diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48618.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48618.json
new file mode 100644
index 00000000000..07f9e1c6c4c
--- /dev/null
+++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48618.json
@@ -0,0 +1,32 @@
+{
+ "id": "CVE-2022-48618",
+ "sourceIdentifier": "product-security@apple.com",
+ "published": "2024-01-09T18:15:45.120",
+ "lastModified": "2024-01-09T18:15:45.120",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.1, watchOS 9.2, iOS 16.2 and iPadOS 16.2, tvOS 16.2. An attacker with arbitrary read and write capability may be able to bypass Pointer Authentication. Apple is aware of a report that this issue may have been exploited against versions of iOS released before iOS 15.7.1."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "https://support.apple.com/en-us/HT213530",
+ "source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/en-us/HT213532",
+ "source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/en-us/HT213535",
+ "source": "product-security@apple.com"
+ },
+ {
+ "url": "https://support.apple.com/en-us/HT213536",
+ "source": "product-security@apple.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26159.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26159.json
index 17cc9b8cab5..4e25c5d718c 100644
--- a/CVE-2023/CVE-2023-261xx/CVE-2023-26159.json
+++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26159.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-26159",
"sourceIdentifier": "report@snyk.io",
"published": "2024-01-02T05:15:08.630",
- "lastModified": "2024-01-02T13:47:24.843",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:20:54.677",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ },
{
"source": "report@snyk.io",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-601"
+ }
+ ]
+ },
{
"source": "report@snyk.io",
"type": "Secondary",
@@ -50,18 +80,48 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:follow-redirects:follow_redirects:*:*:*:*:*:node.js:*:*",
+ "versionEndExcluding": "1.15.4",
+ "matchCriteriaId": "5E9B14E8-F184-4F4C-8275-8FE1D093D258"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/follow-redirects/follow-redirects/issues/235",
- "source": "report@snyk.io"
+ "source": "report@snyk.io",
+ "tags": [
+ "Exploit",
+ "Issue Tracking"
+ ]
},
{
"url": "https://github.com/follow-redirects/follow-redirects/pull/236",
- "source": "report@snyk.io"
+ "source": "report@snyk.io",
+ "tags": [
+ "Issue Tracking",
+ "Patch"
+ ]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-FOLLOWREDIRECTS-6141137",
- "source": "report@snyk.io"
+ "source": "report@snyk.io",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29048.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29048.json
index c0442927603..ab3d3c07d51 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29048.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29048.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-29048",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:19.893",
- "lastModified": "2024-01-08T23:15:08.247",
+ "lastModified": "2024-01-09T18:15:45.330",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@@ -51,6 +51,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html",
+ "source": "security@open-xchange.com"
+ },
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/3",
"source": "security@open-xchange.com"
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29049.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29049.json
index 022056eb4ff..3e7ac264d1e 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29049.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29049.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-29049",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.120",
- "lastModified": "2024-01-08T23:15:08.553",
+ "lastModified": "2024-01-09T18:15:45.420",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@@ -51,6 +51,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html",
+ "source": "security@open-xchange.com"
+ },
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/3",
"source": "security@open-xchange.com"
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29050.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29050.json
index 2152cbe1e57..1e4b366aaa5 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29050.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29050.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-29050",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.300",
- "lastModified": "2024-01-08T23:15:08.630",
+ "lastModified": "2024-01-09T18:15:45.493",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@@ -51,6 +51,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/176421/OX-App-Suite-7.10.6-XSS-Command-Execution-LDAP-Injection.html",
+ "source": "security@open-xchange.com"
+ },
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/3",
"source": "security@open-xchange.com"
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json
index c8f9669599d..4f3af0c3c1e 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29051.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-29051",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.480",
- "lastModified": "2024-01-08T23:15:08.707",
+ "lastModified": "2024-01-09T18:15:45.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@@ -51,6 +51,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html",
+ "source": "security@open-xchange.com"
+ },
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/4",
"source": "security@open-xchange.com"
diff --git a/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json b/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json
index ff005d9b73c..8fc917ee328 100644
--- a/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json
+++ b/CVE-2023/CVE-2023-290xx/CVE-2023-29052.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-29052",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.680",
- "lastModified": "2024-01-08T23:15:08.780",
+ "lastModified": "2024-01-09T18:15:45.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@@ -51,6 +51,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html",
+ "source": "security@open-xchange.com"
+ },
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/4",
"source": "security@open-xchange.com"
diff --git a/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json b/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json
index eebd2b6c9e6..fa47b4549ee 100644
--- a/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json
+++ b/CVE-2023/CVE-2023-367xx/CVE-2023-36719.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-36719",
"sourceIdentifier": "secure@microsoft.com",
"published": "2023-11-14T18:15:50.820",
- "lastModified": "2023-12-15T19:47:17.103",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-01-09T17:15:10.673",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -17,7 +17,7 @@
"metrics": {
"cvssMetricV31": [
{
- "source": "nvd@nist.gov",
+ "source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@@ -37,23 +37,23 @@
"impactScore": 5.9
},
{
- "source": "secure@microsoft.com",
+ "source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
- "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
- "privilegesRequired": "NONE",
+ "privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
- "baseScore": 8.4,
+ "baseScore": 7.8,
"baseSeverity": "HIGH"
},
- "exploitabilityScore": 2.5,
+ "exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
diff --git a/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json b/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json
index 6a55194ebdb..92627e660e6 100644
--- a/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json
+++ b/CVE-2023/CVE-2023-417xx/CVE-2023-41710.json
@@ -2,7 +2,7 @@
"id": "CVE-2023-41710",
"sourceIdentifier": "security@open-xchange.com",
"published": "2024-01-08T09:15:20.883",
- "lastModified": "2024-01-08T23:15:08.850",
+ "lastModified": "2024-01-09T18:15:46.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@@ -51,6 +51,10 @@
}
],
"references": [
+ {
+ "url": "http://packetstormsecurity.com/files/176422/OX-App-Suite-7.10.6-Access-Control-Cross-Site-Scripting.html",
+ "source": "security@open-xchange.com"
+ },
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/4",
"source": "security@open-xchange.com"
diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4462.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4462.json
index 9945e200c5d..bddabd57e77 100644
--- a/CVE-2023/CVE-2023-44xx/CVE-2023-4462.json
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4462.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-4462",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:11.100",
- "lastModified": "2024-01-05T15:16:26.990",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-01-09T17:15:11.153",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability classified as problematic has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255."
+ "value": "A vulnerability classified as problematic has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This affects an unknown part of the component Web Configuration Application. The manipulation leads to insufficiently random values. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249255."
