admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-12T21:00:27.409864+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-12 21:00:31 +00:00
parent ed1d35ca50
commit fb1a02534e
61 changed files with 4666 additions and 345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

103
CVE-2008/CVE-2008-34xx/CVE-2008-3424.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2008-3424",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-07-31T22:41:00.000",
"lastModified": "2017-08-08T01:31:52.513",
"vulnStatus": "Modified",
"lastModified": "2024-01-12T20:45:54.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -48,7 +48,7 @@
"description": [
{
"lang": "en",
"value": "CWE-264"
"value": "CWE-863"
}
]
}
@ -63,28 +63,23 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:condor_project:condor:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.0.4",
"matchCriteriaId": "BC1ED29E-B24F-4233-A506-38C078DA3A0C"
},
"versionEndExcluding": "7.0.4",
"matchCriteriaId": "501E4937-0F98-4B63-8054-04FC01B9B0C3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:condor_project:condor:7.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "324BAB04-B03E-499C-B58D-320D14740606"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:condor_project:condor:7.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16892FC7-5870-45A8-ABFE-D8EE5A565FF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:condor_project:condor:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E7E0F2-825E-4D21-A250-BEECBDDE3C6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:condor_project:condor:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E6BB9D8-6394-4317-90DF-475DE0FF0567"
"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140"
}
]
}
@ -92,33 +87,81 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/31284",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/31423",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/31459",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.cs.wisc.edu/condor/manual/v7.0/8_3Stable_Release.html#sec:New-7-0-4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0814.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0816.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/30440",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id?1020646",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44063",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-August/msg00252.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
}
]
}

216
CVE-2008/CVE-2008-61xx/CVE-2008-6123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2008-6123",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-02-12T16:30:00.187",
"lastModified": "2017-09-29T01:32:58.947",
"vulnStatus": "Modified",
"lastModified": "2024-01-12T20:41:14.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -48,7 +48,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-863"
}
]
}
@ -62,98 +62,50 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C872A9B0-0B3C-47B2-82F5-344BEBA221CD"
"criteria": "cpe:2.3:a:net-snmp:net-snmp:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.9",
"versionEndIncluding": "5.4.2.1",
"matchCriteriaId": "92CC90A4-8D48-44D2-9F32-A4CAC212E16A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:opensuse:10.3-11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7018930-D354-4B31-870E-D0E3CE19C8B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AEE816EA-2CDF-440A-9B7A-D772F38A3A17"
"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A88517EE-17E2-4128-8355-FAAC815718CB"
},
"criteria": "cpe:2.3:o:suse:linux_enterprise:9-11:*:*:*:*:*:*:*",
"matchCriteriaId": "170FDFDE-DADB-4CBF-9AB8-3A01C7BA94AB"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "089CEC52-73AC-41B0-BB7F-F24C42DD16E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E5DDCC25-3B6A-4051-BE2A-5B8553B2D904"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3E2BAAA8-313D-41F2-A98D-3557331E35B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88260A4F-4707-4B79-939A-F1EB2CD4D57B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.2.1.2_r1:*:*:*:*:*:*:*",
"matchCriteriaId": "6029DBA0-68CC-4F27-B925-660F19A6CCD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7537C748-FACE-421C-95E0-3841EA1F87CE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6F129CD3-B1ED-4FF4-8A86-2F76898E8915"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "331C82ED-2FC8-44D0-B9CC-C1F8E693F3EC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.3.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "53505415-38BE-4EDC-824E-B64B5BF5B0D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "950BC4AA-60A3-4512-A452-F205FF843C29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "282A2385-57A4-477D-BA0F-6C76751E945C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:net-snmp:net-snmp:5.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B4AE3DC6-5CB9-4206-87A6-B757ED852277"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "905D1F04-CDFD-4BAD-8939-5ABC70A874E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "00878E69-2721-43E3-A853-D3DCFE5C258D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D68555E-BEB9-4F1E-8D6D-C313FB501523"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:net-snmp:net_snmp:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7B44A0D4-3020-414B-81D7-679E8441E182"
"criteria": "cpe:2.3:o:redhat:enterprise_linux:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "40D8DAE0-8E75-435C-9BD6-FAEED2ACB47C"
}
]
}
@ -163,55 +115,119 @@
"references": [
{
"url": "http://bugs.gentoo.org/show_bug.cgi?id=250429",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00003.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp/trunk/net-snmp/snmplib/snmpUDPDomain.c?r1=17325&r2=17367&pathrev=17367",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://net-snmp.svn.sourceforge.net/viewvc/net-snmp?view=rev&revision=17367",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "http://secunia.com/advisories/34499",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/35416",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/35685",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/4",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2009/02/12/7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2009-0295.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Not Applicable"
]
},
{
"url": "http://www.securitytracker.com/id?1021921",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=485211",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10289",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

180
CVE-2009/CVE-2009-00xx/CVE-2009-0034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-0034",
"sourceIdentifier": "secalert@redhat.com",
"published": "2009-01-30T19:30:00.280",
"lastModified": "2018-10-11T20:59:11.963",
"vulnStatus": "Modified",
"lastModified": "2024-01-12T20:40:21.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-264"
"value": "CWE-863"
}
]
}
@ -62,18 +84,33 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p17:*:*:*:*:*:*:*",
"matchCriteriaId": "471284F9-21EF-4ED6-860F-AB86154CCDF1"
"criteria": "cpe:2.3:a:gratisoft:sudo:1.6.9:p17:*:*:*:*:*:*",
"matchCriteriaId": "CA0E731C-EDB7-45A2-87BB-2ED72E9A3D5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p18:*:*:*:*:*:*:*",
"matchCriteriaId": "7C91FEB5-CEF5-4C66-A8D2-AE80EA32B10D"
"criteria": "cpe:2.3:a:gratisoft:sudo:1.6.9:p18:*:*:*:*:*:*",
"matchCriteriaId": "9FD0FEDA-E9A9-458C-8B45-0D1118433D4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:todd_miller:sudo:1.6.9_p19:*:*:*:*:*:*:*",
"matchCriteriaId": "E106EBA5-14B3-48F7-BE00-9F0ABD57C33B"
"criteria": "cpe:2.3:a:gratisoft:sudo:1.6.9:p19:*:*:*:*:*:*",
"matchCriteriaId": "F4D9940B-77D2-49F0-A758-C0B2D2BA096C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BC337BB7-9A45-4406-A783-851F279130EE"
}
]
}
@ -83,67 +120,160 @@
"references": [
{
"url": "http://lists.vmware.com/pipermail/security-announce/2009/000060.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://osvdb.org/51736",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/33753",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/33840",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/33885",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://secunia.com/advisories/35766",
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0021",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.gratisoft.us/bugzilla/show_bug.cgi?id=327",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Product",
"Release Notes"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:033",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2009-0267.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Not Applicable"
]
},
{
"url": "http://www.securityfocus.com/archive/1/500546/100/0/threaded",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/archive/1/504849/100/0/threaded",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/33517",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id?1021688",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.sudo.ws/cgi-bin/cvsweb/sudo/parse.c.diff?r1=1.160.2.21&r2=1.160.2.22&f=h",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.vmware.com/security/advisories/VMSA-2009-0009.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.vupen.com/english/advisories/2009/1865",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://bugzilla.novell.com/show_bug.cgi?id=468923",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://issues.rpath.com/browse/RPL-2954",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10856",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6462",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
}
]
}

