admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-16T23:00:24.404168+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-16 23:00:28 +00:00
parent f75593931a
commit fe9204e805
35 changed files with 1633 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2023/CVE-2023-459xx/CVE-2023-45918.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-45918",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T22:15:07.880",
"lastModified": "2024-02-16T22:15:07.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c."
}
],
"metrics": {},
"references": [
{
"url": "https://lists.gnu.org/archive/html/bug-ncurses/2023-06/msg00005.html",
"source": "cve@mitre.org"
}
]
}

63
CVE-2023/CVE-2023-503xx/CVE-2023-50349.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-50349",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-09T21:15:07.840",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:34:23.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. \n"
},
{
"lang": "es",
"value": "Sametime se ve afectado por una vulnerabilidad de Cross Site Request Forgery (CSRF). Algunas API REST de la aplicaci\u00f3n Sametime Proxy pueden permitir que un atacante realice acciones maliciosas en la aplicaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +58,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:sametime:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.0.2",
"matchCriteriaId": "FDA15EE5-1675-469C-BF7B-DB9FDE95F338"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-503xx/CVE-2023-50387.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50387",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T16:15:45.300",
"lastModified": "2024-02-16T20:15:47.323",
"lastModified": "2024-02-16T21:15:07.930",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3",
"source": "cve@mitre.org"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-50387",
"source": "cve@mitre.org"

6
CVE-2023/CVE-2023-508xx/CVE-2023-50868.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50868",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T16:15:45.377",
"lastModified": "2024-02-16T20:15:47.397",
"lastModified": "2024-02-16T21:15:08.000",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -20,6 +20,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/2",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/16/3",
"source": "cve@mitre.org"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-50868",
"source": "cve@mitre.org"

4
CVE-2024/CVE-2024-00xx/CVE-2024-0016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0016",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T20:15:47.460",
"lastModified": "2024-02-16T20:15:47.460",
"vulnStatus": "Received",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0017.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0017",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T20:15:47.513",
"lastModified": "2024-02-16T20:15:47.513",
"vulnStatus": "Received",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0018.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0018",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T20:15:47.560",
"lastModified": "2024-02-16T20:15:47.560",
"vulnStatus": "Received",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0019.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0019",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T20:15:47.610",
"lastModified": "2024-02-16T20:15:47.610",
"vulnStatus": "Received",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0020.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0020",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T20:15:47.667",
"lastModified": "2024-02-16T20:15:47.667",
"vulnStatus": "Received",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0021",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T20:15:47.717",
"lastModified": "2024-02-16T20:15:47.717",
"vulnStatus": "Received",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-00xx/CVE-2024-0023.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0023",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T20:15:47.767",
"lastModified": "2024-02-16T20:15:47.767",
"vulnStatus": "Received",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

73
CVE-2024/CVE-2024-05xx/CVE-2024-0595.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0595",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-10T07:15:08.220",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:34:39.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails."
},
{
"lang": "es",
"value": "El complemento Awesome Support \u2013 WordPress HelpDesk & Support Plugin para WordPress es vulnerable al acceso no autorizado debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n wpas_get_users() conectada a trav\u00e9s de AJAX en todas las versiones hasta la 6.1.7 incluida. Esto hace posible que los atacantes autenticados, con acceso a nivel de suscriptor y superior, recuperen datos del usuario, como correos electr\u00f3nicos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,18 +58,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.1.8",
"matchCriteriaId": "F9CD5015-8E1A-4254-BEA3-9E8A74D0C609"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-05xx/CVE-2024-0596.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0596",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-10T07:15:08.700",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:34:53.293",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Awesome Support \u2013 WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts."
},
{
"lang": "es",
"value": "El complemento Awesome Support \u2013 WordPress HelpDesk & Support Plugin para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n editor_html() en todas las versiones hasta la 6.1.7 incluida. Esto hace posible que los atacantes autenticados, con acceso de nivel de suscriptor y superior, vean publicaciones protegidas con contrase\u00f1a y borradores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -34,14 +58,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getawesomesupport:awesome_support:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.1.8",
"matchCriteriaId": "F9CD5015-8E1A-4254-BEA3-9E8A74D0C609"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

