admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-09T03:00:32.833064+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-09 03:00:36 +00:00
parent 60ecfc8a28
commit f992742a83
59 changed files with 1786 additions and 330 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
CVE-2008/CVE-2008-00xx/CVE-2008-0008.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2008-0008",
"sourceIdentifier": "secalert@redhat.com",
"published": "2008-01-29T00:00:00.000",
"lastModified": "2017-07-29T01:34:06.727",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:46:32.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -68,8 +68,8 @@
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*",
"matchCriteriaId": "E7388F51-0BD2-4953-9B62-6E9C3C8EC6D2"
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7"
},
{
"vulnerable": false,
@ -78,8 +78,8 @@
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*",
"matchCriteriaId": "E1EA333D-4BA5-476E-AD50-2041C3B37600"
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "5FE8C9E7-15C3-4F89-8E54-C9691FAD4E4C"
},
{
"vulnerable": false,
@ -115,7 +115,10 @@
"references": [
{
"url": "http://bugs.gentoo.org/show_bug.cgi?id=207214",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://pulseaudio.org/changeset/2100",
@ -124,25 +127,69 @@
"Exploit"
]
},
{
"url": "http://secunia.com/advisories/28608",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/28623",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/28738",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/28952",
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200802-07.xml",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.debian.org/security/2008/dsa-1476",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:027",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/27449",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/usn-573-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/0283",
@ -153,23 +200,45 @@
},
{
"url": "https://bugzilla.novell.com/show_bug.cgi?id=347822",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=425481",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39992",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"VDB Entry"
]
},
{
"url": "https://tango.0pointer.de/pipermail/pulseaudio-discuss/2008-January/001228.html",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00852.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00869.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2008/CVE-2008-03xx/CVE-2008-0386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2008-0386",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-02-04T23:00:00.000",
"lastModified": "2011-03-08T03:04:37.360",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:47:30.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -68,8 +68,8 @@
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86-64:*:*:*:*:*",
"matchCriteriaId": "E7388F51-0BD2-4953-9B62-6E9C3C8EC6D2"
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2007.1:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "316AA6EB-7191-479E-99D5-40DA79E340E7"
},
{
"vulnerable": false,
@ -78,8 +78,8 @@
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*",
"matchCriteriaId": "E1EA333D-4BA5-476E-AD50-2041C3B37600"
"criteria": "cpe:2.3:o:mandrakesoft:mandrake_linux:2008.0:*:x86_64:*:*:*:*:*",
"matchCriteriaId": "5FE8C9E7-15C3-4F89-8E54-C9691FAD4E4C"
}
]
},
@ -108,11 +108,38 @@
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/28638",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/28728",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/29048",
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200801-21.xml",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-email.in?r1=1.24&r2=1.25",
@ -151,27 +178,47 @@
},
{
"url": "http://webcvs.freedesktop.org/portland/portland/xdg-utils/scripts/xdg-open?view=log",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:031",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/27528",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id?1019284",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2008/0342",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=429513",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}

44
CVE-2009/CVE-2009-22xx/CVE-2009-2213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-2213",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-06-25T23:14:15.657",
"lastModified": "2017-08-17T01:30:42.227",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:42:29.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-16"
"value": "CWE-863"
}
]
}
@ -103,23 +125,33 @@
"url": "http://support.citrix.com/article/CTX118770",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/35422",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.vupen.com/english/advisories/2009/1641",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
"Permissions Required"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51274",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

152
CVE-2013/CVE-2013-14xx/CVE-2013-1465.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2013-1465",
"sourceIdentifier": "cve@mitre.org",
"published": "2013-02-08T20:55:01.750",
"lastModified": "2017-08-29T01:33:09.760",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:21:42.200",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-502"
}
]
}
@ -62,88 +84,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "26E5808F-9E46-496A-BF55-2F7A7B2BDDE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF52FE6-31F7-4817-B1A6-ACD42736D08F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "601916A1-209D-44BF-B405-BF390063C65A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "94CE934A-6471-490C-B70F-85E16E121B1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F28AA2B7-978C-4CDB-BA6C-088C9D981FA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4825DC68-3C98-41E0-ACD6-8491442A7A87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2D5F63EA-A137-4754-92D1-EA025CF36E7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F78D7A04-F1A9-4882-A68B-50FFFE668975"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2D4301-9D30-4CF1-B1D0-41908176E83A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0A9E5C9F-2237-439B-B268-8B1498846BD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "203E42DF-2C2A-4B1E-A3B6-06CD8EF6A7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D254146-B1EC-4B62-AD14-73F057FB5ED4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B510375-6DB9-4E89-A03A-35AF37DFFD18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "96BB55DF-326C-4F4F-AF3A-12699DA03546"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "06B2D6EE-9CEB-47BD-98B0-DD0601293EC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B6EA3125-B17B-4196-82E9-B8EDB298BA02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cubecart:cubecart:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BE658EF0-286C-47E4-8443-0E5203D5ECD7"
"criteria": "cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndIncluding": "5.2.0",
"matchCriteriaId": "40420555-46E6-4C86-BE77-03948AF775E9"
}
]
}
@ -153,7 +97,10 @@
"references": [
{
"url": "http://archives.neohapsis.com/archives/bugtraq/2013-02/0032.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://forums.cubecart.com/?showtopic=47026",
@ -169,27 +116,52 @@
"Exploit"
]
},
{
"url": "http://osvdb.org/89923",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://packetstormsecurity.com/files/120094/CubeCart-5.2.0-PHP-Object-Injection.html",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://secunia.com/advisories/52072",
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "http://www.exploit-db.com/exploits/24465",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/57770",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/81920",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