88
CVE-2010/CVE-2010-100xx/CVE-2010-10011.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2010-10011",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T20:15:46.833",
"lastModified": "2024-01-12T20:15:46.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.250446",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250446",
"source": "cna@vuldb.com"
},
{
"url": "https://www.exploit-db.com/exploits/15445",
"source": "cna@vuldb.com"
}
]
}

73
CVE-2022/CVE-2022-289xx/CVE-2022-28975.json
View File

@ -2,23 +2,86 @@
"id": "CVE-2022-28975",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T14:15:45.647",
"lastModified": "2024-01-09T14:55:35.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:59:59.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A stored cross-site scripting (XSS) vulnerability in Infoblox NIOS v8.5.2-409296 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the VLAN View Name field."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado en Infoblox NIOS v8.5.2-409296 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectadp en el campo VLAN View Name."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:infoblox:nios:8.5.2-409296:*:*:*:*:*:*:*",
"matchCriteriaId": "E82FD849-F7F2-4CD9-A245-EC08C00977A1"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://infoblox.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://piotrryciak.com/posts/xss-infoblox/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

9
CVE-2022/CVE-2022-305xx/CVE-2022-30550.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30550",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-07-17T19:15:18.540",
"lastModified": "2023-10-30T12:15:08.940",
"vulnStatus": "Modified",
"lastModified": "2024-01-12T20:47:18.010",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -107,7 +107,10 @@
},
{
"url": "https://security.gentoo.org/glsa/202310-19",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.dovecot.org/download/",

105
CVE-2023/CVE-2023-209xx/CVE-2023-20900.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20900",
"sourceIdentifier": "security@vmware.com",
"published": "2023-08-31T10:15:08.247",
"lastModified": "2023-11-17T05:15:11.647",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-12T20:41:42.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -157,6 +157,71 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
"matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*",
"matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "46D69DCC-AE4D-4EA5-861C-D60951444C6C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797"
}
]
}
]
}
],
"references": [
@ -170,31 +235,53 @@
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/27/1",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00000.html",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231013-0002/",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5493",
"source": "security@vmware.com"
"source": "security@vmware.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0019.html",

92
CVE-2023/CVE-2023-270xx/CVE-2023-27098.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-27098",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T02:15:44.113",
"lastModified": "2024-01-09T14:01:44.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:14:52.533",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,101 @@
"value": "TP-Link Tapo APK hasta v2.12.703 utiliza credenciales codificadas para acceder al panel de inicio de sesi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tp-link:tapo:*:*:*:*:*:android:*:*",
"versionEndExcluding": "2.11.44",
"matchCriteriaId": "C9EB199F-FE2B-4E4B-B74E-C6B0A2D55AA7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tapo_c200:-:*:*:*:*:*:*:*",
"matchCriteriaId": "91B3D3B3-6E31-4F14-8DF5-0E3519C29DFD"
}
]
}
]
}
],
"references": [
{
"url": "http://tp-lin.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://tp-link.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/c0d3x27/CVEs/tree/main/CVE-2023-27098",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://www.tp-link.com/support/contact-technical-support/#LiveChat-Support",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

69
CVE-2023/CVE-2023-30xx/CVE-2023-3043.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-3043",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:09.290",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:18:06.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\nAMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker may\ncause a stack-based buffer overflow via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s de una red adyacente. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12",
"versionEndExcluding": "12.7",
"matchCriteriaId": "402A5B6D-465C-4CC8-B75C-F96F0DE0A67C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndExcluding": "13.6",
"matchCriteriaId": "14A6F62B-9C61-4D73-B15E-205173667C76"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31024.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31024",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:09.397",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31025.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31025",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:09.627",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-90"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31029.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31029",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:09.847",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31030.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31030",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:10.067",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31031.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31031",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:10.257",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31032.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31032",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:10.490",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-627"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31033.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31033",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:10.680",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31034.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31034",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:10.867",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
}
]
}

55
CVE-2023/CVE-2023-310xx/CVE-2023-31035.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-31035",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-01-12T19:15:11.057",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "NVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5510",
"source": "psirt@nvidia.com"
}
]
}

69
CVE-2023/CVE-2023-343xx/CVE-2023-34332.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34332",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:07.817",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:20:32.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\nAMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker\nmay cause an untrusted pointer to dereference by a local network. A successful\nexploitation of this vulnerability may lead to a loss of confidentiality,\nintegrity, and/or availability. \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar que una red local elimine la referencia de un puntero que no es de confianza. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12",
"versionEndExcluding": "12.7",
"matchCriteriaId": "402A5B6D-465C-4CC8-B75C-F96F0DE0A67C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndExcluding": "13.6",
"matchCriteriaId": "14A6F62B-9C61-4D73-B15E-205173667C76"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-343xx/CVE-2023-34333.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-34333",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.223",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:19:22.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\nAMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker may cause an\nuntrusted pointer to dereference via a local network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability.\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar que un puntero que no es de confianza elimine la referencia a trav\u00e9s de una red local. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12",
"versionEndExcluding": "12.7",
"matchCriteriaId": "402A5B6D-465C-4CC8-B75C-F96F0DE0A67C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndExcluding": "13.6",
"matchCriteriaId": "14A6F62B-9C61-4D73-B15E-205173667C76"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-372xx/CVE-2023-37293.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37293",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.413",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:18:51.173",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "AMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker may cause a\nstack-based buffer overflow via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede provocar un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria a trav\u00e9s de una red adyacente. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12",
"versionEndExcluding": "12.7",
"matchCriteriaId": "402A5B6D-465C-4CC8-B75C-F96F0DE0A67C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndExcluding": "13.6",
"matchCriteriaId": "14A6F62B-9C61-4D73-B15E-205173667C76"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-372xx/CVE-2023-37294.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37294",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.600",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:18:41.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a heap memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede conllevar una corrupci\u00f3n de la memoria de la pila a trav\u00e9s de una red adyacente. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12",
"versionEndExcluding": "12.7",
"matchCriteriaId": "402A5B6D-465C-4CC8-B75C-F96F0DE0A67C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndExcluding": "13.6",
"matchCriteriaId": "14A6F62B-9C61-4D73-B15E-205173667C76"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-372xx/CVE-2023-37295.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37295",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.770",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:18:29.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a heap memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede conllevar una corrupci\u00f3n de la memoria de la pila a trav\u00e9s de una red adyacente. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12",
"versionEndExcluding": "12.7",
"matchCriteriaId": "402A5B6D-465C-4CC8-B75C-F96F0DE0A67C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndExcluding": "13.6",
"matchCriteriaId": "14A6F62B-9C61-4D73-B15E-205173667C76"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-372xx/CVE-2023-37296.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37296",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.940",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:18:21.500",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a stack memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede conllevar una corrupci\u00f3n de la memoria de la pila a trav\u00e9s de una red adyacente. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12",
"versionEndExcluding": "12.7",
"matchCriteriaId": "402A5B6D-465C-4CC8-B75C-F96F0DE0A67C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndExcluding": "13.6",
"matchCriteriaId": "14A6F62B-9C61-4D73-B15E-205173667C76"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-372xx/CVE-2023-37297.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-37297",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:09.110",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:18:12.150",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a heap memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "El SPx de AMI contiene una vulnerabilidad en el BMC donde un atacante puede conllevar una corrupci\u00f3n de la memoria de la pila a trav\u00e9s de una red adyacente. Una explotaci\u00f3n exitosa de esta vulnerabilidad puede conducir a una p\u00e9rdida de confidencialidad, integridad y/o disponibilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "biossecurity@ami.com",
"type": "Secondary",
@ -46,10 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12",
"versionEndExcluding": "12.7",
"matchCriteriaId": "402A5B6D-465C-4CC8-B75C-F96F0DE0A67C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ami:megarac_sp-x:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13",
"versionEndExcluding": "13.6",
"matchCriteriaId": "14A6F62B-9C61-4D73-B15E-205173667C76"
}
]
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
"source": "biossecurity@ami.com",
"tags": [
"Vendor Advisory"
]
}
]
}

