From e1ef50bbf0abd0b4ebbecf9a02cfe94957ddd403 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 3 Jan 2024 17:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-03T17:00:25.062796+00:00 --- CVE-2023/CVE-2023-306xx/CVE-2023-30617.json | 59 +++++++++ CVE-2023/CVE-2023-400xx/CVE-2023-40058.json | 65 +++++++++- CVE-2023/CVE-2023-455xx/CVE-2023-45559.json | 24 ++++ CVE-2023/CVE-2023-467xx/CVE-2023-46738.json | 59 +++++++++ CVE-2023/CVE-2023-49xx/CVE-2023-4911.json | 6 +- CVE-2023/CVE-2023-65xx/CVE-2023-6546.json | 134 +++++++++++++++++++- CVE-2023/CVE-2023-70xx/CVE-2023-7039.json | 84 +++++++++++- CVE-2024/CVE-2024-219xx/CVE-2024-21907.json | 60 +++++++++ CVE-2024/CVE-2024-219xx/CVE-2024-21908.json | 44 +++++++ CVE-2024/CVE-2024-219xx/CVE-2024-21909.json | 48 +++++++ CVE-2024/CVE-2024-219xx/CVE-2024-21910.json | 52 ++++++++ CVE-2024/CVE-2024-219xx/CVE-2024-21911.json | 48 +++++++ README.md | 52 +++----- 13 files changed, 683 insertions(+), 52 deletions(-) create mode 100644 CVE-2023/CVE-2023-306xx/CVE-2023-30617.json create mode 100644 CVE-2023/CVE-2023-455xx/CVE-2023-45559.json create mode 100644 CVE-2023/CVE-2023-467xx/CVE-2023-46738.json create mode 100644 CVE-2024/CVE-2024-219xx/CVE-2024-21907.json create mode 100644 CVE-2024/CVE-2024-219xx/CVE-2024-21908.json create mode 100644 CVE-2024/CVE-2024-219xx/CVE-2024-21909.json create mode 100644 CVE-2024/CVE-2024-219xx/CVE-2024-21910.json create mode 100644 CVE-2024/CVE-2024-219xx/CVE-2024-21911.json diff --git a/CVE-2023/CVE-2023-306xx/CVE-2023-30617.json b/CVE-2023/CVE-2023-306xx/CVE-2023-30617.json new file mode 100644 index 00000000000..d11106b57fe --- /dev/null +++ b/CVE-2023/CVE-2023-306xx/CVE-2023-30617.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-30617", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-03T16:15:08.117", + "lastModified": "2024-01-03T16:15:08.117", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + }, + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/openkruise/kruise/security/advisories/GHSA-437m-7hj5-9mpw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-400xx/CVE-2023-40058.json b/CVE-2023/CVE-2023-400xx/CVE-2023-40058.json index c2ace2deae0..1a3af0ffad6 100644 --- a/CVE-2023/CVE-2023-400xx/CVE-2023-40058.json +++ b/CVE-2023/CVE-2023-400xx/CVE-2023-40058.json @@ -2,19 +2,43 @@ "id": "CVE-2023-40058", "sourceIdentifier": "psirt@solarwinds.com", "published": "2023-12-21T17:15:07.763", - "lastModified": "2023-12-21T18:15:28.593", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T15:08:28.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. \n\n\n\n\n\n\n" + }, + { + "lang": "es", + "value": "Se agregaron datos confidenciales a nuestra base de conocimiento p\u00fablica que, si se explotan, podr\u00edan usarse para acceder a componentes de Access Rights Manager (ARM) si el actor de la amenaza se encuentra en el mismo entorno." } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@solarwinds.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, + { + "source": "psirt@solarwinds.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", @@ -36,8 +60,18 @@ }, "weaknesses": [ { - "source": "psirt@solarwinds.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@solarwinds.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023.2.1", + "matchCriteriaId": "6285B061-B997-46F8-817E-8485E00E4FD9" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058", - "source": "psirt@solarwinds.com" + "source": "psirt@solarwinds.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45559.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45559.json new file mode 100644 index 00000000000..bf67516d571 --- /dev/null +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45559.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-45559", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-03T15:15:09.670", + "lastModified": "2024-01-03T15:15:09.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tamakihamanoki.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45559.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-467xx/CVE-2023-46738.json b/CVE-2023/CVE-2023-467xx/CVE-2023-46738.json new file mode 100644 index 00000000000..2b78e887b9b --- /dev/null +++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46738.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46738", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-03T16:15:08.470", + "lastModified": "2024-01-03T16:15:08.470", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the ammount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment - otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cubefs/cubefs/commit/dd46c24873c8f3df48d0a598b704ef9bd24b1ec1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-qc6v-g3xw-grmx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json index 5c1067b87ba..df36e5181dd 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4911.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4911", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-03T18:15:10.463", - "lastModified": "2023-12-21T15:15:09.890", + "lastModified": "2024-01-03T15:15:09.770", "vulnStatus": "Undergoing Analysis", "cisaExploitAdd": "2023-11-21", "cisaActionDue": "2023-12-12", @@ -229,6 +229,10 @@ "url": "https://access.redhat.com/errata/RHSA-2023:5476", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0033", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-4911", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json index 81b48d745ae..412a92f35b0 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6546", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-21T20:15:08.260", - "lastModified": "2023-12-22T12:18:32.