10
CVE-2015/CVE-2015-101xx/CVE-2015-10103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-10103",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-17T19:15:07.227",
"lastModified": "2023-11-07T02:23:57.133",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:18:56.097",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 3.6
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

125
CVE-2015/CVE-2015-81xx/CVE-2015-8103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-8103",
"sourceIdentifier": "cve@mitre.org",
"published": "2015-11-25T20:59:19.560",
"lastModified": "2019-12-17T17:41:03.340",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:16:29.427",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-77"
"value": "CWE-502"
}
]
}
@ -62,25 +84,13 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift:*:*:*:*:enterprise:*:*:*",
"versionEndIncluding": "3.1",
"matchCriteriaId": "0A492A49-052F-4CD5-AE7E-AF8A6B3E1B2D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6B17E72B-2403-4CA6-9F1F-3EDE99569232"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.637",
"matchCriteriaId": "3CB9B635-F70B-4BDB-B39C-C3A66255E0D4"
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93E3194E-7082-4E21-867B-FB4ECF482A07"
}
]
}
@ -95,23 +105,14 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:lts:*:*:*",
"versionEndIncluding": "1.625.1",
"matchCriteriaId": "7A8FFE37-57EC-4DEA-A2A5-F605AC622F0A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
"versionEndExcluding": "1.625.2",
"matchCriteriaId": "62164835-877E-4017-8751-E9890A7F76C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B497EBB1-17A4-4FE8-B9FF-B2B53B18C175"
"criteria": "cpe:2.3:a:jenkins:jenkins:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.638",
"matchCriteriaId": "25BC2347-92E6-4462-956B-B21EC3E0B150"
}
]
}
@ -128,39 +129,68 @@
},
{
"url": "http://packetstormsecurity.com/files/134805/Jenkins-CLI-RMI-Java-Deserialization.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2016-0489.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/11/09/5",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/11/18/11",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/11/18/13",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2015/11/18/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.securityfocus.com/bid/77636",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2016:0070",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://jenkins-ci.org/content/mitigating-unauthenticated-remote-code-execution-0-day-jenkins-cli",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2015-11-11",
@ -171,7 +201,12 @@
},
{
"url": "https://www.exploit-db.com/exploits/38983/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

10
CVE-2016/CVE-2016-150xx/CVE-2016-15031.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-15031",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-05-06T01:15:08.827",
"lastModified": "2023-11-07T02:29:49.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:17:52.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{

6
CVE-2016/CVE-2016-200xx/CVE-2016-20017.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2016-20017",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-10-19T05:15:08.817",
"lastModified": "2022-10-21T20:19:14.450",
"lastModified": "2024-01-09T02:00:01.950",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-08",
"cisaActionDue": "2024-01-29",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "D-Link DSL-2750B Devices Command Injection Vulnerability",
"descriptions": [
{
"lang": "en",

14
CVE-2019/CVE-2019-127xx/CVE-2019-12799.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-12799",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-06-13T20:29:00.173",
"lastModified": "2019-10-09T23:46:12.467",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:24:49.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -35,7 +35,9 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
}
],
"cvssMetricV30": [
{
"source": "cve@mitre.org",
"type": "Secondary",

81
CVE-2020/CVE-2020-266xx/CVE-2020-26623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-26623",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:07.777",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T01:48:52.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,90 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL descubierta en Gila CMS 1.15.4 y anteriores permite a un atacante remoto ejecutar scripts web arbitrarios a trav\u00e9s del par\u00e1metro Area en la pesta\u00f1a Administration>Widget despu\u00e9s del portal de inicio de sesi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilacms:gila_cms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.15.4",
"matchCriteriaId": "A50D5646-7095-46DD-8C3F-1CA1FBD9D043"
}
]
}
]
}
],
"references": [
{
"url": "http://gilacms.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/GilaCMS/gila",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/GilaCMS/gila/security/policy",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

81
CVE-2020/CVE-2020-266xx/CVE-2020-26624.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-26624",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-02T22:15:07.837",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T01:54:04.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,90 @@
"value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en Gila CMS 1.15.4 y versiones anteriores que permite a un atacante remoto ejecutar scripts web arbitrarios a trav\u00e9s del par\u00e1metro ID despu\u00e9s del portal de inicio de sesi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.8,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gilacms:gila_cms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.15.4",
"matchCriteriaId": "A50D5646-7095-46DD-8C3F-1CA1FBD9D043"
}
]
}
]
}
],
"references": [
{
"url": "http://gilacms.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/GilaCMS/gila",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/GilaCMS/gila/security/policy",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/176301/GilaCMS-1.15.4-SQL-Injection.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

