admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-30T17:00:24.805712+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-30 17:00:28 +00:00
parent a78fd27c47
commit e617893afc
61 changed files with 4058 additions and 245 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2021/CVE-2021-336xx/CVE-2021-33630.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-33630",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.653",
"lastModified": "2024-01-26T09:15:07.277",
"lastModified": "2024-01-30T15:15:08.410",
"vulnStatus": "Modified",
"descriptions": [
{
@ -100,6 +100,14 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/3",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/4",
"source": "securities@openeuler.org"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3e8b9bfa110896f95d602d8c98d5f9d67e41d78c",
"source": "securities@openeuler.org"

12
CVE-2021/CVE-2021-336xx/CVE-2021-33631.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-33631",
"sourceIdentifier": "securities@openeuler.org",
"published": "2024-01-18T15:15:08.860",
"lastModified": "2024-01-26T18:52:48.810",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-30T15:15:08.533",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -114,6 +114,14 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/3",
"source": "securities@openeuler.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/30/4",
"source": "securities@openeuler.org"
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5c099c4fdc438014d5893629e70a8ba934433ee8",
"source": "securities@openeuler.org",

6
CVE-2022/CVE-2022-21xx/CVE-2022-2127.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-2127",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-20T15:15:11.183",
"lastModified": "2024-01-25T20:15:34.893",
"lastModified": "2024-01-30T16:15:45.787",
"vulnStatus": "Modified",
"descriptions": [
{
@ -193,6 +193,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0423",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0580",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2022-2127",
"source": "secalert@redhat.com",

207
CVE-2023/CVE-2023-287xx/CVE-2023-28738.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28738",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:09.397",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:18:46.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta para algunos firmware de BIOS Intel NUC anteriores a la versi\u00f3n JY0070 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,177 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_7_essential_nuc7cjysamn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "AECA5B22-1E3B-491C-A626-1FF102E321DC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_7_essential_nuc7cjysamn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1298E3-75D5-4ECB-B063-0F635EC0EB80"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc7cjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "E47D606D-E423-4B7C-9577-BB4ECE8EABA2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyhn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1956157-B3D8-49F7-8B4D-CB188AB8F04C"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc7pjyhn_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "AE14E375-EF46-4466-A6C5-9C2F53DF00D6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7pjyhn:-:*:*:*:*:*:*:*",
"matchCriteriaId": "75CD5445-C828-4157-BE6C-2F606338DAEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc7pjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "B84818C5-6FD0-4CBF-AC72-53152CC6FD28"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7pjyh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD804138-230D-48CD-9990-900DB9760142"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc7cjysal_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "5CAB5612-C7A1-4BE4-82C6-0D8D1E9EA7A3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjysal:-:*:*:*:*:*:*:*",
"matchCriteriaId": "50F7170D-6742-4B3D-A73B-5830AA7DCDC6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_kit_nuc7cjyh_firmware:jyglkcpx.0071:*:*:*:*:*:*:*",
"matchCriteriaId": "39E3422A-1803-4C38-A657-7A1130725D04"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_kit_nuc7cjyh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "573F0989-6A34-4595-A298-EA1B88C61BD9"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

153
CVE-2023/CVE-2023-287xx/CVE-2023-28743.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-28743",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:09.590",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:17:58.250",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta para algunos firmware de BIOS Intel NUC anteriores a la versi\u00f3n QN0073 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,123 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_9_pro_compute_element_nuc9v7qnb_firmware:qncflx70.0073:*:*:*:*:*:*:*",
"matchCriteriaId": "E2A89BB9-A7C9-4B75-8817-BF42F9A0EC7E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_9_pro_compute_element_nuc9v7qnb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EB10846C-3A6D-4A13-85F0-968692773F8A"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_pro_compute_element_nuc9v7qnx_firmware:qncflx70.0073:*:*:*:*:*:*:*",
"matchCriteriaId": "5DA7166E-B173-4FB6-A11E-48E390A31E7C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_9_pro_compute_element_nuc9v7qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2D9C441E-BC4F-41FF-8F22-A35F9DA0DFE9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_9_pro_kit_nuc9v7qnb_firmware:qncflx70.0073:*:*:*:*:*:*:*",
"matchCriteriaId": "C7A7054C-B56A-4371-B7B2-ACDD6C7D1B59"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_9_pro_kit_nuc9v7qnb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D5E56AE-5D68-4626-930C-08A93D4DF3AD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_9_pro_kit_nuc9v7qnx_firmware:qncflx70.0073:*:*:*:*:*:*:*",
"matchCriteriaId": "E89EE711-C0BA-41B1-A98D-C51C25A56A3E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_9_pro_kit_nuc9v7qnx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2613E78B-477C-4CC1-80B8-B3D23C40C7B7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-292xx/CVE-2023-29244.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-29244",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:09.777",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:17:47.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Los permisos predeterminados incorrectos en algunos controladores Intel Integrated Sensor Hub (ISH) para Windows 10 para instaladores de software Intel NUC P14E Laptop Element anteriores a la versi\u00f3n 5.4.1.4479 pueden permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:nuc_p14e_laptop_element:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.1.4479",
"matchCriteriaId": "93926542-C1AA-4C3D-B2C4-F42B3DA4DEE2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

