From fe0b8eb6ae7563b05bfee9431d98cd0bc7c5d9da Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 2 Mar 2024 00:55:28 +0000 Subject: [PATCH] Auto-Update: 2024-03-02T00:55:24.712434+00:00 --- CVE-2023/CVE-2023-262xx/CVE-2023-26206.json | 71 ++++++++++- CVE-2024/CVE-2024-13xx/CVE-2024-1378.json | 101 +++++++++++++++- CVE-2024/CVE-2024-207xx/CVE-2024-20726.json | 120 ++++++++++++++++++- CVE-2024/CVE-2024-207xx/CVE-2024-20727.json | 120 ++++++++++++++++++- CVE-2024/CVE-2024-207xx/CVE-2024-20728.json | 120 ++++++++++++++++++- CVE-2024/CVE-2024-207xx/CVE-2024-20729.json | 125 +++++++++++++++++++- CVE-2024/CVE-2024-207xx/CVE-2024-20730.json | 123 ++++++++++++++++++- CVE-2024/CVE-2024-207xx/CVE-2024-20731.json | 125 +++++++++++++++++++- CVE-2024/CVE-2024-207xx/CVE-2024-20733.json | 120 ++++++++++++++++++- CVE-2024/CVE-2024-207xx/CVE-2024-20734.json | 120 ++++++++++++++++++- CVE-2024/CVE-2024-209xx/CVE-2024-20972.json | 50 +++++++- CVE-2024/CVE-2024-209xx/CVE-2024-20974.json | 50 +++++++- CVE-2024/CVE-2024-209xx/CVE-2024-20976.json | 50 +++++++- CVE-2024/CVE-2024-209xx/CVE-2024-20978.json | 50 +++++++- CVE-2024/CVE-2024-245xx/CVE-2024-24511.json | 24 ++++ CVE-2024/CVE-2024-245xx/CVE-2024-24512.json | 24 ++++ CVE-2024/CVE-2024-254xx/CVE-2024-25434.json | 24 ++++ CVE-2024/CVE-2024-254xx/CVE-2024-25436.json | 24 ++++ CVE-2024/CVE-2024-254xx/CVE-2024-25438.json | 24 ++++ CVE-2024/CVE-2024-273xx/CVE-2024-27354.json | 24 ++++ CVE-2024/CVE-2024-273xx/CVE-2024-27355.json | 24 ++++ README.md | 81 ++++--------- 22 files changed, 1484 insertions(+), 110 deletions(-) create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24511.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24512.json create mode 100644 CVE-2024/CVE-2024-254xx/CVE-2024-25434.json create mode 100644 CVE-2024/CVE-2024-254xx/CVE-2024-25436.json create mode 100644 CVE-2024/CVE-2024-254xx/CVE-2024-25438.json create mode 100644 CVE-2024/CVE-2024-273xx/CVE-2024-27354.json create mode 100644 CVE-2024/CVE-2024-273xx/CVE-2024-27355.json diff --git a/CVE-2023/CVE-2023-262xx/CVE-2023-26206.json b/CVE-2023/CVE-2023-262xx/CVE-2023-26206.json index 2d65b838020..f037a1f1313 100644 --- a/CVE-2023/CVE-2023-262xx/CVE-2023-26206.json +++ b/CVE-2023/CVE-2023-262xx/CVE-2023-26206.json @@ -2,16 +2,40 @@ "id": "CVE-2023-26206", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-02-15T14:15:44.597", - "lastModified": "2024-02-15T14:28:20.067", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:12:48.653", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs." + }, + { + "lang": "es", + "value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de la p\u00e1gina web ('cross-site scripting') en Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 y 7.2.0 permite a un atacante para ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de los campos de nombre observados en los registros de auditor\u00eda de pol\u00edticas." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -46,10 +70,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.0", + "versionEndIncluding": "9.1.10", + "matchCriteriaId": "72F09A9E-3804-43BE-95B8-67418FEF269E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.0", + "versionEndIncluding": "9.2.8", + "matchCriteriaId": "225F8F74-D68C-444E-87E9-BC8AED05BB42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.4.0", + "versionEndIncluding": "9.4.2", + "matchCriteriaId": "029D7D58-6515-42D5-8E9A-73845CCE15A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "EFF5B4CF-5BF9-4852-BD4F-5A27FD17EDC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-063", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1378.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1378.json index d5436862b90..9d314aa3722 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1378.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1378.json @@ -2,16 +2,40 @@ "id": "CVE-2024-1378", "sourceIdentifier": "product-cna@github.com", "published": "2024-02-13T19:15:10.760", - "lastModified": "2024-02-13T19:45:42.327", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:02:21.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via\u00a0nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n" + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con una funci\u00f3n de editor en Management Console obtener acceso SSH de administrador al dispositivo a trav\u00e9s de plantillas n\u00f3madas al configurar las opciones SMTP. