admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-15T05:00:24.770341+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-15 05:00:28 +00:00
parent 453d9059d1
commit fc583edee8
69 changed files with 12684 additions and 2803 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
CVE-2001/CVE-2001-09xx/CVE-2001-0950.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2001-0950",
"sourceIdentifier": "cve@mitre.org",
"published": "2001-12-04T05:00:00.000",
"lastModified": "2024-02-14T01:17:43.863",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-15T03:29:50.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -11,6 +11,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -44,7 +66,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
"value": "CWE-331"
}
]
}
@ -58,58 +80,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0325EEE5-AD5F-4262-A379-C6F4A8F6B4DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DC9EDA8D-1427-4FFB-B6E5-44296B945F1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "847A5CCA-A8A1-4B07-B60F-69E0E56E9384"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "27251C41-296E-4635-9727-37D661080994"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "474EF0B1-2D23-4149-A47B-F928DDB1F570"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D1DA047B-69A6-41D2-B98E-9753813F325F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5DB971CB-596A-4A53-A801-6934A64010E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "473714FE-2743-4144-8A02-29E5981A26D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E49EE460-3930-45ED-B5C3-E7C72CECE122"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8147DB94-C5FA-45FA-A601-3FF4D2F6C93E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:4.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D2FBC1CB-22E4-4C67-9EE5-547EA6B1673E"
"criteria": "cpe:2.3:a:valicert:enterprise_validation_authority:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.3",
"versionEndIncluding": "4.2.1",
"matchCriteriaId": "98A5D417-5C40-4C41-9736-ECD0E08983EF"
}
]
}
@ -119,13 +93,20 @@
"references": [
{
"url": "http://marc.info/?l=bugtraq&m=100749428517090&w=2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
]
},
{
"url": "http://www.securityfocus.com/bid/3618",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
]
},
@ -133,7 +114,10 @@
"url": "http://www.securityfocus.com/bid/3620",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Patch",
"Third Party Advisory",
"VDB Entry",
"Vendor Advisory"
]
},
@ -141,16 +125,24 @@
"url": "http://www.valicert.com/support/security_advisory_eva.html",
"source": "cve@mitre.org",
"tags": [
"URL Repurposed"
"Broken Link"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7651",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/7653",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

341
CVE-2008/CVE-2008-21xx/CVE-2008-2108.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2008-2108",
"sourceIdentifier": "cve@mitre.org",
"published": "2008-05-07T21:20:00.000",
"lastModified": "2018-10-11T20:39:27.873",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:29:57.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-189"
"value": "CWE-331"
}
]
}
@ -63,128 +85,81 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.4.7",
"matchCriteriaId": "25A322B4-9EBB-449F-A678-33BAD936A606"
"versionStartIncluding": "4.0.0",
"versionEndExcluding": "4.4.8",
"matchCriteriaId": "F6C219FD-2507-491C-B38F-777D1A626FEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5:*:*:*:*:*:*:*",
"matchCriteriaId": "6A7EED44-A15E-451F-BF5B-DB0BECA73C4A"
"criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0.0",
"versionEndExcluding": "5.2.5",
"matchCriteriaId": "77177C9F-D96D-4FA7-B8D4-079A4BF52546"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*",
"matchCriteriaId": "72E4DB7F-07C3-46BB-AAA2-05CD0312C57F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "E727CECE-E452-489A-A42F-5A069D6AF80E"
"criteria": "cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:*",
"matchCriteriaId": "743CBBB1-C140-4FEF-B40E-FAE4511B1140"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
"matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.0:beta2:*:*:*:*:*:*",
"matchCriteriaId": "149A1FB8-593E-412B-8E1C-3E560301D500"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*",
"matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.0:beta3:*:*:*:*:*:*",
"matchCriteriaId": "5D6E8982-D7AE-4A52-8F7C-A4D59D2A2CA4"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "295907B4-C3DE-4021-BE3B-A8826D4379E6"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
}
]
}
]
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DBC98F82-6E1D-4A89-8ED4-ECD9BD954EB4"
},
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "B881352D-954E-4FC0-9E42-93D02A3F3089"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "17437AED-816A-4CCF-96DE-8C3D0CC8DB2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74E7AE59-1CB0-4300-BBE0-109F909789EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9222821E-370F-4616-B787-CC22C2F4E7CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9809449F-9A76-4318-B233-B4C2950A6EA9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "0AA962D4-A4EC-4DC3-B8A9-D10941B92781"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8CDFEF9-C367-4800-8A2F-375C261FAE55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "16E43B88-1563-4EFD-9267-AE3E8C35D67A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "11E5715F-A8BC-49EF-836B-BB78E1BC0790"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5FA68843-158E-463E-B68A-1ACF041C4E10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1874F637-77E2-4C4A-BF92-AEE96A60BFB0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9592B32E-55CD-42D0-901E-8319823BC820"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BF34B5-F74C-4D56-9841-42452D60CB87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CD02D837-FD28-4E0F-93F8-25E8D1C84A99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "88358D1E-BE6F-4CE3-A522-83D1FA4739E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D8B97B03-7DA7-4A5F-89B4-E78CAB20DE17"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "86767200-6C9C-4C3E-B111-0E5BE61E197B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:php:php:5.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B00B416D-FF23-4C76-8751-26D305F0FA0F"
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7"
}
]
}
@ -196,95 +171,209 @@
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2008-05/0103.html",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
]
},
{
"url": "http://secunia.com/advisories/30757",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/30828",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/31119",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/31124",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/31200",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/32746",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/35003",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-200811-05.xml",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://securityreason.com/securityalert/3859",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.debian.org/security/2009/dsa-1789",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:125",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:126",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:127",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:128",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:129",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:130",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0505.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0544.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0545.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0546.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.redhat.com/support/errata/RHSA-2008-0582.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/archive/1/491683/100/0/threaded",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.sektioneins.de/advisories/SE-2008-02.txt",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Exploit"
]
},
{
"url": "http://www.ubuntu.com/usn/usn-628-1",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42226",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10844",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00773.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00779.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
}
]
}

57
CVE-2009/CVE-2009-21xx/CVE-2009-2158.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-2158",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-06-22T19:30:00.437",
"lastModified": "2018-10-10T19:39:22.617",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:30:05.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-255"
"value": "CWE-330"
}
]
}
@ -62,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:torrenttrader:torrenttrader_classic:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "9B591D51-69F4-4A00-85DD-CF5DCD197DCC"
"criteria": "cpe:2.3:a:torrenttrader_project:torrenttrader:1.09:*:*:*:*:*:*:*",
"matchCriteriaId": "610D011C-0FA6-458D-B67D-BE76C6B83BA9"
}
]
}
@ -73,13 +95,21 @@
"references": [
{
"url": "http://www.securityfocus.com/archive/1/504294/100/0/threaded",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/35369",
"source": "cve@mitre.org",
"tags": [
"Exploit"
"Broken Link",
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
@ -91,11 +121,20 @@
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51150",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.exploit-db.com/exploits/8958",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

1616
CVE-2009/CVE-2009-32xx/CVE-2009-3238.json
View File

File diff suppressed because it is too large Load Diff

109
CVE-2009/CVE-2009-32xx/CVE-2009-3278.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2009-3278",
"sourceIdentifier": "cve@mitre.org",
"published": "2009-09-21T19:30:00.610",
"lastModified": "2018-10-10T19:43:25.957",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:30:22.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,13 +70,14 @@
"description": [
{
"lang": "en",
"value": "CWE-310"
"value": "CWE-338"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
@ -62,33 +85,66 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:h:qnap:ts-239_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*",
"matchCriteriaId": "5EE9055C-121F-4DB7-8C31-0C25860EB956"
"criteria": "cpe:2.3:o:qnatp:ts-239_pro_firmware:2.1.7_0613:*:*:*:*:*:*:*",
"matchCriteriaId": "24362889-EC2F-4E43-B757-FD2C39A63F85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:qnap:ts-239_pro_turbo_nas:3.1.0_0627:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD938AD-4FF6-43F7-BDBA-C751DBE670F9"
"criteria": "cpe:2.3:o:qnatp:ts-239_pro_firmware:3.1.0_0627:*:*:*:*:*:*:*",
"matchCriteriaId": "A156A955-A7A3-4389-86AC-299D48C11430"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:qnap:ts-239_pro_turbo_nas:3.1.1_0815:*:*:*:*:*:*:*",
"matchCriteriaId": "5D3675EC-CB39-4D51-9D38-D921A67F5085"
"criteria": "cpe:2.3:o:qnatp:ts-239_pro_firmware:3.1.1_0815:*:*:*:*:*:*:*",
"matchCriteriaId": "16EF8F97-100F-4CD2-B1C9-A17B97B8ECF0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qnatp:ts-239_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BCEC0135-0A2D-4328-8F56-AECBE72E3428"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qnatp:ts-639_pro_firmware:2.1.7_0613:*:*:*:*:*:*:*",
"matchCriteriaId": "C768B53E-8FDF-490B-BFB2-30CCC1316166"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:qnap:ts-639_pro_turbo_nas:2.1.7_0613:*:*:*:*:*:*:*",
"matchCriteriaId": "8C6B1151-66DD-41AC-BCE2-076B72738CF0"
"criteria": "cpe:2.3:o:qnatp:ts-639_pro_firmware:3.1.0_0627:*:*:*:*:*:*:*",
"matchCriteriaId": "0B835D79-DFD0-493B-8612-C6F233F33298"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:qnap:ts-639_pro_turbo_nas:3.1.0_0627:*:*:*:*:*:*:*",
"matchCriteriaId": "8BE092C1-DE91-4DE2-90CB-7A3BD2B84B0A"
"criteria": "cpe:2.3:o:qnatp:ts-639_pro_firmware:3.1.1_0815:*:*:*:*:*:*:*",
"matchCriteriaId": "90E64A45-B3E4-4550-B7C9-C637D2C3C71A"
}
]
},
{
"vulnerable": true,
"criteria": "cpe:2.3:h:qnap:ts-639_pro_turbo_nas:3.1.1_0815:*:*:*:*:*:*:*",
"matchCriteriaId": "EF79B187-CD61-45B6-9D71-3C73D9490970"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qnatp:ts-639_pro:-:*:*:*:*:*:*:*",
"matchCriteriaId": "62E13A7B-8E1C-476E-A28D-94A376E678FC"
}
]
}
@ -96,6 +152,13 @@
}
],
"references": [
{
"url": "http://secunia.com/advisories/36793",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt",
"source": "cve@mitre.org",
@ -105,11 +168,21 @@
},
{
"url": "http://www.securityfocus.com/archive/1/506607/100/0/threaded",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securityfocus.com/bid/36467",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