101
CVE-2023/CVE-2023-294xx/CVE-2023-29495.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-29495",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:09.987",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:18:07.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta para algunos firmware de BIOS Intel NUC anteriores a la versi\u00f3n IN0048 puede permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,71 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i7inh_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "inwhl357.0049",
"matchCriteriaId": "DD7EA440-A23C-42CD-9979-3630F176A8B6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i7inh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7FB4D7-3AED-4BBD-9655-6C300FC08218"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:intel:nuc_8_mainstream-g_kit_nuc8i5inh_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "inwhl357.0049",
"matchCriteriaId": "DF29E404-DED8-44CD-B958-5C55ABA65CD8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:intel:nuc_8_mainstream-g_kit_nuc8i5inh:-:*:*:*:*:*:*:*",
"matchCriteriaId": "18330FCA-FFDE-4B0E-8703-1DAE0633C053"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01009.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-322xx/CVE-2023-32272.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32272",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:10.177",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:18:16.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Uncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "La ruta de b\u00fasqueda no controlada en algunos instaladores de software de la herramienta de configuraci\u00f3n Intel NUC Pro Software Suite anteriores a la versi\u00f3n 3.0.0.6 puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:nuc_pro_software_suite:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.0.0.6",
"matchCriteriaId": "D36AB3A4-6716-44B0-A32C-6E082F20DDE0"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-325xx/CVE-2023-32544.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32544",
"sourceIdentifier": "secure@intel.com",
"published": "2024-01-19T20:15:10.363",
"lastModified": "2024-01-19T22:52:48.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:18:31.507",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "El control de acceso inadecuado en algunos servicios Intel HotKey para Windows 10 para instaladores de software Intel NUC P14E Laptop Element anteriores a la versi\u00f3n 1.1.45 puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:nuc_p14e_laptop_element:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.1.45",
"matchCriteriaId": "200AB2E2-5BC5-48FB-AF71-231C716DC171"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00964.html",
"source": "secure@intel.com"
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-349xx/CVE-2023-34966.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34966",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-20T15:15:11.333",
"lastModified": "2024-01-25T20:15:35.050",
"lastModified": "2024-01-30T16:15:45.953",
"vulnStatus": "Modified",
"descriptions": [
{
@ -187,6 +187,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0423",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0580",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-34966",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-349xx/CVE-2023-34967.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34967",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-20T15:15:11.410",
"lastModified": "2024-01-25T20:15:35.203",
"lastModified": "2024-01-30T16:15:46.067",
"vulnStatus": "Modified",
"descriptions": [
{
@ -187,6 +187,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0423",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0580",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-34967",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-349xx/CVE-2023-34968.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34968",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-20T15:15:11.540",
"lastModified": "2024-01-25T20:15:35.400",
"lastModified": "2024-01-30T16:15:46.210",
"vulnStatus": "Modified",
"descriptions": [
{
@ -182,6 +182,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0423",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0580",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-34968",
"source": "secalert@redhat.com",

43
CVE-2023/CVE-2023-375xx/CVE-2023-37518.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-37518",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-30T16:15:46.330",
"lastModified": "2024-01-30T16:15:46.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HCL BigFix ServiceNow is vulnerable to arbitrary code injection. A malicious authorized attacker could inject arbitrary code and execute within the context of the running user.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110202",
"source": "psirt@hcl.com"
}
]
}

18
CVE-2023/CVE-2023-38xx/CVE-2023-3812.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3812",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:13.337",
"lastModified": "2024-01-30T04:15:07.453",
"lastModified": "2024-01-30T16:15:46.540",
"vulnStatus": "Modified",
"descriptions": [
{
@ -256,6 +256,22 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0554",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0562",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0563",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0575",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0593",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3812",
"source": "secalert@redhat.com",

14
CVE-2023/CVE-2023-427xx/CVE-2023-42753.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42753",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-25T21:15:15.923",
"lastModified": "2024-01-25T20:15:37.117",
"lastModified": "2024-01-30T16:15:46.710",
"vulnStatus": "Modified",
"descriptions": [
{
@ -227,6 +227,18 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0461",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0562",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0563",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0593",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-42753",
"source": "secalert@redhat.com",

64
CVE-2023/CVE-2023-444xx/CVE-2023-44401.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-44401",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T14:15:37.540",
"lastModified": "2024-01-23T15:47:28.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:31:33.093",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations. In versions 4.0.0 prior to 4.3.7 and 5.0.0 prior to 5.1.3, `canView` permission checks are bypassed for ORM data in paginated GraphQL query results where the total number of records is greater than the number of records per page. Note that this also affects GraphQL queries which have a limit applied, even if the query isn\u2019t paginated per se. This has been fixed in versions 4.3.7 and 5.1.3 by ensuring no new records are pulled in from the database after performing `canView` permission checks for each page of results. This may result in some pages in the query results having less than the maximum number of records per page even when there are more pages of results. This behavior is consistent with how pagination works in other areas of Silverstripe CMS, such as in `GridField`, and is a result of having to perform permission checks in PHP rather than in the database directly. One may disable these permission checks by disabling the `CanViewPermission` plugin."
},
{
"lang": "es",
"value": "Silverstripe CMS GraphQL Server sirve datos de Silverstripe como representaciones GraphQL. En las versiones 4.0.0 anteriores a 4.3.7 y 5.0.0 anteriores a 5.1.3, las comprobaciones de permisos `canView` se omiten para datos ORM en resultados de consultas GraphQL paginados donde el n\u00famero total de registros es mayor que el n\u00famero de registros por p\u00e1gina. Tenga en cuenta que esto tambi\u00e9n afecta a las consultas GraphQL a las que se les aplica un l\u00edmite, incluso si la consulta no est\u00e1 paginada per se. Esto se solucion\u00f3 en las versiones 4.3.7 y 5.1.3 asegurando que no se extraigan nuevos registros de la base de datos despu\u00e9s de realizar comprobaciones de permisos \"canView\" para cada p\u00e1gina de resultados. Esto puede provocar que algunas p\u00e1ginas de los resultados de la consulta tengan menos del n\u00famero m\u00e1ximo de registros por p\u00e1gina, incluso cuando haya m\u00e1s p\u00e1ginas de resultados. Este comportamiento es consistente con c\u00f3mo funciona la paginaci\u00f3n en otras \u00e1reas de Silverstripe CMS, como en `GridField`, y es el resultado de tener que realizar comprobaciones de permisos en PHP en lugar de hacerlo directamente en la base de datos. Se pueden desactivar estas comprobaciones de permisos desactivando el complemento \"CanViewPermission\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.3.7",
"matchCriteriaId": "88D22C86-D9E5-47B2-BB57-7D0E77628ED7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:silverstripe:graphql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.1.3",
"matchCriteriaId": "E0718F16-E23B-469B-B4FC-1CBA2E886DC3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/silverstripe/silverstripe-graphql/security/advisories/GHSA-jgph-w8rh-xf5p",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.silverstripe.org/download/security-releases/CVE-2023-44401",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-470xx/CVE-2023-47033.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2023-47033",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T17:15:08.200",
"lastModified": "2024-01-19T18:48:55.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:50:22.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que MultiSigWallet 0xF0C99 contiene una vulnerabilidad de reentrada a trav\u00e9s de la funci\u00f3n ejecutarTransacci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:multisigwallet_project:multisigwallet:-:*:*:*:*:*:*:*",
"matchCriteriaId": "426F79D1-B389-400F-A88A-8D685C7D811C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://etherscan.io/address/0xF0C9975eFd521282c2DF55774251912d691aC4d9",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/RikkaLzw/CVE/blob/main/CVE-2024.1.19.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-470xx/CVE-2023-47034.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-47034",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T17:15:08.250",
"lastModified": "2024-01-19T18:48:55.033",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:48:28.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad en UniswapFrontRunBot 0xdB94c permite a los atacantes causar p\u00e9rdidas financieras a trav\u00e9s de vectores no especificados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uniswapfrontrunbot_project:uniswapfrontrunbot:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DFF66551-A62B-46B8-8F7C-9E5DAA89E9A6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://etherscan.io/address/0xdB94c67460DdaA9D6a9d6a2B855B5440f9afEb7C",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/RikkaLzw/CVE/blob/main/CVE-2024.1.19-2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