77
CVE-2023/CVE-2023-416xx/CVE-2023-41603.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41603",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T08:15:37.740",
"lastModified": "2024-01-10T13:56:12.537",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:13:05.087",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,80 @@
"value": "Se descubri\u00f3 que D-Link R15 anterior a v1.08.02 no conten\u00eda restricciones de firewall para el tr\u00e1fico IPv6. Esto permite a los atacantes acceder arbitrariamente a cualquier servicio que se ejecute en el dispositivo y que pueda estar escuchando inadvertidamente a trav\u00e9s de IPv6."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:r15_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.08.02",
"matchCriteriaId": "24ABB518-FE4A-46AE-A501-AF3E41D6BB47"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:r15:-:*:*:*:*:*:*:*",
"matchCriteriaId": "714513B8-0676-46AF-82B2-4076F75BA17A"
}
]
}
]
}
],
"references": [
{
"url": "https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10347",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

11
CVE-2023/CVE-2023-459xx/CVE-2023-45992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45992",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-19T19:15:16.223",
"lastModified": "2023-10-31T21:15:08.720",
"vulnStatus": "Modified",
"lastModified": "2024-01-12T20:50:42.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting en Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414 permite a un atacante remoto escalar privilegios a trav\u00e9s de un script manipulado al par\u00e1metro macaddress en el portal de incorporaci\u00f3n."
"value": "Una vulnerabilidad en la interfaz web del producto RUCKUS Cloudpath en la versi\u00f3n 5.12 build 5538 o anterior podr\u00eda permitir que un atacante remoto no autenticado ejecute ataques XSS y CSRF persistentes contra un usuario de la interfaz de gesti\u00f3n de administraci\u00f3n. Un ataque exitoso, combinado con una determinada actividad administrativa, podr\u00eda permitir al atacante obtener privilegios completos de administrador en el sistema explotado."
}
],
"metrics": {
@ -63,8 +63,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:commscope:ruckus_cloudpath:5.12.54414:*:*:*:*:*:*:*",
"matchCriteriaId": "52DDAB5B-6E87-43A0-8F61-F0933D137F99"
"criteria": "cpe:2.3:a:commscope:ruckus_cloudpath_enrollment_system:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.12.5538",
"matchCriteriaId": "C21536CD-2726-476D-A01C-1DF492A24F9A"
}
]
}

460
CVE-2023/CVE-2023-468xx/CVE-2023-46805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46805",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-01-12T17:15:09.530",
"lastModified": "2024-01-12T18:05:43.827",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-12T20:46:59.220",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +56,442 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAA1F3F-FC78-43C1-814A-19E94AC4A844"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "5A3A93FE-41BF-43F2-9EFC-89656182329F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "8D5F47BA-DE6D-443D-95C3-A45F80EDC71E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
"matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
"matchCriteriaId": "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
"matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
"matchCriteriaId": "BBC724E8-195B-4CB4-AC2A-63E184AED4F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "C132BA26-BCA0-43E6-9511-34ACFFA136A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*",
"matchCriteriaId": "D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
"matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
"matchCriteriaId": "DB6CEA16-F422-48F1-9473-3931B1BFA63F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*",
"matchCriteriaId": "E238AB9F-99C1-4F0D-B442-D390065D35D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
"matchCriteriaId": "28FDE909-711C-41EC-8BA6-AC4DE05EA27E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
"matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "6564FE9E-7D96-4226-8378-DAC25525CDD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "361FAA47-52FF-4B36-96B0-9C178A4E031B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "415219D0-2D9A-4617-ABB7-6FF918421BEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "D3DF17AC-EC26-4B76-8989-B7880C9EF73E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "001E117B-E8EE-4C20-AEBF-34FF5EB5051E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*",
"matchCriteriaId": "6C383863-1E90-4B72-A500-4326782BC92F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*",
"matchCriteriaId": "AB9A5868-34FB-446E-817F-6701CC5DE923"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*",
"matchCriteriaId": "5456F61D-1FD1-4DA6-AFA3-4073889AD22A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD00E2EC-B772-4FE8-8CC5-829BE45BE878"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "BF767F07-2E9F-4099-829D-2F70E85D8A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "B994E22B-8FA5-4510-82F6-7820BDA7C307"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "FE5C4ABC-2BEB-4741-95B3-303903369818"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "D50C5526-F791-4C76-B5C0-DA2E1281C9E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "2CB8240E-7683-4C39-9654-4F8D1F682288"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "7A53C031-E7A5-47B6-BA4A-DD28432E743F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "B90687F3-A5C1-4706-AD66-D78EE512E4C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*",
"matchCriteriaId": "D10A3F2D-6A62-4A48-93FB-274527C821D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*",
"matchCriteriaId": "811C7E7E-89AB-47DF-BACD-ED478DF756BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "7ED1686B-2D80-4ECF-9F7A-AEA989E17C84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "092DA2A3-5CEF-433F-8E5B-4850E4095CC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A385F38B-0B03-4B69-B7A1-952F5BAE727C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "925DCCBA-9382-4A39-84B8-4DEAFD2BC802"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "34C118FB-7AE0-466C-822A-348A2F6016AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "1536DB45-9A42-4549-A10E-FDBB6693DF17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "51FF66C9-9415-4EAD-8F19-D5E067336885"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "8BBC1E81-0A2A-4166-BFA6-2B866B4F8AE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "D73729EB-C679-4CED-9F36-212B0581EC22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "14B481E8-D887-408F-B892-D2939CD037AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "3EB8380F-D229-4AF0-B27C-47760F843E48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "CB4B1ED6-38AD-44F8-9B77-2D6924E8A20E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "28A9318A-0D4D-4EF1-998B-4A82A1AB63F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*",
"matchCriteriaId": "56C7542D-3520-4E4D-936C-5295068C4CD7"
}
]
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-47xx/CVE-2023-4753.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4753",
"sourceIdentifier": "scy@openharmony.io",
"published": "2023-09-21T10:15:09.597",
"lastModified": "2023-10-26T08:15:07.527",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-12T20:46:22.983",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,7 +11,7 @@
},
{
"lang": "es",
"value": "OpenHarmony v3.2.1 y versiones anteriores tienen un kernel liteos: un kernel puede fallar debido a una vulnerabilidad de entradas no detectadas en mqueue. Los atacantes locales pueden bloquear el kernel de Liteos por la entrada de error"
"value": "OpenHarmony v3.2.1 y versiones anteriores tienen un error de uso de la funci\u00f3n de llamada al sistema. Los atacantes locales pueden bloquear el kernel debido a la entrada de error."
}
],
"metrics": {