348
CVE-2012/CVE-2012-00xx/CVE-2012-0037.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2012-0037",
"sourceIdentifier": "secalert@redhat.com",
"published": "2012-06-17T03:41:40.107",
"lastModified": "2023-02-13T03:24:12.830",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:22:33.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-611"
}
]
}
@ -62,19 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:openoffice.org:3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3E6F3D98-01D4-4A3C-A166-6BA96F46A77C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:openoffice.org:3.4:beta:*:*:*:*:*:*",
"matchCriteriaId": "092CAB2F-42F4-4F2D-AA1A-926DBBA93A91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redland:libraptor:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.0.6",
"matchCriteriaId": "C3F790D1-F4B1-4644-95ED-F0B621BB56F7"
"criteria": "cpe:2.3:a:librdf:raptor:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.7",
"matchCriteriaId": "FAA8084B-D726-4B05-B766-9BCB15B3B84D"
}
]
}
@ -88,53 +100,134 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6EC7F36-4505-425A-858A-7CC7E11FAEEA"
"criteria": "cpe:2.3:a:libreoffice:libreoffice:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.4.6",
"matchCriteriaId": "AC85B57C-F9E8-4266-A854-480A45ED3C25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "946A4315-09BD-4A88-82ED-F4922CD884CD"
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EA7346A-7B1F-4887-81D5-DE36F9273E49"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:openoffice:3.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1A3D8DF-2A27-4054-B748-F8F4B6C013F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2508E2-C2C0-4949-B69C-B610E2F2058B"
"criteria": "cpe:2.3:a:apache:openoffice:3.4.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "EBFF2F3E-67EB-4A54-BE16-9A8BC078781A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*",
"matchCriteriaId": "706C6399-CAD1-46E3-87A2-8DFE2CF497ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "126BF2A1-6E4A-4504-904F-3BDF4B2DC7EC"
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:gluster_storage_server_for_on-premise:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59D47E43-886E-4114-96A2-DBE719EA3A89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "59FA72B2-802F-4562-87C2-4C1E4C7E9EFD"
"criteria": "cpe:2.3:a:redhat:storage:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52B90A04-DD6D-4AE7-A0E5-6B381127D507"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "50BB322E-AE9A-4108-82BA-AAB8A57F2FC2"
"criteria": "cpe:2.3:a:redhat:storage_for_public_cloud:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0257753-51C3-45F2-BAA4-4C1F2DEAB7A6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A836FE3-A50E-4ADD-8BD9-8D12C92A85CA"
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6C94C91-2FD1-4AA6-89BC-677521F7617D"
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EE7CCA6E-2B1D-4270-AEB7-BE9820397163"
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C0554C89-3716-49F3-BFAE-E008D5E4E29C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:libreoffice:libreoffice:3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FDF24972-A9FD-4780-8399-859658D63A3C"
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6D0378-F0F4-4AAA-80AF-8287C790EC96"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"
}
]
}
@ -144,43 +237,141 @@
"references": [
{
"url": "http://blog.documentfoundation.org/2012/03/22/tdf-announces-libreoffice-3-4-6/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
]
},
{
"url": "http://librdf.org/raptor/RELEASE.html#rel2_0_7",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
]
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077708.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078242.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-0410.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-0411.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/48479",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/48493",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/48494",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/48526",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/48529",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/48542",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://secunia.com/advisories/48649",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/50692",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/60799",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://security.gentoo.org/glsa/glsa-201209-05.xml",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://vsecurity.com/resources/advisory/20120324-1/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.debian.org/security/2012/dsa-2438",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.gentoo.org/security/en/glsa/glsa-201408-19.xml",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.libreoffice.org/advisories/CVE-2012-0037/",
@ -191,43 +382,88 @@
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:061",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:062",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:063",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.openoffice.org/security/cves/CVE-2012-0037.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mitigation",
"Patch"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/03/27/4",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
]
},
{
"url": "http://www.osvdb.org/80307",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.securityfocus.com/bid/52681",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.securitytracker.com/id?1026837",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74235",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/dajobe/raptor/commit/a676f235309a59d4aa78eeffd2574ae5d341fcb0",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "https://lists.apache.org/thread.html/re0504f08000df786e51795940501e81a5d0ae981ecca68141e87ece0%40%3Ccommits.openoffice.apache.org%3E",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
}
]
}

123
CVE-2012/CVE-2012-22xx/CVE-2012-2239.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2012-2239",
"sourceIdentifier": "security@debian.org",
"published": "2012-11-24T20:55:02.087",
"lastModified": "2013-02-08T04:50:03.830",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:19:58.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-94"
"value": "CWE-611"
}
]
}
@ -62,78 +84,32 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "894C07CE-BDF4-4652-9591-6DB6877582F2"
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.4.0",
"versionEndExcluding": "1.4.4",
"matchCriteriaId": "611F8B3B-24B5-48F5-8B00-34D963456F31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D4D278FD-9892-4B8F-BB0C-9E2323F7B9DB"
"criteria": "cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.5.0",
"versionEndExcluding": "1.5.3",
"matchCriteriaId": "9347221B-9020-44E1-B9E7-13C95FBD8633"
}
]
}
]
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E59B9197-F3A7-48FE-B4EB-66E77477F119"
},
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "76ADB798-ECDF-400A-812B-8DA40DE652B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc3:*:*:*:*:*:*",
"matchCriteriaId": "621775F5-0256-4D4E-8F75-74F116029346"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.4:rc4:*:*:*:*:*:*",
"matchCriteriaId": "06BD6041-32C5-4470-A710-E8ACDD90A719"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E564972A-F44F-4935-BE50-8CB8A3F6483A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A782949D-9F8D-4852-AA20-5E866C895CEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E05D9E1E-E2EE-43C4-993A-F140B83493AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DF97D77B-B448-407C-A545-F939C1C75B4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "78E1C65F-C3F8-41B3-BFE5-9DB40B0FF7C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "9DB9744B-7694-41D9-B1A7-184AF5B90B9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF1351BA-7AF2-4675-9BC3-6AB9786A361D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1ECA8058-4E47-45CC-98FB-66F1635D4EB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mahara:mahara:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82CA353E-6A25-4170-B32C-E06F0FFC0AE8"
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"
}
]
}
@ -143,11 +119,18 @@
"references": [
{
"url": "http://www.debian.org/security/2012/dsa-2591",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://bugs.launchpad.net/mahara/+bug/1047111",
"source": "security@debian.org"
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://mahara.org/interaction/forum/topic.php?id=4869",

566
CVE-2012/CVE-2012-33xx/CVE-2012-3363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2012-3363",
"sourceIdentifier": "secalert@redhat.com",
"published": "2013-02-13T17:55:01.320",
"lastModified": "2013-12-05T05:15:32.033",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:20:09.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
"value": "CWE-611"
}
]
}
@ -62,444 +84,11 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C42B4F3-D79C-42DE-B86C-9E7612E71661"
"criteria": "cpe:2.3:a:zend:zend_framework:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.11.12",
"matchCriteriaId": "68B94C54-4E8F-4D13-9D0A-3E912D3E4545"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "536CC39B-D305-492F-892C-6431BD7BA95F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "17673E8C-CB65-447E-8A6B-1083E6E77B42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc2a:*:*:*:*:*:*",
"matchCriteriaId": "CA85105D-B9FB-4147-87B7-4F4DD0324AE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "99C549AF-2C59-4D8E-B651-EA630C3B2975"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "50EF804C-102C-47F5-A85A-63EAA7EF9BAB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B648466-36AD-4EC0-BDE1-C976F697D58F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5C9DCE27-D2D1-4329-88F5-911DA763469C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1417EB1F-5342-443B-AC81-3256FCCE1BFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ECA9145E-8B8C-4822-A1FC-A891DF92FD0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:pl:*:*:*:*:*:*",
"matchCriteriaId": "BE686B51-76FB-442F-94BE-60E95CFF67AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:pr:*:*:*:*:*:*",
"matchCriteriaId": "2F9BD7D0-C975-4E7E-BCD1-C7FB52B1D5E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BE350CD6-54CA-4BDF-9327-60F872098D68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E3603D2F-91FE-4B12-A5BC-2F63E1612A39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "04524F0F-6C21-4670-9B2C-A3B06C151799"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD97A6-336A-4B8A-AFC5-C9EA1DDCCC8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3B636257-9941-4997-9525-F8C5A920AB8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "118C20B5-FC8D-4EBF-A7D7-975A568A31BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7CEB67E5-D7D9-443A-9176-3104A9C068AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "20C61B54-2D08-45FD-A10A-34AD50EC3BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "1FD68242-67DB-4C1D-8265-7839976DBCEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "9C32036E-14BC-48AE-92A4-9DDCC96EC557"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F965C4F5-5F12-42CF-B120-758205E0E050"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "531B7A51-2B4C-4A50-A8C8-D81040FF6E31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16D75279-B5A8-4C82-B2C0-C58DEF56A086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:pl1:*:*:*:*:*:*",
"matchCriteriaId": "EE99D584-E652-4B9F-BD2E-45A167B1524C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.0:pr:*:*:*:*:*:*",
"matchCriteriaId": "0EE1CCE3-4AD0-4ABD-B4C9-5390F9CDB37F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57D97342-CF37-486E-A3C9-FBA000F5A041"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "819E0C25-1413-4532-9427-24520E23C07B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F9A96DF1-81D9-4BD3-9E62-CEECE377406D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.3:pl1:*:*:*:*:*:*",
"matchCriteriaId": "744FEDE8-5825-4C5C-887D-9ADCC9183AA2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DF957F4D-FDFD-419B-AD2B-02E572A3BA9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "000BAA0C-6546-4DEC-8B85-146508C19F5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "429128C9-689E-49EA-BD8C-138FC337AB08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2096048C-7E4A-415E-AEBF-9AB7E8BCE894"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9B72E45D-E298-45BD-9EE5-127D3EFEC17C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "07D06D35-CE63-456D-A970-5AE663175E8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "11459424-1BA2-44D0-B831-92BE6E2664E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "FACC0F56-C6CB-4BC7-946E-8077B2C90B2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "BB4F6AA5-8320-4451-9C8C-02D68FE4CA3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A847F7F6-18EF-44FB-9153-BD7D3223D6ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EBE53880-D68C-49CB-BFE7-D1806AAD5C6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45B7421E-E0C4-4594-AE81-4F3811CAAB33"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1EABF4FA-D4A6-4C82-BF9C-A828B906F499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.4:pl1:*:*:*:*:*:*",
"matchCriteriaId": "1EA1EBE6-0E18-44FA-BE72-D6512E7409B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9F10191E-9EF7-47B8-9CDC-FCFE47AEFE50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3E24C3-21CC-4ED2-8669-5D94BD5D99AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:a1:*:*:*:*:*:*",
"matchCriteriaId": "075019DE-CC38-4DFF-B869-5884A7AC9000"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "81CC10E4-37A8-4BAD-AC6D-EAD3A7E70CD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "8B3E9C9A-E12F-43EC-9134-4EFF2BA6B4D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "75B01DA0-E43B-456F-98CB-B806E3A54E94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DD3BA6AE-8D0D-48C4-82C2-90164113232A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4C405425-36E0-458C-9EB8-760703DF39DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.3:pl1:*:*:*:*:*:*",
"matchCriteriaId": "1E3911A0-F189-488A-9246-BA8B1CF9B8CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "CAC94846-2345-4A62-8E57-AC7EAFCD05D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8074B0AD-C349-4BAC-9076-DD08893F5574"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "18F43C9F-1EE9-4B77-AD35-EB1286BED2EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "557E4E4E-0022-4EEA-A08D-BFE2392147EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "7AC4C9BC-B0FC-4050-B998-5DB523C26EE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C844B367-8CE3-4347-B822-FA74D29E87C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "0AAF2D17-6E72-4E27-B94B-397DB9C3A682"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "CF93FB2E-0F51-4EE0-9A29-91B2A2311FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "528D7214-C4EE-40D9-83CF-F9B81382F257"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "78EAC4C3-D9D3-4F3C-A56E-C434F15860CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6322EB6C-3CAD-4E61-AC47-FDB416F9BAEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5A341606-0AD5-442B-BEF3-D8246402CE00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6F033605-4770-453C-9C8D-48AB36B93F23"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7CF3E847-EF03-4B57-B54F-01E2D4DA2261"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "A5E7A156-6F31-48D6-B1A7-991CDC120602"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6AC72907-188E-4B2B-AA08-482A98227961"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "AB1E9C46-CF7B-4142-A178-C21EB3E4C844"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.10.9:*:*:*:*:*:*:*",
"matchCriteriaId": "0227AEB0-4C45-4744-8501-B20F7B4254D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A033B19-5C9B-4948-88C6-9B8E69135112"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:b1:*:*:*:*:*:*",
"matchCriteriaId": "D5B221F8-CF2D-4994-87D9-57375D0942DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E8BCCB2A-7873-4027-AECE-024EF7A71E60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "81773611-D93F-4A8A-AE36-BEE60385F39B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2AAF5871-E892-4EDE-8845-E3633E10F733"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "99D5C2A0-11C8-458A-910F-58E7F39243C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE49C5F9-1C3D-44FD-831D-663013EDFA30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B338FCC6-506F-468D-9551-B7FA22D31BD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "687ABF79-8F2F-4E5F-BF2A-42AD4F60C178"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "82E96CB5-E6F8-4163-8A95-B72C243FF133"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "5F486B0E-45D9-4B15-B4B7-1C35C3B9A8C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.9:*:*:*:*:*:*:*",
"matchCriteriaId": "A751B994-80CF-475C-AFCC-C3645A4B2BF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F25F13A3-867D-4D79-8B7B-9771D3DB0540"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.11.11:*:*:*:*:*:*:*",
"matchCriteriaId": "64C08E10-14D4-4ACE-9064-8322A09773C0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zend:zend_framework:1.12.0:rc1:*:*:*:*:*:*",
@ -523,56 +112,129 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA9D861-3EAF-42F5-B0B6-A4CD7BDD6188"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*",
"matchCriteriaId": "E14271AE-1309-48F3-B9C6-D7DEEC488279"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"
}
]
}
]
}
],
"references": [
{
"url": "http://framework.zend.com/security/advisory/ZF2012-01",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34284",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://openwall.com/lists/oss-security/2013/03/25/2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.debian.org/security/2012/dsa-2505",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/06/26/4",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/06/27/2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.securitytracker.com/id?1027208",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://moodle.org/mod/forum/discuss.php?d=225345",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.sec-consult.com/files/20120626-0_zend_framework_xxe_injection.txt",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
}
]
}