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la Consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty https://bounty.github.com." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + }, { "source": "product-cna@github.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "product-cna@github.com", "type": "Secondary", @@ -46,22 +80,77 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.8.15", + "matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.9.0", + "versionEndExcluding": "3.9.10", + "matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.10.0", + "versionEndExcluding": "3.10.7", + "matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.11.0", + "versionEndExcluding": "3.11.5", + "matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E" + } + ] + } + ] + } + ], "references": [ { "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10", - "source": "product-cna@github.com" + "source": "product-cna@github.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20726.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20726.json index 34c9d0746df..025e3d88703 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20726.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20726.json @@ -2,18 +2,22 @@ "id": "CVE-2024-20726", "sourceIdentifier": "psirt@adobe.com", "published": "2024-02-15T13:15:46.500", - "lastModified": "2024-02-15T14:28:26.433", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:04:49.107", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -46,10 +70,98 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20727.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20727.json index cb3813731d5..db72930361b 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20727.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20727.json @@ -2,18 +2,22 @@ "id": "CVE-2024-20727", "sourceIdentifier": "psirt@adobe.com", "published": "2024-02-15T13:15:46.697", - "lastModified": "2024-02-15T14:28:26.433", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:05:33.873", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -46,10 +70,98 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20728.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20728.json index 712b42deb3d..a307b7dcebd 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20728.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20728.json @@ -2,18 +2,22 @@ "id": "CVE-2024-20728", "sourceIdentifier": "psirt@adobe.com", "published": "2024-02-15T13:15:46.893", - "lastModified": "2024-02-15T14:28:26.433", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:05:51.263", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -46,10 +70,98 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20729.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20729.json index a4a326064e8..245cbe99cb4 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20729.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20729.json @@ -2,18 +2,22 @@ "id": "CVE-2024-20729", "sourceIdentifier": "psirt@adobe.com", "published": "2024-02-15T13:15:47.087", - "lastModified": "2024-02-15T17:15:08.020", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:06:10.797", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -46,14 +70,105 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1890", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20730.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20730.json index bca0a51a7ce..6a560d2e833 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20730.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20730.json @@ -2,16 +2,40 @@ "id": "CVE-2024-20730", "sourceIdentifier": "psirt@adobe.com", "published": "2024-02-15T13:15:47.303", - "lastModified": "2024-02-15T17:15:08.450", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:06:28.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad de desbordamiento de enteros o envoltura que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "psirt@adobe.com", "type": "Secondary", @@ -46,14 +70,105 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1906", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20731.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20731.json index 89142dbafdb..683f177afd2 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20731.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20731.json @@ -2,18 +2,22 @@ "id": "CVE-2024-20731", "sourceIdentifier": "psirt@adobe.com", "published": "2024-02-15T13:15:47.500", - "lastModified": "2024-02-15T17:15:08.