83
CVE-2024/CVE-2024-14xx/CVE-2024-1406.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1406",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-10T08:15:07.170",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:35:22.940",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Linksys WRT54GL 4.30.18. Ha sido declarada problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /SysInfo1.htm del componente Web Management Interface. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-253330 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +105,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linksys:wrt54gl_firmware:4.30.18:*:*:*:*:*:*:*",
"matchCriteriaId": "1173CC78-A954-4989-A72C-CF349C7BC4D2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:linksys:wrt54gl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "04AA9149-2F72-4585-8A41-66AE3D573197"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.253330",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.253330",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

85
CVE-2024/CVE-2024-14xx/CVE-2024-1430.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1430",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-11T01:15:07.750",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:35:39.290",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en Netgear R7000 1.0.11.136_10.2.120 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /currentsetting.htm del componente Web Management Interface es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-253381. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:r7000_firmware:1.0.11.136_10.2.120:*:*:*:*:*:*:*",
"matchCriteriaId": "51A5378E-0EE4-47EE-9EB3-CECC4852D104"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/Hints/tree/main/R7000/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.253381",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.253381",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

85
CVE-2024/CVE-2024-14xx/CVE-2024-1431.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1431",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-11T03:15:07.733",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:35:46.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Netgear R7000 1.0.11.136_10.2.120 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /debuginfo.htm del componente Web Management Interface es afectada por este problema. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-253382 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,57 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:netgear:r7000_firmware:1.0.11.136_10.2.120:*:*:*:*:*:*:*",
"matchCriteriaId": "51A5378E-0EE4-47EE-9EB3-CECC4852D104"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:netgear:r7000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F86FF6-AB32-4E51-856A-DDE790C0A9A6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/leetsun/Hints/tree/main/R7000/2",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.253382",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.253382",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}
]
}

55
CVE-2024/CVE-2024-219xx/CVE-2024-21987.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-21987",
"sourceIdentifier": "security-alert@netapp.com",
"published": "2024-02-16T21:15:08.053",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SnapCenter versions 4.8 prior to 5.0 are susceptible to a \nvulnerability which could allow an authenticated SnapCenter Server user \nto modify system logging configuration settings\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@netapp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-alert@netapp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20240216-0001/",
"source": "security-alert@netapp.com"
}
]
}

82
CVE-2024/CVE-2024-223xx/CVE-2024-22318.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22318",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:09.440",
"lastModified": "2024-02-14T03:15:15.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:38:55.127",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -50,22 +80,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:i_access_client_solutions:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.2",
"versionEndIncluding": "1.1.4",
"matchCriteriaId": "531AF116-53A2-47C9-944E-C7E2CA2ADF9B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:i_access_client_solutions:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.1.4.3",
"versionEndIncluding": "1.1.9.4",
"matchCriteriaId": "BBE9A4FD-776F-4981-A57F-9E69849577E4"
}
]
}
]
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Feb/7",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279091",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7116091",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-223xx/CVE-2024-22332.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22332",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-09T01:15:09.650",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:39:25.407",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972."
},
{
"lang": "es",
"value": "IBM Integration Bus para z/OS 10.1 a 10.1.0.2 AdminAPI es vulnerable a una denegaci\u00f3n de servicio debido al agotamiento del sistema de archivos. ID de IBM X-Force: 279972."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:integration_bus:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.1",
"versionEndIncluding": "10.1.0.2",
"matchCriteriaId": "4E01C139-88CA-4039-AC75-AB200B170BC3"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279972",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry"
]
},
{
"url": "https://https://www.ibm.com/support/pages/node/7116046",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