22
CVE-2023/CVE-2023-68xx/CVE-2023-6816.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6816",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-18T05:15:08.607",
"lastModified": "2024-01-29T06:15:07.307",
"lastModified": "2024-01-30T16:15:46.967",
"vulnStatus": "Modified",
"descriptions": [
{
@ -175,6 +175,26 @@
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0557",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0558",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0597",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0607",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0614",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6816",
"source": "secalert@redhat.com",

48
CVE-2024/CVE-2024-04xx/CVE-2024-0430.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0430",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-01-22T19:15:09.210",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:19:33.147",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver."
},
{
"lang": "es",
"value": "IObit Malware Fighter v11.0.0.1274 es afectado por una vulnerabilidad de denegaci\u00f3n de servicio al activar el c\u00f3digo IOCTL 0x8001E00C del controlador ImfHpRegFilter.sys."
}
],
"metrics": {
@ -36,8 +40,18 @@
},
"weaknesses": [
{
"source": "help@fluidattacks.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "help@fluidattacks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +60,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:iobit:malware_fighter:11.0.0.1274:*:*:*:*:*:*:*",
"matchCriteriaId": "B4ACC1A2-EB67-4512-85DC-D97DEBF741C4"
}
]
}
]
}
],
"references": [
{
"url": "https://fluidattacks.com/advisories/davis/",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.iobit.com/en/malware-fighter.php",
"source": "help@fluidattacks.com"
"source": "help@fluidattacks.com",
"tags": [
"Product"
]
}
]
}

59
CVE-2024/CVE-2024-05xx/CVE-2024-0564.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0564",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-30T15:15:08.687",
"lastModified": "2024-01-30T15:22:14.833",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is \"max page sharing=256\", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's \"max page share\". Through these operations, the attacker can leak the victim's page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0564",
"source": "secalert@redhat.com"
},
{
"url": "https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258514",
"source": "secalert@redhat.com"
},
{
"url": "https://link.springer.com/conference/wisa",
"source": "secalert@redhat.com"
},
{
"url": "https://wisa.or.kr/accepted",
"source": "secalert@redhat.com"
}
]
}

74
CVE-2024/CVE-2024-06xx/CVE-2024-0605.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2024-0605",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-22T19:15:09.423",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:19:19.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122."
},
{
"lang": "es",
"value": "Usando un javascript: URI con una condici\u00f3n de ejecuci\u00f3n setTimeout, un atacante puede ejecutar scripts no autorizados en los principales sitios de origen en urlbar. Esto elude las medidas de seguridad, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario o acciones no autorizadas dentro de la p\u00e1gina web cargada por el usuario. Esta vulnerabilidad afecta a Focus para iOS &lt; 122."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "1A58D0C0-C066-47B1-A280-2CA46F2F5AA3"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855575",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-03/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-06xx/CVE-2024-0606.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2024-0606",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-22T19:15:09.487",
"lastModified": "2024-01-22T20:28:17.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:18:57.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122."
},
{
"lang": "es",
"value": "Un atacante podr\u00eda ejecutar un script no autorizado en un sitio leg\u00edtimo a trav\u00e9s de UXSS usando window.open() abriendo un URI de JavaScript que conduzca a acciones no autorizadas dentro de la p\u00e1gina web cargada por el usuario. Esta vulnerabilidad afecta a Focus para iOS &lt; 122."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_focus:*:*:*:*:*:iphone_os:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "1A58D0C0-C066-47B1-A280-2CA46F2F5AA3"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1855030",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-03/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-07xx/CVE-2024-0745.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2024-0745",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.373",
"lastModified": "2024-01-23T15:47:28.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:08:53.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122."
},
{
"lang": "es",
"value": "El objeto WebAudio `OscillatorNode` era susceptible a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. Esto podr\u00eda haber provocado un fallo potencialmente explotable. Esta vulnerabilidad afecta a Firefox &lt; 122."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871838",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

116
CVE-2024/CVE-2024-07xx/CVE-2024-0746.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0746",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.417",
"lastModified": "2024-01-25T12:15:46.560",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:10:43.927",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,127 @@
"value": "Un usuario de Linux que hubiera abierto el cuadro de di\u00e1logo de vista previa de impresi\u00f3n podr\u00eda haber provocado que el navegador fallara. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "2FEFC245-B7AC-4DA2-B7FF-4F94583C81CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "DC502C20-2D21-4F44-AE8A-2943144BA047"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1660223",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

116
CVE-2024/CVE-2024-07xx/CVE-2024-0747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0747",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.463",
"lastModified": "2024-01-25T12:15:46.610",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:16:51.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,127 @@
"value": "Cuando una p\u00e1gina principal cargaba una secundaria en un iframe con \"unsafe-inline\", la pol\u00edtica de seguridad de contenido principal podr\u00eda haber anulado la pol\u00edtica de seguridad de contenido secundaria. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "2FEFC245-B7AC-4DA2-B7FF-4F94583C81CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "DC502C20-2D21-4F44-AE8A-2943144BA047"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1764343",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-07xx/CVE-2024-0748.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2024-0748",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.507",
"lastModified": "2024-01-23T15:47:28.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:21:36.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122."
},
{
"lang": "es",
"value": "Un proceso de contenido comprometido podr\u00eda haber actualizado el URI del documento. Esto podr\u00eda haber permitido a un atacante establecer un URI arbitrario en la barra de direcciones o en el historial. Esta vulnerabilidad afecta a Firefox &lt; 122."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1783504",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