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:06:42.083", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -46,14 +70,105 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] }, { "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1901", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20733.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20733.json index 596beb22899..bb725066c8b 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20733.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20733.json @@ -2,18 +2,22 @@ "id": "CVE-2024-20733", "sourceIdentifier": "psirt@adobe.com", "published": "2024-02-15T13:15:47.700", - "lastModified": "2024-02-15T14:28:20.067", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:06:53.667", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 20.005.30539, 23.008.20470 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar una denegaci\u00f3n de servicio de la aplicaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad para provocar que la aplicaci\u00f3n falle, lo que provocar\u00eda una denegaci\u00f3n de servicio. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -46,10 +70,98 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20734.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20734.json index 8b7b9e9c02f..9a0399d54a0 100644 --- a/CVE-2024/CVE-2024-207xx/CVE-2024-20734.json +++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20734.json @@ -2,18 +2,22 @@ "id": "CVE-2024-20734", "sourceIdentifier": "psirt@adobe.com", "published": "2024-02-15T13:15:47.897", - "lastModified": "2024-02-15T14:28:20.067", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:07:08.780", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 20.005.30539, 23.008.20470 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { "cvssMetricV31": [ { - "source": "psirt@adobe.com", + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -31,6 +35,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -46,10 +70,98 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*", + "versionStartIncluding": "15.008.20082", + "versionEndExcluding": "23.008.20533", + "matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*", + "versionStartIncluding": "20.001.30005", + "versionEndExcluding": "20.005.30574", + "matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20972.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20972.json index 19043528605..211c072d551 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20972.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20972.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20972", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:50.993", - "lastModified": "2024-02-20T19:50:53.960", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:18:40.500", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,10 +38,54 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.0.35", + "matchCriteriaId": "36624F1E-C034-47EF-B4CF-D0C2900CAB76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:8.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7D7D985A-F68F-4073-842F-3E864A30EA39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:8.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "241270D5-5730-4DED-A569-3EE374DFEA44" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20974.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20974.json index 82f7687b1f2..f160137cb22 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20974.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20974.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20974", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:51.157", - "lastModified": "2024-02-20T19:50:53.960", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:19:08.207", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,10 +38,54 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.0.35", + "matchCriteriaId": "36624F1E-C034-47EF-B4CF-D0C2900CAB76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:8.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7D7D985A-F68F-4073-842F-3E864A30EA39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:8.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "241270D5-5730-4DED-A569-3EE374DFEA44" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20976.