16
CVE-2022/CVE-2022-347xx/CVE-2022-34795.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-34795",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2022-06-30T18:15:12.727",
"lastModified": "2023-10-25T18:17:10.123",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:56:14.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -63,6 +63,18 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [

24
CVE-2022/CVE-2022-483xx/CVE-2022-48321.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48321",
"sourceIdentifier": "security@checkmk.com",
"published": "2023-02-20T17:15:12.607",
"lastModified": "2023-10-25T18:17:22.573",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:10:28.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,20 +17,20 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
"impactScore": 1.4
},
{
"source": "security@checkmk.com",
@ -204,7 +204,11 @@
},
{
"url": "https://www.sonarsource.com/blog/checkmk-rce-chain-1/",
"source": "security@checkmk.com"
"source": "security@checkmk.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-00xx/CVE-2023-0004.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-0004",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2023-04-12T17:15:07.043",
"lastModified": "2023-11-03T22:15:09.600",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:12:20.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -121,32 +121,81 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/",
"source": "psirt@paloaltonetworks.com"
"source": "psirt@paloaltonetworks.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.paloaltonetworks.com/CVE-2023-0004",

13
CVE-2023/CVE-2023-229xx/CVE-2023-22932.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22932",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-02-14T18:15:12.143",
"lastModified": "2023-11-07T04:07:32.670",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:26:38.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 2.7
},
{
"source": "42b59230-ec95-491e-8425-5a5befa1a469",
"source": "prodsec@splunk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -66,7 +66,7 @@
]
},
{
"source": "42b59230-ec95-491e-8425-5a5befa1a469",
"source": "prodsec@splunk.com",
"type": "Secondary",
"description": [
{
@ -111,7 +111,10 @@
},
{
"url": "https://research.splunk.com/application/ce6e1268-e01c-4df2-a617-0f034ed49a43/",
"source": "prodsec@splunk.com"
"source": "prodsec@splunk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-237xx/CVE-2023-23752.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-23752",
"sourceIdentifier": "security@joomla.org",
"published": "2023-02-16T17:15:10.603",
"lastModified": "2023-02-24T16:17:24.573",
"lastModified": "2024-01-09T02:00:01.953",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-08",
"cisaActionDue": "2024-01-29",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Joomla! Improper Access Control Vulnerability",
"descriptions": [
{
"lang": "en",

9
CVE-2023/CVE-2023-240xx/CVE-2023-24070.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-24070",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-23T05:15:18.997",
"lastModified": "2023-10-30T22:15:09.867",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:55:33.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -75,7 +75,10 @@
},
{
"url": "https://zigrin.com/advisories/misp-xss-in-add-action-of-the-authkeys-controller/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

28
CVE-2023/CVE-2023-269xx/CVE-2023-26998.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-26998",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T02:15:43.960",
"lastModified": "2024-01-09T02:15:43.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the creator parameter of the Alert Configuration page."
}
],
"metrics": {},
"references": [
{
"url": "http://netscout.com",
"source": "cve@mitre.org"
},
{
"url": "http://ngeniusone.com",
"source": "cve@mitre.org"
},
{
"url": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-269xx/CVE-2023-26999.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-26999",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T02:15:44.020",
"lastModified": "2024-01-09T02:15:44.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue found in NetScout nGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code and cause a denial of service via a crafted file."
}
],
"metrics": {},
"references": [
{
"url": "http://netscout.com",
"source": "cve@mitre.org"
},
{
"url": "http://ngeniusone.com",
"source": "cve@mitre.org"
},
{
"url": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-270xx/CVE-2023-27000.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-27000",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T02:15:44.067",
"lastModified": "2024-01-09T02:15:44.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability found in NetScoutnGeniusOne v.6.3.4 allows a remote attacker to execute arbitrary code via the name parameter of the Profile and Exclusion List page(s)."
}
],
"metrics": {},
"references": [
{
"url": "http://netscout.com",
"source": "cve@mitre.org"
},
{
"url": "http://ngeniusone.com",
"source": "cve@mitre.org"
},
{
"url": "https://piotrryciak.com/posts/netscout-multiple-vulnerabilities/",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-270xx/CVE-2023-27098.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-27098",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T02:15:44.113",
"lastModified": "2024-01-09T02:15:44.113",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TP-Link Tapo APK up to v2.12.703 uses hardcoded credentials for access to the login panel."
}
],
"metrics": {},
"references": [
{
"url": "http://tp-lin.com",
"source": "cve@mitre.org"
},
{
"url": "http://tp-link.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098",
"source": "cve@mitre.org"
},
{
"url": "https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-275xx/CVE-2023-27524.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-27524",
"sourceIdentifier": "security@apache.org",
"published": "2023-04-24T16:15:07.843",
"lastModified": "2023-10-13T16:15:11.073",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:00:01.953",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2024-01-08",
"cisaActionDue": "2024-01-29",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Apache Superset Insecure Default Initialization of Resource Vulnerability",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-278xx/CVE-2023-27857.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27857",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2023-03-22T02:15:48.953",
"lastModified": "2023-10-25T18:17:26.953",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:31:27.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