116
CVE-2024/CVE-2024-07xx/CVE-2024-0749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0749",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.550",
"lastModified": "2024-01-25T12:15:46.657",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:35:49.257",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,127 @@
"value": "Un sitio de phishing podr\u00eda haber reutilizado un cuadro de di\u00e1logo \"acerca de:\" para mostrar contenido de phishing con un origen incorrecto en la barra de direcciones. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "2FEFC245-B7AC-4DA2-B7FF-4F94583C81CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "DC502C20-2D21-4F44-AE8A-2943144BA047"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1813463",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

116
CVE-2024/CVE-2024-07xx/CVE-2024-0750.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0750",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.597",
"lastModified": "2024-01-25T12:15:46.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:49:20.873",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,127 @@
"value": "Un error en el c\u00e1lculo del retraso de las notificaciones emergentes podr\u00eda haber hecho posible que un atacante enga\u00f1ara a un usuario para que concediera permisos. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "2FEFC245-B7AC-4DA2-B7FF-4F94583C81CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndIncluding": "115.7",
"matchCriteriaId": "5E5A6F47-920B-48E1-A7F4-633328DA2B00"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863083",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

116
CVE-2024/CVE-2024-07xx/CVE-2024-0751.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0751",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.643",
"lastModified": "2024-01-25T12:15:46.740",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:44:51.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,127 @@
"value": "Se podr\u00eda haber utilizado una extensi\u00f3n devtools maliciosa para escalar privilegios. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "2FEFC245-B7AC-4DA2-B7FF-4F94583C81CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "DC502C20-2D21-4F44-AE8A-2943144BA047"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865689",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-07xx/CVE-2024-0752.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2024-0752",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.693",
"lastModified": "2024-01-23T15:47:28.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:49:15.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122."
},
{
"lang": "es",
"value": "Podr\u00eda haberse producido un bloqueo de use-after-free en macOS si se estuviera aplicando una actualizaci\u00f3n de Firefox en un sistema muy ocupado. Esto podr\u00eda haber resultado en un fallo explotable. Esta vulnerabilidad afecta a Firefox &lt; 122."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1866840",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

116
CVE-2024/CVE-2024-07xx/CVE-2024-0753.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0753",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.730",
"lastModified": "2024-01-25T12:15:46.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:54:23.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,27 +14,127 @@
"value": "En configuraciones HSTS espec\u00edficas, un atacante podr\u00eda haber omitido HSTS en un subdominio. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox_esr:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "2FEFC245-B7AC-4DA2-B7FF-4F94583C81CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.7",
"matchCriteriaId": "DC502C20-2D21-4F44-AE8A-2943144BA047"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1870262",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Release Notes"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-02/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-04/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-07xx/CVE-2024-0754.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2024-0754",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.777",
"lastModified": "2024-01-23T15:47:28.250",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:55:28.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122."
},
{
"lang": "es",
"value": "Algunos archivos fuente WASM podr\u00edan haber provocado un bloqueo al cargarlos en devtools. Esta vulnerabilidad afecta a Firefox &lt; 122."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0",
"matchCriteriaId": "EEF7698D-52B1-4E62-8ADD-782A4BC59AD8"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1871605",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"
"source": "security@mozilla.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-10xx/CVE-2024-1019.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1019",
"sourceIdentifier": "vulnerability@ncsc.ch",
"published": "2024-01-30T16:15:47.123",
"lastModified": "2024-01-30T16:15:47.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "vulnerability@ncsc.ch",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30",
"source": "vulnerability@ncsc.ch"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1034.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1034",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T15:15:08.933",
"lastModified": "2024-01-30T15:22:14.833",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252309 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/ABYkFE4wRPW5",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252309",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252309",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-10xx/CVE-2024-1035.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1035",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-30T16:15:47.350",
"lastModified": "2024-01-30T16:15:47.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/AIbnbytIW9Bq",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252310",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252310",
"source": "cna@vuldb.com"
}
]
}

59
CVE-2024/CVE-2024-216xx/CVE-2024-21649.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21649",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T16:15:47.653",
"lastModified": "2024-01-30T16:15:47.653",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-216xx/CVE-2024-21653.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21653",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T16:15:47.863",
"lastModified": "2024-01-30T16:15:47.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the docker image. Version 4.2.0 patches the vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/commit/3fcc6e6a8bd1142fd7a558d8fdd2b246e55c8841",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-2wgc-48g2-cj5w",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-216xx/CVE-2024-21671.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21671",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T16:15:48.090",
"lastModified": "2024-01-30T16:15:48.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-208"
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53",
"source": "security-advisories@github.com"
}
]
}