82
CVE-2023/CVE-2023-492xx/CVE-2023-49235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49235",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T09:15:42.223",
"lastModified": "2024-01-09T14:01:44.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:51:24.593",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "Se descubri\u00f3 un problema en libremote_dbg.so en dispositivos TRENDnet TV-IP1314PI 5.5.3 200714. El filtrado de informaci\u00f3n de depuraci\u00f3n se maneja mal durante el uso de popen. En consecuencia, un atacante puede eludir la validaci\u00f3n y ejecutar un comando de shell."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:trendnet:tv-ip1314pi_firmware:5.5.3:200714:*:*:*:*:*:*",
"matchCriteriaId": "13841547-5DE5-4FC8-B030-9B5CF2AB6AD4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:trendnet:tv-ip1314pi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C52D00-1D07-4087-97A7-8691DDF76A4F"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoPd81aPaHx/view?usp=sharing",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/pcsle37/TRENDnet/blob/main/TRENDnet_vul.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-492xx/CVE-2023-49236.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49236",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T09:15:42.300",
"lastModified": "2024-01-09T14:01:44.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T20:39:27.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,87 @@
"value": "Se descubri\u00f3 un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en dispositivos TRENDnet TV-IP1314PI 5.5.3 200714, lo que provoc\u00f3 la ejecuci\u00f3n de comandos arbitrarios. Esto ocurre debido a la falta de validaci\u00f3n de longitud durante un sscanf de un campo de escala ingresado por el usuario en la funci\u00f3n de reproducci\u00f3n RTSP de davinci."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:trendnet:tv-ip1314pi_firmware:5.5.3:200714:*:*:*:*:*:*",
"matchCriteriaId": "13841547-5DE5-4FC8-B030-9B5CF2AB6AD4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:trendnet:tv-ip1314pi:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F7C52D00-1D07-4087-97A7-8691DDF76A4F"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1lTloBkH_7zAz1ZbFVSZnfpoPd81aPaHx/view?usp=sharing",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/pcsle37/TRENDnet/blob/main/TRENDnet_vul.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

75
CVE-2023/CVE-2023-494xx/CVE-2023-49427.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49427",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T09:15:44.090",
"lastModified": "2024-01-10T13:56:06.947",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:13:41.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,78 @@
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en Tenda AX12 V22.03.01.46, permite a atacantes remotos causar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s del par\u00e1metro de lista en la funci\u00f3n SetNetControlList."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax12_firmware:22.03.01.46:*:*:*:*:*:*:*",
"matchCriteriaId": "ACC5CA19-0A08-462F-A948-9D2338076B61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax12:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AE639FC1-068D-4570-AD2A-1837C339B97A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ef4tless/vuln/blob/master/iot/AX12/SetNetControlList.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
}
]
}

10
CVE-2023/CVE-2023-495xx/CVE-2023-49599.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49599",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.257",
"lastModified": "2024-01-10T18:15:47.117",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:15:11.260",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and bruteforce the salt offline, leading to forging a legitimate password recovery code for the admin user."
"value": "An insufficient entropy vulnerability exists in the salt generation functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted series of HTTP requests can lead to privilege escalation. An attacker can gather system information via HTTP requests and brute force the salt offline, leading to forging a legitimate password recovery code for the admin user."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de entrop\u00eda insuficiente en la funcionalidad salt generation de WWBN AVideo dev master commit 15fed957fb. Una serie de solicitudes HTTP especialmente manipuladas pueden provocar una escalada de privilegios. Un atacante puede recopilar informaci\u00f3n del sistema a trav\u00e9s de solicitudes HTTP y aplicar fuerza bruta al salt offline, lo que lleva a falsificar un c\u00f3digo de recuperaci\u00f3n de contrase\u00f1a leg\u00edtimo para el usuario administrador."
}
],
"metrics": {

10
CVE-2023/CVE-2023-498xx/CVE-2023-49810.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49810",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-01-10T16:15:48.803",
"lastModified": "2024-01-10T18:15:47.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:15:11.380",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
"value": "A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to bruteforce users credentials. An attacker can send a series of HTTP requests to trigger this vulnerability."
"value": "A login attempt restriction bypass vulnerability exists in the checkLoginAttempts functionality of WWBN AVideo dev master commit 15fed957fb. A specially crafted HTTP request can lead to captcha bypass, which can be abused by an attacker to brute force user credentials. An attacker can send a series of HTTP requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de omisi\u00f3n de restricci\u00f3n de intento de inicio de sesi\u00f3n en la funcionalidad checkLoginAttempts de la confirmaci\u00f3n maestra de desarrollo de WWBN AVideo 15fed957fb. Una solicitud HTTP especialmente manipulada puede provocar la omisi\u00f3n de captcha, que un atacante puede aprovechar para aplicar fuerza bruta a las credenciales de los usuarios. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar esta vulnerabilidad."
}
],
"metrics": {

70
CVE-2023/CVE-2023-509xx/CVE-2023-50974.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50974",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T09:15:42.480",
"lastModified": "2024-01-09T14:01:44.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T20:25:04.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "En Appwrite CLI anterior a 3.0.0, cuando se utiliza el comando de inicio de sesi\u00f3n, las credenciales del usuario de Appwrite se almacenan en un archivo ~/.appwrite/prefs.json con 0644 como permisos UNIX. Cualquier usuario del sistema local puede acceder a esas credenciales."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:appwrite:command_line_interface:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "99DC8A22-0CBA-4C1E-BD03-34796D09EDF1"
}
]
}
]
}
],
"references": [
{
"url": "https://appwrite.io/docs/tooling/command-line/installation",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/SkypLabs/72ee00ecfa7d1a3494e2d69a24279c1d",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51971.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51971",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T13:15:48.547",
"lastModified": "2024-01-10T16:15:50.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:22:55.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function getIptvInfo."
},
{
"lang": "es",
"value": "Tenda AX1803 v1.0.0.1 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro adv.iptv.stbpvid en la funci\u00f3n getIptvInfo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Buffer-Overflow-in-getIptvInfo-f5918cc2828c49e78554f456bf7d4b36",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

80
CVE-2023/CVE-2023-519xx/CVE-2023-51972.json
View File

@ -2,19 +2,91 @@
"id": "CVE-2023-51972",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T13:15:48.593",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:22:50.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Tenda AX1803 v1.0.0.1 was discovered to contain a command injection vulnerability via the function fromAdvSetLanIp."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Tenda AX1803 v1.0.0.1 contiene una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s de la funci\u00f3n fromAdvSetLanIp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ax1803_firmware:1.0.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B81C53EE-14CD-426B-ADF3-6D9B4D69DC84"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ax1803:-:*:*:*:*:*:*:*",
"matchCriteriaId": "413B93A8-6188-4D89-8141-C5B73F4AA071"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://grove-laser-8ad.notion.site/Tenda-AX1803-Command-Injection-in-fromAdvSetLanIp-7b2892fac8234cff90ca15af4947a8e7",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-61xx/CVE-2023-6147.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6147",
"sourceIdentifier": "bugreport@qualys.com",
"published": "2024-01-09T08:15:36.100",
"lastModified": "2024-01-09T14:01:44.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:40:20.017",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "bugreport@qualys.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
},
{
"source": "bugreport@qualys.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qualys:policy_compliance:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.0.5",
"matchCriteriaId": "42ED3645-D747-41DB-B01A-A8B686AD6E3D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualys.com/security-advisories/",
"source": "bugreport@qualys.com"
"source": "bugreport@qualys.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-61xx/CVE-2023-6148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6148",
"sourceIdentifier": "bugreport@qualys.com",
"published": "2024-01-09T09:15:42.530",
"lastModified": "2024-01-09T14:01:44.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T20:12:53.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "bugreport@qualys.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "bugreport@qualys.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qualys:policy_compliance:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "1.0.5",
"matchCriteriaId": "42ED3645-D747-41DB-B01A-A8B686AD6E3D"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualys.com/security-advisories/",
"source": "bugreport@qualys.com"
"source": "bugreport@qualys.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-61xx/CVE-2023-6149.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6149",
"sourceIdentifier": "bugreport@qualys.com",
"published": "2024-01-09T09:15:42.737",
"lastModified": "2024-01-09T14:01:44.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:55:38.860",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "bugreport@qualys.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
},
{
"source": "bugreport@qualys.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:qualys:web_application_screening:*:*:*:*:*:jenkins:*:*",
"versionEndIncluding": "2.0.11",
"matchCriteriaId": "560F3C7B-37AD-461C-B0B6-403C55E28804"
}
]
}
]
}
],
"references": [
{
"url": "https://www.qualys.com/security-advisories/",
"source": "bugreport@qualys.com"
"source": "bugreport@qualys.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-66xx/CVE-2023-6683.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-6683",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-12T19:15:11.480",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6683",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254825",
"source": "secalert@redhat.com"
}
]
}