10
CVE-2023/CVE-2023-284xx/CVE-2023-28471.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-28471",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-28T14:15:10.307",
"lastModified": "2023-05-04T20:59:56.717",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-09T01:15:38.753",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS (previously concrete5) before 9.2 is vulnerable to Stored XSS via a container name."
"value": "Concrete CMS (previously concrete5) in versions 9.0 through 9.1.3 is vulnerable to Stored XSS via a container name."
}
],
"metrics": {
@ -72,6 +72,10 @@
"Product"
]
},
{
"url": "https://www.concretecms.org/about/project-news/security/2023-12-05-concrete-cms-new-cves-and-cve-updates",
"source": "cve@mitre.org"
},
{
"url": "https://www.concretecms.org/about/project-news/security/concrete-cms-security-advisory-2023-04-20",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-293xx/CVE-2023-29300.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-29300",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-07-12T16:15:11.733",
"lastModified": "2023-07-20T14:22:26.210",
"lastModified": "2024-01-09T02:00:01.953",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-08",
"cisaActionDue": "2024-01-29",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Adobe ColdFusion Deserialization of Untrusted Data Vulnerability",
"descriptions": [
{
"lang": "en",

37
CVE-2023/CVE-2023-307xx/CVE-2023-30774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-30774",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-05-19T15:15:08.923",
"lastModified": "2023-10-26T00:15:09.963",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:51:33.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -71,12 +71,32 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.1",
"matchCriteriaId": "2BB2BFC1-74A1-4178-8488-69EC5A60B34F"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-30774",
@ -103,11 +123,18 @@
},
{
"url": "https://security.netapp.com/advisory/ntap-20230703-0002/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213984",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Third Party Advisory"
]
}
]
}

17
CVE-2023/CVE-2023-340xx/CVE-2023-34039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34039",
"sourceIdentifier": "security@vmware.com",
"published": "2023-08-29T18:15:08.680",
"lastModified": "2023-10-25T18:17:27.823",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:32:49.600",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -88,11 +88,20 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/174452/VMWare-Aria-Operations-For-Networks-Remote-Code-Execution.html",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://packetstormsecurity.com/files/175320/VMWare-Aria-Operations-For-Networks-SSH-Private-Key-Exposure.html",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0018.html",

28
CVE-2023/CVE-2023-366xx/CVE-2023-36629.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-36629",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T02:15:44.163",
"lastModified": "2024-01-09T02:15:44.163",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ST ST54-android-packages-apps-Nfc package before 130-20230215-23W07p0 for Android has an out-of-bounds read."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/STMicroelectronics/ST54-android-packages-apps-Nfc/releases/tag/130-20230215-23W07p0",
"source": "cve@mitre.org"
},
{
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/hunting-for-android-privilege-escalation-with-a-32-line-fuzzer/",
"source": "cve@mitre.org"
},
{
"url": "https://www.trustwave.com/hubfs/Web/Library/Advisories_txt/TWSL2023-007_Xiaomi_Redmi_10sNote-1.txt",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-382xx/CVE-2023-38203.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-38203",
"sourceIdentifier": "psirt@adobe.com",
"published": "2023-07-20T16:15:12.180",
"lastModified": "2023-07-20T16:46:06.097",
"lastModified": "2024-01-09T02:00:01.953",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-08",
"cisaActionDue": "2024-01-29",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Adobe ColdFusion Deserialization of Untrusted Data Vulnerability",
"descriptions": [
{
"lang": "en",

86
CVE-2023/CVE-2023-384xx/CVE-2023-38403.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38403",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-17T21:15:09.800",
"lastModified": "2023-11-07T04:17:15.700",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:53:19.040",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -109,16 +109,65 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3ED302E-F464-40DE-A976-FD518E42D95D"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.6.1",
"matchCriteriaId": "7AC99BA0-CC79-4E06-87CA-CA3525CEF81E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FE27DF1-3AF9-4BE4-8541-565FE5BC16A2"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/24",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/26",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://bugs.debian.org/1040830",
@ -166,23 +215,42 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20230818-0016/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213984",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/kb/HT213985",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
]
}
]
}

43
CVE-2023/CVE-2023-393xx/CVE-2023-39336.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-39336",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-01-09T02:15:44.207",
"lastModified": "2024-01-09T02:15:44.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unspecified SQL Injection vulnerability in Ivanti Endpoint Manager released prior to 2022 SU 5 allows an attacker with access to the internal network to execute arbitrary SQL queries and retrieve output without the need for authentication. Under specific circumstances, this may also lead to RCE on the core server. "
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US",
"source": "support@hackerone.com"
}
]
}

10
CVE-2023/CVE-2023-39xx/CVE-2023-3997.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3997",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2023-07-31T17:15:10.110",
"lastModified": "2023-11-07T04:20:06.103",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:35:52.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "42b59230-ec95-491e-8425-5a5befa1a469",
"source": "prodsec@splunk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -61,12 +61,12 @@
"description": [
{
"lang": "en",
"value": "CWE-74"
"value": "CWE-116"
}
]
},
{
"source": "42b59230-ec95-491e-8425-5a5befa1a469",
"source": "prodsec@splunk.com",
"type": "Secondary",
"description": [
{