77
CVE-2024/CVE-2024-223xx/CVE-2024-22361.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22361",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-10T15:15:35.667",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:35:31.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222."
},
{
"lang": "es",
"value": "IBM Semeru Runtime 8.0.302.0 a 8.0.392.0, 11.0.12.0 a 11.0.21.0, 17.0.1.0 - 17.0.9.0 y 21.0.1.0 utiliza algoritmos criptogr\u00e1ficos m\u00e1s d\u00e9biles de lo esperado que podr\u00edan permitir a un atacante descifrar informaci\u00f3n altamente confidencial. ID de IBM X-Force: 281222."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:semeru_runtime:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.302.0",
"versionEndExcluding": "8.0.402.0",
"matchCriteriaId": "BA4B8B66-3303-490C-9D3B-22188FD257D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:semeru_runtime:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.12.0",
"versionEndExcluding": "11.0.22.0",
"matchCriteriaId": "53915283-E1D3-4F1A-8D29-66CCD1866D73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:semeru_runtime:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0.1.0",
"versionEndExcluding": "17.0.10.0",
"matchCriteriaId": "E533B3E9-400B-41D8-9637-D4B6C6F6D3D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:semeru_runtime:21.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5D5749EB-5EEB-44C2-AA0F-51A311F6E587"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/281222",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7116431",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-247xx/CVE-2024-24750.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24750",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-16T22:15:07.947",
"lastModified": "2024-02-16T22:15:07.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-247xx/CVE-2024-24758.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24758",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-16T22:15:08.160",
"lastModified": "2024-02-16T22:15:08.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3",
"source": "security-advisories@github.com"
}
]
}

73
CVE-2024/CVE-2024-248xx/CVE-2024-24819.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24819",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T01:15:10.080",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:34:17.650",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\\Web\\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "icingaweb2-module-incubator es un proyecto de trabajo de las librer\u00edas Icinga Web 2 de \u00faltima generaci\u00f3n. En las versiones afectadas, la clase `gipfl\\Web\\Form` es la base para varias implementaciones de formularios concretos [1] y proporciona protecci\u00f3n contra cross site request forgery (CSRF) de forma predeterminada. Esto se hace agregando autom\u00e1ticamente un elemento con un token CSRF a cualquier formulario, a menos que est\u00e9 expl\u00edcitamente deshabilitado, pero incluso si est\u00e1 habilitado, el token CSRF (enviado durante el env\u00edo de un formulario por parte de un cliente que depende de \u00e9l) no se valida. Esto permite a los atacantes realizar cambios en nombre de un usuario que, sin saberlo, interact\u00faa con un enlace o sitio web preparado. La versi\u00f3n 0.22.0 est\u00e1 disponible para solucionar este problema. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,20 +68,57 @@
"value": "CWE-352"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icinga:icingaweb2-module-incubator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.22.0",
"matchCriteriaId": "F22DD4AD-6817-437D-8273-295D28A389A3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Icinga/icingaweb2-module-incubator/commit/db7dc49585fee0b4e96be666d7f6009a74a1ccb5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/Icinga/icingaweb2-module-incubator/security/advisories/GHSA-p8vv-9pqq-rm8p",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/search?q=gipfl%5CWeb%5CForm%3B&type=code",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Permissions Required"
]
}
]
}