304
CVE-2024/CVE-2024-220xx/CVE-2024-22076.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22076",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T11:15:09.233",
"lastModified": "2024-01-23T13:43:53.100",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T16:30:47.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,309 @@
"value": "MyQ Print Server anterior a 8.2 parche 43 permite la ejecuci\u00f3n remota de c\u00f3digo no autenticado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.2",
"matchCriteriaId": "A76077FF-885F-4369-A3A9-676BF40AD3E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:-:*:*:*:*:*:*",
"matchCriteriaId": "399B63D2-D03D-4993-817E-987EB3C4C23B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:beta1:*:*:*:*:*:*",
"matchCriteriaId": "AF19127A-8B5C-417E-93A6-6063C067C0DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch1:*:*:*:*:*:*",
"matchCriteriaId": "572F90C9-2BCB-4686-8963-16311EAA8F10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch10:*:*:*:*:*:*",
"matchCriteriaId": "E9FC6989-A24E-4604-A7B1-78F03C2875A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch11:*:*:*:*:*:*",
"matchCriteriaId": "5F8B22D7-FAE9-48D9-AABD-CCEFC7A1B1BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch12:*:*:*:*:*:*",
"matchCriteriaId": "AECEE4B2-7588-49F6-A03D-6EF8F8B8322B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch13:*:*:*:*:*:*",
"matchCriteriaId": "0C741558-8BC5-4B67-ADDA-0C2640500AAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch14:*:*:*:*:*:*",
"matchCriteriaId": "F30D7741-FAFA-437B-B369-565F99953148"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch15:*:*:*:*:*:*",
"matchCriteriaId": "91F6A7BA-B67A-4CDB-AFFC-EB272B857B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch16:*:*:*:*:*:*",
"matchCriteriaId": "FAAB6A86-8616-4AC3-AFB9-4DB6D9558CDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch17:*:*:*:*:*:*",
"matchCriteriaId": "2608A1FB-1893-4478-9BD7-14078C49E36B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch18:*:*:*:*:*:*",
"matchCriteriaId": "55469CAD-1FAB-4976-B00B-C6A879A098C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch19:*:*:*:*:*:*",
"matchCriteriaId": "8423002A-56A3-406C-AAE0-8BD4641495DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch2:*:*:*:*:*:*",
"matchCriteriaId": "8376A93E-4FD6-49ED-B975-F61E33ED6D65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch20:*:*:*:*:*:*",
"matchCriteriaId": "DD098A09-42D7-4C5C-8560-DC305676B8EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch21:*:*:*:*:*:*",
"matchCriteriaId": "BE70255C-4EEE-4ED1-8DC5-F03C595E2D63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch22:*:*:*:*:*:*",
"matchCriteriaId": "A3ACE651-EB1E-4A5D-A8E7-C9729D18AB29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch23:*:*:*:*:*:*",
"matchCriteriaId": "3DB70760-D06B-4A9A-82DA-D502E75560EC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch24:*:*:*:*:*:*",
"matchCriteriaId": "F9FA6F33-8357-4A33-BF11-2E0F0049751A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch25:*:*:*:*:*:*",
"matchCriteriaId": "E9D4DA6E-3E77-4838-93E6-E860243F874F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch26:*:*:*:*:*:*",
"matchCriteriaId": "1585DCDE-3D4D-4A77-AA20-14A66336CDF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch27:*:*:*:*:*:*",
"matchCriteriaId": "9129B5FF-65BC-423D-91B7-1241F27287EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch28:*:*:*:*:*:*",
"matchCriteriaId": "0D8CD747-4DF0-4FB2-8AE9-768C35097921"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch29:*:*:*:*:*:*",
"matchCriteriaId": "A204D0F1-7A97-48BA-B26C-3109E5EE88D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch3:*:*:*:*:*:*",
"matchCriteriaId": "2BDC8EFF-A6E1-424D-B027-14FD2A93A9A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch30:*:*:*:*:*:*",
"matchCriteriaId": "3E4B85AD-D923-4304-BDB3-29241926358E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch31:*:*:*:*:*:*",
"matchCriteriaId": "7D0E6C9B-AF39-41FA-B2BA-11ACF9D2A1EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch32:*:*:*:*:*:*",
"matchCriteriaId": "DA9DB230-A8AF-4ADD-8A1F-1450F1FD36EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch33:*:*:*:*:*:*",
"matchCriteriaId": "7241F991-8D92-48B0-87B0-26F1B1ADC399"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch34:*:*:*:*:*:*",
"matchCriteriaId": "FAA97809-AAFE-474B-BAF2-362210B22A2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch35:*:*:*:*:*:*",
"matchCriteriaId": "77D9BCBA-C690-43AD-9C59-4D1C4B937E30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch36:*:*:*:*:*:*",
"matchCriteriaId": "4BD1D6B7-74F6-4E3F-B9BB-7A9F892DBFF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch37:*:*:*:*:*:*",
"matchCriteriaId": "FE2A5618-ADEA-4A38-88E7-A54F0BB2FE24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch38:*:*:*:*:*:*",
"matchCriteriaId": "BEB44A1E-C8AA-444F-BA43-243265BAD542"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch39:*:*:*:*:*:*",
"matchCriteriaId": "6CA97DBE-852D-4A3B-8983-9CE4FAD94942"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch4:*:*:*:*:*:*",
"matchCriteriaId": "EC5D3F81-1396-446A-901C-7938EDAA3C43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch40:*:*:*:*:*:*",
"matchCriteriaId": "FF4D66BD-CEDD-47D9-BB32-F388E8A3EDBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch41:*:*:*:*:*:*",
"matchCriteriaId": "485A1347-3BFE-4155-ACC9-D726067796E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch42:*:*:*:*:*:*",
"matchCriteriaId": "6EC0EF62-E453-4F5F-95CC-B1341EB6A3C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch5:*:*:*:*:*:*",
"matchCriteriaId": "C09099F3-607B-48C1-B4BA-4A9753638CED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch6:*:*:*:*:*:*",
"matchCriteriaId": "6D985018-F163-40BC-B768-78A340EB7C28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch7:*:*:*:*:*:*",
"matchCriteriaId": "48B47DD2-F64F-411B-8EB8-775419408097"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch8:*:*:*:*:*:*",
"matchCriteriaId": "1AAC8A77-58BD-41FB-A032-5F597DF8EC6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:patch9:*:*:*:*:*:*",
"matchCriteriaId": "45BE1FCB-418F-44BE-8F30-F0350A7E1232"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6DA8B157-08E1-493A-99FE-96FDFD0CA60C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1BB6B4B3-DA96-4E0B-AFD2-89AF494B2ED2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:myq-solution:print_server:8.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5273C99A-4126-4019-B10F-AB2876E2A8BC"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.myq-solution.com/en/print-server/8.2/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://docs.myq-solution.com/en/print-server/8.2/technical-changelog#id-%288.2%29ReleaseNotes-8.2%28Patch43%29",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

59
CVE-2024/CVE-2024-221xx/CVE-2024-22193.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22193",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T16:15:48.310",
"lastModified": "2024-01-30T16:15:48.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-222xx/CVE-2024-22200.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22200",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-30T16:15:48.553",
"lastModified": "2024-01-30T16:15:48.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8",
"source": "security-advisories@github.com"
}
]
}