389
CVE-2012/CVE-2012-34xx/CVE-2012-3489.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2012-3489",
"sourceIdentifier": "secalert@redhat.com",
"published": "2012-10-03T21:55:00.813",
"lastModified": "2013-10-10T19:23:41.817",
"lastModified": "2024-02-15T03:22:42.770",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-20"
"value": "CWE-611"
}
]
}
@ -62,48 +84,31 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2DD4DE67-9E3C-4F79-8AAB-344C1C46C618"
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.3.0",
"versionEndExcluding": "8.3.20",
"matchCriteriaId": "DC9F6237-F38D-4EB0-95EB-5209D05994CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CCB718D2-97AA-4D61-AA4B-2216EEF55F67"
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.4.0",
"versionEndExcluding": "8.4.13",
"matchCriteriaId": "C07C667D-726E-4E7C-848D-5EE8749B7F87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "605C06BF-54A0-40F8-A01E-8641B4A83035"
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.9",
"matchCriteriaId": "B8674F6A-2AD2-4687-9733-47348BC25C78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1F1F5B75-78D5-408E-8148-CA23DCED9CBB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "88DE8C27-0E0A-4428-B25D-054D4FC6FEA8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "F609DDE4-0858-4F83-B8E6-7870196E21CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "349F02AF-013E-4264-9717-010293A3D6E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "047926F2-846A-4870-9640-9A4F2804D71B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0165D8-0BFA-4D46-95A3-45A03DC086FB"
"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.5",
"matchCriteriaId": "13E098C4-9AAD-4F9C-AB51-D025F3A71A15"
}
]
}
@ -117,28 +122,18 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4796DBEC-FF4F-4749-90D5-AD83D8B5E086"
"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "79108278-D644-4506-BD9C-F464C6E817B7"
"criteria": "cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EBB2C482-D2A4-48B3-ACE7-E1DFDCC409B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "10CF0AA0-41CD-4D50-BA7A-BF8846115C95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "965E1A9D-BB23-4C0B-A9CA-54A1855055B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A1F37C66-0AFE-4D59-8867-BDBCE656774E"
"criteria": "cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D806A17E-B8F9-466D-807D-3F1E77603DC8"
}
]
}
@ -152,103 +147,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A2A705DF-3654-427F-8B11-62DB0B6C9813"
"criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.7.0",
"versionEndIncluding": "10.7.5",
"matchCriteriaId": "9BF245F9-84B9-4269-B17F-DBC49715B674"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "05AD5D33-86F4-4BFF-BA84-02AA1347BEEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "02FDCF30-D0F7-48AA-9633-9CC060495F47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "788975F6-B3F1-4C21-B963-6BA59F14B71C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E6713D96-338B-4467-9F05-3153997F62E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "01EB1A77-92AD-47FB-8290-D05C9B6C19C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "74857259-30C7-422D-A24D-BE1E33F09466"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*",
"matchCriteriaId": "CD80066B-787E-496B-88FD-F0AE291468C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88C9F0AB-A125-4DCD-A02B-E04D4D95FB5D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*",
"matchCriteriaId": "8FF13F89-F4C3-43EC-A36A-2F9283E923B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F2631F09-73DD-4A28-8082-3939D89DDBE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "82DDE9E7-EBF9-452B-8380-F9E87CF30ACA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "4BAE68CF-198D-4F01-92F3-4DED7E50ACA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "EF798CBC-C8BB-4F88-A927-B385A0DD8F19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "BF8F568F-7D23-4553-95C5-C7C6B6584EB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "A1DB64EA-DE7B-4CA4-8121-90612409152D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*",
"matchCriteriaId": "7A932403-9187-471B-BE65-4B6907D57D1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC6D76B-EF54-4F03-84BB-4CEAE31C4FFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.18:*:*:*:*:*:*:*",
"matchCriteriaId": "FE4CDA93-AEF6-489E-A5A1-BDC62BC9707B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.3.19:*:*:*:*:*:*:*",
"matchCriteriaId": "6866FCCB-1E43-4D8A-BC89-F06CB7A904B5"
"criteria": "cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A557D31B-4614-41E0-85EA-804C2DDF4919"
}
]
}
@ -262,68 +169,88 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F30CA60-0A82-45CD-8044-CE245393593D"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
"matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C991F71-1E27-47A6-97DC-424FC3EF6011"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
"matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5740C7AA-1772-41D8-9851-3E3669CD8521"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*",
"matchCriteriaId": "EF49D26F-142E-468B-87C1-BABEA445255C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "970338CD-A680-4DD0-BD27-459B0DDA4002"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A99C579D-44C0-40A4-A4EB-CBCF40D0C2FA"
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
"matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3E9E57FA-5EAE-4698-992D-146C6310E0B8"
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C66CDEC1-FB2E-49B7-A8BE-38E43C8ED652"
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8382A145-CDD9-437E-9DE7-A349956778B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87DF2937-9C51-4768-BAB1-901BCA636ADD"
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "515C0ECD-2D95-4B6E-8E2F-DAF94E4A310F"
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "EA0EB754-7A71-40FA-9EAD-44914EB758C3"
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1089D316-D5A3-4F2D-9E52-57FD626A1D06"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F17D9158-E85A-4436-9180-E8546CF8F290"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:postgresql:postgresql:8.4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "64CBBE6E-8FDA-46AD-96A9-8C6CFFE97ABC"
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A"
}
]
}
@ -333,31 +260,80 @@
"references": [
{
"url": "http://lists.apple.com/archives/security-announce/2013/Mar/msg00002.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2012-09/msg00102.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00013.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00024.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://rhn.redhat.com/errata/RHSA-2012-1263.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/50635",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/50718",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/50859",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://secunia.com/advisories/50946",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.debian.org/security/2012/dsa-2534",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:139",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
},
{
"url": "http://www.postgresql.org/about/news/1407/",
@ -368,42 +344,71 @@
},
{
"url": "http://www.postgresql.org/docs/8.3/static/release-8-3-20.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
]
},
{
"url": "http://www.postgresql.org/docs/8.4/static/release-8-4-13.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
]
},
{
"url": "http://www.postgresql.org/docs/9.0/static/release-9-0-9.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
]
},
{
"url": "http://www.postgresql.org/docs/9.1/static/release-9-1-5.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Release Notes"
]
},
{
"url": "http://www.postgresql.org/support/security/",
"source": "secalert@redhat.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "http://www.securityfocus.com/bid/55074",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.ubuntu.com/usn/USN-1542-1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_postgresql2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=849173",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Release Notes"
]
}
]
}

137
CVE-2012/CVE-2012-43xx/CVE-2012-4399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2012-4399",
"sourceIdentifier": "secalert@redhat.com",
"published": "2012-10-09T23:55:05.047",
"lastModified": "2013-07-30T06:28:26.270",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:23:23.083",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,6 +15,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -48,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-264"
"value": "CWE-611"
}
]
}
@ -62,73 +84,17 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A132241C-AD45-4B94-B635-7335626A38C2"
"criteria": "cpe:2.3:a:cakefoundation:cakephp:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.1.5",
"matchCriteriaId": "8014FFA3-4C7C-49FE-BEA6-FB746217648F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.1.0:alpha:*:*:*:*:*:*",
"matchCriteriaId": "58594880-3167-4500-A220-A52510C693B4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.1.0:beta:*:*:*:*:*:*",
"matchCriteriaId": "0A5254CA-87B6-41C5-B161-DACB1ECFEF8F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.1.0:rc:*:*:*:*:*:*",
"matchCriteriaId": "283C18C4-73D1-4C6F-8F49-E46F101D8B6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2687D928-1EFC-4CC9-B1E5-8743CEB4181C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AE9B9462-D5FB-4CC3-B66F-2A6A9ED34F0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BE74D59F-9B93-4B13-91A3-89646F5139D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8F54C563-8636-41F5-82D8-52AB50A0BC79"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "54FC48C5-3075-4027-8446-55CE11E8B747"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.2.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B7051D89-8F28-4002-8DD1-35D2795685A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.2.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0F42E684-5043-4B9E-90F6-A1AA01C5A3FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cakefoundation:cakephp:2.2.0-beta:*:*:*:*:*:*:*",
"matchCriteriaId": "B326B3D2-0886-46E7-AC89-46924D625E09"
"criteria": "cpe:2.3:a:cakefoundation:cakephp:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.2.1",
"matchCriteriaId": "14D77E0C-4AB9-4542-AD3C-7EE88550E11E"
}
]
}
@ -140,6 +106,7 @@
"url": "http://bakery.cakephp.org/articles/markstory/2012/07/14/security_release_-_cakephp_2_1_5_2_2_1",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
@ -147,20 +114,48 @@
"url": "http://seclists.org/bugtraq/2012/Jul/101",
"source": "secalert@redhat.com",
"tags": [
"Exploit"
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://secunia.com/advisories/49900",
"source": "secalert@redhat.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
},
{
"url": "http://www.exploit-db.com/exploits/19863",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/09/03/1",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2012/09/03/2",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.osvdb.org/84042",
"source": "secalert@redhat.com",
"tags": [
"Broken Link"
]
}
]
}