68
CVE-2024/CVE-2024-02xx/CVE-2024-0213.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0213",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2024-01-09T14:15:46.763",
"lastModified": "2024-01-09T14:55:35.817",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:27:52.903",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "\nA buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly. \n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en TA para Linux y TA para MacOS anteriores a 5.8.1 permite a un usuario local obtener permisos elevados o provocar una denegaci\u00f3n de servicio (DoS) mediante la explotaci\u00f3n de un problema de corrupci\u00f3n de memoria en el servicio TA, que se ejecuta como ra\u00edz. Esto tambi\u00e9n puede provocar la desactivaci\u00f3n de la notificaci\u00f3n de eventos a ePO, debido a que no se valida correctamente la entrada del archivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
@ -46,10 +80,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trellix:agent:*:*:*:*:linux:*:*:*",
"versionEndExcluding": "5.8.1",
"matchCriteriaId": "184DB54B-FFBF-48B8-8C3A-766D307F38DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:trellix:agent:*:*:*:*:macos:*:*:*",
"versionEndExcluding": "5.8.1",
"matchCriteriaId": "82E47131-1118-423D-B2A7-739AF4847639"
}
]
}
]
}
],
"references": [
{
"url": "https://kcm.trellix.com/corporate/index?page=content&id=SB10416",
"source": "trellixpsirt@trellix.com"
"source": "trellixpsirt@trellix.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-02xx/CVE-2024-0226.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0226",
"sourceIdentifier": "disclosure@synopsys.com",
"published": "2024-01-09T18:15:47.177",
"lastModified": "2024-01-09T19:56:14.023",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T20:04:24.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload."
},
{
"lang": "es",
"value": "Las versiones de Synopsys Seeker anteriores a 2023.12.0 son afectadas por una vulnerabilidad de Cross-Site Scripting almacenados a trav\u00e9s de un payload especialmente manipulado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "disclosure@synopsys.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "disclosure@synopsys.com",
"type": "Secondary",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:synopsys:seeker:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.12.0",
"matchCriteriaId": "3F586961-72B1-4F21-A808-F0AA07C1E258"
}
]
}
]
}
],
"references": [
{
"url": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2024-0226-Affecting-Seeker",
"source": "disclosure@synopsys.com"
"source": "disclosure@synopsys.com",
"tags": [
"Permissions Required"
]
}
]
}

64
CVE-2024/CVE-2024-03xx/CVE-2024-0348.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0348",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T22:15:44.257",
"lastModified": "2024-01-10T01:21:28.543",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:21:36.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Engineers Online Portal 1.0. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del componente File Upload Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce al consumo de recursos. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-250116."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:engineers_online_portal_project:engineers_online_portal:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE2C0236-1BC6-45DD-B5A5-1FE81BD75296"
}
]
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/HNkn2QbI#EjefwKgFoAjtWcxrQFMgBfhVQ1LAf2hq7Jg-nDsE-P4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.250116",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.250116",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

4
CVE-2024/CVE-2024-04xx/CVE-2024-0462.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0462",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T18:15:46.687",
"lastModified": "2024-01-12T18:15:46.687",
"vulnStatus": "Received",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-04xx/CVE-2024-0463.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0463",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T18:15:46.913",
"lastModified": "2024-01-12T18:15:46.913",
"vulnStatus": "Received",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2024/CVE-2024-04xx/CVE-2024-0464.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0464",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T19:15:11.777",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL4.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250569",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250569",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-04xx/CVE-2024-0465.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0465",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T19:15:12.577",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-24"
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250570",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250570",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-04xx/CVE-2024-0466.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0466",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T19:15:12.920",
"lastModified": "2024-01-12T19:21:49.423",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_SQL1.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250571",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250571",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-04xx/CVE-2024-0467.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0467",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-12T20:15:47.177",
"lastModified": "2024-01-12T20:15:47.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250572",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250572",
"source": "cna@vuldb.com"
}
]
}

152
CVE-2024/CVE-2024-206xx/CVE-2024-20692.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20692",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:52.567",
"lastModified": "2024-01-09T19:56:14.023",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:10:41.183",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n del servicio del subsistema de la autoridad de seguridad local de Microsoft"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -31,13 +35,153 @@
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20402",
"matchCriteriaId": "F40B0037-2EF9-4172-BD2B-C5D046426DC9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6614",
"matchCriteriaId": "1642CC8D-1521-46D9-AE2A-7CD9BCE30565"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5329",
"matchCriteriaId": "AB2C6F0A-4519-43AE-A36D-39F968FF3DCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.3930",
"matchCriteriaId": "26D9519C-EC1F-48D1-89F5-2DCBF84C8251"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3930",
"matchCriteriaId": "B9B6C6A0-6A10-4A8B-9DF2-D00CE5F863BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2713",
"matchCriteriaId": "290AE500-245E-4C97-953C-05D679164894"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3007",
"matchCriteriaId": "8145E3A1-AA48-49CD-A391-8BA9F3860316"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3007",
"matchCriteriaId": "04D7A1EA-2E86-4600-A7B8-DAA5ACABE8D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6614",
"matchCriteriaId": "D8F92AA0-D568-4DD8-B50E-29F3561F81AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5329",
"matchCriteriaId": "51DCD313-6848-46DD-B4C6-DA2A8F6291CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2227",
"matchCriteriaId": "13224366-AD63-4CAD-85D1-F9599CFE1B14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.643",
"matchCriteriaId": "0B57577F-8313-4AFF-9E30-0C928D87C4AF"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20692",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