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20976.json index 1f968b80c95..c413660a1a0 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20976.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20976.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20976", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:51.310", - "lastModified": "2024-02-20T19:50:53.960", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:19:16.267", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,10 +38,54 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.0.35", + "matchCriteriaId": "36624F1E-C034-47EF-B4CF-D0C2900CAB76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:8.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7D7D985A-F68F-4073-842F-3E864A30EA39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:8.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "241270D5-5730-4DED-A569-3EE374DFEA44" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20978.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20978.json index 8a5a999cf5b..7cc5a0857e5 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20978.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20978.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20978", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:51.470", - "lastModified": "2024-02-20T19:50:53.960", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-01T23:19:21.650", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -38,10 +38,54 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndIncluding": "8.0.35", + "matchCriteriaId": "36624F1E-C034-47EF-B4CF-D0C2900CAB76" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:8.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7D7D985A-F68F-4073-842F-3E864A30EA39" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oracle:mysql_server:8.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "241270D5-5730-4DED-A569-3EE374DFEA44" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2024.html", - "source": "secalert_us@oracle.com" + "source": "secalert_us@oracle.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24511.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24511.json new file mode 100644 index 00000000000..ed108f58dee --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24511.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-24511", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-01T23:15:08.260", + "lastModified": "2024-03-01T23:15:08.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://drive.google.com/file/d/1IhU9tNhc6enKL1Dgq9--R05biJBjodKv/view?usp=sharing", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24511%20-%3E%20Stored%20XSS%20in%20input%20Title%20of%20the%20Component", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24512.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24512.json new file mode 100644 index 00000000000..947992d1fa5 --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24512.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-24512", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-01T23:15:08.313", + "lastModified": "2024-03-01T23:15:08.313", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://drive.google.com/file/d/1jRsltje5PRkgigcY5qLWB3GhF0e9j6aF/view?usp=sharing", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24512%20-%3E%20Stored%20XSS%20in%20input%20SubTitle%20of%20the%20Component", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25434.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25434.json new file mode 100644 index 00000000000..b262560ff24 --- /dev/null +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25434.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-25434", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-01T23:15:08.360", + "lastModified": "2024-03-01T23:15:08.360", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://drive.google.com/file/d/1MFuAyZukdJeA7HKz8o8pOKLJMjURTZCt/view?usp=sharing", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25434%20-%3E%20Stored%20XSS%20in%20input%20public%20name%20of%20the%20Component", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25436.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25436.json new file mode 100644 index 00000000000..f5118cf0de6 --- /dev/null +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25436.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-25436", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-01T23:15:08.410", + "lastModified": "2024-03-01T23:15:08.