},
{
"lang": "es",
@@ -214,11 +214,12 @@
]
},
{
- "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/",
+ "source": "cna@vuldb.com"
},
{
"url": "https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/",
@@ -228,6 +229,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://support.hp.com/us-en/document/ish_9929296-9929329-16/hpsbpy03896",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://vuldb.com/?ctiid.249255",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4463.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4463.json
index a0788534312..fe3f9211a8f 100644
--- a/CVE-2023/CVE-2023-44xx/CVE-2023-4463.json
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4463.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-4463",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:11.413",
- "lastModified": "2024-01-05T22:23:17.760",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-01-09T17:15:11.347",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -214,11 +214,12 @@
]
},
{
- "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/",
+ "source": "cna@vuldb.com"
},
{
"url": "https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/",
diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4464.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4464.json
index 843e7f1fbeb..111fa5cabb3 100644
--- a/CVE-2023/CVE-2023-44xx/CVE-2023-4464.json
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4464.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-4464",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:11.750",
- "lastModified": "2024-01-05T18:04:44.347",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-01-09T17:15:11.480",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as critical, has been found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as critical, has been found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. This issue affects some unknown processing of the component Diagnostic Telnet Mode. The manipulation leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The identifier VDB-249257 was assigned to this vulnerability."
},
{
"lang": "es",
@@ -214,11 +214,16 @@
]
},
{
- "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://support.hp.com/us-en/document/ish_9931565-9931594-16/hpsbpy03898",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249257",
diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4465.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4465.json
index dbd8f07c490..98a5d92565d 100644
--- a/CVE-2023/CVE-2023-44xx/CVE-2023-4465.json
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4465.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-4465",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:12.133",
- "lastModified": "2024-01-05T17:37:28.720",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-01-09T17:15:11.623",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
+ "value": "A vulnerability, which was classified as problematic, was found in Poly Trio 8300, Trio 8500, Trio 8800, Trio C60, CCX 350, CCX 400, CCX 500, CCX 505, CCX 600, CCX 700, EDGE E100, EDGE E220, EDGE E300, EDGE E320, EDGE E350, EDGE E400, EDGE E450, EDGE E500, EDGE E550, VVX 101, VVX 150, VVX 201, VVX 250, VVX 300, VVX 301, VVX 310, VVX 311, VVX 350, VVX 400, VVX 401, VVX 410, VVX 411, VVX 450, VVX 500, VVX 501, VVX 600 and VVX 601. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument device.auth.localAdminPassword leads to unverified password change. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249258 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
@@ -214,11 +214,16 @@
]
},
{
- "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://support.hp.com/us-en/document/ish_9929371-9929407-16/hpsbpy03899",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249258",
diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4466.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4466.json
index a5dce1e5360..b2f62ac03eb 100644
--- a/CVE-2023/CVE-2023-44xx/CVE-2023-4466.json
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4466.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-4466",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:12.470",
- "lastModified": "2024-01-05T17:35:59.287",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-01-09T17:15:11.773",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -214,11 +214,12 @@
]
},
{
- "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249259",
diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4467.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4467.json
index 8f48f3ef5a3..52d19e7b167 100644
--- a/CVE-2023/CVE-2023-44xx/CVE-2023-4467.json
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4467.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-4467",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:12.783",
- "lastModified": "2024-01-05T17:34:03.037",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-01-09T17:15:11.887",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@@ -133,11 +133,12 @@
]
},
{
- "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/",
+ "source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249260",
diff --git a/CVE-2023/CVE-2023-44xx/CVE-2023-4468.json b/CVE-2023/CVE-2023-44xx/CVE-2023-4468.json
index 8f9e425266a..0989fdb6067 100644
--- a/CVE-2023/CVE-2023-44xx/CVE-2023-4468.json
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4468.json
@@ -2,12 +2,12 @@
"id": "CVE-2023-4468",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-29T10:15:13.140",
- "lastModified": "2024-01-05T23:46:50.800",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-01-09T17:15:12.000",
+ "vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
- "value": "A vulnerability was found in Poly Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability."
+ "value": "A vulnerability was found in Poly Trio 8500, Trio 8800 and Trio C60. It has been classified as problematic. This affects an unknown part of the component Poly Lens Management Cloud Registration. The manipulation leads to missing authorization. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-249261 was assigned to this vulnerability."
},
{
"lang": "es",
@@ -175,11 +175,12 @@
]
},
{
- "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip-devices/",
- "source": "cna@vuldb.com",
- "tags": [
- "Broken Link"
- ]
+ "url": "https://github.com/modzero/MZ-23-01-Poly-VoIP-Devices",
+ "source": "cna@vuldb.com"
+ },
+ {
+ "url": "https://modzero.com/en/advisories/mz-23-01-poly-voip/",
+ "source": "cna@vuldb.com"
},
{
"url": "https://modzero.com/en/blog/multiple-vulnerabilities-in-poly-products/",
@@ -188,6 +189,10 @@
"Third Party Advisory"
]
},
+ {
+ "url": "https://support.hp.com/us-en/document/ish_9929447-9929472-16/hpsbpy03902",
+ "source": "cna@vuldb.com"
+ },
{
"url": "https://vuldb.com/?ctiid.249261",
"source": "cna@vuldb.com",
diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45723.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45723.json
index 9a1bcde2320..b93b234feee 100644
--- a/CVE-2023/CVE-2023-457xx/CVE-2023-45723.json
+++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45723.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-45723",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:09.380",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:52:37.707",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -38,10 +58,52 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-22"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
- "source": "psirt@hcl.com"
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45724.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45724.json
index df31e53a80f..53e00dd24c2 100644
--- a/CVE-2023/CVE-2023-457xx/CVE-2023-45724.json
+++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45724.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-45724",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:09.537",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:34:41.837",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -38,10 +58,52 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-434"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
- "source": "psirt@hcl.com"
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-463xx/CVE-2023-46308.json b/CVE-2023/CVE-2023-463xx/CVE-2023-46308.json
index 78e703d6131..248aa431654 100644
--- a/CVE-2023/CVE-2023-463xx/CVE-2023-46308.json
+++ b/CVE-2023/CVE-2023-463xx/CVE-2023-46308.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-46308",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T05:15:11.360",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T17:47:09.937",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,15 +14,74 @@
"value": "En Plotly plotly.js anterior a 2.25.2, las llamadas a la API de trazado tienen el riesgo de que __proto__ se contamine en expandObjectPaths o nestedProperty."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-1321"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:plotly:plotly.js:*:*:*:*:*:*:*:*",
+ "versionEndExcluding": "2.25.2",
+ "matchCriteriaId": "326BE31B-8F99-41FE-BE58-CBE4ED0C7999"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/plotly/plotly.js/releases/tag/v2.25.2",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Release Notes"
+ ]
},
{
"url": "https://plotly.com/javascript/",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Product"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-484xx/CVE-2023-48418.json b/CVE-2023/CVE-2023-484xx/CVE-2023-48418.json
index 37f0b8f6b4b..da213b35272 100644
--- a/CVE-2023/CVE-2023-484xx/CVE-2023-48418.json
+++ b/CVE-2023/CVE-2023-484xx/CVE-2023-48418.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-48418",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-01-02T23:15:11.000",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T17:30:39.360",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ },
{
"source": "dsap-vuln-management@google.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ },
{
"source": "dsap-vuln-management@google.com",
"type": "Secondary",
@@ -50,10 +80,42 @@
]
}
],
+ "configurations": [
+ {
+ "operator": "AND",
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:google:pixel_watch_firmware:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "E04969E8-7B37-48E1-89F9-02ABE00C9F4D"
+ }
+ ]
+ },
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": false,
+ "criteria": "cpe:2.3:h:google:pixel_watch:11:*:*:*:*:*:*:*",
+ "matchCriteriaId": "ACD23DFF-E651-4901-847B-10A14669BEED"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel-watch/2023/2023-12-01",
- "source": "dsap-vuln-management@google.com"
+ "source": "dsap-vuln-management@google.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-495xx/CVE-2023-49554.json b/CVE-2023/CVE-2023-495xx/CVE-2023-49554.json
index 2d818aa6dc9..e5a90c2af58 100644
--- a/CVE-2023/CVE-2023-495xx/CVE-2023-49554.json
+++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49554.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-49554",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T00:15:08.987",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T17:18:19.577",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,11 +14,68 @@
"value": "Una vulnerabilidad de Use After Free en YASM 1.3.0.86.g9def permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n do_directive en el componente modules/preprocs/nasm/nasm-pp.c."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:yasm_project:yasm:1.3.0.86.g9def:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C9D63BD2-36F6-440B-AC78-6F48EDDC12CD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/yasm/yasm/issues/249",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-495xx/CVE-2023-49555.json b/CVE-2023/CVE-2023-495xx/CVE-2023-49555.json
index e4410dfc244..c68c281b6d7 100644
--- a/CVE-2023/CVE-2023-495xx/CVE-2023-49555.json
+++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49555.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-49555",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T00:15:09.047",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T17:05:14.340",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,11 +14,68 @@
"value": "Un problema en YASM 1.3.0.86.g9def permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n expand_smacro en el componente modules/preprocs/nasm/nasm-pp.c."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-noinfo"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:yasm_project:yasm:1.3.0.86.g9def:*:*:*:*:*:*:*",
+ "matchCriteriaId": "C9D63BD2-36F6-440B-AC78-6F48EDDC12CD"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/yasm/yasm/issues/248",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Issue Tracking",
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json
index 659230e4828..a77372347a4 100644
--- a/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json
+++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50096.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-50096",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-01T18:15:09.197",
- "lastModified": "2024-01-02T13:47:38.167",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:29:41.817",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,11 +14,67 @@
"value": "El middleware STMicroelectronics STSAFE-A1xx anterior a 3.3.7 permite la ejecuci\u00f3n de c\u00f3digo MCU si un adversario tiene la capacidad de leer y escribir en el bus I2C. Esto se debe a un desbordamiento de b\u00fafer StSafeA_ReceiveBytes en el paquete de software X-CUBE-SAFEA1 para aplicaciones de muestra STSAFE-A (1.2.0) y, por lo tanto, puede afectar el c\u00f3digo escrito por el usuario que se deriv\u00f3 de una aplicaci\u00f3n de muestra publicada."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-120"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:st:x-cube-safea1:1.2.0:*:*:*:*:stsafe-a:*:*",
+ "matchCriteriaId": "34027773-AE78-471B-87BC-81710B0B307E"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md",
- "source": "cve@mitre.org"
+ "source": "cve@mitre.org",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50341.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50341.json
index 0aaca241cd1..2e85338d7cd 100644
--- a/CVE-2023/CVE-2023-503xx/CVE-2023-50341.json
+++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50341.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-50341",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:10.127",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:07:10.660",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -38,10 +58,52 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
- "source": "psirt@hcl.com"
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50342.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50342.json
index 0ea9cc6fe34..9057b71d99b 100644
--- a/CVE-2023/CVE-2023-503xx/CVE-2023-50342.json
+++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50342.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-50342",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:10.817",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:06:28.293",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -38,10 +58,52 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-639"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
- "source": "psirt@hcl.com"
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50343.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50343.json
index 82f6550155a..eda261b87eb 100644
--- a/CVE-2023/CVE-2023-503xx/CVE-2023-50343.json
+++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50343.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-50343",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:11.210",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T17:58:38.060",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -38,10 +58,52 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
- "source": "psirt@hcl.com"
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50344.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50344.json
index 6c3dce08194..eea21f366ae 100644
--- a/CVE-2023/CVE-2023-503xx/CVE-2023-50344.json
+++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50344.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-50344",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-03T03:15:11.373",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T17:51:58.343",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.5
+ },
{
"source": "psirt@hcl.com",
"type": "Secondary",
@@ -38,10 +58,52 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "NVD-CWE-Other"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:5.9:*:*:*:*:*:*:*",
+ "matchCriteriaId": "D13FF107-A7BD-4925-B5A2-B44983C3713B"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "F872BB54-B3D7-4C48-A8AB-893B566380E6"
+ },
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:hcltech:dryice_myxalytics:6.1:*:*:*:*:*:*:*",
+ "matchCriteriaId": "CF8533C9-FB63-45EE-8FD4-5C69CB19F362"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109608",
- "source": "psirt@hcl.com"
+ "source": "psirt@hcl.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6129.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6129.json
new file mode 100644
index 00000000000..c9afadfcd6c
--- /dev/null
+++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6129.json
@@ -0,0 +1,36 @@
+{
+ "id": "CVE-2023-6129",
+ "sourceIdentifier": "openssl-security@openssl.org",
+ "published": "2024-01-09T17:15:12.147",
+ "lastModified": "2024-01-09T18:15:46.727",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Issue summary: The POLY1305 MAC (message authentication code) implementation\ncontains a bug that might corrupt the internal state of applications running\non PowerPC CPU based platforms if the CPU provides vector instructions.\n\nImpact summary: If an attacker can influence whether the POLY1305 MAC\nalgorithm is used, the application state might be corrupted with various\napplication dependent consequences.\n\nThe POLY1305 MAC (message authentication code) implementation in OpenSSL for\nPowerPC CPUs restores the contents of vector registers in a different order\nthan they are saved. Thus the contents of some of these vector registers\nare corrupted when returning to the caller. The vulnerable code is used only\non newer PowerPC processors supporting the PowerISA 2.07 instructions.\n\nThe consequences of this kind of internal application state corruption can\nbe various - from no consequences, if the calling application does not\ndepend on the contents of non-volatile XMM registers at all, to the worst\nconsequences, where the attacker could get complete control of the application\nprocess. However unless the compiler uses the vector registers for storing\npointers, the most likely consequence, if any, would be an incorrect result\nof some application dependent calculations or a crash leading to a denial of\nservice.\n\nThe POLY1305 MAC algorithm is most frequently used as part of the\nCHACHA20-POLY1305 AEAD (authenticated encryption with associated data)\nalgorithm. The most common usage of this AEAD cipher is with TLS protocol\nversions 1.2 and 1.3. If this cipher is enabled on the server a malicious\nclient can influence whether this AEAD cipher is used. This implies that\nTLS server applications using OpenSSL can be potentially impacted. However\nwe are currently not aware of any concrete application that would be affected\nby this issue therefore we consider this a Low severity security issue."