108
CVE-2024/CVE-2024-248xx/CVE-2024-24820.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24820",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T00:15:08.437",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:36:58.440",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being."
},
{
"lang": "es",
"value": "Icinga Director es una herramienta manipulada para facilitar el manejo de la configuraci\u00f3n de Icinga 2. Ninguno de los formularios de configuraci\u00f3n de Icinga Director utilizados para manipular el entorno de monitoreo est\u00e1 protegido contra cross site request forgery (CSRF). Permite a los atacantes realizar cambios en el entorno de monitoreo administrado por Icinga Director sin el conocimiento de la v\u00edctima. Los usuarios del m\u00f3dulo de mapas en la versi\u00f3n 1.x deben actualizar inmediatamente a la versi\u00f3n 2.0. Las vulnerabilidades XSS mencionadas en Icinga Web tambi\u00e9n ya est\u00e1n solucionadas y se deben realizar actualizaciones a la versi\u00f3n m\u00e1s reciente de la rama 2.9, 2.10 o 2.11 si a\u00fan no se han hecho. Cualquier versi\u00f3n importante posterior tambi\u00e9n es adecuada. Icinga Director recibir\u00e1 actualizaciones menores para las ramas 1.8, 1.9, 1.10 y 1.11 para solucionar este problema. Actualice inmediatamente a una versi\u00f3n parcheada. Si eso no es posible, desactive el m\u00f3dulo director por el momento."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,30 +80,88 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.8.2",
"matchCriteriaId": "0B846BE2-8F30-4A4A-A62B-F5205F5623D3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.9.0",
"versionEndExcluding": "1.9.2",
"matchCriteriaId": "365FE35F-72DF-4287-9FDF-6D7E987C9534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10.0",
"versionEndExcluding": "1.10.3",
"matchCriteriaId": "D59D8750-4A96-4F59-9C75-EF57F9ABD2ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:icinga:icinga:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.11.0",
"versionEndExcluding": "1.11.3",
"matchCriteriaId": "87E0A7CE-F6C5-4931-BE94-D36DC69A4005"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.mozilla.org/en/mozilla/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Press/Media Coverage"
]
},
{
"url": "https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/Icinga/icingaweb2/issues?q=is%3Aissue++is%3Aclosed+4979+4960+4947",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/nbuchwitz/icingaweb2-module-map/pull/86",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
},
{
"url": "https://support.apple.com/en-is/guide/safari/sfri11471/16.0",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.chromium.org/updates/same-site/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
}
]
}

