admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-02T00:55:24.712434+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-02 00:55:28 +00:00
parent be5718ce9d
commit fe0b8eb6ae
22 changed files with 1484 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
CVE-2023/CVE-2023-262xx/CVE-2023-26206.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-26206", "id": "CVE-2023-26206",
"sourceIdentifier": "psirt@fortinet.com", "sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-15T14:15:44.597", "published": "2024-02-15T14:15:44.597",
"lastModified": "2024-02-15T14:28:20.067", "lastModified": "2024-03-01T23:12:48.653",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs." "value": "An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs."
},
{
"lang": "es",
"value": "Una neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de la p\u00e1gina web ('cross-site scripting') en Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 y 7.2.0 permite a un atacante para ejecutar c\u00f3digo o comandos no autorizados a trav\u00e9s de los campos de nombre observados en los registros de auditor\u00eda de pol\u00edticas."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "psirt@fortinet.com", "source": "psirt@fortinet.com",
"type": "Secondary", "type": "Secondary",
@ -46,10 +70,51 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndIncluding": "9.1.10",
"matchCriteriaId": "72F09A9E-3804-43BE-95B8-67418FEF269E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndIncluding": "9.2.8",
"matchCriteriaId": "225F8F74-D68C-444E-87E9-BC8AED05BB42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.4.0",
"versionEndIncluding": "9.4.2",
"matchCriteriaId": "029D7D58-6515-42D5-8E9A-73845CCE15A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortinac:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF5B4CF-5BF9-4852-BD4F-5A27FD17EDC2"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://fortiguard.com/psirt/FG-IR-23-063", "url": "https://fortiguard.com/psirt/FG-IR-23-063",
"source": "psirt@fortinet.com" "source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

101
CVE-2024/CVE-2024-13xx/CVE-2024-1378.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1378", "id": "CVE-2024-1378",
"sourceIdentifier": "product-cna@github.com", "sourceIdentifier": "product-cna@github.com",
"published": "2024-02-13T19:15:10.760", "published": "2024-02-13T19:15:10.760",
"lastModified": "2024-02-13T19:45:42.327", "lastModified": "2024-03-01T23:02:21.513",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via\u00a0nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n" "value": "A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via\u00a0nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com .\n"
},
{
"lang": "es",
"value": "Se identific\u00f3 una vulnerabilidad de inyecci\u00f3n de comandos en GitHub Enterprise Server que permiti\u00f3 a un atacante con una funci\u00f3n de editor en Management Console obtener acceso SSH de administrador al dispositivo a trav\u00e9s de plantillas n\u00f3madas al configurar las opciones SMTP. La explotaci\u00f3n de esta vulnerabilidad requiri\u00f3 acceso a la instancia de GitHub Enterprise Server y acceso a la Consola de administraci\u00f3n con la funci\u00f3n de editor. Esta vulnerabilidad afect\u00f3 a todas las versiones de GitHub Enterprise Server anteriores a la 3.12 y se solucion\u00f3 en las versiones 3.11.5, 3.10.7, 3.9.10 y 3.8.15. Esta vulnerabilidad se inform\u00f3 a trav\u00e9s del programa GitHub Bug Bounty https://bounty.github.com."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{ {
"source": "product-cna@github.com", "source": "product-cna@github.com",
"type": "Secondary", "type": "Secondary",
@ -35,6 +59,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{ {
"source": "product-cna@github.com", "source": "product-cna@github.com",
"type": "Secondary", "type": "Secondary",
@ -46,22 +80,77 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.8.15",
"matchCriteriaId": "DC6BA1DD-5194-4738-B23D-07FCEAFFB3DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.9.0",
"versionEndExcluding": "3.9.10",
"matchCriteriaId": "8C3BDFFD-8A83-4D52-8A6E-B87B8070A046"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.10.0",
"versionEndExcluding": "3.10.7",
"matchCriteriaId": "EB406BB2-7ABF-4A44-830F-7012CDB3D81D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:github:enterprise_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.11.0",
"versionEndExcluding": "3.11.5",
"matchCriteriaId": "0529566C-AC2F-4385-93D7-578230AC453E"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7", "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7",
"source": "product-cna@github.com" "source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5", "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5",
"source": "product-cna@github.com" "source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15", "url": "https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15",
"source": "product-cna@github.com" "source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10", "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10",
"source": "product-cna@github.com" "source": "product-cna@github.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