+ }
+ ],
+ "metrics": {},
+ "references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/01/09/1",
+ "source": "openssl-security@openssl.org"
+ },
+ {
+ "url": "https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35",
+ "source": "openssl-security@openssl.org"
+ },
+ {
+ "url": "https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04",
+ "source": "openssl-security@openssl.org"
+ },
+ {
+ "url": "https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015",
+ "source": "openssl-security@openssl.org"
+ },
+ {
+ "url": "https://www.openssl.org/news/secadv/20240109.txt",
+ "source": "openssl-security@openssl.org"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6621.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6621.json
index 0a089c2c640..3f2ec66a536 100644
--- a/CVE-2023/CVE-2023-66xx/CVE-2023-6621.json
+++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6621.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-6621",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-03T09:15:11.440",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:47:39.187",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -14,11 +14,68 @@
"value": "POST SMTP WordPress plugin anterior a 2.8.7 no sanitiza ni escapa el par\u00e1metro msg antes de devolverlo a la p\u00e1gina, lo que genera cross site scripting reflejado que podr\u00eda usarse contra usuarios con privilegios elevados, como el administrador."
}
],
- "metrics": {},
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "2.8.7",
+ "matchCriteriaId": "00068F78-E905-4A92-8286-F98BDBD96103"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://wpscan.com/vulnerability/b49ca336-5bc2-4d72-a9a5-b8c020057928",
- "source": "contact@wpscan.com"
+ "source": "contact@wpscan.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6981.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6981.json
index 7c84b7a9b28..cb7e3bc5046 100644
--- a/CVE-2023/CVE-2023-69xx/CVE-2023-6981.json
+++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6981.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-6981",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T06:15:47.663",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:55:41.547",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -38,18 +58,58 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-89"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:veronalabs:wp_sms:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "6.5.1",
+ "matchCriteriaId": "8FA38489-0282-4D9A-8AFF-1048C1FEE5FA"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/wp-sms/wp-sms/commit/6656de201efe67c7983102c344a546eed976a819",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3015006%40wp-sms&new=3015006%40wp-sms&sfp_email=&sfph_mail=",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b8f53053-5150-4fba-b8d6-3d6c9df32c69?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7027.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7027.json
index f9a36853085..8e21ce33872 100644
--- a/CVE-2023/CVE-2023-70xx/CVE-2023-7027.json
+++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7027.json
@@ -2,8 +2,8 @@
"id": "CVE-2023-7027",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-03T05:15:11.700",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:52:24.307",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 2.7
+ },
{
"source": "security@wordfence.com",
"type": "Secondary",
@@ -38,22 +58,64 @@
}
]
},
+ "weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:wpexperts:post_smtp:*:*:*:*:*:wordpress:*:*",
+ "versionEndExcluding": "2.8.8",
+ "matchCriteriaId": "8FC298A8-B6BF-4785-A80A-0AEDFE0FD58C"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/includes/rest-api/v1/rest-api.php#L79",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://plugins.trac.wordpress.org/browser/post-smtp/trunk/Postman/Mobile/mobile.php#L219",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Exploit"
+ ]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3016126%40post-smtp%2Ftrunk&old=3012318%40post-smtp%2Ftrunk&sfp_email=&sfph_mail=",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7e8911a3-ce0f-420c-bf2a-1c2929d01cef?source=cve",
- "source": "security@wordfence.com"
+ "source": "security@wordfence.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-00xx/CVE-2024-0056.json b/CVE-2024/CVE-2024-00xx/CVE-2024-0056.json
new file mode 100644
index 00000000000..6756626d8fc
--- /dev/null
+++ b/CVE-2024/CVE-2024-00xx/CVE-2024-0056.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-0056",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:46.783",
+ "lastModified": "2024-01-09T18:15:46.783",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 8.7,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 5.8
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-00xx/CVE-2024-0057.json b/CVE-2024/CVE-2024-00xx/CVE-2024-0057.json
new file mode 100644
index 00000000000..3b6576e301d
--- /dev/null
+++ b/CVE-2024/CVE-2024-00xx/CVE-2024-0057.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-0057",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:46.980",
+ "lastModified": "2024-01-09T18:15:46.980",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 9.1,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json
index e8c82cfa4a5..069f2fa150a 100644
--- a/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json
+++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0193.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-0193",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-02T18:15:08.287",
- "lastModified": "2024-01-03T17:15:12.000",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:09:55.563",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,11 +11,31 @@
},
{
"lang": "es",
- "value": "Se encontr\u00f3 un fallo de use after free en el subsistema netfilter del kernel de Linux. Si el elemento general se recolecta como basura cuando se retira el conjunto de pipapo, el elemento se puede desactivar dos veces. Esto puede causar un problema de uso despu\u00e9s de la liberaci\u00f3n en un objeto NFT_CHAIN o NFT_OBJECT, lo que permite a un usuario local sin privilegios escalar sus privilegios en el sistema."
+ "value": "Se encontr\u00f3 un fallo de use after free en el subsistema netfilter del kernel de Linux. Si el elemento general se recolecta como basura cuando se retira el conjunto de pipapo, el elemento se puede desactivar dos veces. Esto puede causar un problema de use-after-free en un objeto NFT_CHAIN o NFT_OBJECT, lo que permite a un usuario local sin privilegios escalar sus privilegios en el sistema."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 5.9
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -39,6 +59,16 @@
]
},
"weaknesses": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ },
{
"source": "secalert@redhat.com",
"type": "Secondary",
@@ -50,14 +80,55 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
+ "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
+ }
+ ]
+ }
+ ]
+ },
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
+ "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0193",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Mitigation",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255653",
- "source": "secalert@redhat.com"
+ "source": "secalert@redhat.com",
+ "tags": [
+ "Issue Tracking",
+ "Patch",
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0196.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0196.json
index 953aa12d520..ff696277a9f 100644
--- a/CVE-2024/CVE-2024-01xx/CVE-2024-0196.json
+++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0196.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-0196",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T22:15:09.453",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T18:39:21.513",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ },
{
"source": "cna@vuldb.com",
"type": "Secondary",
@@ -75,18 +95,47 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:ssssssss:magic-api:*:*:*:*:*:*:*:*",
+ "versionEndIncluding": "2.0.1",
+ "matchCriteriaId": "39671CDA-5508-4923-9CC2-07A8A5E231D6"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Exploit",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?ctiid.249511",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Permissions Required",
+ "Third Party Advisory"
+ ]
},
{
"url": "https://vuldb.com/?id.249511",
- "source": "cna@vuldb.com"
+ "source": "cna@vuldb.com",
+ "tags": [
+ "Third Party Advisory"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0226.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0226.json
new file mode 100644
index 00000000000..9c333fcbf08
--- /dev/null
+++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0226.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2024-0226",
+ "sourceIdentifier": "disclosure@synopsys.com",
+ "published": "2024-01-09T18:15:47.177",
+ "lastModified": "2024-01-09T18:15:47.177",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "disclosure@synopsys.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.7,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "disclosure@synopsys.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2024-0226-Affecting-Seeker",
+ "source": "disclosure@synopsys.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0228.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0228.json
new file mode 100644
index 00000000000..6627a499ec9
--- /dev/null
+++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0228.json
@@ -0,0 +1,15 @@
+{
+ "id": "CVE-2024-0228",
+ "sourceIdentifier": "cve-coordination@google.com",
+ "published": "2024-01-09T17:15:12.223",
+ "lastModified": "2024-01-09T17:15:12.223",
+ "vulnStatus": "Rejected",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2024-0193."