82
CVE-2024/CVE-2024-222xx/CVE-2024-22203.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22203",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:18.263",
"lastModified": "2024-01-23T19:40:11.110",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:30:42.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `request.py`, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4."
},
{
"lang": "es",
"value": "Whoogle Search es un metabuscador autohospedado. En versiones anteriores a la 0.8.4, el m\u00e9todo `element` en `app/routes.py` no valida las variables `src_type` y `element_url` controladas por el usuario y las pasa al m\u00e9todo `send` que env\u00eda una solicitud GET. en las l\u00edneas 339-343 en `request.py`, lo que conduce a server-side request forgery. Este problema permite elaborar solicitudes GET a recursos internos y externos en nombre del servidor. Por ejemplo, este problema permitir\u00eda acceder a recursos en la red interna a la que tiene acceso el servidor, aunque es posible que no se pueda acceder a estos recursos en Internet. Este problema se solucion\u00f3 en la versi\u00f3n 0.8.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,34 +70,74 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:benbusby:whoogle_search:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.8.4",
"matchCriteriaId": "D3DA218E-B891-4381-97E4-F0F1147E6309"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L465-L490",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L466",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L476",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-224xx/CVE-2024-22415.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22415",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-18T21:15:09.087",
"lastModified": "2024-01-19T01:51:14.027",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:22:32.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp."
},
{
"lang": "es",
"value": "jupyter-lsp es una herramienta de asistencia de codificaci\u00f3n para JupyterLab (navegaci\u00f3n de c\u00f3digo + sugerencias de desplazamiento + linters + autocompletado + cambio de nombre) que utiliza el protocolo de servidor de idiomas. Las instalaciones de jupyter-lsp que se ejecutan en entornos sin control de acceso al sistema de archivos configurado (en el nivel del sistema operativo) y con instancias de jupyter-server expuestas a una red no confiable son vulnerables al acceso no autorizado y a la modificaci\u00f3n del sistema de archivos m\u00e1s all\u00e1 del directorio ra\u00edz de jupyter. Este problema se solucion\u00f3 en la versi\u00f3n 2.2.2 y se recomienda a todos los usuarios que actualicen. Los usuarios que no puedan actualizar deben desinstalar jupyter-lsp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -54,14 +88,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jupyter:language_server_protocol_integration:*:*:*:*:*:jupyter:*:*",
"versionEndExcluding": "2.2.2",
"matchCriteriaId": "8721BAB0-1BD7-4974-807D-514D81E81AC8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

190
CVE-2024/CVE-2024-232xx/CVE-2024-23212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23212",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.133",
"lastModified": "2024-01-26T18:15:12.670",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T16:21:23.323",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,63 +14,219 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, macOS Ventura 13.6.4, macOS Monterey 12.7.3. Una aplicaci\u00f3n puede ejecutar c\u00f3digo arbitrario con privilegios del kernel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.3",
"matchCriteriaId": "EF93182E-EFE2-4DAF-BAA2-5053A20ADCFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.3",
"matchCriteriaId": "79493683-AFEA-42B7-9F15-C3E47069C9CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.7.3",
"matchCriteriaId": "ECD0F581-7DA4-428A-A1F5-C9A86DDD99D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.4",
"matchCriteriaId": "A3916CD8-E6D5-4786-903E-B86026859CE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3",
"matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/34",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/37",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/38",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/39",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/40",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214057",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214058",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214060",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214063",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

172
CVE-2024/CVE-2024-232xx/CVE-2024-23213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23213",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.183",
"lastModified": "2024-01-26T18:15:12.737",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T16:26:53.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,55 +14,197 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, Safari 17.3. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.3",
"matchCriteriaId": "EF93182E-EFE2-4DAF-BAA2-5053A20ADCFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.3",
"matchCriteriaId": "79493683-AFEA-42B7-9F15-C3E47069C9CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "AF847E34-E210-4F2D-919C-772FFEC50D8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3",
"matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/27",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/34",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/39",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/40",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214056",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214060",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214063",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

121
CVE-2024/CVE-2024-232xx/CVE-2024-23214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23214",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.230",
"lastModified": "2024-01-26T17:15:12.843",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T16:10:13.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,134 @@
"value": "Se solucionaron m\u00faltiples problemas de corrupci\u00f3n de memoria con un manejo mejorado de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.3, iOS 16.7.5 y iPadOS 16.7.5, iOS 17.3 y iPadOS 17.3. El procesamiento de contenido web creado con fines malintencionados puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "8C2307FA-1412-4727-AD29-541A337A9B97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.3",
"matchCriteriaId": "EF93182E-EFE2-4DAF-BAA2-5053A20ADCFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "16.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "78404384-8393-4F57-8076-C84BCFD58B1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartExcluding": "17.0",
"versionEndExcluding": "17.3",
"matchCriteriaId": "79493683-AFEA-42B7-9F15-C3E47069C9CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/34",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214063",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

128
CVE-2024/CVE-2024-232xx/CVE-2024-23215.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23215",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.300",
"lastModified": "2024-01-26T18:15:12.810",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T16:17:32.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,39 +14,145 @@
"value": "Se solucion\u00f3 un problema con el manejo mejorado de archivos temporales. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3",
"matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/39",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/40",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214060",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