120
CVE-2024/CVE-2024-207xx/CVE-2024-20726.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20726", "id": "CVE-2024-20726",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:46.500", "published": "2024-02-15T13:15:46.500",
"lastModified": "2024-02-15T14:28:26.433", "lastModified": "2024-03-01T23:04:49.107",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
@ -31,6 +35,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -46,10 +70,98 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

120
CVE-2024/CVE-2024-207xx/CVE-2024-20727.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20727", "id": "CVE-2024-20727",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:46.697", "published": "2024-02-15T13:15:46.697",
"lastModified": "2024-02-15T14:28:26.433", "lastModified": "2024-03-01T23:05:33.873",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
@ -31,6 +35,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -46,10 +70,98 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

120
CVE-2024/CVE-2024-207xx/CVE-2024-20728.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20728", "id": "CVE-2024-20728",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:46.893", "published": "2024-02-15T13:15:46.893",
"lastModified": "2024-02-15T14:28:26.433", "lastModified": "2024-03-01T23:05:51.263",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
@ -31,6 +35,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -46,10 +70,98 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

125
CVE-2024/CVE-2024-207xx/CVE-2024-20729.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20729", "id": "CVE-2024-20729",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:47.087", "published": "2024-02-15T13:15:47.087",
"lastModified": "2024-02-15T17:15:08.020", "lastModified": "2024-03-01T23:06:10.797",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
@ -31,6 +35,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -46,14 +70,105 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1890", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1890",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

123
CVE-2024/CVE-2024-207xx/CVE-2024-20730.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-20730", "id": "CVE-2024-20730",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:47.303", "published": "2024-02-15T13:15:47.303",
"lastModified": "2024-02-15T17:15:08.450", "lastModified": "2024-03-01T23:06:28.757",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad de desbordamiento de enteros o envoltura que podr\u00eda resultar en la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "psirt@adobe.com", "source": "psirt@adobe.com",
"type": "Secondary", "type": "Secondary",
@ -46,14 +70,105 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1906", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1906",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

125
CVE-2024/CVE-2024-207xx/CVE-2024-20731.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20731", "id": "CVE-2024-20731",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:47.500", "published": "2024-02-15T13:15:47.500",
"lastModified": "2024-02-15T17:15:08.637", "lastModified": "2024-03-01T23:06:42.083",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones de Acrobat Reader 20.005.30539, 23.008.20470 y anteriores se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
@ -31,6 +35,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -46,14 +70,105 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1901", "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1901",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

120
CVE-2024/CVE-2024-207xx/CVE-2024-20733.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20733", "id": "CVE-2024-20733",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:47.700", "published": "2024-02-15T13:15:47.700",
"lastModified": "2024-02-15T14:28:20.067", "lastModified": "2024-03-01T23:06:53.667",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file." "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 20.005.30539, 23.008.20470 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad de validaci\u00f3n de entrada incorrecta que podr\u00eda provocar una denegaci\u00f3n de servicio de la aplicaci\u00f3n. Un atacante podr\u00eda aprovechar esta vulnerabilidad para provocar que la aplicaci\u00f3n falle, lo que provocar\u00eda una denegaci\u00f3n de servicio. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
@ -31,6 +35,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
@ -46,10 +70,98 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