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://drive.google.com/file/d/1nSC8OlxsEnOajZ2JYuwoKFZqyB764WkL/view?usp=drivesdk", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25438.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25438.json new file mode 100644 index 00000000000..20b686b34c5 --- /dev/null +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25438.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-25438", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-01T23:15:08.457", + "lastModified": "2024-03-01T23:15:08.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://drive.google.com/file/d/1-9yUkbsQ-blYpTsdZoXfu3ALBA5wQCbG/view?usp=sharing", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27354.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27354.json new file mode 100644 index 00000000000..2b45e0eb517 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27354.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-27354", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-01T23:15:08.500", + "lastModified": "2024-03-01T23:15:08.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27355.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27355.json new file mode 100644 index 00000000000..b398230e443 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27355.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-27355", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-01T23:15:08.553", + "lastModified": "2024-03-01T23:15:08.553", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 7684789fb5a..3a6112f9efa 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-01T23:00:25.011944+00:00 +2024-03-02T00:55:24.712434+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-01T22:59:15.660000+00:00 +2024-03-01T23:19:21.650000+00:00 ``` ### Last Data Feed Release @@ -29,69 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -240276 +240283 ``` ### CVEs added in the last Commit -Recently added CVEs: `31` +Recently added CVEs: `7` -* [CVE-2021-47075](CVE-2021/CVE-2021-470xx/CVE-2021-47075.json) (`2024-03-01T22:15:47.170`) -* [CVE-2021-47076](CVE-2021/CVE-2021-470xx/CVE-2021-47076.json) (`2024-03-01T22:15:47.223`) -* [CVE-2021-47077](CVE-2021/CVE-2021-470xx/CVE-2021-47077.json) (`2024-03-01T22:15:47.283`) -* [CVE-2021-47078](CVE-2021/CVE-2021-470xx/CVE-2021-47078.json) (`2024-03-01T22:15:47.333`) -* [CVE-2021-47079](CVE-2021/CVE-2021-470xx/CVE-2021-47079.json) (`2024-03-01T22:15:47.387`) -* [CVE-2021-47080](CVE-2021/CVE-2021-470xx/CVE-2021-47080.json) (`2024-03-01T22:15:47.433`) -* [CVE-2021-47081](CVE-2021/CVE-2021-470xx/CVE-2021-47081.json) (`2024-03-01T22:15:47.483`) -* [CVE-2023-7242](CVE-2023/CVE-2023-72xx/CVE-2023-7242.json) (`2024-03-01T21:15:07.213`) -* [CVE-2023-7243](CVE-2023/CVE-2023-72xx/CVE-2023-7243.json) (`2024-03-01T21:15:07.417`) -* [CVE-2023-7244](CVE-2023/CVE-2023-72xx/CVE-2023-7244.json) (`2024-03-01T21:15:07.613`) -* [CVE-2023-49539](CVE-2023/CVE-2023-495xx/CVE-2023-49539.json) (`2024-03-01T22:15:47.540`) -* [CVE-2023-49540](CVE-2023/CVE-2023-495xx/CVE-2023-49540.json) (`2024-03-01T22:15:47.600`) -* [CVE-2023-49543](CVE-2023/CVE-2023-495xx/CVE-2023-49543.json) (`2024-03-01T22:15:47.640`) -* [CVE-2023-49544](CVE-2023/CVE-2023-495xx/CVE-2023-49544.json) (`2024-03-01T22:15:47.683`) -* [CVE-2023-49545](CVE-2023/CVE-2023-495xx/CVE-2023-49545.json) (`2024-03-01T22:15:47.730`) -* [CVE-2024-20328](CVE-2024/CVE-2024-203xx/CVE-2024-20328.json) (`2024-03-01T21:15:07.790`) -* [CVE-2024-21767](CVE-2024/CVE-2024-217xx/CVE-2024-21767.json) (`2024-03-01T21:15:07.973`) -* [CVE-2024-22182](CVE-2024/CVE-2024-221xx/CVE-2024-22182.json) (`2024-03-01T21:15:08.167`) -* [CVE-2024-23492](CVE-2024/CVE-2024-234xx/CVE-2024-23492.json) (`2024-03-01T21:15:08.367`) -* [CVE-2024-27101](CVE-2024/CVE-2024-271xx/CVE-2024-27101.json) (`2024-03-01T21:15:08.593`) -* [CVE-2024-1869](CVE-2024/CVE-2024-18xx/CVE-2024-1869.json) (`2024-03-01T22:15:47.777`) -* [CVE-2024-27743](CVE-2024/CVE-2024-277xx/CVE-2024-27743.json) (`2024-03-01T22:15:47.823`) -* [CVE-2024-27744](CVE-2024/CVE-2024-277xx/CVE-2024-27744.json) (`2024-03-01T22:15:47.870`) -* [CVE-2024-27746](CVE-2024/CVE-2024-277xx/CVE-2024-27746.json) (`2024-03-01T22:15:47.923`) -* [CVE-2024-27747](CVE-2024/CVE-2024-277xx/CVE-2024-27747.json) (`2024-03-01T22:15:47.973`) +* [CVE-2024-24511](CVE-2024/CVE-2024-245xx/CVE-2024-24511.json) (`2024-03-01T23:15:08.260`) +* [CVE-2024-24512](CVE-2024/CVE-2024-245xx/CVE-2024-24512.json) (`2024-03-01T23:15:08.313`) +* [CVE-2024-25434](CVE-2024/CVE-2024-254xx/CVE-2024-25434.json) (`2024-03-01T23:15:08.360`) +* [CVE-2024-25436](CVE-2024/CVE-2024-254xx/CVE-2024-25436.json) (`2024-03-01T23:15:08.410`) +* [CVE-2024-25438](CVE-2024/CVE-2024-254xx/CVE-2024-25438.json) (`2024-03-01T23:15:08.457`) +* [CVE-2024-27354](CVE-2024/CVE-2024-273xx/CVE-2024-27354.json) (`2024-03-01T23:15:08.500`) +* [CVE-2024-27355](CVE-2024/CVE-2024-273xx/CVE-2024-27355.json) (`2024-03-01T23:15:08.553`) ### CVEs