64
CVE-2024/CVE-2024-248xx/CVE-2024-24821.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24821",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T00:15:08.680",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:37:27.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```sh\nrm vendor/composer/installed.php vendor/composer/InstalledVersions.php\ncomposer install --no-scripts --no-plugins\n```"
},
{
"lang": "es",
"value": "Composer es un administrador de dependencias para el lenguaje PHP. En las versiones afectadas, se incluyen varios archivos dentro del directorio de trabajo local durante la invocaci\u00f3n de Composer y en el contexto del usuario que lo ejecuta. Como tal, bajo ciertas condiciones la ejecuci\u00f3n de c\u00f3digo arbitrario puede conducir a una escalada de privilegios locales, proporcionar movimiento lateral del usuario o ejecuci\u00f3n de c\u00f3digo malicioso cuando se invoca Composer dentro de un directorio con archivos manipulados. Todos los comandos de Composer CLI se ven afectados, incluida la actualizaci\u00f3n autom\u00e1tica de Composer.phar. Los siguientes escenarios son de alto riesgo: Composer ejecutado con sudo, Canalizaciones que pueden ejecutar Composer en proyectos que no son de confianza, Entornos compartidos con desarrolladores que ejecutan Composer individualmente en el mismo proyecto. Esta vulnerabilidad se ha solucionado en las versiones 2.7.0 y 2.2.23. Se recomienda que las versiones parcheadas se apliquen lo antes posible. Cuando no sea posible, se debe abordar lo siguiente: eliminar todos los privilegios de Sudo Composer para todos los usuarios para mitigar la escalada de privilegios de root y evitar ejecutar Composer dentro de un directorio que no sea de confianza o, si es necesario, verificar que el contenido de `vendor/composer/InstalledVersions.php ` y `vendor/composer/installed.php` no incluyen c\u00f3digo que no sea de confianza. Tambi\u00e9n se puede restablecer estos archivos mediante lo siguiente:```sh rm seller/composer/installed.php seller/composer/InstalledVersions.php Composer install --no-scripts --no-plugins ```"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getcomposer:composer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.2.23",
"matchCriteriaId": "ABFF8B5F-7C4A-4D4A-8BA4-31288D642194"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:getcomposer:composer:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3.0",
"versionEndExcluding": "2.7.0",
"matchCriteriaId": "04E48189-BFEC-410C-863C-B3A7AD233152"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-248xx/CVE-2024-24825.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24825",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T00:15:08.903",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:37:47.923",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "DIRAC es un framework de recursos distribuidos. En las versiones afectadas, cualquier usuario podr\u00eda obtener un token solicitado por otro usuario/agente. Esto puede exponer los recursos a partes no deseadas. Este problema se solucion\u00f3 en la versi\u00f3n 8.0.37. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:diracgrid:dirac:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.0.37",
"matchCriteriaId": "4DF1FFD5-3D44-4605-8B1F-6BB3188E923E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DIRACGrid/DIRAC/commit/f9ddab755b9a69acb85e14d2db851d8ac0c9648c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-248xx/CVE-2024-24829.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24829",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-09T00:15:09.117",
"lastModified": "2024-02-09T01:37:53.353",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:37:59.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sentry is an error tracking and performance monitoring platform. Sentry\u2019s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Sentry es una plataforma de seguimiento de errores y supervisi\u00f3n del rendimiento. La plataforma de integraci\u00f3n de Sentry proporciona una forma para que los servicios externos interact\u00faen con Sentry. Una de esas integraciones, la integraci\u00f3n de Phabricator (mantenida por Sentry) con la versi\u00f3n &lt;=24.1.1, contiene una vulnerabilidad SSRF restringida. Un atacante podr\u00eda hacer que Sentry env\u00ede solicitudes POST HTTP a URL arbitrarias (incluidas direcciones IP internas) proporcionando una entrada no sanitizada a la integraci\u00f3n de Phabricator. Sin embargo, el payload de la carrocer\u00eda est\u00e1 limitado a un formato espec\u00edfico. Si un atacante tiene acceso a una instancia de Sentry, esto le permite: 1. interactuar con la red interna; 2. escanear puertos locales/remotos. Este problema se solucion\u00f3 en la versi\u00f3n 24.1.2 autohospedada de Sentry y ya se mitig\u00f3 en sentry.io el 8 de febrero. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,7 +60,7 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -44,20 +68,58 @@
"value": "CWE-918"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sentry:sentry:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "24.1.2",
"matchCriteriaId": "71E40428-D743-4670-B61B-296C02D610E3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/getsentry/self-hosted/releases/tag/24.1.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/getsentry/sentry/pull/64882",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/getsentry/sentry/security/advisories/GHSA-rqxh-fp9p-p98r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-249xx/CVE-2024-24930.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24930",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-12T06:15:08.520",
"lastModified": "2024-02-12T14:20:03.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:33:40.590",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:otwthemes:buttons_shortcode_and_widget:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.16",
"matchCriteriaId": "EFBB0C64-C67B-4B66-B9D6-2B056F0F609B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/buttons-shortcode-and-widget/wordpress-buttons-shortcode-and-widget-plugin-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-249xx/CVE-2024-24931.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24931",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-12T06:15:08.717",
"lastModified": "2024-02-12T14:20:03.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:33:29.340",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:swadeshswain:before_after_image_slider:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.2",
"matchCriteriaId": "61005456-7DDF-44C3-A1F8-DBD6B3F4181F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/before-after-image-slider/wordpress-before-after-image-slider-wp-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-249xx/CVE-2024-24932.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24932",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-12T06:15:08.917",
"lastModified": "2024-02-12T14:20:03.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:35:59.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,7 +60,7 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -48,12 +68,43 @@
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zixn:vk_poster_group:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.3",
"matchCriteriaId": "AFC033A1-26A5-4FFF-9DE4-8087513CF6F8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/vk-poster-group/wordpress-vk-poster-group-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-250xx/CVE-2024-25083.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-25083",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T21:15:08.260",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/bt24-01",
"source": "cve@mitre.org"
}
]
}

