVE-2024-22290](CVE-2024/CVE-2024-222xx/CVE-2024-22290.json) (`2024-02-13T00:57:51.120`) +* [CVE-2024-20290](CVE-2024/CVE-2024-202xx/CVE-2024-20290.json) (`2024-02-13T02:15:07.987`) ## Download and Usage