120
CVE-2024/CVE-2024-207xx/CVE-2024-20734.json
View File

@ -2,18 +2,22 @@
"id": "CVE-2024-20734", "id": "CVE-2024-20734",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:47.897", "published": "2024-02-15T13:15:47.897",
"lastModified": "2024-02-15T14:28:20.067", "lastModified": "2024-03-01T23:07:08.780",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file." "value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 20.005.30539, 23.008.20470 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad Use After Free que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
@ -31,6 +35,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
@ -46,10 +70,98 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

50
CVE-2024/CVE-2024-209xx/CVE-2024-20972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20972", "id": "CVE-2024-20972",
"sourceIdentifier": "secalert_us@oracle.com", "sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:50.993", "published": "2024-02-17T02:15:50.993",
"lastModified": "2024-02-20T19:50:53.960", "lastModified": "2024-03-01T23:18:40.500",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -38,10 +38,54 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "36624F1E-C034-47EF-B4CF-D0C2900CAB76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7D985A-F68F-4073-842F-3E864A30EA39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "241270D5-5730-4DED-A569-3EE374DFEA44"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.oracle.com/security-alerts/cpujan2024.html", "url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com" "source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

50
CVE-2024/CVE-2024-209xx/CVE-2024-20974.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20974", "id": "CVE-2024-20974",
"sourceIdentifier": "secalert_us@oracle.com", "sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:51.157", "published": "2024-02-17T02:15:51.157",
"lastModified": "2024-02-20T19:50:53.960", "lastModified": "2024-03-01T23:19:08.207",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -38,10 +38,54 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "36624F1E-C034-47EF-B4CF-D0C2900CAB76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7D985A-F68F-4073-842F-3E864A30EA39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "241270D5-5730-4DED-A569-3EE374DFEA44"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.oracle.com/security-alerts/cpujan2024.html", "url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com" "source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

50
CVE-2024/CVE-2024-209xx/CVE-2024-20976.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20976", "id": "CVE-2024-20976",
"sourceIdentifier": "secalert_us@oracle.com", "sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:51.310", "published": "2024-02-17T02:15:51.310",
"lastModified": "2024-02-20T19:50:53.960", "lastModified": "2024-03-01T23:19:16.267",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -38,10 +38,54 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "36624F1E-C034-47EF-B4CF-D0C2900CAB76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7D985A-F68F-4073-842F-3E864A30EA39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "241270D5-5730-4DED-A569-3EE374DFEA44"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.oracle.com/security-alerts/cpujan2024.html", "url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com" "source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

50
CVE-2024/CVE-2024-209xx/CVE-2024-20978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20978", "id": "CVE-2024-20978",
"sourceIdentifier": "secalert_us@oracle.com", "sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:51.470", "published": "2024-02-17T02:15:51.470",
"lastModified": "2024-02-20T19:50:53.960", "lastModified": "2024-03-01T23:19:21.650",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
@ -38,10 +38,54 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndIncluding": "8.0.35",
"matchCriteriaId": "36624F1E-C034-47EF-B4CF-D0C2900CAB76"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7D7D985A-F68F-4073-842F-3E864A30EA39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:oracle:mysql_server:8.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "241270D5-5730-4DED-A569-3EE374DFEA44"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.oracle.com/security-alerts/cpujan2024.html", "url": "https://www.oracle.com/security-alerts/cpujan2024.html",
"source": "secalert_us@oracle.com" "source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