59
CVE-2024/CVE-2024-256xx/CVE-2024-25627.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-25627",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-16T21:15:08.430",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an XSS payload. This issue has been addressed in version 2.0-M4-2402. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/alfio-event/alf.io/security/advisories/GHSA-gpmg-8f92-37cf",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-256xx/CVE-2024-25628.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25628",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-16T21:15:08.657",
"lastModified": "2024-02-16T21:39:50.223",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://github.com/alfio-event/alf.io/security/advisories/GHSA-8p6m-mm22-q893",
"source": "security-advisories@github.com"
}
]
}

74
CVE-2024/CVE-2024-257xx/CVE-2024-25715.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2024-25715",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-11T03:15:09.453",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-16T21:35:54.270",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri."
},
{
"lang": "es",
"value": "El servidor SSO de Glewlwyd 2.x a 2.7.6 permite la redirecci\u00f3n abierta a trav\u00e9s de redirecci\u00f3n_uri."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:glewlwyd_sso_server_project:glewlwyd_sso_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndIncluding": "2.7.6",
"matchCriteriaId": "167E0A8B-45F7-48EB-A1C9-69C983411BBC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch"
]
}
]
}

79
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-16T21:00:24.395998+00:00
2024-02-16T23:00:24.404168+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-16T20:57:44.050000+00:00
2024-02-16T22:15:08.160000+00:00
```
### Last Data Feed Release
@ -29,56 +29,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238761
238768
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `7`
* [CVE-2023-40085](CVE-2023/CVE-2023-400xx/CVE-2023-40085.json) (`2024-02-16T19:15:08.093`)
* [CVE-2023-21165](CVE-2023/CVE-2023-211xx/CVE-2023-21165.json) (`2024-02-16T19:15:08.007`)
* [CVE-2024-0015](CVE-2024/CVE-2024-00xx/CVE-2024-0015.json) (`2024-02-16T19:15:08.153`)
* [CVE-2024-1591](CVE-2024/CVE-2024-15xx/CVE-2024-1591.json) (`2024-02-16T19:15:08.207`)
* [CVE-2024-21915](CVE-2024/CVE-2024-219xx/CVE-2024-21915.json) (`2024-02-16T19:15:08.460`)
* [CVE-2024-0016](CVE-2024/CVE-2024-00xx/CVE-2024-0016.json) (`2024-02-16T20:15:47.460`)
* [CVE-2024-0017](CVE-2024/CVE-2024-00xx/CVE-2024-0017.json) (`2024-02-16T20:15:47.513`)
* [CVE-2024-0018](CVE-2024/CVE-2024-00xx/CVE-2024-0018.json) (`2024-02-16T20:15:47.560`)
* [CVE-2024-0019](CVE-2024/CVE-2024-00xx/CVE-2024-0019.json) (`2024-02-16T20:15:47.610`)