17
CVE-2017/CVE-2017-160xx/CVE-2017-16021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-16021",
"sourceIdentifier": "support@hackerone.com",
"published": "2018-06-04T19:29:01.303",
"lastModified": "2019-10-09T23:24:37.190",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:20:20.787",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -70,7 +70,7 @@
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "CWE-1333"
}
]
},
@ -94,9 +94,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:uri-js_project:uri-js:*:*:*:*:*:node.js:*:*",
"criteria": "cpe:2.3:a:garycourt:uri-js:*:*:*:*:*:node.js:*:*",
"versionEndIncluding": "2.1.1",
"matchCriteriaId": "4D232A18-BBA2-4094-B9A8-B08A6AD4EB99"
"matchCriteriaId": "540B9C87-F30C-4317-8B31-F95A5429BBCF"
}
]
}
@ -117,6 +117,7 @@
"url": "https://nodesecurity.io/advisories/100",
"source": "support@hackerone.com",
"tags": [
"Broken Link",
"Third Party Advisory"
]
}

4
CVE-2020/CVE-2020-110xx/CVE-2020-11053.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-11053",
"sourceIdentifier": "security-advisories@github.com",
"published": "2020-05-07T21:15:11.530",
"lastModified": "2020-05-13T15:34:52.737",
"lastModified": "2024-02-15T03:20:26.743",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -128,7 +128,7 @@
"url": "https://github.com/oauth2-proxy/oauth2-proxy/security/advisories/GHSA-j7px-6hwj-hpjg",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
"Vendor Advisory"
]
}
]

7
CVE-2022/CVE-2022-302xx/CVE-2022-30260.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-30260",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-12-26T06:15:10.947",
"lastModified": "2023-01-05T18:00:02.403",
"lastModified": "2024-02-15T03:19:09.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Emerson DeltaV Distributed Control System (DCS) has insufficient verification of firmware integrity (an inadequate checksum approach, and no signature). This affects versions before 14.3 of DeltaV M-series, DeltaV S-series, DeltaV P-series, DeltaV SIS, and DeltaV CIOC/EIOC/WIOC IO cards."
},
{
"lang": "es",
"value": "Emerson DeltaV Distributed Control System (DCS) tiene una verificaci\u00f3n insuficiente de la integridad del firmware (un m\u00e9todo de suma de verificaci\u00f3n inadecuado y sin firma). Esto afecta a las versiones anteriores a la 14.3 de las tarjetas DeltaV serie M, DeltaV serie S, DeltaV serie P, DeltaV SIS y DeltaV CIOC/EIOC/WIOC IO."
}
],
"metrics": {
@ -733,6 +737,7 @@
"url": "https://www.forescout.com/blog/",
"source": "cve@mitre.org",
"tags": [
"Not Applicable",
"Third Party Advisory"
]
}

2
CVE-2022/CVE-2022-302xx/CVE-2022-30272.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-30272",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-07-26T23:15:08.217",
"lastModified": "2022-08-02T20:11:04.363",
"lastModified": "2024-02-15T03:19:02.693",
"vulnStatus": "Analyzed",
"descriptions": [
{

7902
CVE-2023/CVE-2023-280xx/CVE-2023-28063.json
View File

File diff suppressed because it is too large Load Diff

72
CVE-2023/CVE-2023-323xx/CVE-2023-32341.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-32341",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:08.033",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:40:13.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling B2B Integrator 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 could allow an authenticated user to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 255827."
},
{
"lang": "es",
"value": "IBM Sterling B2B Integrator 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.3 podr\u00eda permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio debido al consumo incontrolado de recursos. ID de IBM X-Force: 255827."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,48 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255827",
"source": "psirt@us.ibm.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*",
"versionStartIncluding": "6.0.0.0",
"versionEndIncluding": "6.0.3.8",
"matchCriteriaId": "6FEEBB69-BA4A-4430-B953-8EC6FBA54BFA"
},
{
"url": "https://www.ibm.com/support/pages/node/7116081",
"source": "psirt@us.ibm.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*",
"versionStartIncluding": "6.1.0.0",
"versionEndIncluding": "6.1.2.3",
"matchCriteriaId": "9C59F530-4249-4C1F-9C91-FE2C3C811585"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/255827",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7116081",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-402xx/CVE-2023-40262.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40262",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T23:15:09.683",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:33:52.467",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows unauthenticated Stored Cross-Site Scripting (XSS) in the administration component via Access Request."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Atos Unify OpenScape Voice Trace Manager V8 anterior a V8 R0.9.11. Permite cross-site scripting (XSS) no autenticado almacenado en el componente de administraci\u00f3n a trav\u00e9s de una solicitud de acceso."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unify:openscape_voice_trace_manager_v8:*:*:*:*:*:*:*:*",
"versionEndExcluding": "r0.9.11",
"matchCriteriaId": "7E89D865-6067-4452-B1D0-FBA3C917D153"
}
]
}
]
}
],
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-402xx/CVE-2023-40263.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2023-40263",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T23:15:09.730",
"lastModified": "2024-02-09T01:37:59.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:33:23.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Atos Unify OpenScape Voice Trace Manager V8 before V8 R0.9.11. It allows authenticated command injection via ftp."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Atos Unify OpenScape Voice Trace Manager V8 anterior a V8 R0.9.11. Permite la inyecci\u00f3n de comandos autenticados a trav\u00e9s de ftp."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:unify:openscape_voice_trace_manager_v8:*:*:*:*:*:*:*:*",
"versionEndExcluding": "r0.9.11",
"matchCriteriaId": "7E89D865-6067-4452-B1D0-FBA3C917D153"
}
]
}
]
}
],
"references": [
{
"url": "https://networks.unify.com/security/advisories/OBSO-2305-02.pdf",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2023/CVE-2023-420xx/CVE-2023-42016.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-42016",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:08.260",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:40:30.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.8 and 6.1.0.0 through 6.1.2.3 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 265559."
},
{
"lang": "es",
"value": "IBM Sterling B2B Integrator Standard Edition 6.0.0.0 a 6.0.3.8 y 6.1.0.0 a 6.1.2.3 no establece el atributo seguro en tokens de autorizaci\u00f3n o cookies de sesi\u00f3n. Los atacantes pueden obtener los valores de las cookies enviando un enlace http:// a un usuario o colocando este enlace en un sitio al que accede el usuario. La cookie se enviar\u00e1 al enlace inseguro y el atacante podr\u00e1 obtener el valor de la cookie espiando el tr\u00e1fico. ID de IBM X-Force: 265559."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,48 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265559",
"source": "psirt@us.ibm.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*",
"versionStartIncluding": "6.0.0.0",
"versionEndIncluding": "6.0.3.8",
"matchCriteriaId": "6FEEBB69-BA4A-4430-B953-8EC6FBA54BFA"
},
{
"url": "https://www.ibm.com/support/pages/node/7116083",
"source": "psirt@us.ibm.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:sterling_b2b_integrator:*:*:*:*:standard:*:*:*",
"versionStartIncluding": "6.1.0.0",
"versionEndIncluding": "6.1.2.3",
"matchCriteriaId": "9C59F530-4249-4C1F-9C91-FE2C3C811585"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/265559",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7116083",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-422xx/CVE-2023-42282.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-42282",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T17:15:10.840",
"lastModified": "2024-02-08T18:42:36.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T03:27:05.997",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function."
},
{
"lang": "es",
"value": "Un problema en el paquete IP NPM v.1.1.8 y anteriores permite a un atacante ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de la funci\u00f3n isPublic()."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fedorindutny:ip:*:*:*:*:*:node.js:*:*",
"versionEndIncluding": "1.1.8",
"matchCriteriaId": "5E811BCA-8109-4EA6-ACCC-7D7A6BCD6BB1"
}
]
}
]
}
],
"references": [
{
"url": "https://cosmosofcyberspace.github.io/npm_ip_cve/npm_ip_cve.html",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-451xx/CVE-2023-45187.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45187",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:08.493",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:41:06.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 268749."
},
{
"lang": "es",
"value": "IBM Engineering Lifecycle Optimization: las publicaciones 7.0.2 y 7.0.3 no invalidan la sesi\u00f3n despu\u00e9s del cierre de sesi\u00f3n, lo que podr\u00eda permitir que un usuario autenticado se haga pasar por otro usuario en el sistema. ID de IBM X-Force: 268749."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,44 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268749",
"source": "psirt@us.ibm.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C"
},
{
"url": "https://www.ibm.com/support/pages/node/7116045",
"source": "psirt@us.ibm.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "73AC21DF-18D8-4339-9E53-49155B6C0A74"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268749",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7116045",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

82
CVE-2023/CVE-2023-451xx/CVE-2023-45190.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45190",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:08.707",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:41:35.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 268754."
},
{
"lang": "es",
"value": "IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 es vulnerable a la inyecci\u00f3n de encabezados HTTP, causada por una validaci\u00f3n incorrecta de la entrada por parte de los encabezados HOST. Esto podr\u00eda permitir que un atacante realice varios ataques contra el sistema vulnerable, incluido cross-site scripting, envenenamiento de cach\u00e9 o secuestro de sesi\u00f3n. ID de IBM X-Force: 268754."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -34,14 +58,56 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268754",
"source": "psirt@us.ibm.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://www.ibm.com/support/pages/node/7116045",
"source": "psirt@us.ibm.com"
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "73AC21DF-18D8-4339-9E53-49155B6C0A74"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268754",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7116045",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

68
CVE-2023/CVE-2023-451xx/CVE-2023-45191.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-45191",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:08.890",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:43:16.217",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Lifecycle Optimization 7.0.2 and 7.0.3 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials. IBM X-Force ID: 268755."
},
{
"lang": "es",
"value": "IBM Engineering Lifecycle Optimization 7.0.2 y 7.0.3 utiliza una configuraci\u00f3n de bloqueo de cuenta inadecuada que podr\u00eda permitir a un atacante remoto utilizar fuerza bruta en las credenciales de la cuenta. ID de IBM X-Force: 268755."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,44 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268755",
"source": "psirt@us.ibm.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "366A25AA-CB2E-4D9D-9F12-12C4219FAE8C"
},
{
"url": "https://www.ibm.com/support/pages/node/7116045",
"source": "psirt@us.ibm.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization:7.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "73AC21DF-18D8-4339-9E53-49155B6C0A74"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/268755",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7116045",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-468xx/CVE-2023-46837.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46837",
"sourceIdentifier": "security@xen.org",
"published": "2024-01-05T17:15:11.247",
"lastModified": "2024-02-15T02:15:49.733",
"lastModified": "2024-02-15T03:15:34.683",
"vulnStatus": "Modified",
"descriptions": [
{
@ -69,6 +69,10 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G/",
"source": "security@xen.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XLL6SQ6IKFYXLYWITYZCRV5IBRK5G35R/",
"source": "security@xen.org"

84
CVE-2023/CVE-2023-470xx/CVE-2023-47020.json
View File

@ -2,23 +2,85 @@
"id": "CVE-2023-47020",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T16:15:46.377",
"lastModified": "2024-02-08T18:42:36.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T03:21:44.417",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47020",
"source": "cve@mitre.org"
},
{
"url": "https://youtu.be/pGB3LKdf64w",
"source": "cve@mitre.org"
"lang": "es",
"value": "El encadenamiento de Multiple Cross-Site Request Forgery (CSRF) en NCR Terminal Handler v.1.5.1 permite que un atacante aumente los privilegios a trav\u00e9s de una solicitud manipulada que implica la creaci\u00f3n de una cuenta de usuario y la adici\u00f3n del usuario a un grupo de administradores. Esto es aprovechado por una funci\u00f3n no revelada en el WSDL que carece de controles de seguridad y puede aceptar tipos de contenido personalizados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ncratleos:terminal_handler:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A7CBF0BA-23C2-4A14-9D14-2CF59375C880"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47020",
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://youtu.be/pGB3LKdf64w",
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