24
CVE-2024/CVE-2024-245xx/CVE-2024-24511.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-24511",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T23:15:08.260",
"lastModified": "2024-03-01T23:15:08.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component."
}
],
"metrics": {},
"references": [
{
"url": "https://drive.google.com/file/d/1IhU9tNhc6enKL1Dgq9--R05biJBjodKv/view?usp=sharing",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24511%20-%3E%20Stored%20XSS%20in%20input%20Title%20of%20the%20Component",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-245xx/CVE-2024-24512.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-24512",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T23:15:08.313",
"lastModified": "2024-03-01T23:15:08.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component."
}
],
"metrics": {},
"references": [
{
"url": "https://drive.google.com/file/d/1jRsltje5PRkgigcY5qLWB3GhF0e9j6aF/view?usp=sharing",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24512%20-%3E%20Stored%20XSS%20in%20input%20SubTitle%20of%20the%20Component",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-254xx/CVE-2024-25434.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25434",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T23:15:08.360",
"lastModified": "2024-03-01T23:15:08.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://drive.google.com/file/d/1MFuAyZukdJeA7HKz8o8pOKLJMjURTZCt/view?usp=sharing",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25434%20-%3E%20Stored%20XSS%20in%20input%20public%20name%20of%20the%20Component",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-254xx/CVE-2024-25436.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25436",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T23:15:08.410",
"lastModified": "2024-03-01T23:15:08.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function."
}
],
"metrics": {},
"references": [
{
"url": "https://drive.google.com/file/d/1nSC8OlxsEnOajZ2JYuwoKFZqyB764WkL/view?usp=drivesdk",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-254xx/CVE-2024-25438.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25438",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T23:15:08.457",
"lastModified": "2024-03-01T23:15:08.457",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function."
}
],
"metrics": {},
"references": [
{
"url": "https://drive.google.com/file/d/1-9yUkbsQ-blYpTsdZoXfu3ALBA5wQCbG/view?usp=sharing",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-273xx/CVE-2024-27354.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-27354",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T23:15:08.500",
"lastModified": "2024-03-01T23:15:08.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-273xx/CVE-2024-27355.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-27355",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T23:15:08.553",
"lastModified": "2024-03-01T23:15:08.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID)."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129",
"source": "cve@mitre.org"
}
]
}