* [CVE-2024-0020](CVE-2024/CVE-2024-00xx/CVE-2024-0020.json) (`2024-02-16T20:15:47.667`)
* [CVE-2024-0021](CVE-2024/CVE-2024-00xx/CVE-2024-0021.json) (`2024-02-16T20:15:47.717`)
* [CVE-2024-0023](CVE-2024/CVE-2024-00xx/CVE-2024-0023.json) (`2024-02-16T20:15:47.767`)
* [CVE-2023-45918](CVE-2023/CVE-2023-459xx/CVE-2023-45918.json) (`2024-02-16T22:15:07.880`)
* [CVE-2024-21987](CVE-2024/CVE-2024-219xx/CVE-2024-21987.json) (`2024-02-16T21:15:08.053`)
* [CVE-2024-25083](CVE-2024/CVE-2024-250xx/CVE-2024-25083.json) (`2024-02-16T21:15:08.260`)
* [CVE-2024-25627](CVE-2024/CVE-2024-256xx/CVE-2024-25627.json) (`2024-02-16T21:15:08.430`)
* [CVE-2024-25628](CVE-2024/CVE-2024-256xx/CVE-2024-25628.json) (`2024-02-16T21:15:08.657`)
* [CVE-2024-24750](CVE-2024/CVE-2024-247xx/CVE-2024-24750.json) (`2024-02-16T22:15:07.947`)
* [CVE-2024-24758](CVE-2024/CVE-2024-247xx/CVE-2024-24758.json) (`2024-02-16T22:15:08.160`)
### CVEs modified in the last Commit
Recently modified CVEs: `62`
Recently modified CVEs: `27`
* [CVE-2024-1342](CVE-2024/CVE-2024-13xx/CVE-2024-1342.json) (`2024-02-16T19:26:55.393`)
* [CVE-2024-23591](CVE-2024/CVE-2024-235xx/CVE-2024-23591.json) (`2024-02-16T19:26:55.393`)
* [CVE-2024-24933](CVE-2024/CVE-2024-249xx/CVE-2024-24933.json) (`2024-02-16T19:29:53.437`)
* [CVE-2024-25222](CVE-2024/CVE-2024-252xx/CVE-2024-25222.json) (`2024-02-16T19:32:56.613`)
* [CVE-2024-25221](CVE-2024/CVE-2024-252xx/CVE-2024-25221.json) (`2024-02-16T19:33:17.330`)
* [CVE-2024-25220](CVE-2024/CVE-2024-252xx/CVE-2024-25220.json) (`2024-02-16T19:34:51.807`)
* [CVE-2024-25219](CVE-2024/CVE-2024-252xx/CVE-2024-25219.json) (`2024-02-16T19:45:28.097`)
* [CVE-2024-25218](CVE-2024/CVE-2024-252xx/CVE-2024-25218.json) (`2024-02-16T19:45:37.420`)
* [CVE-2024-20744](CVE-2024/CVE-2024-207xx/CVE-2024-20744.json) (`2024-02-16T19:51:12.413`)
* [CVE-2024-20743](CVE-2024/CVE-2024-207xx/CVE-2024-20743.json) (`2024-02-16T20:06:10.620`)
* [CVE-2024-20742](CVE-2024/CVE-2024-207xx/CVE-2024-20742.json) (`2024-02-16T20:07:52.000`)
* [CVE-2024-20741](CVE-2024/CVE-2024-207xx/CVE-2024-20741.json) (`2024-02-16T20:08:23.677`)
* [CVE-2024-20740](CVE-2024/CVE-2024-207xx/CVE-2024-20740.json) (`2024-02-16T20:08:32.477`)
* [CVE-2024-20725](CVE-2024/CVE-2024-207xx/CVE-2024-20725.json) (`2024-02-16T20:08:40.570`)
* [CVE-2024-20724](CVE-2024/CVE-2024-207xx/CVE-2024-20724.json) (`2024-02-16T20:08:48.677`)
* [CVE-2024-20723](CVE-2024/CVE-2024-207xx/CVE-2024-20723.json) (`2024-02-16T20:08:58.180`)
* [CVE-2024-20722](CVE-2024/CVE-2024-207xx/CVE-2024-20722.json) (`2024-02-16T20:09:06.823`)
* [CVE-2024-20720](CVE-2024/CVE-2024-207xx/CVE-2024-20720.json) (`2024-02-16T20:14:23.457`)
* [CVE-2024-20719](CVE-2024/CVE-2024-207xx/CVE-2024-20719.json) (`2024-02-16T20:30:40.470`)