25
CVE-2023/CVE-2023-504xx/CVE-2023-50447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50447",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T20:15:11.870",
"lastModified": "2024-01-29T21:15:09.670",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:18:46.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -66,6 +66,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -101,7 +116,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00019.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-509xx/CVE-2023-50957.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50957",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-10T16:15:07.857",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:37:53.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783."
},
{
"lang": "es",
"value": "IBM Storage Defender - Resiliency Service 2.0 podr\u00eda permitir a un usuario privilegiado realizar acciones no autorizadas despu\u00e9s de obtener datos cifrados del almacenamiento de claves de texto plano. ID de IBM X-Force: 275783."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275783",
"source": "psirt@us.ibm.com"
},
"nodes": [
{
"url": "https://www.ibm.com/support/pages/node/7115261",
"source": "psirt@us.ibm.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95ACFA-2232-4E54-84D7-8A8DE2CCFDC7"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/275783",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7115261",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

94
CVE-2023/CVE-2023-514xx/CVE-2023-51437.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51437",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-07T10:15:08.137",
"lastModified": "2024-02-07T13:41:11.463",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:53:10.967",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -50,14 +80,64 @@
]
}
],
"references": [
"configurations": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/07/1",
"source": "security@apache.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.10.5",
"matchCriteriaId": "1DA223E6-F59D-4BB5-971A-1CC1914C70E4"
},
{
"url": "https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5",
"source": "security@apache.org"
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.11.0",
"versionEndExcluding": "2.11.3",
"matchCriteriaId": "CDA5C2BD-D15D-40F8-8418-8382248881E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:pulsar:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.2",
"matchCriteriaId": "F07DBEFA-B9F0-4497-B85A-41C753961E70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:pulsar:3.1.0:-:*:*:*:*:*:*",
"matchCriteriaId": "447E0901-B5CA-42BE-B894-41E158B123AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:pulsar:3.1.0:candidate_1:*:*:*:*:*:*",
"matchCriteriaId": "BA3F2622-FDD4-48B9-81E3-6BE8B553F77C"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/07/1",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5",
"source": "security@apache.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-12xx/CVE-2024-1245.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1245",
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"published": "2024-02-09T20:15:54.370",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:44:27.987",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. \n"
},
{
"lang": "es",
"value": "La versi\u00f3n 9 de Concrete CMS anterior a la 9.2.5 es vulnerable a XSS almacenado en etiquetas de archivos y atributos de descripci\u00f3n, ya que los atributos de archivo ingresados por el administrador no est\u00e1n suficientemente sanitizados en la p\u00e1gina Edit Attributes. Un administrador deshonesto podr\u00eda colocar c\u00f3digo malicioso en las etiquetas del archivo o en los atributos de descripci\u00f3n y, cuando otro administrador abra el mismo archivo para editarlo, el c\u00f3digo malicioso podr\u00eda ejecutarse. El equipo de seguridad de Concrete CMS obtuvo una puntuaci\u00f3n de 2,4 con el vector CVSS v3 AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary",
@ -46,14 +80,40 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de"
},
"nodes": [
{
"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.2.5",
"matchCriteriaId": "4B4CD16D-4D2C-45DC-ACAC-E107A4909305"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-12xx/CVE-2024-1246.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1246",
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"published": "2024-02-09T20:15:54.573",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:44:35.470",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.\n"
},
{
"lang": "es",
"value": "Concrete CMS en la versi\u00f3n 9 anterior a la 9.2.5 es vulnerable al XSS reflejado a trav\u00e9s de la funci\u00f3n de importaci\u00f3n de URL de imagen debido a una validaci\u00f3n insuficiente de los datos proporcionados por el administrador. Un administrador deshonesto podr\u00eda inyectar c\u00f3digo malicioso al importar im\u00e1genes, lo que provocar\u00eda la ejecuci\u00f3n del c\u00f3digo malicioso en el navegador del usuario del sitio web. El equipo de seguridad de Concrete CMS obtuvo este 2 con el vector CVSS v3 AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. Esto no afecta a las versiones de Concrete anteriores a la versi\u00f3n 9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary",
@ -46,14 +80,40 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de"
},
"nodes": [
{
"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.2.5",
"matchCriteriaId": "4B4CD16D-4D2C-45DC-ACAC-E107A4909305"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-12xx/CVE-2024-1247.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1247",
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"published": "2024-02-09T19:15:24.183",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:44:09.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS version 9 before 9.2.5 is vulnerable to\u00a0\u00a0stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field.\u00a0A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. \n"
},
{
"lang": "es",
"value": "La versi\u00f3n 9 de Concrete CMS anterior a la 9.2.5 es vulnerable al XSS almacenado a trav\u00e9s del campo Role Name, ya que no hay validaci\u00f3n suficiente de los datos proporcionados por el administrador para ese campo. Un administrador deshonesto podr\u00eda inyectar c\u00f3digo malicioso en el campo Role Name que podr\u00eda ejecutarse cuando los usuarios visitan la p\u00e1gina afectada. El equipo de seguridad de Concrete CMS obtuvo este 2 con el vector CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator. Las versiones concretas inferiores a 9 no incluyen tipos de grupos, por lo que no se ven afectados por esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary",
@ -46,14 +80,40 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de"
},
"nodes": [
{
"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:concretecms:concrete_cms:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.2.5",
"matchCriteriaId": "4B4CD16D-4D2C-45DC-ACAC-E107A4909305"
}
]
}
]
}
],
"references": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-209xx/CVE-2024-20918.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20918",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:39.510",
"lastModified": "2024-02-01T17:15:08.847",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:18:09.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -72,6 +72,16 @@
"criteria": "cpe:2.3:a:oracle:graalvm:22.3.4:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "876A5640-82A8-4BDC-8E0A-4D6340F5417D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:17.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5055FD-0E19-4C42-9B1F-CBE222855156"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:graalvm_for_jdk:21.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "04738DE7-2BFE-4C06-ABE0-FCA099B5FFEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:jdk:1.8.0:update391:*:*:-:*:*:*",
@ -125,16 +135,63 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240201-0002/",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",

55
CVE-2024/CVE-2024-209xx/CVE-2024-20952.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20952",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-01-16T22:15:42.477",
"lastModified": "2024-02-01T17:15:09.293",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:18:31.140",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -135,16 +135,63 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:cloud_insights_storage_workload_security_agent:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B199052-5732-4726-B06B-A12C70DFB891"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240201-0002/",
"source": "secalert_us@oracle.com"
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",

6
CVE-2024/CVE-2024-214xx/CVE-2024-21413.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21413",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:16:00.137",
"lastModified": "2024-02-13T18:22:43.577",
"lastModified": "2024-02-15T04:15:07.360",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -38,6 +38,10 @@
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413",
"source": "secure@microsoft.com"
},
{
"url": "https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/",
"source": "secure@microsoft.com"
}
]
}

75
CVE-2024/CVE-2024-223xx/CVE-2024-22312.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22312",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-10T16:15:08.153",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:38:23.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748."
},
{
"lang": "es",
"value": "IBM Storage Defender - Resiliency Service 2.0 almacena las credenciales de usuario en texto plano que puede ser le\u00eddo por un usuario local. ID de IBM X-Force: 278748."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +80,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/278748",
"source": "psirt@us.ibm.com"
},
"nodes": [
{
"url": "https://www.ibm.com/support/pages/node/7115261",
"source": "psirt@us.ibm.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95ACFA-2232-4E54-84D7-8A8DE2CCFDC7"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/278748",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7115261",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-223xx/CVE-2024-22313.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22313",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-10T16:15:08.360",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:38:32.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749."
},
{
"lang": "es",
"value": "IBM Storage Defender - Resiliency Service 2.0 contiene credenciales codificadas, como una contrase\u00f1a o clave criptogr\u00e1fica, que utiliza para su propia autenticaci\u00f3n entrante, comunicaci\u00f3n saliente con componentes externos o cifrado de datos internos. ID de IBM X-Force: 278749."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/278749",
"source": "psirt@us.ibm.com"
},
"nodes": [
{
"url": "https://www.ibm.com/support/pages/node/7115261",
"source": "psirt@us.ibm.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:storage_defender_resiliency_service:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FC95ACFA-2232-4E54-84D7-8A8DE2CCFDC7"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/278749",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7115261",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-224xx/CVE-2024-22417.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22417",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T18:15:18.860",
"lastModified": "2024-02-01T21:15:07.760",
"vulnStatus": "Modified",
"lastModified": "2024-02-15T03:17:08.090",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",

6
CVE-2024/CVE-2024-226xx/CVE-2024-22667.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22667",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T08:15:44.110",
"lastModified": "2024-02-15T02:15:50.197",
"lastModified": "2024-02-15T03:15:34.767",
"vulnStatus": "Modified",
"descriptions": [
{
@ -87,6 +87,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UI44Y4LJLG34D4HNB6NTPLUPZREHAEL7/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UIQLVUSYHDN3644K6EFDI7PRZOTIKXM3/",
"source": "cve@mitre.org"
}
]
}

85
CVE-2024/CVE-2024-233xx/CVE-2024-23322.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23322",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T23:15:08.747",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:48:20.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/intermedio/perimetral de alto rendimiento. Envoy se bloquear\u00e1 cuando se produzcan ciertos tiempos de espera dentro del mismo intervalo. El bloqueo ocurre cuando se cumple lo siguiente: 1. hedge_on_per_try_timeout est\u00e1 habilitado, 2. per_try_idle_timeout est\u00e1 habilitado (solo se puede hacer en la configuraci\u00f3n), 3. per-try-timeout est\u00e1 habilitado, ya sea a trav\u00e9s de encabezados o configuraci\u00f3n y su valor es igual , o dentro del intervalo de espera de per_try_idle_timeout. Este problema se solucion\u00f3 en las versiones 1.29.1, 1.28.1, 1.27.3 y 1.26.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,61 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e",
"source": "security-advisories@github.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.26.0",
"versionEndExcluding": "1.26.7",
"matchCriteriaId": "0324E095-98B4-4B78-9242-989EC45E011F"
},
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.27.0",
"versionEndExcluding": "1.27.3",
"matchCriteriaId": "2E838B16-C6DC-4701-B955-D96D4CAEF4F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.28.0",
"versionEndExcluding": "1.28.1",
"matchCriteriaId": "770D5713-48E3-4F9B-B05C-9CB9C6B272E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.29.0",
"versionEndExcluding": "1.29.1",
"matchCriteriaId": "638F3351-3ACD-47C8-9B8F-568A930FAECA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

97
CVE-2024/CVE-2024-233xx/CVE-2024-23323.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23323",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T23:15:08.977",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:48:09.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/intermedio/perimetral de alto rendimiento. La expresi\u00f3n regular se compila para cada solicitud y puede provocar un uso elevado de la CPU y una mayor latencia de la solicitud cuando se configuran varias rutas con dichos comparadores. Este problema se solucion\u00f3 en las versiones 1.29.1, 1.28.1, 1.27.3 y 1.26.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +84,61 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645",
"source": "security-advisories@github.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.26.0",
"versionEndExcluding": "1.26.7",
"matchCriteriaId": "0324E095-98B4-4B78-9242-989EC45E011F"
},
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.27.0",
"versionEndExcluding": "1.27.3",
"matchCriteriaId": "2E838B16-C6DC-4701-B955-D96D4CAEF4F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.28.0",
"versionEndExcluding": "1.28.1",
"matchCriteriaId": "770D5713-48E3-4F9B-B05C-9CB9C6B272E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.29.0",
"versionEndExcluding": "1.29.1",
"matchCriteriaId": "638F3351-3ACD-47C8-9B8F-568A930FAECA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