+ }
+ ],
+ "metrics": {},
+ "references": []
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0340.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0340.json
new file mode 100644
index 00000000000..139d560cf2c
--- /dev/null
+++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0340.json
@@ -0,0 +1,63 @@
+{
+ "id": "CVE-2024-0340",
+ "sourceIdentifier": "secalert@redhat.com",
+ "published": "2024-01-09T18:15:47.503",
+ "lastModified": "2024-01-09T18:15:47.503",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secalert@redhat.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "secalert@redhat.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2024-0340",
+ "source": "secalert@redhat.com"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257406",
+ "source": "secalert@redhat.com"
+ },
+ {
+ "url": "https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/",
+ "source": "secalert@redhat.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20652.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20652.json
new file mode 100644
index 00000000000..f5f70ffc363
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20652.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20652",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:47.733",
+ "lastModified": "2024-01-09T18:15:47.733",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows HTML Platforms Security Feature Bypass Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20652",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20653.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20653.json
new file mode 100644
index 00000000000..c0173dd3c0d
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20653.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20653",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:47.940",
+ "lastModified": "2024-01-09T18:15:47.940",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Common Log File System Elevation of Privilege Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20653",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20654.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20654.json
new file mode 100644
index 00000000000..3efea249476
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20654.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20654",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:48.130",
+ "lastModified": "2024-01-09T18:15:48.130",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft ODBC Driver Remote Code Execution Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.0,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20654",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20655.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20655.json
new file mode 100644
index 00000000000..8ecb6f0e96d
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20655.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20655",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:48.307",
+ "lastModified": "2024-01-09T18:15:48.307",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.6,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.7,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20655",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20656.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20656.json
new file mode 100644
index 00000000000..2c183594e57
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20656.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20656",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:48.490",
+ "lastModified": "2024-01-09T18:15:48.490",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Visual Studio Elevation of Privilege Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20657.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20657.json
new file mode 100644
index 00000000000..1c928477a73
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20657.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20657",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:48.670",
+ "lastModified": "2024-01-09T18:15:48.670",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Group Policy Elevation of Privilege Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.0,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.0,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20657",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20658.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20658.json
new file mode 100644
index 00000000000..f92b3c855bf
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20658.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20658",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:48.913",
+ "lastModified": "2024-01-09T18:15:48.913",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20658",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20660.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20660.json
new file mode 100644
index 00000000000..8992037ef78
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20660.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20660",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:49.090",
+ "lastModified": "2024-01-09T18:15:49.090",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Message Queuing Information Disclosure Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20660",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20661.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20661.json
new file mode 100644
index 00000000000..38a71439562
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20661.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20661",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:49.270",
+ "lastModified": "2024-01-09T18:15:49.270",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Message Queuing Denial of Service Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20661",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20662.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20662.json
new file mode 100644
index 00000000000..5877afc819e
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20662.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20662",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:49.447",
+ "lastModified": "2024-01-09T18:15:49.447",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20662",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20663.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20663.json
new file mode 100644
index 00000000000..75bdf00cb19
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20663.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20663",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:49.640",
+ "lastModified": "2024-01-09T18:15:49.640",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Message Queuing Client (MSMQC) Information Disclosure"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20663",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20664.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20664.json
new file mode 100644
index 00000000000..c19685cb035
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20664.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20664",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:49.863",
+ "lastModified": "2024-01-09T18:15:49.863",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Message Queuing Information Disclosure Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20664",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20666.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20666.json
new file mode 100644
index 00000000000..81ec2593614
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20666.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20666",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:50.057",
+ "lastModified": "2024-01-09T18:15:50.057",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "BitLocker Security Feature Bypass Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "PHYSICAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.6,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.7,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20672.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20672.json
new file mode 100644
index 00000000000..0444a8985b4
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20672.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20672",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:50.243",
+ "lastModified": "2024-01-09T18:15:50.243",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": ".NET Core and Visual Studio Denial of Service Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20672",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20674.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20674.json
new file mode 100644
index 00000000000..079495463a3
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20674.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20674",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:50.473",
+ "lastModified": "2024-01-09T18:15:50.473",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Kerberos Security Feature Bypass Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.0,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 2.3,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20674",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20676.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20676.json
new file mode 100644
index 00000000000..4010e66a5bf
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20676.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20676",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:50.680",
+ "lastModified": "2024-01-09T18:15:50.680",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Azure Storage Mover Remote Code Execution Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.0,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 6.0
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20676",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20677.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20677.json
new file mode 100644
index 00000000000..6035243b5af
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20677.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20677",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:50.887",
+ "lastModified": "2024-01-09T18:15:50.887",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.
\n3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.
\nThis change is effective as of the January 9, 2024 security update.
\n"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20677",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20680.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20680.json
new file mode 100644
index 00000000000..1e44f58fc00
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20680.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20680",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:51.067",
+ "lastModified": "2024-01-09T18:15:51.067",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Message Queuing Client (MSMQC) Information Disclosure"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20680",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20681.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20681.json
new file mode 100644
index 00000000000..c89080d006e
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20681.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20681",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:51.257",
+ "lastModified": "2024-01-09T18:15:51.257",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Subsystem for Linux Elevation of Privilege Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20681",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20682.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20682.json
new file mode 100644
index 00000000000..f7443d7cd03
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20682.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20682",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:51.433",
+ "lastModified": "2024-01-09T18:15:51.433",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Cryptographic Services Remote Code Execution Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20682",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20683.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20683.json
new file mode 100644
index 00000000000..282e577c39a
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20683.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20683",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:51.643",
+ "lastModified": "2024-01-09T18:15:51.643",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Win32k Elevation of Privilege Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20683",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20686.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20686.json
new file mode 100644
index 00000000000..057f4dacebe
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20686.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20686",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:51.827",
+ "lastModified": "2024-01-09T18:15:51.827",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Win32k Elevation of Privilege Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20686",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20687.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20687.json
new file mode 100644
index 00000000000..7c3cb4adbb2
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20687.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20687",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:52.010",
+ "lastModified": "2024-01-09T18:15:52.010",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft AllJoyn API Denial of Service Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20687",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20690.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20690.json
new file mode 100644
index 00000000000..a8598cdaaf3
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20690.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20690",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:52.197",
+ "lastModified": "2024-01-09T18:15:52.197",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Nearby Sharing Spoofing Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20690",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20691.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20691.json
new file mode 100644
index 00000000000..7eb1678fcde
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20691.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20691",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:52.387",
+ "lastModified": "2024-01-09T18:15:52.387",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Themes Information Disclosure Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.0,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20691",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20692.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20692.json