* [CVE-2024-20718](CVE-2024/CVE-2024-207xx/CVE-2024-20718.json) (`2024-02-16T20:42:56.020`)
* [CVE-2024-20717](CVE-2024/CVE-2024-207xx/CVE-2024-20717.json) (`2024-02-16T20:43:07.097`)
* [CVE-2024-20716](CVE-2024/CVE-2024-207xx/CVE-2024-20716.json) (`2024-02-16T20:43:24.443`)
* [CVE-2024-24133](CVE-2024/CVE-2024-241xx/CVE-2024-24133.json) (`2024-02-16T20:47:34.403`)
* [CVE-2024-1254](CVE-2024/CVE-2024-12xx/CVE-2024-1254.json) (`2024-02-16T20:54:41.887`)
* [CVE-2024-1253](CVE-2024/CVE-2024-12xx/CVE-2024-1253.json) (`2024-02-16T20:56:02.073`)
* [CVE-2023-50349](CVE-2023/CVE-2023-503xx/CVE-2023-50349.json) (`2024-02-16T21:34:23.923`)
* [CVE-2024-24931](CVE-2024/CVE-2024-249xx/CVE-2024-24931.json) (`2024-02-16T21:33:29.340`)
* [CVE-2024-24930](CVE-2024/CVE-2024-249xx/CVE-2024-24930.json) (`2024-02-16T21:33:40.590`)
* [CVE-2024-24819](CVE-2024/CVE-2024-248xx/CVE-2024-24819.json) (`2024-02-16T21:34:17.650`)
* [CVE-2024-0595](CVE-2024/CVE-2024-05xx/CVE-2024-0595.json) (`2024-02-16T21:34:39.327`)
* [CVE-2024-0596](CVE-2024/CVE-2024-05xx/CVE-2024-0596.json) (`2024-02-16T21:34:53.293`)
* [CVE-2024-1406](CVE-2024/CVE-2024-14xx/CVE-2024-1406.json) (`2024-02-16T21:35:22.940`)
* [CVE-2024-22361](CVE-2024/CVE-2024-223xx/CVE-2024-22361.json) (`2024-02-16T21:35:31.953`)
* [CVE-2024-1430](CVE-2024/CVE-2024-14xx/CVE-2024-1430.json) (`2024-02-16T21:35:39.290`)
* [CVE-2024-1431](CVE-2024/CVE-2024-14xx/CVE-2024-1431.json) (`2024-02-16T21:35:46.980`)
* [CVE-2024-25715](CVE-2024/CVE-2024-257xx/CVE-2024-25715.json) (`2024-02-16T21:35:54.270`)
* [CVE-2024-24932](CVE-2024/CVE-2024-249xx/CVE-2024-24932.json) (`2024-02-16T21:35:59.587`)
* [CVE-2024-24820](CVE-2024/CVE-2024-248xx/CVE-2024-24820.json) (`2024-02-16T21:36:58.440`)
* [CVE-2024-24821](CVE-2024/CVE-2024-248xx/CVE-2024-24821.json) (`2024-02-16T21:37:27.557`)
* [CVE-2024-24825](CVE-2024/CVE-2024-248xx/CVE-2024-24825.json) (`2024-02-16T21:37:47.923`)
* [CVE-2024-24829](CVE-2024/CVE-2024-248xx/CVE-2024-24829.json) (`2024-02-16T21:37:59.497`)
* [CVE-2024-22318](CVE-2024/CVE-2024-223xx/CVE-2024-22318.json) (`2024-02-16T21:38:55.127`)
* [CVE-2024-22332](CVE-2024/CVE-2024-223xx/CVE-2024-22332.json) (`2024-02-16T21:39:25.407`)
* [CVE-2024-0016](CVE-2024/CVE-2024-00xx/CVE-2024-0016.json) (`2024-02-16T21:39:50.223`)
* [CVE-2024-0017](CVE-2024/CVE-2024-00xx/CVE-2024-0017.json) (`2024-02-16T21:39:50.223`)
* [CVE-2024-0018](CVE-2024/CVE-2024-00xx/CVE-2024-0018.json) (`2024-02-16T21:39:50.223`)
* [CVE-2024-0019](CVE-2024/CVE-2024-00xx/CVE-2024-0019.json) (`2024-02-16T21:39:50.223`)
* [CVE-2024-0020](CVE-2024/CVE-2024-00xx/CVE-2024-0020.json) (`2024-02-16T21:39:50.223`)
* [CVE-2024-0021](CVE-2024/CVE-2024-00xx/CVE-2024-0021.json) (`2024-02-16T21:39:50.223`)
* [CVE-2024-0023](CVE-2024/CVE-2024-00xx/CVE-2024-0023.json) (`2024-02-16T21:39:50.223`)
## Download and Usage