104
CVE-2024/CVE-2024-206xx/CVE-2024-20694.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20694",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:52.757",
"lastModified": "2024-01-09T19:56:14.023",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:07:21.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Windows CoreMessaging Information Disclosure Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de Windows CoreMessaging"
}
],
"metrics": {
@ -34,10 +38,104 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6614",
"matchCriteriaId": "1642CC8D-1521-46D9-AE2A-7CD9BCE30565"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5329",
"matchCriteriaId": "AB2C6F0A-4519-43AE-A36D-39F968FF3DCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.3930",
"matchCriteriaId": "26D9519C-EC1F-48D1-89F5-2DCBF84C8251"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.3930",
"matchCriteriaId": "B9B6C6A0-6A10-4A8B-9DF2-D00CE5F863BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.2713",
"matchCriteriaId": "290AE500-245E-4C97-953C-05D679164894"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.3007",
"matchCriteriaId": "8145E3A1-AA48-49CD-A391-8BA9F3860316"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.3007",
"matchCriteriaId": "04D7A1EA-2E86-4600-A7B8-DAA5ACABE8D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6614",
"matchCriteriaId": "D8F92AA0-D568-4DD8-B50E-29F3561F81AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5329",
"matchCriteriaId": "51DCD313-6848-46DD-B4C6-DA2A8F6291CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2227",
"matchCriteriaId": "13224366-AD63-4CAD-85D1-F9599CFE1B14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.643",
"matchCriteriaId": "0B57577F-8313-4AFF-9E30-0C928D87C4AF"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20694",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

71
CVE-2024/CVE-2024-207xx/CVE-2024-20710.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20710",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-10T13:15:48.843",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:14:08.107",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 2.1.3 y anteriores de Adobe Substance 3D Stager se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -31,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -46,10 +70,49 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.3",
"matchCriteriaId": "2CA28535-8EC9-4966-B508-00F187105C3D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-207xx/CVE-2024-20711.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-20711",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-10T13:15:49.057",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:14:18.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 2.1.3 y anteriores de Adobe Substance 3D Stager se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
@ -46,10 +70,49 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.3",
"matchCriteriaId": "2CA28535-8EC9-4966-B508-00F187105C3D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

71
CVE-2024/CVE-2024-207xx/CVE-2024-20712.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20712",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-10T13:15:49.320",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:14:30.933",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 2.1.3 y anteriores de Adobe Substance 3D Stager se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -31,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -46,10 +70,49 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.3",
"matchCriteriaId": "2CA28535-8EC9-4966-B508-00F187105C3D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

71
CVE-2024/CVE-2024-207xx/CVE-2024-20713.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20713",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-01-10T13:15:49.510",
"lastModified": "2024-01-10T13:56:00.697",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:14:39.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 2.1.3 y anteriores de Adobe Substance 3D Stager se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -31,6 +35,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -46,10 +70,49 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.1.3",
"matchCriteriaId": "2CA28535-8EC9-4966-B508-00F187105C3D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

460
CVE-2024/CVE-2024-218xx/CVE-2024-21887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21887",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-01-12T17:15:10.017",
"lastModified": "2024-01-12T18:05:43.827",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-12T20:46:41.213",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -34,10 +56,442 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BEAA1F3F-FC78-43C1-814A-19E94AC4A844"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "5A3A93FE-41BF-43F2-9EFC-89656182329F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "8D5F47BA-DE6D-443D-95C3-A45F80EDC71E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*",
"matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*",
"matchCriteriaId": "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*",
"matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*",
"matchCriteriaId": "BBC724E8-195B-4CB4-AC2A-63E184AED4F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "C132BA26-BCA0-43E6-9511-34ACFFA136A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*",
"matchCriteriaId": "D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*",
"matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*",
"matchCriteriaId": "DB6CEA16-F422-48F1-9473-3931B1BFA63F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*",
"matchCriteriaId": "E238AB9F-99C1-4F0D-B442-D390065D35D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*",
"matchCriteriaId": "28FDE909-711C-41EC-8BA6-AC4DE05EA27E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*",
"matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*",
"matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "80C56782-273A-4151-BE81-13FEEFE46A6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "6564FE9E-7D96-4226-8378-DAC25525CDD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:-:*:*:*:*:*:*",
"matchCriteriaId": "361FAA47-52FF-4B36-96B0-9C178A4E031B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "BCBF6DD0-2826-4E61-8FB6-DB489EBF8981"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "415219D0-2D9A-4617-ABB7-6FF918421BEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "E9F55E7B-7B38-4AEC-A015-D8CB9DE5E72C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.4:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "D3DF17AC-EC26-4B76-8989-B7880C9EF73E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.5:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "001E117B-E8EE-4C20-AEBF-34FF5EB5051E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:-:*:*:*:*:*:*",
"matchCriteriaId": "6C383863-1E90-4B72-A500-4326782BC92F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:r1:*:*:*:*:*:*",
"matchCriteriaId": "AB9A5868-34FB-446E-817F-6701CC5DE923"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:connect_secure:22.6:r2:*:*:*:*:*:*",
"matchCriteriaId": "5456F61D-1FD1-4DA6-AFA3-4073889AD22A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DD00E2EC-B772-4FE8-8CC5-829BE45BE878"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A07B66E0-A679-4912-8CB1-CD134713EDC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r10:*:*:*:*:*:*",
"matchCriteriaId": "BF767F07-2E9F-4099-829D-2F70E85D8A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r11:*:*:*:*:*:*",
"matchCriteriaId": "B994E22B-8FA5-4510-82F6-7820BDA7C307"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r12:*:*:*:*:*:*",
"matchCriteriaId": "FE5C4ABC-2BEB-4741-95B3-303903369818"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13:*:*:*:*:*:*",
"matchCriteriaId": "D50C5526-F791-4C76-B5C0-DA2E1281C9E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r13.1:*:*:*:*:*:*",
"matchCriteriaId": "2CB8240E-7683-4C39-9654-4F8D1F682288"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r14:*:*:*:*:*:*",
"matchCriteriaId": "7A53C031-E7A5-47B6-BA4A-DD28432E743F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r15:*:*:*:*:*:*",
"matchCriteriaId": "4BEE355B-1C2D-4BEB-8922-EAEAA5A1FAE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r16:*:*:*:*:*:*",
"matchCriteriaId": "B90687F3-A5C1-4706-AD66-D78EE512E4C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r17:*:*:*:*:*:*",
"matchCriteriaId": "D10A3F2D-6A62-4A48-93FB-274527C821D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r18:*:*:*:*:*:*",
"matchCriteriaId": "811C7E7E-89AB-47DF-BACD-ED478DF756BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r2:*:*:*:*:*:*",
"matchCriteriaId": "6D37A6E4-D58E-444D-AF6A-15461F38E81A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3:*:*:*:*:*:*",
"matchCriteriaId": "FC2B9DA0-E32B-4125-9986-F0D3814C66E9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r3.1:*:*:*:*:*:*",
"matchCriteriaId": "38A0D7CF-7D55-4933-AE8C-36006D6779E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4:*:*:*:*:*:*",
"matchCriteriaId": "C9A5BA3E-D6B3-453D-8DDF-FF16859FD0F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.1:*:*:*:*:*:*",
"matchCriteriaId": "BAFDA618-D15D-401D-AC68-0020259FEC57"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r4.2:*:*:*:*:*:*",
"matchCriteriaId": "D55AB5F0-132F-4C40-BF4F-684E139B774B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r5:*:*:*:*:*:*",
"matchCriteriaId": "6BE937D2-8BEE-4E64-8738-F550EAD00F50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "9C753520-1BC6-4980-AFC9-4C2FDDF2FD18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r7:*:*:*:*:*:*",
"matchCriteriaId": "AC3863BC-3B9A-402B-A74A-149CDF717EC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8:*:*:*:*:*:*",
"matchCriteriaId": "E3C09D51-FDA0-4D07-87D8-F527C8CBDAFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.1:*:*:*:*:*:*",
"matchCriteriaId": "CCE2E1C0-680F-4EFF-ACE6-A1DAFA209D24"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r8.2:*:*:*:*:*:*",
"matchCriteriaId": "7ED1686B-2D80-4ECF-9F7A-AEA989E17C84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:9.1:r9:*:*:*:*:*:*",
"matchCriteriaId": "092DA2A3-5CEF-433F-8E5B-4850E4095CC4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:r1:*:*:*:*:*:*",
"matchCriteriaId": "A385F38B-0B03-4B69-B7A1-952F5BAE727C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.1:r6:*:*:*:*:*:*",
"matchCriteriaId": "925DCCBA-9382-4A39-84B8-4DEAFD2BC802"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:r1:*:*:*:*:*:*",
"matchCriteriaId": "34C118FB-7AE0-466C-822A-348A2F6016AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.2:r3:*:*:*:*:*:*",
"matchCriteriaId": "1536DB45-9A42-4549-A10E-FDBB6693DF17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.3:r1:*:*:*:*:*:*",
"matchCriteriaId": "51FF66C9-9415-4EAD-8F19-D5E067336885"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.3:r3:*:*:*:*:*:*",
"matchCriteriaId": "8BBC1E81-0A2A-4166-BFA6-2B866B4F8AE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r1:*:*:*:*:*:*",
"matchCriteriaId": "D73729EB-C679-4CED-9F36-212B0581EC22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r2:*:*:*:*:*:*",
"matchCriteriaId": "14B481E8-D887-408F-B892-D2939CD037AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.4:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "3EB8380F-D229-4AF0-B27C-47760F843E48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.5:r1:*:*:*:*:*:*",
"matchCriteriaId": "CB4B1ED6-38AD-44F8-9B77-2D6924E8A20E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.5:r2.1:*:*:*:*:*:*",
"matchCriteriaId": "28A9318A-0D4D-4EF1-998B-4A82A1AB63F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:policy_secure:22.6:r1:*:*:*:*:*:*",
"matchCriteriaId": "56C7542D-3520-4E4D-936C-5295068C4CD7"
}
]
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US",
"source": "support@hackerone.com"
"source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-221xx/CVE-2024-22125.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22125",
"sourceIdentifier": "cna@sap.com",
"published": "2024-01-09T02:15:46.413",
"lastModified": "2024-01-09T14:01:44.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:42:36.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -40,8 +60,18 @@
},
"weaknesses": [
{
"source": "cna@sap.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@sap.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:gui_connector:1.0:*:*:*:*:edge:*:*",
"matchCriteriaId": "010E2CD3-0646-4B66-81CA-EDF907CE0090"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3386378",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
]
}
]
}