10
CVE-2023/CVE-2023-419xx/CVE-2023-41990.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-41990",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-12T00:15:09.463",
"lastModified": "2023-09-21T19:15:10.970",
"vulnStatus": "Modified",
"lastModified": "2024-01-09T02:00:01.953",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2024-01-08",
"cisaActionDue": "2024-01-29",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Apple Multiple Products Code Execution Vulnerability",
"descriptions": [
{
"lang": "en",
@ -11,7 +15,7 @@
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en macOS Ventura 13.2, iOS 15.7.8 y iPadOS 15.7.8, watchOS 9.3, tvOS 16.3, iOS 16.3 y iPadOS 16.3, macOS Big Sur 11.7.9, macOS Monterey 12.6.8. El procesamiento de un archivo de fuente puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS lanzadas antes de iOS 15.7.1."
"value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en tvOS 16.3, iOS 16.3 y iPadOS 16.3, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, iOS 15.7.8 y iPadOS 15.7.8, macOS Ventura 13.2, watchOS 9.3. El procesamiento de un archivo de fuentes puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente en versiones de iOS lanzadas antes de iOS 15.7.1."
}
],
"metrics": {

12
CVE-2023/CVE-2023-466xx/CVE-2023-46603.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46603",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-23T20:15:09.180",
"lastModified": "2023-10-28T03:25:08.277",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:51:06.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -21,8 +21,8 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
@ -30,10 +30,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]

8
CVE-2023/CVE-2023-468xx/CVE-2023-46846.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46846",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T08:15:07.953",
"lastModified": "2023-12-28T16:24:10.387",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-09T02:15:44.380",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -285,6 +285,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231130-0002/",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-468xx/CVE-2023-46847.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46847",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T08:15:08.023",
"lastModified": "2023-12-13T08:15:50.407",
"lastModified": "2024-01-09T02:15:44.557",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
@ -306,6 +306,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231130-0002/",
"source": "secalert@redhat.com"

24
CVE-2023/CVE-2023-469xx/CVE-2023-46906.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-46906",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T01:15:38.830",
"lastModified": "2024-01-09T01:15:38.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "juzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/juzaweb/cms",
"source": "cve@mitre.org"
},
{
"url": "https://www.sumor.top/index.php/archives/880/",
"source": "cve@mitre.org"
}
]
}

12
CVE-2023/CVE-2023-47xx/CVE-2023-4746.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4746",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-09-04T01:15:07.437",
"lastModified": "2023-11-07T04:22:56.397",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:39:00.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -59,7 +59,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -95,7 +95,7 @@
]
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
@ -147,7 +147,7 @@
"url": "https://vuldb.com/?ctiid.238635",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
"Permissions Required"
]
},
{

24
CVE-2023/CVE-2023-492xx/CVE-2023-49238.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49238",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T02:15:44.837",
"lastModified": "2024-01-09T02:15:44.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new installation (in certain installation scenarios) because of a non-unique initial system user password. Although this password must be changed upon the first login, it is possible that an attacker logs in before the legitimate administrator logs in."
}
],
"metrics": {},
"references": [
{
"url": "https://security.gradle.com",
"source": "cve@mitre.org"
},
{
"url": "https://security.gradle.com/advisory/2023-01",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-492xx/CVE-2023-49285.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49285",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.007",
"lastModified": "2023-12-29T03:15:11.340",
"lastModified": "2024-01-09T02:15:44.903",
"vulnStatus": "Modified",
"descriptions": [
{
@ -134,6 +134,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/",
"source": "security-advisories@github.com"

6
CVE-2023/CVE-2023-492xx/CVE-2023-49286.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49286",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-04T23:15:27.243",
"lastModified": "2023-12-29T03:15:11.453",
"lastModified": "2024-01-09T02:15:45.030",
"vulnStatus": "Modified",
"descriptions": [
{
@ -128,6 +128,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/",
"source": "security-advisories@github.com"

12
CVE-2023/CVE-2023-495xx/CVE-2023-49583.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49583",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:07.920",
"lastModified": "2023-12-15T15:28:14.160",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-09T02:15:45.140",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -103,6 +103,14 @@
"Permissions Required"
]
},
{
"url": "https://me.sap.com/notes/3412456",
"source": "cna@sap.com"
},
{
"url": "https://me.sap.com/notes/3413475",
"source": "cna@sap.com"
},
{
"url": "https://www.npmjs.com/package/@sap/xssec",
"source": "cna@sap.com",

16
CVE-2023/CVE-2023-49xx/CVE-2023-4966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4966",
"sourceIdentifier": "secure@citrix.com",
"published": "2023-10-10T14:15:10.977",
"lastModified": "2023-11-07T04:23:14.160",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:27:10.417",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2023-10-18",
"cisaActionDue": "2023-11-08",
"cisaRequiredAction": "Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.",
@ -11,7 +11,7 @@
"descriptions": [
{
"lang": "en",
"value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA \u202fvirtual\u202fserver.\u00a0\n\n\n\n"
"value": "Sensitive information disclosure\u00a0in NetScaler ADC and NetScaler Gateway when configured as a\u00a0Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy)\u00a0or\u00a0AAA ?virtual?server.\u00a0\n\n\n\n"
},
{
"lang": "es",
@ -41,7 +41,7 @@
"impactScore": 3.6
},
{
"source": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"source": "secure@citrix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -74,7 +74,7 @@
]
},
{
"source": "e437aed5-38e0-4fa3-a98b-cb73e7acaec6",
"source": "secure@citrix.com",
"type": "Secondary",
"description": [
{
@ -162,7 +162,11 @@
"references": [
{
"url": "http://packetstormsecurity.com/files/175323/Citrix-Bleed-Session-Token-Leakage-Proof-Of-Concept.html",
"source": "secure@citrix.com"
"source": "secure@citrix.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://support.citrix.com/article/CTX579459",