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T15:20:36.160", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,18 +80,112 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.5", + "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*", + "matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*", + "matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*", + "matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*", + "matchCriteriaId": "2226A776-DF8C-49E0-A030-0A7853BB018A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*", + "matchCriteriaId": "6F15C659-DF06-455A-9765-0E6DE920F29A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*", + "matchCriteriaId": "5B1C14ED-ABC4-41D3-8D9C-D38C6A65B4DE" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", + "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-6546", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255498", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch", + "Third Party Advisory" + ] }, { "url": "https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json index 4cf54505812..9606d17b99b 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7039.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7039", "sourceIdentifier": "cna@vuldb.com", "published": "2023-12-21T19:15:13.170", - "lastModified": "2023-12-22T12:18:32.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T15:03:23.020", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -65,8 +85,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -75,18 +105,60 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:byzoro:smart_s210_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2023-12-10", + "matchCriteriaId": "D78C978B-B7C2-4DEF-BADF-D2BF98EE8C98" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:byzoro:smart_s210:-:*:*:*:*:*:*:*", + "matchCriteriaId": "7DEFD8CA-AA67-4F4F-BF94-96ADEDF2AE44" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Stitch3612/cve/blob/main/rce.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.248688", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.248688", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21907.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21907.json new file mode 100644 index 00000000000..c4e438b2682 --- /dev/null +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21907.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-21907", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2024-01-03T16:15:08.793", + "lastModified": "2024-01-03T16:15:08.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "references": [ + { + "url": "https://alephsecurity.com/2018/10/22/StackOverflowException/", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://alephsecurity.com/vulns/aleph-2018004", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/JamesNK/Newtonsoft.Json/issues/2457", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/JamesNK/Newtonsoft.Json/pull/2462", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/advisories/GHSA-5crp-9r3c-p9vr", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21908.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21908.json new file mode 100644 index 00000000000..9aafe64c537 --- /dev/null +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21908.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-21908", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2024-01-03T16:15:08.913", + "lastModified": "2024-01-03T16:15:08.913", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nTinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.\n\n\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/advisories/GHSA-5h9g-x5rv-25wg", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21909.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21909.json new file mode 100644 index 00000000000..724a6c55df5 --- /dev/null +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21909.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-21909", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2024-01-03T16:15:09.003", + "lastModified": "2024-01-03T16:15:09.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of \nservice vulnerability. An attacker may trigger the denial of service \ncondition by providing crafted data to the DecodeFromBytes or other \ndecoding mechanisms in PeterO.Cbor. Depending on the usage of the \nlibrary, an unauthenticated and remote attacker may be able to cause the\n denial of service condition.\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-407" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/advisories/GHSA-6r92-cgxc-r5fg", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21910.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21910.json new file mode 100644 index 00000000000..67673fbbc11 --- /dev/null +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21910.json @@ -0,0 +1,52 @@ +{ + "id": "CVE-2024-21910", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2024-01-03T16:15:09.090", + "lastModified": "2024-01-03T16:15:09.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/advisories/GHSA-r8hm-w5f7-wj39", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/jazzband/django-tinymce/issues/366", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/jazzband/django-tinymce/releases/tag/3.4.0", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://pypi.org/project/django-tinymce/3.4.0/", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21911.