81
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-03-01T23:00:25.011944+00:00 2024-03-02T00:55:24.712434+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-03-01T22:59:15.660000+00:00 2024-03-01T23:19:21.650000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,69 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
240276 240283
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `31` Recently added CVEs: `7`
* [CVE-2021-47075](CVE-2021/CVE-2021-470xx/CVE-2021-47075.json) (`2024-03-01T22:15:47.170`) * [CVE-2024-24511](CVE-2024/CVE-2024-245xx/CVE-2024-24511.json) (`2024-03-01T23:15:08.260`)
* [CVE-2021-47076](CVE-2021/CVE-2021-470xx/CVE-2021-47076.json) (`2024-03-01T22:15:47.223`) * [CVE-2024-24512](CVE-2024/CVE-2024-245xx/CVE-2024-24512.json) (`2024-03-01T23:15:08.313`)
* [CVE-2021-47077](CVE-2021/CVE-2021-470xx/CVE-2021-47077.json) (`2024-03-01T22:15:47.283`) * [CVE-2024-25434](CVE-2024/CVE-2024-254xx/CVE-2024-25434.json) (`2024-03-01T23:15:08.360`)
* [CVE-2021-47078](CVE-2021/CVE-2021-470xx/CVE-2021-47078.json) (`2024-03-01T22:15:47.333`) * [CVE-2024-25436](CVE-2024/CVE-2024-254xx/CVE-2024-25436.json) (`2024-03-01T23:15:08.410`)
* [CVE-2021-47079](CVE-2021/CVE-2021-470xx/CVE-2021-47079.json) (`2024-03-01T22:15:47.387`) * [CVE-2024-25438](CVE-2024/CVE-2024-254xx/CVE-2024-25438.json) (`2024-03-01T23:15:08.457`)
* [CVE-2021-47080](CVE-2021/CVE-2021-470xx/CVE-2021-47080.json) (`2024-03-01T22:15:47.433`) * [CVE-2024-27354](CVE-2024/CVE-2024-273xx/CVE-2024-27354.json) (`2024-03-01T23:15:08.500`)
* [CVE-2021-47081](CVE-2021/CVE-2021-470xx/CVE-2021-47081.json) (`2024-03-01T22:15:47.483`) * [CVE-2024-27355](CVE-2024/CVE-2024-273xx/CVE-2024-27355.json) (`2024-03-01T23:15:08.553`)
* [CVE-2023-7242](CVE-2023/CVE-2023-72xx/CVE-2023-7242.json) (`2024-03-01T21:15:07.213`)
* [CVE-2023-7243](CVE-2023/CVE-2023-72xx/CVE-2023-7243.json) (`2024-03-01T21:15:07.417`)
* [CVE-2023-7244](CVE-2023/CVE-2023-72xx/CVE-2023-7244.json) (`2024-03-01T21:15:07.613`)
* [CVE-2023-49539](CVE-2023/CVE-2023-495xx/CVE-2023-49539.json) (`2024-03-01T22:15:47.540`)
* [CVE-2023-49540](CVE-2023/CVE-2023-495xx/CVE-2023-49540.json) (`2024-03-01T22:15:47.600`)
* [CVE-2023-49543](CVE-2023/CVE-2023-495xx/CVE-2023-49543.json) (`2024-03-01T22:15:47.640`)
* [CVE-2023-49544](CVE-2023/CVE-2023-495xx/CVE-2023-49544.json) (`2024-03-01T22:15:47.683`)
* [CVE-2023-49545](CVE-2023/CVE-2023-495xx/CVE-2023-49545.json) (`2024-03-01T22:15:47.730`)
* [CVE-2024-20328](CVE-2024/CVE-2024-203xx/CVE-2024-20328.json) (`2024-03-01T21:15:07.790`)
* [CVE-2024-21767](CVE-2024/CVE-2024-217xx/CVE-2024-21767.json) (`2024-03-01T21:15:07.973`)
* [CVE-2024-22182](CVE-2024/CVE-2024-221xx/CVE-2024-22182.json) (`2024-03-01T21:15:08.167`)
* [CVE-2024-23492](CVE-2024/CVE-2024-234xx/CVE-2024-23492.json) (`2024-03-01T21:15:08.367`)
* [CVE-2024-27101](CVE-2024/CVE-2024-271xx/CVE-2024-27101.json) (`2024-03-01T21:15:08.593`)
* [CVE-2024-1869](CVE-2024/CVE-2024-18xx/CVE-2024-1869.json) (`2024-03-01T22:15:47.777`)
* [CVE-2024-27743](CVE-2024/CVE-2024-277xx/CVE-2024-27743.json) (`2024-03-01T22:15:47.823`)
* [CVE-2024-27744](CVE-2024/CVE-2024-277xx/CVE-2024-27744.json) (`2024-03-01T22:15:47.870`)
* [CVE-2024-27746](CVE-2024/CVE-2024-277xx/CVE-2024-27746.json) (`2024-03-01T22:15:47.923`)
* [CVE-2024-27747](CVE-2024/CVE-2024-277xx/CVE-2024-27747.json) (`2024-03-01T22:15:47.973`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `33` Recently modified CVEs: `14`
* [CVE-2024-27296](CVE-2024/CVE-2024-272xx/CVE-2024-27296.json) (`2024-03-01T22:22:25.913`) * [CVE-2023-26206](CVE-2023/CVE-2023-262xx/CVE-2023-26206.json) (`2024-03-01T23:12:48.653`)