6
CVE-2023/CVE-2023-502xx/CVE-2023-50269.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50269",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-14T18:15:45.070",
"lastModified": "2023-12-29T03:15:11.727",
"lastModified": "2024-01-09T02:15:45.280",
"vulnStatus": "Modified",
"descriptions": [
{
@ -173,6 +173,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00003.html",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A5QASTMCUSUEW3UOMKHZJB3FTONWSRXS/",
"source": "security-advisories@github.com"

8
CVE-2023/CVE-2023-504xx/CVE-2023-50422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50422",
"sourceIdentifier": "cna@sap.com",
"published": "2023-12-12T02:15:08.587",
"lastModified": "2023-12-15T16:53:13.697",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-09T02:15:45.420",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -124,6 +124,10 @@
"Permissions Required"
]
},
{
"url": "https://me.sap.com/notes/3413475",
"source": "cna@sap.com"
},
{
"url": "https://mvnrepository.com/artifact/com.sap.cloud.security.xsuaa/spring-xsuaa",
"source": "cna@sap.com",

24
CVE-2023/CVE-2023-506xx/CVE-2023-50643.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-50643",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T01:15:38.890",
"lastModified": "2024-01-09T01:15:38.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Evernote Evernote for MacOS v.10.68.2 allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components."
}
],
"metrics": {},
"references": [
{
"url": "http://evernote.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/V3x0r/CVE-2023-50643",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-517xx/CVE-2023-51717.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-51717",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T02:15:45.537",
"lastModified": "2024-01-09T02:15:45.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dataiku DSS before 11.4.5 and 12.4.1 has Incorrect Access Control that could lead to a full authentication bypass."
}
],
"metrics": {},
"references": [
{
"url": "https://dataiku.com",
"source": "cve@mitre.org"
},
{
"url": "https://doc.dataiku.com/dss/latest/security/advisories/dsa-2023-010.html",
"source": "cve@mitre.org"
}
]
}

14
CVE-2023/CVE-2023-56xx/CVE-2023-5693.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5693",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-10-22T23:15:08.067",
"lastModified": "2023-11-07T04:24:15.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-09T02:49:34.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -37,7 +37,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -59,7 +59,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -95,7 +95,7 @@
]
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
@ -114,8 +114,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:codeastro:internet_banking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1E22B024-DF7A-4CC7-BE59-CFA07165DC9F"
"criteria": "cpe:2.3:a:martmbithi:internet_banking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD0AF461-CF49-4FCA-BDCC-935CE159A06A"
}
]
}

93
CVE-2023/CVE-2023-71xx/CVE-2023-7192.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-7192",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-02T19:15:11.510",
"lastModified": "2024-01-02T19:36:26.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T01:43:40.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A memory leak problem was found in ctnetlink_create_conntrack in net/netfilter/nf_conntrack_netlink.c in the Linux Kernel. This issue may allow a local attacker with CAP_NET_ADMIN privileges to cause a denial of service (DoS) attack due to a refcount overflow."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un problema de p\u00e9rdida de memoria en ctnetlink_create_conntrack en net/netfilter/nf_conntrack_netlink.c en el kernel de Linux. Este problema puede permitir que un atacante local con privilegios CAP_NET_ADMIN provoque un ataque de denegaci\u00f3n de servicio (DoS) debido a un desbordamiento de recuento."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -46,18 +80,67 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3",
"matchCriteriaId": "3769AA63-B0A8-4EF1-96F9-6A6A6B305A02"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-7192",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256279",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=ac4893980bbe79ce383daf9a0885666a30fe4c83",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

