admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-11T03:00:32.273564+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-11 03:00:35 +00:00
parent 4dd3ca4392
commit f744dcfcb9
15 changed files with 753 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2023/CVE-2023-293xx/CVE-2023-29357.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-29357",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-06-14T00:15:09.903",
"lastModified": "2023-06-20T20:35:11.730",
"lastModified": "2024-01-11T02:00:01.543",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-10",
"cisaActionDue": "2024-01-31",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Microsoft SharePoint Server Privilege Escalation Vulnerability",
"descriptions": [
{
"lang": "en",

61
CVE-2023/CVE-2023-386xx/CVE-2023-38623.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38623",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:20.680",
"lastModified": "2024-01-08T18:15:49.927",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T02:06:12.783",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflow vulnerabilities exist in the VZT facgeometry parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when allocating the `vindex_offset` array."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de an\u00e1lisis de facgeometr\u00eda VZT de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere al desbordamiento de enteros al asignar la matriz `vindex_offset`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "3C619471-C2FB-4A2C-894C-2562A6BA76DF"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1812",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-386xx/CVE-2023-38648.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38648",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:20.990",
"lastModified": "2024-01-08T18:15:50.000",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T02:09:36.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the prefix copy loop."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de escritura fuera de los l\u00edmites en la funcionalidad de descompresi\u00f3n VZT vzt_rd_get_facname de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere a la escritura fuera de los l\u00edmites realizada por el bucle de copia del prefijo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "3C619471-C2FB-4A2C-894C-2562A6BA76DF"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1813",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-386xx/CVE-2023-38649.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38649",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:21.203",
"lastModified": "2024-01-08T18:15:50.073",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T02:09:17.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple out-of-bounds write vulnerabilities exist in the VZT vzt_rd_get_facname decompression functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the out-of-bounds write perfomed by the string copy loop."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de escritura fuera de los l\u00edmites en la funcionalidad de descompresi\u00f3n VZT vzt_rd_get_facname de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere a la escritura fuera de los l\u00edmites realizada por el bucle de copia de cadena."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "3C619471-C2FB-4A2C-894C-2562A6BA76DF"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1813",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-386xx/CVE-2023-38650.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38650",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:21.387",
"lastModified": "2024-01-08T18:15:50.143",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T02:08:48.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de an\u00e1lisis de tiempos VZT vzt_rd_block_vch_decode de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar da\u00f1os en la memoria. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere al desbordamiento de enteros cuando num_time_ticks no es cero."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "3C619471-C2FB-4A2C-894C-2562A6BA76DF"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1814",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-386xx/CVE-2023-38651.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38651",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:21.583",
"lastModified": "2024-01-08T18:15:50.213",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T02:08:28.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode times parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is zero."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de an\u00e1lisis de tiempos VZT vzt_rd_block_vch_decode de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar da\u00f1os en la memoria. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere al desbordamiento de enteros cuando num_time_ticks es cero."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "3C619471-C2FB-4A2C-894C-2562A6BA76DF"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1814",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2023/CVE-2023-386xx/CVE-2023-38652.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-38652",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-08T15:15:21.987",
"lastModified": "2024-01-08T18:15:50.293",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-11T02:08:06.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflow vulnerabilities exist in the VZT vzt_rd_block_vch_decode dict parsing functionality of GTKWave 3.3.115. A specially crafted .vzt file can lead to memory corruption. A victim would need to open a malicious file to trigger these vulnerabilities.This vulnerability concerns the integer overflow when num_time_ticks is not zero."
},
{
"lang": "es",
"value": "Existen m\u00faltiples vulnerabilidades de desbordamiento de enteros en la funcionalidad de an\u00e1lisis de dictados VZT vzt_rd_block_vch_decode de GTKWave 3.3.115. Un archivo .vzt especialmente manipulado puede provocar da\u00f1os en la memoria. Una v\u00edctima necesitar\u00eda abrir un archivo malicioso para activar estas vulnerabilidades. Esta vulnerabilidad se refiere al desbordamiento de enteros cuando num_time_ticks no es cero."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tonybybell:gtkwave:3.3.115:*:*:*:*:*:*:*",
"matchCriteriaId": "3C619471-C2FB-4A2C-894C-2562A6BA76DF"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1815",
"source": "talos-cna@cisco.com"
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45173.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45173",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-11T02:15:47.857",
"lastModified": "2024-01-11T02:15:47.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the NFS kernel extension to cause a denial of service. IBM X-Force ID: 267971."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267971",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7105282",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2023/CVE-2023-451xx/CVE-2023-45175.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-45175",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-01-11T02:15:48.063",
"lastModified": "2024-01-11T02:15:48.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM AIX 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. IBM X-Force ID: 267973."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/267973",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7105282",
"source": "psirt@us.ibm.com"
}
]
}

8
CVE-2024/CVE-2024-206xx/CVE-2024-20672.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20672",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:50.243",
"lastModified": "2024-01-09T19:56:14.023",
"lastModified": "2024-01-11T01:15:44.973",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": ".NET Core and Visual Studio Denial of Service Vulnerability"
"value": ".NET Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio en .NET Core y Visual Studio"
}
],
"metrics": {

