Auto-Update: 2024-01-04T00:55:15.083229+00:00

2025-05-08 03:27:17 +00:00 · 2024-01-04 00:55:18 +00:00 · 2024-01-04 00:55:18 +00:00 · e82c9440e6
commit e82c9440e6
parent a230b6bf8d
7 changed files with 318 additions and 39 deletions
--- a/CVE-2012/CVE-2012-56xx/CVE-2012-5639.json
+++ b/CVE-2012/CVE-2012-56xx/CVE-2012-5639.json
@ -2,7 +2,7 @@
  "id": "CVE-2012-5639",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2019-12-20T14:15:11.400",
-  "lastModified": "2024-01-03T12:15:22.547",
+  "lastModified": "2024-01-04T00:15:10.050",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -149,6 +149,10 @@
      "url": "http://www.openwall.com/lists/oss-security/2024/01/03/6",
      "source": "secalert@redhat.com"
    },
+    {
+      "url": "http://www.openwall.com/lists/oss-security/2024/01/03/7",
+      "source": "secalert@redhat.com"
+    },
    {
      "url": "https://access.redhat.com/security/cve/cve-2012-5639",
      "source": "secalert@redhat.com",
--- a/CVE-2022/CVE-2022-342xx/CVE-2022-34268.json
+++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34268.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-34268",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-12-25T08:15:07.353",
-  "lastModified": "2023-12-26T20:34:16.103",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-01-03T23:10:41.060",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -14,15 +14,75 @@
      "value": "Se descubri\u00f3 un problema en RWS WorldServer antes de la versi\u00f3n 11.7.3. /clientLogin deserializa los objetos Java sin autenticaci\u00f3n, lo que lleva a ejecuci\u00f3n de comandos en el host."
    }
  ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-502"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*",
+              "versionEndExcluding": "11.7.3",
+              "matchCriteriaId": "4DA9F10A-C38C-4700-9179-FEE984CBD440"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://www.rws.com/localization/products/trados-enterprise/worldserver/",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Product"
+      ]
    },
    {
      "url": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Exploit",
+        "Third Party Advisory"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-312xx/CVE-2023-31224.json
+++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31224.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-31224",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2023-12-25T08:15:07.430",
-  "lastModified": "2023-12-26T20:34:16.103",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-01-03T23:10:26.330",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -14,11 +14,67 @@
      "value": "Hay un control de acceso roto durante la autenticaci\u00f3n en Jamf Pro Server anterior a 10.46.1."
    }
  ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "nvd@nist.gov",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "nvd@nist.gov",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        }
+      ]
+    }
+  ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:jamf:jamf:*:*:*:*:pro:*:*:*",
+              "versionEndExcluding": "10.47.0",
+              "matchCriteriaId": "7F3614B7-23F7-409F-BC9E-2EB78D311056"
+            }
+          ]
+        }
+      ]
+    }
+  ],
  "references": [
    {
      "url": "https://learn.jamf.com/bundle/jamf-pro-release-notes-10.47.0/page/Resolved_Issues.html",
-      "source": "cve@mitre.org"
+      "source": "cve@mitre.org",
+      "tags": [
+        "Release Notes"
+      ]
    }
  ]
 }
--- a/CVE-2023/CVE-2023-502xx/CVE-2023-50256.json
+++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50256.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2023-50256",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-01-03T23:15:08.517",
+  "lastModified": "2024-01-03T23:15:08.517",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-51xx/CVE-2023-5138.json
+++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5138.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-5138",
+  "sourceIdentifier": "product-security@silabs.com",
+  "published": "2024-01-03T23:15:08.747",
+  "lastModified": "2024-01-03T23:15:08.747",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "product-security@silabs.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.8,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "product-security@silabs.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-909"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://community.silabs.com/069Vm0000004f6DIAQ",