new file mode 100644
index 00000000000..88c4f6c5ed6
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20692.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20692",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:52.567",
+ "lastModified": "2024-01-09T18:15:52.567",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20692",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20694.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20694.json
new file mode 100644
index 00000000000..36521f96dfa
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20694.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20694",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:52.757",
+ "lastModified": "2024-01-09T18:15:52.757",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows CoreMessaging Information Disclosure Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20694",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20696.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20696.json
new file mode 100644
index 00000000000..50342a0c92c
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20696.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20696",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:52.927",
+ "lastModified": "2024-01-09T18:15:52.927",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Libarchive Remote Code Execution Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20697.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20697.json
new file mode 100644
index 00000000000..0a7e3b704dd
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20697.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20697",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:53.130",
+ "lastModified": "2024-01-09T18:15:53.130",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Libarchive Remote Code Execution Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.3,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20698.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20698.json
new file mode 100644
index 00000000000..db48d632fd7
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20698.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20698",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:53.300",
+ "lastModified": "2024-01-09T18:15:53.300",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Kernel Elevation of Privilege Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20698",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20699.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20699.json
new file mode 100644
index 00000000000..98d5c23aa38
--- /dev/null
+++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20699.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20699",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:53.490",
+ "lastModified": "2024-01-09T18:15:53.490",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Hyper-V Denial of Service Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20699",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-207xx/CVE-2024-20700.json b/CVE-2024/CVE-2024-207xx/CVE-2024-20700.json
new file mode 100644
index 00000000000..ada7db65f73
--- /dev/null
+++ b/CVE-2024/CVE-2024-207xx/CVE-2024-20700.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-20700",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:53.673",
+ "lastModified": "2024-01-09T18:15:53.673",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Hyper-V Remote Code Execution Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20700",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21305.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21305.json
new file mode 100644
index 00000000000..10455f7e936
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21305.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21305",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:53.940",
+ "lastModified": "2024-01-09T18:15:53.940",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21305",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21306.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21306.json
new file mode 100644
index 00000000000..716b6e14d5a
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21306.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21306",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:54.120",
+ "lastModified": "2024-01-09T18:15:54.120",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Bluetooth Driver Spoofing Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.1,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21306",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21307.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21307.json
new file mode 100644
index 00000000000..5addb5a5e51
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21307.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21307",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:54.310",
+ "lastModified": "2024-01-09T18:15:54.310",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Remote Desktop Client Remote Code Execution Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21307",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21309.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21309.json
new file mode 100644
index 00000000000..8231efe1af2
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21309.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21309",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:54.500",
+ "lastModified": "2024-01-09T18:15:54.500",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21309",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21310.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21310.json
new file mode 100644
index 00000000000..fcfa3081227
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21310.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21310",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:54.697",
+ "lastModified": "2024-01-09T18:15:54.697",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21310",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21311.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21311.json
new file mode 100644
index 00000000000..99405ba5476
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21311.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21311",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:54.877",
+ "lastModified": "2024-01-09T18:15:54.877",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Cryptographic Services Information Disclosure Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21311",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21312.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21312.json
new file mode 100644
index 00000000000..45e074aae11
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21312.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21312",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:55.080",
+ "lastModified": "2024-01-09T18:15:55.080",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": ".NET Framework Denial of Service Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21313.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21313.json
new file mode 100644
index 00000000000..b10d9dc89fa
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21313.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21313",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:55.303",
+ "lastModified": "2024-01-09T18:15:55.303",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows TCP/IP Information Disclosure Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.6,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21313",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21314.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21314.json
new file mode 100644
index 00000000000..81ee7f62417
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21314.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21314",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:55.520",
+ "lastModified": "2024-01-09T18:15:55.520",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Message Queuing Information Disclosure Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21314",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21316.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21316.json
new file mode 100644
index 00000000000..ee829a601ab
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21316.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21316",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:55.710",
+ "lastModified": "2024-01-09T18:15:55.710",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Server Key Distribution Service Security Feature Bypass"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "HIGH",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.1,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 0.9,
+ "impactScore": 5.2
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21316",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21318.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21318.json
new file mode 100644
index 00000000000..1cace7ed664
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21318.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21318",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:55.883",
+ "lastModified": "2024-01-09T18:15:55.883",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft SharePoint Server Remote Code Execution Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21318",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21320.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21320.json
new file mode 100644
index 00000000000..4533c717884
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21320.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21320",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:56.077",
+ "lastModified": "2024-01-09T18:15:56.077",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Windows Themes Spoofing Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21320",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21325.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21325.json
new file mode 100644
index 00000000000..89d71b8bb02
--- /dev/null
+++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21325.json
@@ -0,0 +1,43 @@
+{
+ "id": "CVE-2024-21325",
+ "sourceIdentifier": "secure@microsoft.com",
+ "published": "2024-01-09T18:15:56.270",
+ "lastModified": "2024-01-09T18:15:56.270",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability"
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "secure@microsoft.com",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "references": [
+ {
+ "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21325",
+ "source": "secure@microsoft.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21632.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21632.json
index 6e239c7806e..f8eeff61d10 100644
--- a/CVE-2024/CVE-2024-216xx/CVE-2024-21632.json
+++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21632.json
@@ -2,8 +2,8 @@
"id": "CVE-2024-21632",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-02T22:15:10.103",
- "lastModified": "2024-01-03T13:48:00.677",
- "vulnStatus": "Awaiting Analysis",
+ "lastModified": "2024-01-09T17:45:20.110",
+ "vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@@ -11,11 +11,31 @@
},
{
"lang": "es",
- "value": "omniauth-microsoft_graph proporciona una estrategia Omniauth para la API de Microsoft Graph. Antes de las versiones 2.0.0, la implementaci\u00f3n no validaba la legitimidad del atributo \"email\" del usuario ni daba/documentaba una opci\u00f3n para hacerlo, lo que la hac\u00eda susceptible a una mala configuraci\u00f3n de nOAuth en los casos en que se utiliza el \"email\". como identificador de usuario confiable. Esto podr\u00eda llevar a la apropiaci\u00f3n de cuentas. La versi\u00f3n 2.0.0 contiene una soluci\u00f3n para este problema."
+ "value": "omniauth-microsoft_graph proporciona una estrategia Omniauth para la API de Microsoft Graph. Antes de las versiones 2.0.0, la implementaci\u00f3n no validaba la legitimidad del atributo \"email\" del usuario ni daba/documentaba una opci\u00f3n para hacerlo, lo que la hac\u00eda susceptible a una mala configuraci\u00f3n de nOAuth en los casos en que se utiliza el \"email\" como identificador de usuario confiable. Esto podr\u00eda llevar a la apropiaci\u00f3n de cuentas. La versi\u00f3n 2.0.0 contiene una soluci\u00f3n para este problema."
}
],
"metrics": {
"cvssMetricV31": [
+ {
+ "source": "nvd@nist.gov",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL"
+ },
+ "exploitabilityScore": 3.9,
+ "impactScore": 5.9
+ },
{
"source": "security-advisories@github.com",
"type": "Secondary",
@@ -50,18 +70,45 @@
]
}
],
+ "configurations": [
+ {
+ "nodes": [
+ {
+ "operator": "OR",
+ "negate": false,
+ "cpeMatch": [
+ {
+ "vulnerable": true,
+ "criteria": "cpe:2.3:a:recognizeapp:omniauth\\:\\:microsoftgraph:*:*:*:*:*:ruby:*:*",
+ "versionEndExcluding": "2.0.0",
+ "matchCriteriaId": "ACA42BC1-586F-4FE0-9A26-F9AEB541BB8F"
+ }
+ ]
+ }
+ ]
+ }
+ ],
"references": [
{
"url": "https://github.com/synth/omniauth-microsoft_graph/commit/f132078389612b797c872b45bd0e0b47382414c1",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Patch"
+ ]
},
{
"url": "https://github.com/synth/omniauth-microsoft_graph/security/advisories/GHSA-5g66-628f-7cvj",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Vendor Advisory"
+ ]
},
{
"url": "https://www.descope.com/blog/post/noauth",
- "source": "security-advisories@github.com"
+ "source": "security-advisories@github.com",
+ "tags": [
+ "Exploit"
+ ]
}
]
}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22164.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22164.json
new file mode 100644
index 00000000000..6a765fdd23d
--- /dev/null
+++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22164.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2024-22164",
+ "sourceIdentifier": "prodsec@splunk.com",
+ "published": "2024-01-09T17:15:12.323",
+ "lastModified": "2024-01-09T17:15:12.323",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "prodsec@splunk.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "LOW",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 1.4
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "prodsec@splunk.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-400"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://advisory.splunk.com/advisories/SVD-2024-0101",
+ "source": "prodsec@splunk.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22165.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22165.json
new file mode 100644
index 00000000000..a999e131fd6
--- /dev/null
+++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22165.json
@@ -0,0 +1,55 @@
+{
+ "id": "CVE-2024-22165",
+ "sourceIdentifier": "prodsec@splunk.com",
+ "published": "2024-01-09T17:15:12.523",
+ "lastModified": "2024-01-09T17:15:12.523",
+ "vulnStatus": "Received",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.