71
CVE-2024/CVE-2024-222xx/CVE-2024-22206.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2024-22206",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-12T20:15:47.420",
"lastModified": "2024-01-12T20:15:47.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-287"
},
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://clerk.com/changelog/2024-01-12",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg",
"source": "security-advisories@github.com"
}
]
}

57
CVE-2024/CVE-2024-223xx/CVE-2024-22370.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22370",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-01-09T10:15:23.113",
"lastModified": "2024-01-09T14:01:44.900",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-12T19:29:18.790",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cve@jetbrains.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve@jetbrains.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jetbrains:youtrack:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2023.3.22666",
"matchCriteriaId": "D35EE752-175F-4166-90AE-028B79B94C80"
}
]
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
"source": "cve@jetbrains.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-12T19:00:32.571309+00:00
2024-01-12T21:00:27.409864+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-12T18:56:43.137000+00:00
2024-01-12T20:50:42.863000+00:00
```
### Last Data Feed Release
@ -29,51 +29,60 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235775
235791
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `16`
* [CVE-2023-28899](CVE-2023/CVE-2023-288xx/CVE-2023-28899.json) (`2024-01-12T17:15:09.000`)
* [CVE-2023-31036](CVE-2023/CVE-2023-310xx/CVE-2023-31036.json) (`2024-01-12T17:15:09.183`)
* [CVE-2023-46805](CVE-2023/CVE-2023-468xx/CVE-2023-46805.json) (`2024-01-12T17:15:09.530`)
* [CVE-2024-0461](CVE-2024/CVE-2024-04xx/CVE-2024-0461.json) (`2024-01-12T17:15:09.780`)
* [CVE-2024-21887](CVE-2024/CVE-2024-218xx/CVE-2024-21887.json) (`2024-01-12T17:15:10.017`)
* [CVE-2024-0462](CVE-2024/CVE-2024-04xx/CVE-2024-0462.json) (`2024-01-12T18:15:46.687`)
* [CVE-2024-0463](CVE-2024/CVE-2024-04xx/CVE-2024-0463.json) (`2024-01-12T18:15:46.913`)
* [CVE-2010-10011](CVE-2010/CVE-2010-100xx/CVE-2010-10011.json) (`2024-01-12T20:15:46.833`)
* [CVE-2023-31024](CVE-2023/CVE-2023-310xx/CVE-2023-31024.json) (`2024-01-12T19:15:09.397`)
* [CVE-2023-31025](CVE-2023/CVE-2023-310xx/CVE-2023-31025.json) (`2024-01-12T19:15:09.627`)
* [CVE-2023-31029](CVE-2023/CVE-2023-310xx/CVE-2023-31029.json) (`2024-01-12T19:15:09.847`)
* [CVE-2023-31030](CVE-2023/CVE-2023-310xx/CVE-2023-31030.json) (`2024-01-12T19:15:10.067`)
* [CVE-2023-31031](CVE-2023/CVE-2023-310xx/CVE-2023-31031.json) (`2024-01-12T19:15:10.257`)
* [CVE-2023-31032](CVE-2023/CVE-2023-310xx/CVE-2023-31032.json) (`2024-01-12T19:15:10.490`)
* [CVE-2023-31033](CVE-2023/CVE-2023-310xx/CVE-2023-31033.json) (`2024-01-12T19:15:10.680`)
* [CVE-2023-31034](CVE-2023/CVE-2023-310xx/CVE-2023-31034.json) (`2024-01-12T19:15:10.867`)
* [CVE-2023-31035](CVE-2023/CVE-2023-310xx/CVE-2023-31035.json) (`2024-01-12T19:15:11.057`)
* [CVE-2023-6683](CVE-2023/CVE-2023-66xx/CVE-2023-6683.json) (`2024-01-12T19:15:11.480`)
* [CVE-2024-0464](CVE-2024/CVE-2024-04xx/CVE-2024-0464.json) (`2024-01-12T19:15:11.777`)
* [CVE-2024-0465](CVE-2024/CVE-2024-04xx/CVE-2024-0465.json) (`2024-01-12T19:15:12.577`)
* [CVE-2024-0466](CVE-2024/CVE-2024-04xx/CVE-2024-0466.json) (`2024-01-12T19:15:12.920`)
* [CVE-2024-0467](CVE-2024/CVE-2024-04xx/CVE-2024-0467.json) (`2024-01-12T20:15:47.177`)
* [CVE-2024-22206](CVE-2024/CVE-2024-222xx/CVE-2024-22206.json) (`2024-01-12T20:15:47.420`)
### CVEs modified in the last Commit
Recently modified CVEs: `40`
Recently modified CVEs: `44`
* [CVE-2024-21735](CVE-2024/CVE-2024-217xx/CVE-2024-21735.json) (`2024-01-12T17:04:39.470`)
* [CVE-2024-0459](CVE-2024/CVE-2024-04xx/CVE-2024-0459.json) (`2024-01-12T17:06:09.020`)
* [CVE-2024-0460](CVE-2024/CVE-2024-04xx/CVE-2024-0460.json) (`2024-01-12T17:06:09.020`)
* [CVE-2024-22492](CVE-2024/CVE-2024-224xx/CVE-2024-22492.json) (`2024-01-12T17:06:09.020`)
* [CVE-2024-22493](CVE-2024/CVE-2024-224xx/CVE-2024-22493.json) (`2024-01-12T17:06:09.020`)