+      "source": "product-security@silabs.com"
+    },
+    {
+      "url": "https://github.com/SiliconLabs/gecko_sdk",
+      "source": "product-security@silabs.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-216xx/CVE-2024-21634.json
+++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21634.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-21634",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-01-03T23:15:08.943",
+  "lastModified": "2024-01-03T23:15:08.943",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in\u00a0`ion-java`\u00a0for applications that use\u00a0`ion-java`\u00a0to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the\u00a0`IonValue`\u00a0model and then invoke certain\u00a0`IonValue`\u00a0methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the\u00a0`IonValue`\u00a0model, results in a\u00a0`StackOverflowError`\u00a0originating from the\u00a0`ion-java`\u00a0library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-770"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-01-03T23:00:25.423840+00:00
+2024-01-04T00:55:15.083229+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-01-03T22:54:54.397000+00:00
+2024-01-04T00:15:10.050000+00:00
 ```

 ### Last Data Feed Release
@ -29,43 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-234824
+234827
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `5`
+Recently added CVEs: `3`

-* [CVE-2023-49442](CVE-2023/CVE-2023-494xx/CVE-2023-49442.json) (`2024-01-03T21:15:08.467`)
-* [CVE-2023-6338](CVE-2023/CVE-2023-63xx/CVE-2023-6338.json) (`2024-01-03T21:15:08.547`)
-* [CVE-2023-6540](CVE-2023/CVE-2023-65xx/CVE-2023-6540.json) (`2024-01-03T21:15:08.940`)
-* [CVE-2023-52140](CVE-2023/CVE-2023-521xx/CVE-2023-52140.json) (`2024-01-03T22:15:11.187`)
-* [CVE-2023-52141](CVE-2023/CVE-2023-521xx/CVE-2023-52141.json) (`2024-01-03T22:15:11.380`)
+* [CVE-2023-50256](CVE-2023/CVE-2023-502xx/CVE-2023-50256.json) (`2024-01-03T23:15:08.517`)
+* [CVE-2023-5138](CVE-2023/CVE-2023-51xx/CVE-2023-5138.json) (`2024-01-03T23:15:08.747`)
+* [CVE-2024-21634](CVE-2024/CVE-2024-216xx/CVE-2024-21634.json) (`2024-01-03T23:15:08.943`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `19`
+Recently modified CVEs: `3`

-* [CVE-2022-41762](CVE-2022/CVE-2022-417xx/CVE-2022-41762.json) (`2024-01-03T21:00:55.163`)
-* [CVE-2022-41761](CVE-2022/CVE-2022-417xx/CVE-2022-41761.json) (`2024-01-03T21:01:06.787`)
-* [CVE-2022-41760](CVE-2022/CVE-2022-417xx/CVE-2022-41760.json) (`2024-01-03T21:01:14.330`)
-* [CVE-2022-39822](CVE-2022/CVE-2022-398xx/CVE-2022-39822.json) (`2024-01-03T21:01:25.960`)
-* [CVE-2022-39820](CVE-2022/CVE-2022-398xx/CVE-2022-39820.json) (`2024-01-03T21:01:40.990`)
-* [CVE-2022-39818](CVE-2022/CVE-2022-398xx/CVE-2022-39818.json) (`2024-01-03T21:01:51.820`)
-* [CVE-2023-51771](CVE-2023/CVE-2023-517xx/CVE-2023-51771.json) (`2024-01-03T21:02:26.533`)
-* [CVE-2023-30451](CVE-2023/CVE-2023-304xx/CVE-2023-30451.json) (`2024-01-03T21:02:47.050`)
-* [CVE-2023-49880](CVE-2023/CVE-2023-498xx/CVE-2023-49880.json) (`2024-01-03T21:03:07.817`)
-* [CVE-2023-43064](CVE-2023/CVE-2023-430xx/CVE-2023-43064.json) (`2024-01-03T21:03:54.537`)
-* [CVE-2023-51363](CVE-2023/CVE-2023-513xx/CVE-2023-51363.json) (`2024-01-03T21:08:47.153`)
-* [CVE-2023-27150](CVE-2023/CVE-2023-271xx/CVE-2023-27150.json) (`2024-01-03T22:26:47.350`)
-* [CVE-2023-38321](CVE-2023/CVE-2023-383xx/CVE-2023-38321.json) (`2024-01-03T22:30:12.113`)
-* [CVE-2023-49954](CVE-2023/CVE-2023-499xx/CVE-2023-49954.json) (`2024-01-03T22:32:37.550`)
-* [CVE-2023-49944](CVE-2023/CVE-2023-499xx/CVE-2023-49944.json) (`2024-01-03T22:53:45.343`)
-* [CVE-2023-49226](CVE-2023/CVE-2023-492xx/CVE-2023-49226.json) (`2024-01-03T22:54:12.677`)
-* [CVE-2023-38826](CVE-2023/CVE-2023-388xx/CVE-2023-38826.json) (`2024-01-03T22:54:24.607`)
-* [CVE-2023-36486](CVE-2023/CVE-2023-364xx/CVE-2023-36486.json) (`2024-01-03T22:54:36.863`)
-* [CVE-2023-36485](CVE-2023/CVE-2023-364xx/CVE-2023-36485.json) (`2024-01-03T22:54:54.397`)
+* [CVE-2012-5639](CVE-2012/CVE-2012-56xx/CVE-2012-5639.json) (`2024-01-04T00:15:10.050`)
+* [CVE-2022-34268](CVE-2022/CVE-2022-342xx/CVE-2022-34268.json) (`2024-01-03T23:10:41.060`)
+* [CVE-2023-31224](CVE-2023/CVE-2023-312xx/CVE-2023-31224.json) (`2024-01-03T23:10:26.330`)


 ## Download and Usage