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21911.json new file mode 100644 index 00000000000..cb1f754f68e --- /dev/null +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21911.json @@ -0,0 +1,48 @@ +{ + "id": "CVE-2024-21911", + "sourceIdentifier": "disclosure@vulncheck.com", + "published": "2024-01-03T16:15:09.170", + "lastModified": "2024-01-03T16:15:09.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "disclosure@vulncheck.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/advisories/GHSA-w7jx-j77m-wp65", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://www.npmjs.com/package/tinymce", + "source": "disclosure@vulncheck.com" + }, + { + "url": "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes", + "source": "disclosure@vulncheck.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1d254d07445..dae7c45ffe9 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-03T15:00:26.203185+00:00 +2024-01-03T17:00:25.062796+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-03T14:35:15.607000+00:00 +2024-01-03T16:15:09.170000+00:00 ``` ### Last Data Feed Release @@ -29,49 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234796 +234804 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `8` -* [CVE-2023-37608](CVE-2023/CVE-2023-376xx/CVE-2023-37608.json) (`2024-01-03T13:15:08.393`) -* [CVE-2023-39655](CVE-2023/CVE-2023-396xx/CVE-2023-39655.json) (`2024-01-03T13:15:08.467`) -* [CVE-2023-50092](CVE-2023/CVE-2023-500xx/CVE-2023-50092.json) (`2024-01-03T13:15:08.523`) -* [CVE-2023-37607](CVE-2023/CVE-2023-376xx/CVE-2023-37607.json) (`2024-01-03T14:15:08.747`) -* [CVE-2023-50093](CVE-2023/CVE-2023-500xx/CVE-2023-50093.json) (`2024-01-03T14:15:08.840`) +* [CVE-2023-45559](CVE-2023/CVE-2023-455xx/CVE-2023-45559.json) (`2024-01-03T15:15:09.670`) +* [CVE-2023-30617](CVE-2023/CVE-2023-306xx/CVE-2023-30617.json) (`2024-01-03T16:15:08.117`) +* [CVE-2023-46738](CVE-2023/CVE-2023-467xx/CVE-2023-46738.json) (`2024-01-03T16:15:08.470`) +* [CVE-2024-21907](CVE-2024/CVE-2024-219xx/CVE-2024-21907.json) (`2024-01-03T16:15:08.793`) +* [CVE-2024-21908](CVE-2024/CVE-2024-219xx/CVE-2024-21908.json) (`2024-01-03T16:15:08.913`) +* [CVE-2024-21909](CVE-2024/CVE-2024-219xx/CVE-2024-21909.json) (`2024-01-03T16:15:09.003`) +* [CVE-2024-21910](CVE-2024/CVE-2024-219xx/CVE-2024-21910.json) (`2024-01-03T16:15:09.090`) +* [CVE-2024-21911](CVE-2024/CVE-2024-219xx/CVE-2024-21911.json) (`2024-01-03T16:15:09.170`) ### CVEs modified in the last Commit -Recently modified CVEs: `95` +Recently modified CVEs: `4` -* [CVE-2023-52314](CVE-2023/CVE-2023-523xx/CVE-2023-52314.json) (`2024-01-03T13:48:00.677`) -* [CVE-2023-6621](CVE-2023/CVE-2023-66xx/CVE-2023-6621.json) (`2024-01-03T13:48:00.677`) -* [CVE-2023-6747](CVE-2023/CVE-2023-67xx/CVE-2023-6747.json) (`2024-01-03T13:48:00.677`) -* [CVE-2023-6984](CVE-2023/CVE-2023-69xx/CVE-2023-6984.json) (`2024-01-03T13:48:00.677`) -* [CVE-2023-7068](CVE-2023/CVE-2023-70xx/CVE-2023-7068.json) (`2024-01-03T13:48:00.677`) -* [CVE-2023-51784](CVE-2023/CVE-2023-517xx/CVE-2023-51784.json) (`2024-01-03T13:48:00.677`) -* [CVE-2023-51785](CVE-2023/CVE-2023-517xx/CVE-2023-51785.json) (`2024-01-03T13:48:00.677`) -* [CVE-2023-49792](CVE-2023/CVE-2023-497xx/CVE-2023-49792.json) (`2024-01-03T14:29:18.610`) -* [CVE-2023-49791](CVE-2023/CVE-2023-497xx/CVE-2023-49791.json) (`2024-01-03T14:35:15.607`) -* [CVE-2024-0191](CVE-2024/CVE-2024-01xx/CVE-2024-0191.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-0192](CVE-2024/CVE-2024-01xx/CVE-2024-0192.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-0194](CVE-2024/CVE-2024-01xx/CVE-2024-0194.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-0195](CVE-2024/CVE-2024-01xx/CVE-2024-0195.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-21623](CVE-2024/CVE-2024-216xx/CVE-2024-21623.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-21627](CVE-2024/CVE-2024-216xx/CVE-2024-21627.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-0196](CVE-2024/CVE-2024-01xx/CVE-2024-0196.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-21628](CVE-2024/CVE-2024-216xx/CVE-2024-21628.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-21629](CVE-2024/CVE-2024-216xx/CVE-2024-21629.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-21632](CVE-2024/CVE-2024-216xx/CVE-2024-21632.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-0207](CVE-2024/CVE-2024-02xx/CVE-2024-0207.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-0208](CVE-2024/CVE-2024-02xx/CVE-2024-0208.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-0209](CVE-2024/CVE-2024-02xx/CVE-2024-0209.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-0210](CVE-2024/CVE-2024-02xx/CVE-2024-0210.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-0211](CVE-2024/CVE-2024-02xx/CVE-2024-0211.json) (`2024-01-03T13:48:00.677`) -* [CVE-2024-0201](CVE-2024/CVE-2024-02xx/CVE-2024-0201.json) (`2024-01-03T13:48:00.677`) +* [CVE-2023-7039](CVE-2023/CVE-2023-70xx/CVE-2023-7039.json) (`2024-01-03T15:03:23.020`) +* [CVE-2023-40058](CVE-2023/CVE-2023-400xx/CVE-2023-40058.json) (`2024-01-03T15:08:28.433`) +* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2024-01-03T15:15:09.770`) +* [CVE-2023-6546](CVE-2023/CVE-2023-65xx/CVE-2023-6546.json) (`2024-01-03T15:20:36.160`) ## Download and Usage