111
CVE-2024/CVE-2024-232xx/CVE-2024-23217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23217",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.360",
"lastModified": "2024-01-26T18:15:12.873",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-30T15:58:49.633",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,124 @@
"value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos temporales. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 y iPadOS 17.3. Es posible que una aplicaci\u00f3n pueda omitir ciertas preferencias de privacidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3",
"matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/39",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214060",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-233xx/CVE-2024-23347.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-23347",
"sourceIdentifier": "cve-assign@fb.com",
"published": "2024-01-16T18:15:11.267",
"lastModified": "2024-01-16T23:12:38.473",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-30T15:09:12.163",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application."
},
{
"lang": "es",
"value": "Antes de v176, al abrir un nuevo proyecto, Meta Spark Studio ejecutaba scripts definidos dentro de un archivo package.json incluido como parte de ese proyecto. Esos scripts tendr\u00edan la capacidad de ejecutar c\u00f3digo arbitrario en el sistema como aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:facebook:meta_spark_studio:*:*:*:*:*:*:*:*",
"versionEndExcluding": "176",
"matchCriteriaId": "4A2477AC-6870-4B94-B74E-BA1DBEC2F2DD"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.facebook.com/security/advisories/cve-2024-23347",
"source": "cve-assign@fb.com"
"source": "cve-assign@fb.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24324.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24324",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T15:15:09.277",
"lastModified": "2024-01-30T15:21:43.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A8000RU/TOTOlink%20A8000RU%20hard%20code.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24325.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24325",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T15:15:09.333",
"lastModified": "2024-01-30T15:21:43.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/11/TOTOlink%20A3300R%20setParentalRules.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24326.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24326",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T15:15:09.380",
"lastModified": "2024-01-30T15:21:43.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/8/TOTOlink%20A3300R%20setStaticDhcpRules.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24327.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24327",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T15:15:09.430",
"lastModified": "2024-01-30T15:21:43.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24328.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24328",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T15:15:09.487",
"lastModified": "2024-01-30T15:21:43.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24329.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24329",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T15:15:09.540",
"lastModified": "2024-01-30T15:21:43.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/10/TOTOlink%20A3300R%20setPortForwardRules.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24330.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24330",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T15:15:09.597",
"lastModified": "2024-01-30T15:21:43.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24331.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24331",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T15:15:09.643",
"lastModified": "2024-01-30T15:21:43.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/13/TOTOlink%20A3300R%20setWiFiScheduleCfg.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24332.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24332",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T15:15:09.693",
"lastModified": "2024-01-30T15:21:43.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/9/TOTOlink%20A3300R%20setUrlFilterRules.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24333.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24333",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T15:15:09.740",
"lastModified": "2024-01-30T15:21:43.493",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/15/TOTOlink%20A3300R%20setWiFiAclRules.md",
"source": "cve@mitre.org"
}
]
}