* [CVE-2024-27499](CVE-2024/CVE-2024-274xx/CVE-2024-27499.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-1378](CVE-2024/CVE-2024-13xx/CVE-2024-1378.json) (`2024-03-01T23:02:21.513`)
* [CVE-2024-2068](CVE-2024/CVE-2024-20xx/CVE-2024-2068.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20726](CVE-2024/CVE-2024-207xx/CVE-2024-20726.json) (`2024-03-01T23:04:49.107`)
* [CVE-2024-2069](CVE-2024/CVE-2024-20xx/CVE-2024-2069.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20727](CVE-2024/CVE-2024-207xx/CVE-2024-20727.json) (`2024-03-01T23:05:33.873`)
* [CVE-2024-2070](CVE-2024/CVE-2024-20xx/CVE-2024-2070.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20728](CVE-2024/CVE-2024-207xx/CVE-2024-20728.json) (`2024-03-01T23:05:51.263`)
* [CVE-2024-27558](CVE-2024/CVE-2024-275xx/CVE-2024-27558.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20729](CVE-2024/CVE-2024-207xx/CVE-2024-20729.json) (`2024-03-01T23:06:10.797`)
* [CVE-2024-27559](CVE-2024/CVE-2024-275xx/CVE-2024-27559.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20730](CVE-2024/CVE-2024-207xx/CVE-2024-20730.json) (`2024-03-01T23:06:28.757`)
* [CVE-2024-27689](CVE-2024/CVE-2024-276xx/CVE-2024-27689.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20731](CVE-2024/CVE-2024-207xx/CVE-2024-20731.json) (`2024-03-01T23:06:42.083`)
* [CVE-2024-27734](CVE-2024/CVE-2024-277xx/CVE-2024-27734.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20733](CVE-2024/CVE-2024-207xx/CVE-2024-20733.json) (`2024-03-01T23:06:53.667`)
* [CVE-2024-2071](CVE-2024/CVE-2024-20xx/CVE-2024-2071.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20734](CVE-2024/CVE-2024-207xx/CVE-2024-20734.json) (`2024-03-01T23:07:08.780`)
* [CVE-2024-2072](CVE-2024/CVE-2024-20xx/CVE-2024-2072.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20972](CVE-2024/CVE-2024-209xx/CVE-2024-20972.json) (`2024-03-01T23:18:40.500`)
* [CVE-2024-2073](CVE-2024/CVE-2024-20xx/CVE-2024-2073.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20974](CVE-2024/CVE-2024-209xx/CVE-2024-20974.json) (`2024-03-01T23:19:08.207`)
* [CVE-2024-27298](CVE-2024/CVE-2024-272xx/CVE-2024-27298.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20976](CVE-2024/CVE-2024-209xx/CVE-2024-20976.json) (`2024-03-01T23:19:16.267`)
* [CVE-2024-2074](CVE-2024/CVE-2024-20xx/CVE-2024-2074.json) (`2024-03-01T22:22:25.913`) * [CVE-2024-20978](CVE-2024/CVE-2024-209xx/CVE-2024-20978.json) (`2024-03-01T23:19:21.650`)
* [CVE-2024-2075](CVE-2024/CVE-2024-20xx/CVE-2024-2075.json) (`2024-03-01T22:22:25.913`)
* [CVE-2024-1453](CVE-2024/CVE-2024-14xx/CVE-2024-1453.json) (`2024-03-01T22:22:25.913`)
* [CVE-2024-2076](CVE-2024/CVE-2024-20xx/CVE-2024-2076.json) (`2024-03-01T22:22:25.913`)
* [CVE-2024-2077](CVE-2024/CVE-2024-20xx/CVE-2024-2077.json) (`2024-03-01T22:22:25.913`)
* [CVE-2024-1174](CVE-2024/CVE-2024-11xx/CVE-2024-1174.json) (`2024-03-01T22:22:25.913`)
* [CVE-2024-21377](CVE-2024/CVE-2024-213xx/CVE-2024-21377.json) (`2024-03-01T22:24:40.680`)
* [CVE-2024-21378](CVE-2024/CVE-2024-213xx/CVE-2024-21378.json) (`2024-03-01T22:28:26.620`)
* [CVE-2024-21379](CVE-2024/CVE-2024-213xx/CVE-2024-21379.json) (`2024-03-01T22:29:19.727`)
* [CVE-2024-21380](CVE-2024/CVE-2024-213xx/CVE-2024-21380.json) (`2024-03-01T22:56:10.253`)
* [CVE-2024-21406](CVE-2024/CVE-2024-214xx/CVE-2024-21406.json) (`2024-03-01T22:57:15.940`)
* [CVE-2024-1374](CVE-2024/CVE-2024-13xx/CVE-2024-1374.json) (`2024-03-01T22:59:15.660`)
## Download and Usage ## Download and Usage