The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "prodsec@splunk.com",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 2.8,
+ "impactScore": 3.6
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "prodsec@splunk.com",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-20"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://advisory.splunk.com/advisories/SVD-2024-0102",
+ "source": "prodsec@splunk.com"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index bfa2c2c8921..bf376d15f0e 100644
--- a/README.md
+++ b/README.md
@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
-2024-01-09T17:00:24.872944+00:00
+2024-01-09T19:00:25.353020+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
-2024-01-09T16:59:09.227000+00:00
+2024-01-09T18:55:41.547000+00:00
```
### Last Data Feed Release
@@ -29,49 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
-235271
+235325
```
### CVEs added in the last Commit
-Recently added CVEs: `5`
-
-* [CVE-2022-36763](CVE-2022/CVE-2022-367xx/CVE-2022-36763.json) (`2024-01-09T16:15:43.053`)
-* [CVE-2022-36764](CVE-2022/CVE-2022-367xx/CVE-2022-36764.json) (`2024-01-09T16:15:43.327`)
-* [CVE-2022-36765](CVE-2022/CVE-2022-367xx/CVE-2022-36765.json) (`2024-01-09T16:15:43.500`)
-* [CVE-2023-7222](CVE-2023/CVE-2023-72xx/CVE-2023-7222.json) (`2024-01-09T16:15:43.693`)
-* [CVE-2023-7223](CVE-2023/CVE-2023-72xx/CVE-2023-7223.json) (`2024-01-09T16:15:43.990`)
+Recently added CVEs: `54`
+
+* [CVE-2024-20683](CVE-2024/CVE-2024-206xx/CVE-2024-20683.json) (`2024-01-09T18:15:51.643`)
+* [CVE-2024-20686](CVE-2024/CVE-2024-206xx/CVE-2024-20686.json) (`2024-01-09T18:15:51.827`)
+* [CVE-2024-20687](CVE-2024/CVE-2024-206xx/CVE-2024-20687.json) (`2024-01-09T18:15:52.010`)
+* [CVE-2024-20690](CVE-2024/CVE-2024-206xx/CVE-2024-20690.json) (`2024-01-09T18:15:52.197`)
+* [CVE-2024-20691](CVE-2024/CVE-2024-206xx/CVE-2024-20691.json) (`2024-01-09T18:15:52.387`)
+* [CVE-2024-20692](CVE-2024/CVE-2024-206xx/CVE-2024-20692.json) (`2024-01-09T18:15:52.567`)
+* [CVE-2024-20694](CVE-2024/CVE-2024-206xx/CVE-2024-20694.json) (`2024-01-09T18:15:52.757`)
+* [CVE-2024-20696](CVE-2024/CVE-2024-206xx/CVE-2024-20696.json) (`2024-01-09T18:15:52.927`)
+* [CVE-2024-20697](CVE-2024/CVE-2024-206xx/CVE-2024-20697.json) (`2024-01-09T18:15:53.130`)
+* [CVE-2024-20698](CVE-2024/CVE-2024-206xx/CVE-2024-20698.json) (`2024-01-09T18:15:53.300`)
+* [CVE-2024-20699](CVE-2024/CVE-2024-206xx/CVE-2024-20699.json) (`2024-01-09T18:15:53.490`)
+* [CVE-2024-20700](CVE-2024/CVE-2024-207xx/CVE-2024-20700.json) (`2024-01-09T18:15:53.673`)
+* [CVE-2024-21305](CVE-2024/CVE-2024-213xx/CVE-2024-21305.json) (`2024-01-09T18:15:53.940`)
+* [CVE-2024-21306](CVE-2024/CVE-2024-213xx/CVE-2024-21306.json) (`2024-01-09T18:15:54.120`)
+* [CVE-2024-21307](CVE-2024/CVE-2024-213xx/CVE-2024-21307.json) (`2024-01-09T18:15:54.310`)
+* [CVE-2024-21309](CVE-2024/CVE-2024-213xx/CVE-2024-21309.json) (`2024-01-09T18:15:54.500`)
+* [CVE-2024-21310](CVE-2024/CVE-2024-213xx/CVE-2024-21310.json) (`2024-01-09T18:15:54.697`)
+* [CVE-2024-21311](CVE-2024/CVE-2024-213xx/CVE-2024-21311.json) (`2024-01-09T18:15:54.877`)
+* [CVE-2024-21312](CVE-2024/CVE-2024-213xx/CVE-2024-21312.json) (`2024-01-09T18:15:55.080`)
+* [CVE-2024-21313](CVE-2024/CVE-2024-213xx/CVE-2024-21313.json) (`2024-01-09T18:15:55.303`)
+* [CVE-2024-21314](CVE-2024/CVE-2024-213xx/CVE-2024-21314.json) (`2024-01-09T18:15:55.520`)
+* [CVE-2024-21316](CVE-2024/CVE-2024-213xx/CVE-2024-21316.json) (`2024-01-09T18:15:55.710`)
+* [CVE-2024-21318](CVE-2024/CVE-2024-213xx/CVE-2024-21318.json) (`2024-01-09T18:15:55.883`)
+* [CVE-2024-21320](CVE-2024/CVE-2024-213xx/CVE-2024-21320.json) (`2024-01-09T18:15:56.077`)
+* [CVE-2024-21325](CVE-2024/CVE-2024-213xx/CVE-2024-21325.json) (`2024-01-09T18:15:56.270`)
### CVEs modified in the last Commit
-Recently modified CVEs: `26`
-
-* [CVE-2022-3010](CVE-2022/CVE-2022-30xx/CVE-2022-3010.json) (`2024-01-09T16:37:32.967`)
-* [CVE-2023-51538](CVE-2023/CVE-2023-515xx/CVE-2023-51538.json) (`2024-01-09T15:02:46.597`)
-* [CVE-2023-42753](CVE-2023/CVE-2023-427xx/CVE-2023-42753.json) (`2024-01-09T15:15:08.080`)
-* [CVE-2023-33032](CVE-2023/CVE-2023-330xx/CVE-2023-33032.json) (`2024-01-09T15:18:49.570`)