97
CVE-2024/CVE-2024-233xx/CVE-2024-23324.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23324",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T23:15:09.223",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:46:33.747",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/intermedio/perimetral de alto rendimiento. La autenticaci\u00f3n externa se puede omitir mediante conexiones descendentes. Los clientes intermedios pueden forzar el env\u00edo de solicitudes gRPC no v\u00e1lidas a ext_authz, eludiendo las comprobaciones de ext_authz cuando Failure_mode_allow se establece en verdadero. Este problema se solucion\u00f3 en las versiones 1.29.1, 1.28.1, 1.27.3 y 1.26.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,61 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a",
"source": "security-advisories@github.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.26.0",
"versionEndExcluding": "1.26.7",
"matchCriteriaId": "0324E095-98B4-4B78-9242-989EC45E011F"
},
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.27.0",
"versionEndExcluding": "1.27.3",
"matchCriteriaId": "2E838B16-C6DC-4701-B955-D96D4CAEF4F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.28.0",
"versionEndExcluding": "1.28.1",
"matchCriteriaId": "770D5713-48E3-4F9B-B05C-9CB9C6B272E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.29.0",
"versionEndExcluding": "1.29.1",
"matchCriteriaId": "638F3351-3ACD-47C8-9B8F-568A930FAECA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

97
CVE-2024/CVE-2024-233xx/CVE-2024-23325.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23325",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T23:15:09.437",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:46:07.523",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn\u2019t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/intermedio/perimetral de alto rendimiento. Envoy falla en el protocolo Proxy cuando usa un tipo de direcci\u00f3n que no es compatible con el sistema operativo. Envoy es susceptible de fallar en un host con IPv6 deshabilitado y una configuraci\u00f3n de escucha con protocolo proxy habilitado cuando recibe una solicitud en la que el cliente presenta su direcci\u00f3n IPv6. Es v\u00e1lido que un cliente presente su direcci\u00f3n IPv6 a un servidor de destino aunque toda la cadena est\u00e9 conectada a trav\u00e9s de IPv4. Este problema se solucion\u00f3 en las versiones 1.29.1, 1.28.1, 1.27.3 y 1.26.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,14 +84,61 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237",
"source": "security-advisories@github.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.26.0",
"versionEndExcluding": "1.26.7",
"matchCriteriaId": "0324E095-98B4-4B78-9242-989EC45E011F"
},
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.27.0",
"versionEndExcluding": "1.27.3",
"matchCriteriaId": "2E838B16-C6DC-4701-B955-D96D4CAEF4F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.28.0",
"versionEndExcluding": "1.28.1",
"matchCriteriaId": "770D5713-48E3-4F9B-B05C-9CB9C6B272E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.29.0",
"versionEndExcluding": "1.29.1",
"matchCriteriaId": "638F3351-3ACD-47C8-9B8F-568A930FAECA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

85
CVE-2024/CVE-2024-233xx/CVE-2024-23327.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23327",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T23:15:09.647",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:45:57.207",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Envoy es un proxy de servicio/intermedio/perimetral de alto rendimiento. Cuando PPv2 est\u00e1 habilitado tanto en un oyente como en un cl\u00faster posterior, la instancia de Envoy generar\u00e1 un error de segmentaci\u00f3n al intentar crear el encabezado PPv2 ascendente. Esto ocurre cuando la solicitud descendente tiene un tipo de comando LOCAL y no tiene el bloque de protocolo. Este problema se solucion\u00f3 en las versiones 1.29.1, 1.28.1, 1.27.3 y 1.26.7. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,61 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a",
"source": "security-advisories@github.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.26.0",
"versionEndExcluding": "1.26.7",
"matchCriteriaId": "0324E095-98B4-4B78-9242-989EC45E011F"
},
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.27.0",
"versionEndExcluding": "1.27.3",
"matchCriteriaId": "2E838B16-C6DC-4701-B955-D96D4CAEF4F6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.28.0",
"versionEndExcluding": "1.28.1",
"matchCriteriaId": "770D5713-48E3-4F9B-B05C-9CB9C6B272E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:envoyproxy:envoy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.29.0",
"versionEndExcluding": "1.29.1",
"matchCriteriaId": "638F3351-3ACD-47C8-9B8F-568A930FAECA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-237xx/CVE-2024-23759.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23759",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.087",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:49:02.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "La deserializaci\u00f3n de datos no confiables en Gambio hasta la versi\u00f3n 4.9.2.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro \"search\" de la funci\u00f3n Parcelshopfinder/AddAddressBookEntry\"."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0046/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gambio:gambio:4.9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B4A5A2-9204-4A90-BC55-B8A01A85B8CD"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0046/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-237xx/CVE-2024-23760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23760",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.193",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:49:31.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "El almacenamiento de texto plano de informaci\u00f3n confidencial en Gambio 4.9.2.0 permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s de error-handler.log.json y Legacy-error-handler.log.txt en la ra\u00edz web."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0050/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gambio:gambio:4.9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B4A5A2-9204-4A90-BC55-B8A01A85B8CD"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0050/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-237xx/CVE-2024-23761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23761",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.247",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:49:36.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "La inyecci\u00f3n de plantilla del lado del servidor en Gambio 4.9.2.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una plantilla de correo electr\u00f3nico inteligente manipulada."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0048/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gambio:gambio:4.9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B4A5A2-9204-4A90-BC55-B8A01A85B8CD"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0048/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-237xx/CVE-2024-23762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23762",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.307",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:49:42.123",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "Vulnerabilidad de carga de archivos sin restricciones en la funci\u00f3n Content Manager en Gambio 4.9.2.0 permite a atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo PHP manipulado."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0049/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gambio:gambio:4.9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B4A5A2-9204-4A90-BC55-B8A01A85B8CD"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0049/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-237xx/CVE-2024-23763.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23763",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.367",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:49:47.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "La vulnerabilidad de inyecci\u00f3n SQL en Gambio hasta la versi\u00f3n 4.9.2.0 permite a los atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s de una solicitud GET manipulada utilizando el par\u00e1metro modificadores[atributo][]."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0047/",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gambio:gambio:4.9.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "28B4A5A2-9204-4A90-BC55-B8A01A85B8CD"
}
]
}
]
}
],
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0047/",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

37
CVE-2024/CVE-2024-238xx/CVE-2024-23803.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23803",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:49.183",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-15T04:36:17.560",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -50,10 +50,37 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
"source": "productcert@siemens.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2302.0",
"versionEndExcluding": "2302.0007",
"matchCriteriaId": "F1CA9BCC-60B4-44F3-9D13-82EE1E3D834A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:2201.0:-:*:*:*:*:*:*",
"matchCriteriaId": "ACE93AE4-565D-40A2-9954-DA02442AEDD1"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

50
CVE-2024/CVE-2024-238xx/CVE-2024-23804.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23804",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-02-13T09:15:49.373",
"lastModified": "2024-02-13T14:01:00.987",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-15T04:36:11.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -40,8 +40,18 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -50,10 +60,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
"source": "productcert@siemens.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2201.0012",
"matchCriteriaId": "92315B86-671A-48F9-9D7D-C638DABD8520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:tecnomatix_plant_simulation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2302.0",
"versionEndExcluding": "2302.0006",
"matchCriteriaId": "D222D65A-C271-4BE4-8139-DB5F38D053D5"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-017796.html",
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-241xx/CVE-2024-24113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24113",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T13:15:09.807",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T03:07:46.013",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,69 @@
"value": "xxl-job =< 2.4.1 tiene una vulnerabilidad de Server-Side Request Forgery (SSRF), que hace que los usuarios con pocos privilegios controlen el ejecutor de RCE."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/xuxueli/xxl-job/issues/3375",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xuxueli:xxl-job:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.4.1",
"matchCriteriaId": "1C421D48-E483-44C2-A4A9-F0FBC31E17C7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xuxueli/xxl-job/issues/3375",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24834.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24834",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T14:15:43.083",
"lastModified": "2024-02-08T18:42:36.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T03:16:47.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en realmag777 BEAR \u2013 Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net permite almacenar XSS. Este problema afecta a BEAR \u2013 Bulk Editor y Products Manager Professional para WooCommerce por Pluginus.Net: desde n/a hasta 1.1.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -46,10 +70,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:bear_-_woocommerce_bulk_editor_and_products_manager_professional:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.4.1",
"matchCriteriaId": "5B18020D-023C-4AD4-A5A3-E960C8094E8D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-248xx/CVE-2024-24878.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24878",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-08T13:15:10.457",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T03:01:50.883",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/portugal-ctt-tracking-woocommerce/wordpress-portugal-ctt-tracking-for-woocommerce-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webdados:portugal_ctt_tracking_for_woocommerce:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2",
"matchCriteriaId": "B7E838C5-0B93-498A-B036-62E2D5C7555F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/portugal-ctt-tracking-woocommerce/wordpress-portugal-ctt-tracking-for-woocommerce-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