modified in the last Commit -Recently modified CVEs: `33` +Recently modified CVEs: `14` -* [CVE-2024-27296](CVE-2024/CVE-2024-272xx/CVE-2024-27296.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-27499](CVE-2024/CVE-2024-274xx/CVE-2024-27499.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-2068](CVE-2024/CVE-2024-20xx/CVE-2024-2068.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-2069](CVE-2024/CVE-2024-20xx/CVE-2024-2069.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-2070](CVE-2024/CVE-2024-20xx/CVE-2024-2070.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-27558](CVE-2024/CVE-2024-275xx/CVE-2024-27558.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-27559](CVE-2024/CVE-2024-275xx/CVE-2024-27559.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-27689](CVE-2024/CVE-2024-276xx/CVE-2024-27689.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-27734](CVE-2024/CVE-2024-277xx/CVE-2024-27734.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-2071](CVE-2024/CVE-2024-20xx/CVE-2024-2071.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-2072](CVE-2024/CVE-2024-20xx/CVE-2024-2072.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-2073](CVE-2024/CVE-2024-20xx/CVE-2024-2073.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-27298](CVE-2024/CVE-2024-272xx/CVE-2024-27298.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-2074](CVE-2024/CVE-2024-20xx/CVE-2024-2074.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-2075](CVE-2024/CVE-2024-20xx/CVE-2024-2075.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-1453](CVE-2024/CVE-2024-14xx/CVE-2024-1453.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-2076](CVE-2024/CVE-2024-20xx/CVE-2024-2076.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-2077](CVE-2024/CVE-2024-20xx/CVE-2024-2077.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-1174](CVE-2024/CVE-2024-11xx/CVE-2024-1174.json) (`2024-03-01T22:22:25.913`) -* [CVE-2024-21377](CVE-2024/CVE-2024-213xx/CVE-2024-21377.json) (`2024-03-01T22:24:40.680`) -* [CVE-2024-21378](CVE-2024/CVE-2024-213xx/CVE-2024-21378.json) (`2024-03-01T22:28:26.620`) -* [CVE-2024-21379](CVE-2024/CVE-2024-213xx/CVE-2024-21379.json) (`2024-03-01T22:29:19.727`) -* [CVE-2024-21380](CVE-2024/CVE-2024-213xx/CVE-2024-21380.json) (`2024-03-01T22:56:10.253`) -* [CVE-2024-21406](CVE-2024/CVE-2024-214xx/CVE-2024-21406.json) (`2024-03-01T22:57:15.940`) -* [CVE-2024-1374](CVE-2024/CVE-2024-13xx/CVE-2024-1374.json) (`2024-03-01T22:59:15.660`) +* [CVE-2023-26206](CVE-2023/CVE-2023-262xx/CVE-2023-26206.json) (`2024-03-01T23:12:48.653`) +* [CVE-2024-1378](CVE-2024/CVE-2024-13xx/CVE-2024-1378.json) (`2024-03-01T23:02:21.513`) +* [CVE-2024-20726](CVE-2024/CVE-2024-207xx/CVE-2024-20726.json) (`2024-03-01T23:04:49.107`) +* [CVE-2024-20727](CVE-2024/CVE-2024-207xx/CVE-2024-20727.json) (`2024-03-01T23:05:33.873`) +* [CVE-2024-20728](CVE-2024/CVE-2024-207xx/CVE-2024-20728.json) (`2024-03-01T23:05:51.263`) +* [CVE-2024-20729](CVE-2024/CVE-2024-207xx/CVE-2024-20729.json) (`2024-03-01T23:06:10.797`) +* [CVE-2024-20730](CVE-2024/CVE-2024-207xx/CVE-2024-20730.json) (`2024-03-01T23:06:28.757`) +* [CVE-2024-20731](CVE-2024/CVE-2024-207xx/CVE-2024-20731.json) (`2024-03-01T23:06:42.083`) +* [CVE-2024-20733](CVE-2024/CVE-2024-207xx/CVE-2024-20733.json) (`2024-03-01T23:06:53.667`) +* [CVE-2024-20734](CVE-2024/CVE-2024-207xx/CVE-2024-20734.json) (`2024-03-01T23:07:08.780`) +* [CVE-2024-20972](CVE-2024/CVE-2024-209xx/CVE-2024-20972.json) (`2024-03-01T23:18:40.500`) +* [CVE-2024-20974](CVE-2024/CVE-2024-209xx/CVE-2024-20974.json) (`2024-03-01T23:19:08.207`) +* [CVE-2024-20976](CVE-2024/CVE-2024-209xx/CVE-2024-20976.json) (`2024-03-01T23:19:16.267`) +* [CVE-2024-20978](CVE-2024/CVE-2024-209xx/CVE-2024-20978.json) (`2024-03-01T23:19:21.650`) ## Download and Usage