67
CVE-2024/CVE-2024-01xx/CVE-2024-0195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0195",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T21:15:10.003",
"lastModified": "2024-01-03T13:48:00.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-09T02:03:10.443",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +105,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ssssssss:spider-flow:0.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "11D57CC0-8E2B-4D16-ABF8-115DC7DB053B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.249510",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.249510",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-216xx/CVE-2024-21646.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21646",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-09T01:15:38.937",
"lastModified": "2024-01-09T01:15:38.937",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-217xx/CVE-2024-21734.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21734",
"sourceIdentifier": "cna@sap.com",
"published": "2024-01-09T01:15:39.130",
"lastModified": "2024-01-09T01:15:39.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3190894",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2024/CVE-2024-217xx/CVE-2024-21735.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21735",
"sourceIdentifier": "cna@sap.com",
"published": "2024-01-09T01:15:39.350",
"lastModified": "2024-01-09T01:15:39.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.7,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3407617",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2024/CVE-2024-217xx/CVE-2024-21736.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21736",
"sourceIdentifier": "cna@sap.com",
"published": "2024-01-09T02:15:45.593",
"lastModified": "2024-01-09T02:15:45.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3260667",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2024/CVE-2024-217xx/CVE-2024-21737.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21737",
"sourceIdentifier": "cna@sap.com",
"published": "2024-01-09T02:15:45.823",
"lastModified": "2024-01-09T02:15:45.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In SAP Application Interface Framework File Adapter - version 702, a\u00a0high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this,\u00a0such user can control\u00a0the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3411869",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2024/CVE-2024-217xx/CVE-2024-21738.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-21738",
"sourceIdentifier": "cna@sap.com",
"published": "2024-01-09T02:15:46.020",
"lastModified": "2024-01-09T02:15:46.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.\u00a0An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3387737",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2024/CVE-2024-221xx/CVE-2024-22124.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22124",
"sourceIdentifier": "cna@sap.com",
"published": "2024-01-09T02:15:46.207",
"lastModified": "2024-01-09T02:15:46.207",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions,\u00a0Internet Communication Manager (ICM) or\u00a0SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could\u00a0allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-497"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3392626",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2024/CVE-2024-221xx/CVE-2024-22125.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22125",
"sourceIdentifier": "cna@sap.com",
"published": "2024-01-09T02:15:46.413",
"lastModified": "2024-01-09T02:15:46.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge)\u00a0- version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-497"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3386378",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