337
CVE-2024/CVE-2024-251xx/CVE-2024-25144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25144",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-08T04:15:07.763",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:36:24.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "security@liferay.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-834"
}
]
},
{
"source": "security@liferay.com",
"type": "Secondary",
@ -50,10 +80,307 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144",
"source": "security@liferay.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*",
"matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_10:*:*:*:*:*:*",
"matchCriteriaId": "F7CAAF53-AA8E-48CB-9398-35461BE590C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_11:*:*:*:*:*:*",
"matchCriteriaId": "6FB8482E-644B-4DA5-808B-8DBEAB6D8D09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_12:*:*:*:*:*:*",
"matchCriteriaId": "95EFE8B5-EE95-4186-AC89-E9AFD8649D01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_13:*:*:*:*:*:*",
"matchCriteriaId": "90A6E0AF-0B8A-462D-95EF-2239EEE4A50D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_14:*:*:*:*:*:*",
"matchCriteriaId": "48BBAE90-F668-49BF-89AF-2C9547B76836"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_15:*:*:*:*:*:*",
"matchCriteriaId": "74FAF597-EAAD-4BB5-AB99-8129476A7E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_16:*:*:*:*:*:*",
"matchCriteriaId": "20F078A3-A3EE-4CCA-816D-3C053E7D7FE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_17:*:*:*:*:*:*",
"matchCriteriaId": "C33EBD80-91DD-401C-9337-171C07B5D489"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_18:*:*:*:*:*:*",
"matchCriteriaId": "0058B9A5-7864-4356-ADBA-C9AF1BB74836"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*",
"matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*",
"matchCriteriaId": "51FBC8E0-34F8-475C-A1A8-571791CA05F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "1E73EAEA-FA88-46B9-B9D5-A41603957AD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:*",
"matchCriteriaId": "CF9BC654-4E3F-4B40-A6E5-79A818A51BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*",
"matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9D75A0FF-BAEA-471A-87B2-8EC2A9F0A6B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D86CDCC0-9655-477B-83FA-ADDBB5AF43A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp3:*:*:*:*:*:*",
"matchCriteriaId": "1CF5B84B-1719-4581-8474-C55CEFFD8305"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_1:*:*:*:*:*:*",
"matchCriteriaId": "D60CDAA3-6029-4904-9D08-BB221BCFD7C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_2:*:*:*:*:*:*",
"matchCriteriaId": "B66F47E9-3D82-497E-BD84-E47A65FAF8C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_3:*:*:*:*:*:*",
"matchCriteriaId": "A0BA4856-59DF-427C-959F-3B836314F5D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_4:*:*:*:*:*:*",
"matchCriteriaId": "F3A5ADE1-4743-4A78-9FCC-CEB857012A5B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:update_5:*:*:*:*:*:*",
"matchCriteriaId": "2B420A18-5C8B-470F-9189-C84F8DAA74D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:-:*:*:*:*:*:*",
"matchCriteriaId": "ADB5F13C-EE1E-4448-8FCF-5966F6874440"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_1:*:*:*:*:*:*",
"matchCriteriaId": "46AF397F-A95C-4FAD-A6EA-CB623B7A262A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_10:*:*:*:*:*:*",
"matchCriteriaId": "3B8C3B3F-1BBB-47A5-A789-B207B6346FFF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_11:*:*:*:*:*:*",
"matchCriteriaId": "AD5D1171-954A-4E75-813D-E8392CFE4029"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_12:*:*:*:*:*:*",
"matchCriteriaId": "F148098A-D867-4C8B-9632-6B7F24D50C30"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_13:*:*:*:*:*:*",
"matchCriteriaId": "8A112ED2-27C2-45E3-8FA0-6043F7D3BEED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_14:*:*:*:*:*:*",
"matchCriteriaId": "0744AC04-9663-4DA1-9657-EC5BF0C68499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_15:*:*:*:*:*:*",
"matchCriteriaId": "5703FE2B-011A-4A40-AB67-B989438F2183"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_16:*:*:*:*:*:*",
"matchCriteriaId": "41A54448-B1AB-4E92-8523-5D4A46A83533"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_17:*:*:*:*:*:*",
"matchCriteriaId": "A96A2A4A-3EB3-4074-A846-EC6EECC04B43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_18:*:*:*:*:*:*",
"matchCriteriaId": "56DAE678-10B9-419D-9F5D-96E3AC3A6E4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_19:*:*:*:*:*:*",
"matchCriteriaId": "064F4C28-B1F5-44C2-91AA-A09FD56EC0B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_2:*:*:*:*:*:*",
"matchCriteriaId": "C2C2351E-BDEE-4A79-A00C-6520B54996EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_20:*:*:*:*:*:*",
"matchCriteriaId": "814D0CE3-B89F-423C-B1E3-47BD0A474491"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_21:*:*:*:*:*:*",
"matchCriteriaId": "58DB7C5A-B4E3-410A-B491-3F322B340BDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_22:*:*:*:*:*:*",
"matchCriteriaId": "86B581B6-02B0-40B9-BB5C-E28FC51042DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_23:*:*:*:*:*:*",
"matchCriteriaId": "E7EFBC14-6785-4435-BA96-D77A857BC1C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_24:*:*:*:*:*:*",
"matchCriteriaId": "585635F8-53DC-4F64-BF6B-C6F72A5F4D29"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_25:*:*:*:*:*:*",
"matchCriteriaId": "355DD7FC-E9C7-43D6-8313-0474AB314F18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_26:*:*:*:*:*:*",
"matchCriteriaId": "B0FDE8B1-444A-4FEB-AC97-4B29C914EB8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_3:*:*:*:*:*:*",
"matchCriteriaId": "25F5C3E9-CBB0-4114-91A4-41F0E666026A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_4:*:*:*:*:*:*",
"matchCriteriaId": "5E2B5687-B311-460E-A562-D754AF271F8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_5:*:*:*:*:*:*",
"matchCriteriaId": "B49D0CB9-8ED7-46AB-9BA5-7235A2CD9117"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_6:*:*:*:*:*:*",
"matchCriteriaId": "DF169364-096C-4294-B89F-C07AF1DCC9C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_7:*:*:*:*:*:*",
"matchCriteriaId": "30CB2C54-1A20-4226-ACC6-AC8131899AE2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_8:*:*:*:*:*:*",
"matchCriteriaId": "65693260-5B0F-47AA-BF08-D2979997A40A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.4:update_9:*:*:*:*:*:*",
"matchCriteriaId": "C9116909-04C3-4040-B945-4A6225425520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.4.3.26",
"matchCriteriaId": "71EF9A3C-C47A-4C68-B7FA-39AA7F20B8BD"
}
]
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144",
"source": "security@liferay.com",
"tags": [
"Vendor Advisory"
]
}
]
}

167
CVE-2024/CVE-2024-251xx/CVE-2024-25146.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25146",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-08T04:15:08.040",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:37:12.337",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@liferay.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
},
{
"source": "security@liferay.com",
"type": "Secondary",
@ -50,10 +80,137 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146",
"source": "security@liferay.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*",
"matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_10:*:*:*:*:*:*",
"matchCriteriaId": "F7CAAF53-AA8E-48CB-9398-35461BE590C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_11:*:*:*:*:*:*",
"matchCriteriaId": "6FB8482E-644B-4DA5-808B-8DBEAB6D8D09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_12:*:*:*:*:*:*",
"matchCriteriaId": "95EFE8B5-EE95-4186-AC89-E9AFD8649D01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_13:*:*:*:*:*:*",
"matchCriteriaId": "90A6E0AF-0B8A-462D-95EF-2239EEE4A50D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_14:*:*:*:*:*:*",
"matchCriteriaId": "48BBAE90-F668-49BF-89AF-2C9547B76836"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_15:*:*:*:*:*:*",
"matchCriteriaId": "74FAF597-EAAD-4BB5-AB99-8129476A7E89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_16:*:*:*:*:*:*",
"matchCriteriaId": "20F078A3-A3EE-4CCA-816D-3C053E7D7FE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_17:*:*:*:*:*:*",
"matchCriteriaId": "C33EBD80-91DD-401C-9337-171C07B5D489"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*",
"matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*",
"matchCriteriaId": "51FBC8E0-34F8-475C-A1A8-571791CA05F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "1E73EAEA-FA88-46B9-B9D5-A41603957AD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:*",
"matchCriteriaId": "CF9BC654-4E3F-4B40-A6E5-79A818A51BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*",
"matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9D75A0FF-BAEA-471A-87B2-8EC2A9F0A6B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D86CDCC0-9655-477B-83FA-ADDBB5AF43A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.4.1",
"matchCriteriaId": "F247D45A-D3E4-4EDD-A18D-147FFBEF0935"
}
]
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146",
"source": "security@liferay.com",
"tags": [
"Vendor Advisory"
]
}
]
}

152
CVE-2024/CVE-2024-251xx/CVE-2024-25148.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25148",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-08T04:15:08.240",
"lastModified": "2024-02-08T13:44:21.670",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:37:31.957",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "security@liferay.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@liferay.com",
"type": "Secondary",
@ -50,10 +80,122 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148",
"source": "security@liferay.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:-:*:*:*:*:*:*",
"matchCriteriaId": "8CAAE1B7-982E-4D50-9651-DEEE6CD74EED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_1:*:*:*:*:*:*",
"matchCriteriaId": "AFCF99EC-3384-418D-A419-B9DB607BE371"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_10:*:*:*:*:*:*",
"matchCriteriaId": "F7CAAF53-AA8E-48CB-9398-35461BE590C4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_11:*:*:*:*:*:*",
"matchCriteriaId": "6FB8482E-644B-4DA5-808B-8DBEAB6D8D09"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_12:*:*:*:*:*:*",
"matchCriteriaId": "95EFE8B5-EE95-4186-AC89-E9AFD8649D01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_13:*:*:*:*:*:*",
"matchCriteriaId": "90A6E0AF-0B8A-462D-95EF-2239EEE4A50D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_14:*:*:*:*:*:*",
"matchCriteriaId": "48BBAE90-F668-49BF-89AF-2C9547B76836"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_2:*:*:*:*:*:*",
"matchCriteriaId": "31E05134-A0C5-4937-A228-7D0884276B67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_3:*:*:*:*:*:*",
"matchCriteriaId": "3F06C4AD-FD20-4345-8386-0895312F0A00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_4:*:*:*:*:*:*",
"matchCriteriaId": "98CC25E2-EC3D-43A2-8D03-06F0E804EA63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_5:*:*:*:*:*:*",
"matchCriteriaId": "30933C36-C710-488F-9601-EE1BB749C58A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_6:*:*:*:*:*:*",
"matchCriteriaId": "41E94372-A1AE-48B1-82DC-08B7B616473F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_7:*:*:*:*:*:*",
"matchCriteriaId": "51FBC8E0-34F8-475C-A1A8-571791CA05F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_8:*:*:*:*:*:*",
"matchCriteriaId": "1E73EAEA-FA88-46B9-B9D5-A41603957AD7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.2:fix_pack_9:*:*:*:*:*:*",
"matchCriteriaId": "CF9BC654-4E3F-4B40-A6E5-79A818A51BED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:-:*:*:*:*:*:*",
"matchCriteriaId": "21C55D41-DB66-494D-BEEB-BDAC7CB4B31B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp1:*:*:*:*:*:*",
"matchCriteriaId": "9D75A0FF-BAEA-471A-87B2-8EC2A9F0A6B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:dxp:7.3:sp2:*:*:*:*:*:*",
"matchCriteriaId": "D86CDCC0-9655-477B-83FA-ADDBB5AF43A2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:liferay:liferay_portal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.4.1",
"matchCriteriaId": "F247D45A-D3E4-4EDD-A18D-147FFBEF0935"
}
]
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148",
"source": "security@liferay.com",
"tags": [
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-254xx/CVE-2024-25442.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-25442",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:08.763",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:43:50.137",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image."
},
{
"lang": "es",
"value": "Un problema en la funci\u00f3n HuginBase::PanoramaMemento::loadPTScript de Hugin v2022.0.0 permite a los atacantes provocar un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico mediante el an\u00e1lisis de una imagen manipulada."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://bugs.launchpad.net/hugin/+bug/2025032",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hugin_project:hugin:2022.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98E77F24-B699-4A1A-AEE6-542738D0D478"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/hugin/+bug/2025032",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-254xx/CVE-2024-25443.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-25443",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:08.817",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:43:42.573",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image."
},
{
"lang": "es",
"value": "Un problema en la funci\u00f3n HuginBase::ImageVariable::linkWith de Hugin v2022.0.0 permite a los atacantes provocar un heap-use-after-free mediante el an\u00e1lisis de una imagen manipulada."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://bugs.launchpad.net/hugin/+bug/2025035",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hugin_project:hugin:2022.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98E77F24-B699-4A1A-AEE6-542738D0D478"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/hugin/+bug/2025035",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-254xx/CVE-2024-25445.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-25445",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:08.860",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:43:34.673",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure."
},
{
"lang": "es",
"value": "El manejo inadecuado de los valores en HuginBase::PTools::Transform::transform de Hugin 2022.0.0 conduce a una falla de aserci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://bugs.launchpad.net/hugin/+bug/2025038",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-617"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hugin_project:hugin:2022.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98E77F24-B699-4A1A-AEE6-542738D0D478"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/hugin/+bug/2025038",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-254xx/CVE-2024-25446.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-25446",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:08.910",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:42:32.853",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image."
},
{
"lang": "es",
"value": "Un problema en la funci\u00f3n HuginBase::PTools::setDestImage de Hugin v2022.0.0 permite a los atacantes provocar un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico mediante el an\u00e1lisis de una imagen manipulada."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://bugs.launchpad.net/hugin/+bug/2025037",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hugin_project:hugin:2022.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "98E77F24-B699-4A1A-AEE6-542738D0D478"
}
]
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/hugin/+bug/2025037",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-254xx/CVE-2024-25447.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2024-25447",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:08.967",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:39:16.863",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image."
}
],
"metrics": {},
"references": [
{
"url": "https://git.enlightenment.org/old/legacy-imlib2/issues/20",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/derf/feh/issues/709",
"source": "cve@mitre.org"
"lang": "es",
"value": "Un problema en la funci\u00f3n imlib_load_image_with_error_return de imlib2 v1.9.1 permite a los atacantes provocar un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico mediante el an\u00e1lisis de una imagen manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enlightenment:imlib2:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56900F1D-B2C3-42AE-A2A8-FE0EFBCA5B17"
}
]
}
]
}
],
"references": [
{
"url": "https://git.enlightenment.org/old/legacy-imlib2/issues/20",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/derf/feh/issues/709",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-254xx/CVE-2024-25448.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2024-25448",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.027",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:38:59.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image."
}
],
"metrics": {},
"references": [
{
"url": "https://git.enlightenment.org/old/legacy-imlib2/issues/20",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/derf/feh/issues/711",
"source": "cve@mitre.org"
"lang": "es",
"value": "Un problema en la funci\u00f3n imlib_free_image_and_decache de imlib2 v1.9.1 permite a los atacantes provocar un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico mediante el an\u00e1lisis de una imagen manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enlightenment:imlib2:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56900F1D-B2C3-42AE-A2A8-FE0EFBCA5B17"
}
]
}
]
}
],
"references": [
{
"url": "https://git.enlightenment.org/old/legacy-imlib2/issues/20",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/derf/feh/issues/711",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