* [CVE-2024-22494](CVE-2024/CVE-2024-224xx/CVE-2024-22494.json) (`2024-01-12T17:06:09.020`)
* [CVE-2024-21325](CVE-2024/CVE-2024-213xx/CVE-2024-21325.json) (`2024-01-12T17:12:13.297`)
* [CVE-2024-21320](CVE-2024/CVE-2024-213xx/CVE-2024-21320.json) (`2024-01-12T17:14:04.587`)
* [CVE-2024-21318](CVE-2024/CVE-2024-213xx/CVE-2024-21318.json) (`2024-01-12T17:14:15.673`)
* [CVE-2024-21651](CVE-2024/CVE-2024-216xx/CVE-2024-21651.json) (`2024-01-12T17:15:18.467`)
* [CVE-2024-0347](CVE-2024/CVE-2024-03xx/CVE-2024-0347.json) (`2024-01-12T18:19:54.523`)
* [CVE-2024-0343](CVE-2024/CVE-2024-03xx/CVE-2024-0343.json) (`2024-01-12T18:46:17.137`)
* [CVE-2024-21316](CVE-2024/CVE-2024-213xx/CVE-2024-21316.json) (`2024-01-12T18:46:35.587`)
* [CVE-2024-21314](CVE-2024/CVE-2024-213xx/CVE-2024-21314.json) (`2024-01-12T18:46:46.123`)
* [CVE-2024-21313](CVE-2024/CVE-2024-213xx/CVE-2024-21313.json) (`2024-01-12T18:46:52.687`)
* [CVE-2024-21312](CVE-2024/CVE-2024-213xx/CVE-2024-21312.json) (`2024-01-12T18:46:59.347`)
* [CVE-2024-21311](CVE-2024/CVE-2024-213xx/CVE-2024-21311.json) (`2024-01-12T18:47:05.760`)
* [CVE-2024-21310](CVE-2024/CVE-2024-213xx/CVE-2024-21310.json) (`2024-01-12T18:47:12.043`)
* [CVE-2024-21309](CVE-2024/CVE-2024-213xx/CVE-2024-21309.json) (`2024-01-12T18:47:19.217`)
* [CVE-2024-21307](CVE-2024/CVE-2024-213xx/CVE-2024-21307.json) (`2024-01-12T18:47:46.490`)
* [CVE-2024-21306](CVE-2024/CVE-2024-213xx/CVE-2024-21306.json) (`2024-01-12T18:47:54.860`)
* [CVE-2024-21305](CVE-2024/CVE-2024-213xx/CVE-2024-21305.json) (`2024-01-12T18:48:04.967`)
* [CVE-2024-20700](CVE-2024/CVE-2024-207xx/CVE-2024-20700.json) (`2024-01-12T18:48:17.423`)
* [CVE-2024-20698](CVE-2024/CVE-2024-206xx/CVE-2024-20698.json) (`2024-01-12T18:54:11.337`)
* [CVE-2024-20696](CVE-2024/CVE-2024-206xx/CVE-2024-20696.json) (`2024-01-12T18:55:51.773`)
* [CVE-2023-51971](CVE-2023/CVE-2023-519xx/CVE-2023-51971.json) (`2024-01-12T19:22:55.453`)
* [CVE-2023-6147](CVE-2023/CVE-2023-61xx/CVE-2023-6147.json) (`2024-01-12T19:40:20.017`)
* [CVE-2023-49235](CVE-2023/CVE-2023-492xx/CVE-2023-49235.json) (`2024-01-12T19:51:24.593`)
* [CVE-2023-6149](CVE-2023/CVE-2023-61xx/CVE-2023-6149.json) (`2024-01-12T19:55:38.860`)
* [CVE-2023-6148](CVE-2023/CVE-2023-61xx/CVE-2023-6148.json) (`2024-01-12T20:12:53.267`)
* [CVE-2023-50974](CVE-2023/CVE-2023-509xx/CVE-2023-50974.json) (`2024-01-12T20:25:04.120`)
* [CVE-2023-49236](CVE-2023/CVE-2023-492xx/CVE-2023-49236.json) (`2024-01-12T20:39:27.197`)
* [CVE-2023-20900](CVE-2023/CVE-2023-209xx/CVE-2023-20900.json) (`2024-01-12T20:41:42.680`)
* [CVE-2023-4753](CVE-2023/CVE-2023-47xx/CVE-2023-4753.json) (`2024-01-12T20:46:22.983`)
* [CVE-2023-46805](CVE-2023/CVE-2023-468xx/CVE-2023-46805.json) (`2024-01-12T20:46:59.220`)
* [CVE-2023-45992](CVE-2023/CVE-2023-459xx/CVE-2023-45992.json) (`2024-01-12T20:50:42.863`)
* [CVE-2024-20694](CVE-2024/CVE-2024-206xx/CVE-2024-20694.json) (`2024-01-12T19:07:21.457`)
* [CVE-2024-20692](CVE-2024/CVE-2024-206xx/CVE-2024-20692.json) (`2024-01-12T19:10:41.183`)
* [CVE-2024-20710](CVE-2024/CVE-2024-207xx/CVE-2024-20710.json) (`2024-01-12T19:14:08.107`)
* [CVE-2024-20711](CVE-2024/CVE-2024-207xx/CVE-2024-20711.json) (`2024-01-12T19:14:18.940`)
* [CVE-2024-20712](CVE-2024/CVE-2024-207xx/CVE-2024-20712.json) (`2024-01-12T19:14:30.933`)
* [CVE-2024-20713](CVE-2024/CVE-2024-207xx/CVE-2024-20713.json) (`2024-01-12T19:14:39.960`)
* [CVE-2024-0348](CVE-2024/CVE-2024-03xx/CVE-2024-0348.json) (`2024-01-12T19:21:36.473`)
* [CVE-2024-0462](CVE-2024/CVE-2024-04xx/CVE-2024-0462.json) (`2024-01-12T19:21:49.423`)
* [CVE-2024-0463](CVE-2024/CVE-2024-04xx/CVE-2024-0463.json) (`2024-01-12T19:21:49.423`)
* [CVE-2024-0213](CVE-2024/CVE-2024-02xx/CVE-2024-0213.json) (`2024-01-12T19:27:52.903`)
* [CVE-2024-22370](CVE-2024/CVE-2024-223xx/CVE-2024-22370.json) (`2024-01-12T19:29:18.790`)
* [CVE-2024-22125](CVE-2024/CVE-2024-221xx/CVE-2024-22125.json) (`2024-01-12T19:42:36.637`)
* [CVE-2024-0226](CVE-2024/CVE-2024-02xx/CVE-2024-0226.json) (`2024-01-12T20:04:24.130`)
* [CVE-2024-21887](CVE-2024/CVE-2024-218xx/CVE-2024-21887.json) (`2024-01-12T20:46:41.213`)
## Download and Usage