67
CVE-2024/CVE-2024-216xx/CVE-2024-21665.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-21665",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T01:15:45.413",
"lastModified": "2024-01-11T01:15:45.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/ecommerce-framework-bundle/blob/ff6ff287b6eb468bb940909c56970363596e5c21/src/Controller/AdminOrderController.php#L98",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/ecommerce-framework-bundle/commit/05dec000ed009828084d05cf686f468afd1f464e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/ecommerce-framework-bundle/releases/tag/v1.0.10",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/ecommerce-framework-bundle/security/advisories/GHSA-cx99-25hr-5jxf",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-216xx/CVE-2024-21666.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-21666",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T01:15:45.623",
"lastModified": "2024-01-11T01:15:45.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/customer-data-framework/blob/b4af625ef327c58d05ef7cdf145fa749d2d4195e/src/Controller/Admin/DuplicatesController.php#L43",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/customer-data-framework/commit/c33c0048390ef0cf98b801d46a81d0762243baa6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-c38c-c8mh-vq68",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-216xx/CVE-2024-21667.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-21667",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T01:15:45.810",
"lastModified": "2024-01-11T01:15:45.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/customer-data-framework/blob/b4af625ef327c58d05ef7cdf145fa749d2d4195e/src/Controller/Admin/GDPRDataController.php#L38",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/customer-data-framework/commit/6c34515be2ba39dceee7da07a1abf246309ccd77",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-g273-wppx-82w4",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-221xx/CVE-2024-22190.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-22190",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T02:15:48.250",
"lastModified": "2024-01-11T02:15:48.250",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"references": [
{
"url": "https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/gitpython-developers/GitPython/pull/1792",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx",
"source": "security-advisories@github.com"
}
]
}

33
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-11T00:55:25.309742+00:00
2024-01-11T03:00:32.273564+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-11T00:15:44.683000+00:00
2024-01-11T02:15:48.250000+00:00
```
### Last Data Feed Release
@ -23,32 +23,39 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-01-10T01:00:28.271326+00:00
2024-01-11T01:00:28.262031+00:00
```
### Total Number of included CVEs
```plain
235541
235547
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `6`
* [CVE-2022-45794](CVE-2022/CVE-2022-457xx/CVE-2022-45794.json) (`2024-01-10T23:15:08.397`)
* [CVE-2024-21773](CVE-2024/CVE-2024-217xx/CVE-2024-21773.json) (`2024-01-11T00:15:44.560`)
* [CVE-2024-21821](CVE-2024/CVE-2024-218xx/CVE-2024-21821.json) (`2024-01-11T00:15:44.633`)
* [CVE-2024-21833](CVE-2024/CVE-2024-218xx/CVE-2024-21833.json) (`2024-01-11T00:15:44.683`)
* [CVE-2023-45173](CVE-2023/CVE-2023-451xx/CVE-2023-45173.json) (`2024-01-11T02:15:47.857`)
* [CVE-2023-45175](CVE-2023/CVE-2023-451xx/CVE-2023-45175.json) (`2024-01-11T02:15:48.063`)
* [CVE-2024-21665](CVE-2024/CVE-2024-216xx/CVE-2024-21665.json) (`2024-01-11T01:15:45.413`)
* [CVE-2024-21666](CVE-2024/CVE-2024-216xx/CVE-2024-21666.json) (`2024-01-11T01:15:45.623`)
* [CVE-2024-21667](CVE-2024/CVE-2024-216xx/CVE-2024-21667.json) (`2024-01-11T01:15:45.810`)
* [CVE-2024-22190](CVE-2024/CVE-2024-221xx/CVE-2024-22190.json) (`2024-01-11T02:15:48.250`)
### CVEs modified in the last Commit
Recently modified CVEs: `3`
Recently modified CVEs: `8`
* [CVE-2023-41999](CVE-2023/CVE-2023-419xx/CVE-2023-41999.json) (`2024-01-10T23:15:08.663`)
* [CVE-2023-42000](CVE-2023/CVE-2023-420xx/CVE-2023-42000.json) (`2024-01-10T23:15:08.883`)
* [CVE-2023-48418](CVE-2023/CVE-2023-484xx/CVE-2023-48418.json) (`2024-01-10T23:15:09.053`)
* [CVE-2023-29357](CVE-2023/CVE-2023-293xx/CVE-2023-29357.json) (`2024-01-11T02:00:01.543`)
* [CVE-2023-38623](CVE-2023/CVE-2023-386xx/CVE-2023-38623.json) (`2024-01-11T02:06:12.783`)
* [CVE-2023-38652](CVE-2023/CVE-2023-386xx/CVE-2023-38652.json) (`2024-01-11T02:08:06.267`)
* [CVE-2023-38651](CVE-2023/CVE-2023-386xx/CVE-2023-38651.json) (`2024-01-11T02:08:28.890`)
* [CVE-2023-38650](CVE-2023/CVE-2023-386xx/CVE-2023-38650.json) (`2024-01-11T02:08:48.963`)
* [CVE-2023-38649](CVE-2023/CVE-2023-386xx/CVE-2023-38649.json) (`2024-01-11T02:09:17.940`)
* [CVE-2023-38648](CVE-2023/CVE-2023-386xx/CVE-2023-38648.json) (`2024-01-11T02:09:36.853`)
* [CVE-2024-20672](CVE-2024/CVE-2024-206xx/CVE-2024-20672.json) (`2024-01-11T01:15:44.973`)
## Download and Usage