87
CVE-2024/CVE-2024-254xx/CVE-2024-25450.json
View File

@ -2,23 +2,88 @@
"id": "CVE-2024-25450",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.087",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-15T04:38:50.543",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.enlightenment.org/old/legacy-imlib2/issues/20",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/derf/feh/issues/712",
"source": "cve@mitre.org"
"lang": "es",
"value": "Se descubri\u00f3 que imlib2 v1.9.1 maneja mal la asignaci\u00f3n de memoria en la funci\u00f3n init_imlib_fonts()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:enlightenment:imlib2:1.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56900F1D-B2C3-42AE-A2A8-FE0EFBCA5B17"
}
]
}
]
}
],
"references": [
{
"url": "https://git.enlightenment.org/old/legacy-imlib2/issues/20",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/derf/feh/issues/712",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26260.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26260",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T03:15:34.833",
"lastModified": "2024-02-15T03:15:34.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26261.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26261",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T03:15:35.083",
"lastModified": "2024-02-15T03:15:35.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26262.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26262",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T03:15:35.313",
"lastModified": "2024-02-15T03:15:35.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26263.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26263",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T03:15:35.530",
"lastModified": "2024-02-15T03:15:35.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7676-9418d-1.html",
"source": "twcert@cert.org.tw"
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26264.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26264",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-02-15T03:15:35.840",
"lastModified": "2024-02-15T03:15:35.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.twcert.org.tw/tw/cp-132-7677-b1c0f-1.html",
"source": "twcert@cert.org.tw"
}
]
}

66
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-15T03:00:25.976820+00:00
2024-02-15T05:00:24.770341+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-15T02:53:41.823000+00:00
2024-02-15T04:53:10.967000+00:00
```
### Last Data Feed Release
@ -29,45 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238606
238611
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `5`
* [CVE-2024-1523](CVE-2024/CVE-2024-15xx/CVE-2024-1523.json) (`2024-02-15T02:15:49.960`)
* [CVE-2024-26260](CVE-2024/CVE-2024-262xx/CVE-2024-26260.json) (`2024-02-15T03:15:34.833`)
* [CVE-2024-26261](CVE-2024/CVE-2024-262xx/CVE-2024-26261.json) (`2024-02-15T03:15:35.083`)
* [CVE-2024-26262](CVE-2024/CVE-2024-262xx/CVE-2024-26262.json) (`2024-02-15T03:15:35.313`)
* [CVE-2024-26263](CVE-2024/CVE-2024-262xx/CVE-2024-26263.json) (`2024-02-15T03:15:35.530`)
* [CVE-2024-26264](CVE-2024/CVE-2024-262xx/CVE-2024-26264.json) (`2024-02-15T03:15:35.840`)
### CVEs modified in the last Commit
Recently modified CVEs: `32`
Recently modified CVEs: `63`
* [CVE-2021-30554](CVE-2021/CVE-2021-305xx/CVE-2021-30554.json) (`2024-02-15T02:00:01.650`)
* [CVE-2021-37973](CVE-2021/CVE-2021-379xx/CVE-2021-37973.json) (`2024-02-15T02:00:01.650`)
* [CVE-2021-38000](CVE-2021/CVE-2021-380xx/CVE-2021-38000.json) (`2024-02-15T02:00:01.650`)
* [CVE-2022-0609](CVE-2022/CVE-2022-06xx/CVE-2022-0609.json) (`2024-02-15T02:00:01.650`)
* [CVE-2022-2856](CVE-2022/CVE-2022-28xx/CVE-2022-2856.json) (`2024-02-15T02:00:01.650`)
* [CVE-2022-3038](CVE-2022/CVE-2022-30xx/CVE-2022-3038.json) (`2024-02-15T02:00:01.650`)
* [CVE-2022-3075](CVE-2022/CVE-2022-30xx/CVE-2022-3075.json) (`2024-02-15T02:00:01.650`)
* [CVE-2022-4135](CVE-2022/CVE-2022-41xx/CVE-2022-4135.json) (`2024-02-15T02:00:01.650`)
* [CVE-2023-50387](CVE-2023/CVE-2023-503xx/CVE-2023-50387.json) (`2024-02-15T01:15:07.977`)
* [CVE-2023-50868](CVE-2023/CVE-2023-508xx/CVE-2023-50868.json) (`2024-02-15T01:15:08.047`)
* [CVE-2023-5217](CVE-2023/CVE-2023-52xx/CVE-2023-5217.json) (`2024-02-15T02:00:01.650`)
* [CVE-2023-46837](CVE-2023/CVE-2023-468xx/CVE-2023-46837.json) (`2024-02-15T02:15:49.733`)
* [CVE-2023-52138](CVE-2023/CVE-2023-521xx/CVE-2023-52138.json) (`2024-02-15T02:15:49.843`)
* [CVE-2023-7169](CVE-2023/CVE-2023-71xx/CVE-2023-7169.json) (`2024-02-15T02:29:40.877`)
* [CVE-2024-0511](CVE-2024/CVE-2024-05xx/CVE-2024-0511.json) (`2024-02-15T01:56:15.227`)
* [CVE-2024-21351](CVE-2024/CVE-2024-213xx/CVE-2024-21351.json) (`2024-02-15T02:00:01.653`)
* [CVE-2024-21412](CVE-2024/CVE-2024-214xx/CVE-2024-21412.json) (`2024-02-15T02:00:01.653`)
* [CVE-2024-0965](CVE-2024/CVE-2024-09xx/CVE-2024-0965.json) (`2024-02-15T02:00:27.450`)
* [CVE-2024-1207](CVE-2024/CVE-2024-12xx/CVE-2024-1207.json) (`2024-02-15T02:05:42.313`)
* [CVE-2024-24706](CVE-2024/CVE-2024-247xx/CVE-2024-24706.json) (`2024-02-15T02:09:50.480`)
* [CVE-2024-22667](CVE-2024/CVE-2024-226xx/CVE-2024-22667.json) (`2024-02-15T02:15:50.197`)
* [CVE-2024-24488](CVE-2024/CVE-2024-244xx/CVE-2024-24488.json) (`2024-02-15T02:23:45.887`)
* [CVE-2024-24836](CVE-2024/CVE-2024-248xx/CVE-2024-24836.json) (`2024-02-15T02:40:53.413`)
* [CVE-2024-24871](CVE-2024/CVE-2024-248xx/CVE-2024-24871.json) (`2024-02-15T02:49:29.963`)
* [CVE-2024-24877](CVE-2024/CVE-2024-248xx/CVE-2024-24877.json) (`2024-02-15T02:53:41.823`)
* [CVE-2024-25144](CVE-2024/CVE-2024-251xx/CVE-2024-25144.json) (`2024-02-15T04:36:24.350`)
* [CVE-2024-25146](CVE-2024/CVE-2024-251xx/CVE-2024-25146.json) (`2024-02-15T04:37:12.337`)
* [CVE-2024-25148](CVE-2024/CVE-2024-251xx/CVE-2024-25148.json) (`2024-02-15T04:37:31.957`)
* [CVE-2024-22312](CVE-2024/CVE-2024-223xx/CVE-2024-22312.json) (`2024-02-15T04:38:23.153`)
* [CVE-2024-22313](CVE-2024/CVE-2024-223xx/CVE-2024-22313.json) (`2024-02-15T04:38:32.877`)
* [CVE-2024-25450](CVE-2024/CVE-2024-254xx/CVE-2024-25450.json) (`2024-02-15T04:38:50.543`)
* [CVE-2024-25448](CVE-2024/CVE-2024-254xx/CVE-2024-25448.json) (`2024-02-15T04:38:59.973`)
* [CVE-2024-25447](CVE-2024/CVE-2024-254xx/CVE-2024-25447.json) (`2024-02-15T04:39:16.863`)
* [CVE-2024-25446](CVE-2024/CVE-2024-254xx/CVE-2024-25446.json) (`2024-02-15T04:42:32.853`)
* [CVE-2024-25445](CVE-2024/CVE-2024-254xx/CVE-2024-25445.json) (`2024-02-15T04:43:34.673`)
* [CVE-2024-25443](CVE-2024/CVE-2024-254xx/CVE-2024-25443.json) (`2024-02-15T04:43:42.573`)
* [CVE-2024-25442](CVE-2024/CVE-2024-254xx/CVE-2024-25442.json) (`2024-02-15T04:43:50.137`)
* [CVE-2024-1247](CVE-2024/CVE-2024-12xx/CVE-2024-1247.json) (`2024-02-15T04:44:09.247`)
* [CVE-2024-1245](CVE-2024/CVE-2024-12xx/CVE-2024-1245.json) (`2024-02-15T04:44:27.987`)
* [CVE-2024-1246](CVE-2024/CVE-2024-12xx/CVE-2024-1246.json) (`2024-02-15T04:44:35.470`)
* [CVE-2024-23327](CVE-2024/CVE-2024-233xx/CVE-2024-23327.json) (`2024-02-15T04:45:57.207`)
* [CVE-2024-23325](CVE-2024/CVE-2024-233xx/CVE-2024-23325.json) (`2024-02-15T04:46:07.523`)
* [CVE-2024-23324](CVE-2024/CVE-2024-233xx/CVE-2024-23324.json) (`2024-02-15T04:46:33.747`)
* [CVE-2024-23323](CVE-2024/CVE-2024-233xx/CVE-2024-23323.json) (`2024-02-15T04:48:09.937`)
* [CVE-2024-23322](CVE-2024/CVE-2024-233xx/CVE-2024-23322.json) (`2024-02-15T04:48:20.247`)
* [CVE-2024-23759](CVE-2024/CVE-2024-237xx/CVE-2024-23759.json) (`2024-02-15T04:49:02.133`)
* [CVE-2024-23760](CVE-2024/CVE-2024-237xx/CVE-2024-23760.json) (`2024-02-15T04:49:31.847`)
* [CVE-2024-23761](CVE-2024/CVE-2024-237xx/CVE-2024-23761.json) (`2024-02-15T04:49:36.837`)
* [CVE-2024-23762](CVE-2024/CVE-2024-237xx/CVE-2024-23762.json) (`2024-02-15T04:49:42.123`)
* [CVE-2024-23763](CVE-2024/CVE-2024-237xx/CVE-2024-23763.json) (`2024-02-15T04:49:47.153`)
## Download and Usage