-* [CVE-2023-51535](CVE-2023/CVE-2023-515xx/CVE-2023-51535.json) (`2024-01-09T15:21:54.790`)
-* [CVE-2023-51075](CVE-2023/CVE-2023-510xx/CVE-2023-51075.json) (`2024-01-09T15:23:26.870`)
-* [CVE-2023-51074](CVE-2023/CVE-2023-510xx/CVE-2023-51074.json) (`2024-01-09T15:27:57.320`)
-* [CVE-2023-33033](CVE-2023/CVE-2023-330xx/CVE-2023-33033.json) (`2024-01-09T15:28:54.313`)
-* [CVE-2023-50991](CVE-2023/CVE-2023-509xx/CVE-2023-50991.json) (`2024-01-09T15:30:48.570`)
-* [CVE-2023-52149](CVE-2023/CVE-2023-521xx/CVE-2023-52149.json) (`2024-01-09T15:32:14.667`)
-* [CVE-2023-48419](CVE-2023/CVE-2023-484xx/CVE-2023-48419.json) (`2024-01-09T15:36:14.850`)
-* [CVE-2023-4164](CVE-2023/CVE-2023-41xx/CVE-2023-4164.json) (`2024-01-09T15:44:17.000`)
-* [CVE-2023-51708](CVE-2023/CVE-2023-517xx/CVE-2023-51708.json) (`2024-01-09T15:52:37.997`)
-* [CVE-2023-6339](CVE-2023/CVE-2023-63xx/CVE-2023-6339.json) (`2024-01-09T16:12:23.077`)
-* [CVE-2023-49549](CVE-2023/CVE-2023-495xx/CVE-2023-49549.json) (`2024-01-09T16:18:48.520`)
-* [CVE-2023-49552](CVE-2023/CVE-2023-495xx/CVE-2023-49552.json) (`2024-01-09T16:25:24.977`)
-* [CVE-2023-48308](CVE-2023/CVE-2023-483xx/CVE-2023-48308.json) (`2024-01-09T16:30:18.067`)
-* [CVE-2023-49553](CVE-2023/CVE-2023-495xx/CVE-2023-49553.json) (`2024-01-09T16:40:43.273`)
-* [CVE-2023-49558](CVE-2023/CVE-2023-495xx/CVE-2023-49558.json) (`2024-01-09T16:49:04.153`)
-* [CVE-2023-4280](CVE-2023/CVE-2023-42xx/CVE-2023-4280.json) (`2024-01-09T16:51:14.477`)
-* [CVE-2023-49557](CVE-2023/CVE-2023-495xx/CVE-2023-49557.json) (`2024-01-09T16:52:22.033`)
-* [CVE-2023-49556](CVE-2023/CVE-2023-495xx/CVE-2023-49556.json) (`2024-01-09T16:59:09.227`)
-* [CVE-2024-0188](CVE-2024/CVE-2024-01xx/CVE-2024-0188.json) (`2024-01-09T15:03:22.750`)
-* [CVE-2024-21636](CVE-2024/CVE-2024-216xx/CVE-2024-21636.json) (`2024-01-09T16:15:44.230`)
-* [CVE-2024-21629](CVE-2024/CVE-2024-216xx/CVE-2024-21629.json) (`2024-01-09T16:37:01.450`)
+Recently modified CVEs: `32`
+
+* [CVE-2023-4467](CVE-2023/CVE-2023-44xx/CVE-2023-4467.json) (`2024-01-09T17:15:11.887`)
+* [CVE-2023-4468](CVE-2023/CVE-2023-44xx/CVE-2023-4468.json) (`2024-01-09T17:15:12.000`)
+* [CVE-2023-49554](CVE-2023/CVE-2023-495xx/CVE-2023-49554.json) (`2024-01-09T17:18:19.577`)
+* [CVE-2023-48418](CVE-2023/CVE-2023-484xx/CVE-2023-48418.json) (`2024-01-09T17:30:39.360`)
+* [CVE-2023-46308](CVE-2023/CVE-2023-463xx/CVE-2023-46308.json) (`2024-01-09T17:47:09.937`)
+* [CVE-2023-50344](CVE-2023/CVE-2023-503xx/CVE-2023-50344.json) (`2024-01-09T17:51:58.343`)
+* [CVE-2023-50343](CVE-2023/CVE-2023-503xx/CVE-2023-50343.json) (`2024-01-09T17:58:38.060`)
+* [CVE-2023-50342](CVE-2023/CVE-2023-503xx/CVE-2023-50342.json) (`2024-01-09T18:06:28.293`)
+* [CVE-2023-50341](CVE-2023/CVE-2023-503xx/CVE-2023-50341.json) (`2024-01-09T18:07:10.660`)
+* [CVE-2023-29048](CVE-2023/CVE-2023-290xx/CVE-2023-29048.json) (`2024-01-09T18:15:45.330`)
+* [CVE-2023-29049](CVE-2023/CVE-2023-290xx/CVE-2023-29049.json) (`2024-01-09T18:15:45.420`)
+* [CVE-2023-29050](CVE-2023/CVE-2023-290xx/CVE-2023-29050.json) (`2024-01-09T18:15:45.493`)
+* [CVE-2023-29051](CVE-2023/CVE-2023-290xx/CVE-2023-29051.json) (`2024-01-09T18:15:45.567`)
+* [CVE-2023-29052](CVE-2023/CVE-2023-290xx/CVE-2023-29052.json) (`2024-01-09T18:15:45.650`)
+* [CVE-2023-41710](CVE-2023/CVE-2023-417xx/CVE-2023-41710.json) (`2024-01-09T18:15:46.650`)
+* [CVE-2023-26159](CVE-2023/CVE-2023-261xx/CVE-2023-26159.json) (`2024-01-09T18:20:54.677`)
+* [CVE-2023-50096](CVE-2023/CVE-2023-500xx/CVE-2023-50096.json) (`2024-01-09T18:29:41.817`)
+* [CVE-2023-45724](CVE-2023/CVE-2023-457xx/CVE-2023-45724.json) (`2024-01-09T18:34:41.837`)
+* [CVE-2023-6621](CVE-2023/CVE-2023-66xx/CVE-2023-6621.json) (`2024-01-09T18:47:39.187`)
+* [CVE-2023-7027](CVE-2023/CVE-2023-70xx/CVE-2023-7027.json) (`2024-01-09T18:52:24.307`)
+* [CVE-2023-45723](CVE-2023/CVE-2023-457xx/CVE-2023-45723.json) (`2024-01-09T18:52:37.707`)
+* [CVE-2023-6981](CVE-2023/CVE-2023-69xx/CVE-2023-6981.json) (`2024-01-09T18:55:41.547`)
+* [CVE-2024-21632](CVE-2024/CVE-2024-216xx/CVE-2024-21632.json) (`2024-01-09T17:45:20.110`)
+* [CVE-2024-0193](CVE-2024/CVE-2024-01xx/CVE-2024-0193.json) (`2024-01-09T18:09:55.563`)
+* [CVE-2024-0196](CVE-2024/CVE-2024-01xx/CVE-2024-0196.json) (`2024-01-09T18:39:21.513`)
## Download and Usage