67
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-09T00:55:25.218797+00:00
2024-01-09T03:00:32.833064+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-09T00:15:44.790000+00:00
2024-01-09T02:56:14.150000+00:00
```
### Last Data Feed Release
@ -23,37 +23,68 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-01-08T01:00:28.247607+00:00
2024-01-09T01:00:28.250132+00:00
```
### Total Number of included CVEs
```plain
235201
235219
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `18`
* [CVE-2023-50162](CVE-2023/CVE-2023-501xx/CVE-2023-50162.json) (`2024-01-09T00:15:44.320`)
* [CVE-2024-21648](CVE-2024/CVE-2024-216xx/CVE-2024-21648.json) (`2024-01-09T00:15:44.383`)
* [CVE-2024-21651](CVE-2024/CVE-2024-216xx/CVE-2024-21651.json) (`2024-01-09T00:15:44.600`)
* [CVE-2024-21663](CVE-2024/CVE-2024-216xx/CVE-2024-21663.json) (`2024-01-09T00:15:44.790`)
* [CVE-2023-46906](CVE-2023/CVE-2023-469xx/CVE-2023-46906.json) (`2024-01-09T01:15:38.830`)
* [CVE-2023-50643](CVE-2023/CVE-2023-506xx/CVE-2023-50643.json) (`2024-01-09T01:15:38.890`)
* [CVE-2023-26998](CVE-2023/CVE-2023-269xx/CVE-2023-26998.json) (`2024-01-09T02:15:43.960`)
* [CVE-2023-26999](CVE-2023/CVE-2023-269xx/CVE-2023-26999.json) (`2024-01-09T02:15:44.020`)
* [CVE-2023-27000](CVE-2023/CVE-2023-270xx/CVE-2023-27000.json) (`2024-01-09T02:15:44.067`)
* [CVE-2023-27098](CVE-2023/CVE-2023-270xx/CVE-2023-27098.json) (`2024-01-09T02:15:44.113`)
* [CVE-2023-36629](CVE-2023/CVE-2023-366xx/CVE-2023-36629.json) (`2024-01-09T02:15:44.163`)
* [CVE-2023-39336](CVE-2023/CVE-2023-393xx/CVE-2023-39336.json) (`2024-01-09T02:15:44.207`)
* [CVE-2023-49238](CVE-2023/CVE-2023-492xx/CVE-2023-49238.json) (`2024-01-09T02:15:44.837`)
* [CVE-2023-51717](CVE-2023/CVE-2023-517xx/CVE-2023-51717.json) (`2024-01-09T02:15:45.537`)
* [CVE-2024-21646](CVE-2024/CVE-2024-216xx/CVE-2024-21646.json) (`2024-01-09T01:15:38.937`)
* [CVE-2024-21734](CVE-2024/CVE-2024-217xx/CVE-2024-21734.json) (`2024-01-09T01:15:39.130`)
* [CVE-2024-21735](CVE-2024/CVE-2024-217xx/CVE-2024-21735.json) (`2024-01-09T01:15:39.350`)
* [CVE-2024-21736](CVE-2024/CVE-2024-217xx/CVE-2024-21736.json) (`2024-01-09T02:15:45.593`)
* [CVE-2024-21737](CVE-2024/CVE-2024-217xx/CVE-2024-21737.json) (`2024-01-09T02:15:45.823`)
* [CVE-2024-21738](CVE-2024/CVE-2024-217xx/CVE-2024-21738.json) (`2024-01-09T02:15:46.020`)
* [CVE-2024-22124](CVE-2024/CVE-2024-221xx/CVE-2024-22124.json) (`2024-01-09T02:15:46.207`)
* [CVE-2024-22125](CVE-2024/CVE-2024-221xx/CVE-2024-22125.json) (`2024-01-09T02:15:46.413`)
### CVEs modified in the last Commit
Recently modified CVEs: `8`
Recently modified CVEs: `40`
* [CVE-2023-29048](CVE-2023/CVE-2023-290xx/CVE-2023-29048.json) (`2024-01-08T23:15:08.247`)
* [CVE-2023-29049](CVE-2023/CVE-2023-290xx/CVE-2023-29049.json) (`2024-01-08T23:15:08.553`)
* [CVE-2023-29050](CVE-2023/CVE-2023-290xx/CVE-2023-29050.json) (`2024-01-08T23:15:08.630`)
* [CVE-2023-29051](CVE-2023/CVE-2023-290xx/CVE-2023-29051.json) (`2024-01-08T23:15:08.707`)
* [CVE-2023-29052](CVE-2023/CVE-2023-290xx/CVE-2023-29052.json) (`2024-01-08T23:15:08.780`)
* [CVE-2023-41710](CVE-2023/CVE-2023-417xx/CVE-2023-41710.json) (`2024-01-08T23:15:08.850`)
* [CVE-2023-28474](CVE-2023/CVE-2023-284xx/CVE-2023-28474.json) (`2024-01-09T00:15:44.137`)
* [CVE-2023-28476](CVE-2023/CVE-2023-284xx/CVE-2023-28476.json) (`2024-01-09T00:15:44.243`)
* [CVE-2023-23752](CVE-2023/CVE-2023-237xx/CVE-2023-23752.json) (`2024-01-09T02:00:01.953`)
* [CVE-2023-27524](CVE-2023/CVE-2023-275xx/CVE-2023-27524.json) (`2024-01-09T02:00:01.953`)
* [CVE-2023-29300](CVE-2023/CVE-2023-293xx/CVE-2023-29300.json) (`2024-01-09T02:00:01.953`)
* [CVE-2023-38203](CVE-2023/CVE-2023-382xx/CVE-2023-38203.json) (`2024-01-09T02:00:01.953`)
* [CVE-2023-41990](CVE-2023/CVE-2023-419xx/CVE-2023-41990.json) (`2024-01-09T02:00:01.953`)
* [CVE-2023-0004](CVE-2023/CVE-2023-00xx/CVE-2023-0004.json) (`2024-01-09T02:12:20.307`)
* [CVE-2023-46846](CVE-2023/CVE-2023-468xx/CVE-2023-46846.json) (`2024-01-09T02:15:44.380`)
* [CVE-2023-46847](CVE-2023/CVE-2023-468xx/CVE-2023-46847.json) (`2024-01-09T02:15:44.557`)
* [CVE-2023-49285](CVE-2023/CVE-2023-492xx/CVE-2023-49285.json) (`2024-01-09T02:15:44.903`)
* [CVE-2023-49286](CVE-2023/CVE-2023-492xx/CVE-2023-49286.json) (`2024-01-09T02:15:45.030`)
* [CVE-2023-49583](CVE-2023/CVE-2023-495xx/CVE-2023-49583.json) (`2024-01-09T02:15:45.140`)
* [CVE-2023-50269](CVE-2023/CVE-2023-502xx/CVE-2023-50269.json) (`2024-01-09T02:15:45.280`)
* [CVE-2023-50422](CVE-2023/CVE-2023-504xx/CVE-2023-50422.json) (`2024-01-09T02:15:45.420`)
* [CVE-2023-22932](CVE-2023/CVE-2023-229xx/CVE-2023-22932.json) (`2024-01-09T02:26:38.127`)
* [CVE-2023-4966](CVE-2023/CVE-2023-49xx/CVE-2023-4966.json) (`2024-01-09T02:27:10.417`)
* [CVE-2023-27857](CVE-2023/CVE-2023-278xx/CVE-2023-27857.json) (`2024-01-09T02:31:27.647`)
* [CVE-2023-34039](CVE-2023/CVE-2023-340xx/CVE-2023-34039.json) (`2024-01-09T02:32:49.600`)
* [CVE-2023-3997](CVE-2023/CVE-2023-39xx/CVE-2023-3997.json) (`2024-01-09T02:35:52.077`)
* [CVE-2023-4746](CVE-2023/CVE-2023-47xx/CVE-2023-4746.json) (`2024-01-09T02:39:00.667`)
* [CVE-2023-5693](CVE-2023/CVE-2023-56xx/CVE-2023-5693.json) (`2024-01-09T02:49:34.650`)
* [CVE-2023-46603](CVE-2023/CVE-2023-466xx/CVE-2023-46603.json) (`2024-01-09T02:51:06.413`)
* [CVE-2023-30774](CVE-2023/CVE-2023-307xx/CVE-2023-30774.json) (`2024-01-09T02:51:33.207`)
* [CVE-2023-38403](CVE-2023/CVE-2023-384xx/CVE-2023-38403.json) (`2024-01-09T02:53:19.040`)
* [CVE-2023-24070](CVE-2023/CVE-2023-240xx/CVE-2023-24070.json) (`2024-01-09T02:55:33.710`)
* [CVE-2024-0195](CVE-2024/CVE-2024-01xx/CVE-2024-0195.json) (`2024-01-09T02:03:10.443`)
## Download and Usage