86
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-30T15:00:25.970047+00:00
2024-01-30T17:00:24.805712+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-30T14:56:48.577000+00:00
2024-01-30T16:50:22.897000+00:00
```
### Last Data Feed Release
@ -29,50 +29,64 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237120
237140
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `20`
* [CVE-2024-0674](CVE-2024/CVE-2024-06xx/CVE-2024-0674.json) (`2024-01-30T13:15:08.330`)
* [CVE-2024-0675](CVE-2024/CVE-2024-06xx/CVE-2024-0675.json) (`2024-01-30T13:15:08.667`)
* [CVE-2024-0676](CVE-2024/CVE-2024-06xx/CVE-2024-0676.json) (`2024-01-30T13:15:08.913`)
* [CVE-2024-1031](CVE-2024/CVE-2024-10xx/CVE-2024-1031.json) (`2024-01-30T13:15:09.123`)
* [CVE-2024-1032](CVE-2024/CVE-2024-10xx/CVE-2024-1032.json) (`2024-01-30T14:15:47.577`)
* [CVE-2024-1033](CVE-2024/CVE-2024-10xx/CVE-2024-1033.json) (`2024-01-30T14:15:47.853`)
* [CVE-2023-37518](CVE-2023/CVE-2023-375xx/CVE-2023-37518.json) (`2024-01-30T16:15:46.330`)
* [CVE-2024-24324](CVE-2024/CVE-2024-243xx/CVE-2024-24324.json) (`2024-01-30T15:15:09.277`)
* [CVE-2024-24325](CVE-2024/CVE-2024-243xx/CVE-2024-24325.json) (`2024-01-30T15:15:09.333`)
* [CVE-2024-24326](CVE-2024/CVE-2024-243xx/CVE-2024-24326.json) (`2024-01-30T15:15:09.380`)
* [CVE-2024-24327](CVE-2024/CVE-2024-243xx/CVE-2024-24327.json) (`2024-01-30T15:15:09.430`)
* [CVE-2024-24328](CVE-2024/CVE-2024-243xx/CVE-2024-24328.json) (`2024-01-30T15:15:09.487`)
* [CVE-2024-24329](CVE-2024/CVE-2024-243xx/CVE-2024-24329.json) (`2024-01-30T15:15:09.540`)
* [CVE-2024-24330](CVE-2024/CVE-2024-243xx/CVE-2024-24330.json) (`2024-01-30T15:15:09.597`)
* [CVE-2024-24331](CVE-2024/CVE-2024-243xx/CVE-2024-24331.json) (`2024-01-30T15:15:09.643`)
* [CVE-2024-24332](CVE-2024/CVE-2024-243xx/CVE-2024-24332.json) (`2024-01-30T15:15:09.693`)
* [CVE-2024-24333](CVE-2024/CVE-2024-243xx/CVE-2024-24333.json) (`2024-01-30T15:15:09.740`)
* [CVE-2024-0564](CVE-2024/CVE-2024-05xx/CVE-2024-0564.json) (`2024-01-30T15:15:08.687`)
* [CVE-2024-1034](CVE-2024/CVE-2024-10xx/CVE-2024-1034.json) (`2024-01-30T15:15:08.933`)
* [CVE-2024-1019](CVE-2024/CVE-2024-10xx/CVE-2024-1019.json) (`2024-01-30T16:15:47.123`)
* [CVE-2024-1035](CVE-2024/CVE-2024-10xx/CVE-2024-1035.json) (`2024-01-30T16:15:47.350`)
* [CVE-2024-21649](CVE-2024/CVE-2024-216xx/CVE-2024-21649.json) (`2024-01-30T16:15:47.653`)
* [CVE-2024-21653](CVE-2024/CVE-2024-216xx/CVE-2024-21653.json) (`2024-01-30T16:15:47.863`)
* [CVE-2024-21671](CVE-2024/CVE-2024-216xx/CVE-2024-21671.json) (`2024-01-30T16:15:48.090`)
* [CVE-2024-22193](CVE-2024/CVE-2024-221xx/CVE-2024-22193.json) (`2024-01-30T16:15:48.310`)
* [CVE-2024-22200](CVE-2024/CVE-2024-222xx/CVE-2024-22200.json) (`2024-01-30T16:15:48.553`)
### CVEs modified in the last Commit
Recently modified CVEs: `78`
Recently modified CVEs: `40`
* [CVE-2024-23334](CVE-2024/CVE-2024-233xx/CVE-2024-23334.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-23829](CVE-2024/CVE-2024-238xx/CVE-2024-23829.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1024](CVE-2024/CVE-2024-10xx/CVE-2024-1024.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1026](CVE-2024/CVE-2024-10xx/CVE-2024-1026.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22682](CVE-2024/CVE-2024-226xx/CVE-2024-22682.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22938](CVE-2024/CVE-2024-229xx/CVE-2024-22938.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1027](CVE-2024/CVE-2024-10xx/CVE-2024-1027.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-21840](CVE-2024/CVE-2024-218xx/CVE-2024-21840.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1028](CVE-2024/CVE-2024-10xx/CVE-2024-1028.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-21488](CVE-2024/CVE-2024-214xx/CVE-2024-21488.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1029](CVE-2024/CVE-2024-10xx/CVE-2024-1029.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22643](CVE-2024/CVE-2024-226xx/CVE-2024-22643.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22646](CVE-2024/CVE-2024-226xx/CVE-2024-22646.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22647](CVE-2024/CVE-2024-226xx/CVE-2024-22647.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22648](CVE-2024/CVE-2024-226xx/CVE-2024-22648.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-21803](CVE-2024/CVE-2024-218xx/CVE-2024-21803.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1061](CVE-2024/CVE-2024-10xx/CVE-2024-1061.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22523](CVE-2024/CVE-2024-225xx/CVE-2024-22523.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1030](CVE-2024/CVE-2024-10xx/CVE-2024-1030.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-1063](CVE-2024/CVE-2024-10xx/CVE-2024-1063.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-22894](CVE-2024/CVE-2024-228xx/CVE-2024-22894.json) (`2024-01-30T14:18:33.837`)
* [CVE-2024-23339](CVE-2024/CVE-2024-233xx/CVE-2024-23339.json) (`2024-01-30T14:30:28.343`)
* [CVE-2024-23340](CVE-2024/CVE-2024-233xx/CVE-2024-23340.json) (`2024-01-30T14:30:38.267`)
* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-01-30T14:32:15.580`)
* [CVE-2024-23219](CVE-2024/CVE-2024-232xx/CVE-2024-23219.json) (`2024-01-30T14:36:42.017`)
* [CVE-2023-44401](CVE-2023/CVE-2023-444xx/CVE-2023-44401.json) (`2024-01-30T16:31:33.093`)
* [CVE-2023-47034](CVE-2023/CVE-2023-470xx/CVE-2023-47034.json) (`2024-01-30T16:48:28.163`)
* [CVE-2023-47033](CVE-2023/CVE-2023-470xx/CVE-2023-47033.json) (`2024-01-30T16:50:22.897`)
* [CVE-2024-23347](CVE-2024/CVE-2024-233xx/CVE-2024-23347.json) (`2024-01-30T15:09:12.163`)
* [CVE-2024-0606](CVE-2024/CVE-2024-06xx/CVE-2024-0606.json) (`2024-01-30T15:18:57.190`)
* [CVE-2024-0605](CVE-2024/CVE-2024-06xx/CVE-2024-0605.json) (`2024-01-30T15:19:19.787`)
* [CVE-2024-0430](CVE-2024/CVE-2024-04xx/CVE-2024-0430.json) (`2024-01-30T15:19:33.147`)
* [CVE-2024-22415](CVE-2024/CVE-2024-224xx/CVE-2024-22415.json) (`2024-01-30T15:22:32.770`)
* [CVE-2024-22203](CVE-2024/CVE-2024-222xx/CVE-2024-22203.json) (`2024-01-30T15:30:42.923`)
* [CVE-2024-0752](CVE-2024/CVE-2024-07xx/CVE-2024-0752.json) (`2024-01-30T15:49:15.790`)
* [CVE-2024-0753](CVE-2024/CVE-2024-07xx/CVE-2024-0753.json) (`2024-01-30T15:54:23.863`)
* [CVE-2024-0754](CVE-2024/CVE-2024-07xx/CVE-2024-0754.json) (`2024-01-30T15:55:28.450`)
* [CVE-2024-23217](CVE-2024/CVE-2024-232xx/CVE-2024-23217.json) (`2024-01-30T15:58:49.633`)
* [CVE-2024-0745](CVE-2024/CVE-2024-07xx/CVE-2024-0745.json) (`2024-01-30T16:08:53.497`)
* [CVE-2024-23214](CVE-2024/CVE-2024-232xx/CVE-2024-23214.json) (`2024-01-30T16:10:13.890`)
* [CVE-2024-0746](CVE-2024/CVE-2024-07xx/CVE-2024-0746.json) (`2024-01-30T16:10:43.927`)
* [CVE-2024-0747](CVE-2024/CVE-2024-07xx/CVE-2024-0747.json) (`2024-01-30T16:16:51.227`)
* [CVE-2024-23215](CVE-2024/CVE-2024-232xx/CVE-2024-23215.json) (`2024-01-30T16:17:32.130`)
* [CVE-2024-23212](CVE-2024/CVE-2024-232xx/CVE-2024-23212.json) (`2024-01-30T16:21:23.323`)
* [CVE-2024-0748](CVE-2024/CVE-2024-07xx/CVE-2024-0748.json) (`2024-01-30T16:21:36.890`)
* [CVE-2024-23213](CVE-2024/CVE-2024-232xx/CVE-2024-23213.json) (`2024-01-30T16:26:53.437`)
* [CVE-2024-22076](CVE-2024/CVE-2024-220xx/CVE-2024-22076.json) (`2024-01-30T16:30:47.387`)
* [CVE-2024-0749](CVE-2024/CVE-2024-07xx/CVE-2024-0749.json) (`2024-01-30T16:35:49.257`)
* [CVE-2024-0751](CVE-2024/CVE-2024-07xx/CVE-2024-0751.json) (`2024-01-30T16:44:51.983`)
* [CVE-2024-0750](CVE-2024/CVE-2024-07xx/CVE-2024-0750.json) (`2024-01-30T16:49:20.873`)
## Download and Usage