diff --git a/CVE-2019/CVE-2019-148xx/CVE-2019-14865.json b/CVE-2019/CVE-2019-148xx/CVE-2019-14865.json index b82c248716b..094f2680db3 100644 --- a/CVE-2019/CVE-2019-148xx/CVE-2019-14865.json +++ b/CVE-2019/CVE-2019-148xx/CVE-2019-14865.json @@ -2,7 +2,7 @@ "id": "CVE-2019-14865", "sourceIdentifier": "secalert@redhat.com", "published": "2019-11-29T10:15:12.830", - "lastModified": "2023-02-12T23:36:07.163", + "lastModified": "2024-02-06T18:15:58.207", "vulnStatus": "Modified", "descriptions": [ { @@ -142,6 +142,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/02/06/3", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/errata/RHSA-2020:0335", "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35188.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35188.json index 5faea41c9ee..619d84740b5 100644 --- a/CVE-2023/CVE-2023-351xx/CVE-2023-35188.json +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35188.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35188", "sourceIdentifier": "psirt@solarwinds.com", "published": "2024-02-06T16:15:51.140", - "lastModified": "2024-02-06T16:15:51.140", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-364xx/CVE-2023-36498.json b/CVE-2023/CVE-2023-364xx/CVE-2023-36498.json new file mode 100644 index 00000000000..2504f17b93e --- /dev/null +++ b/CVE-2023/CVE-2023-364xx/CVE-2023-36498.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-36498", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2024-02-06T17:15:08.527", + "lastModified": "2024-02-06T18:15:58.383", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A post-authentication command injection vulnerability exists in the PPTP client functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability and gain access to an unrestricted shell." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1853", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40545.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40545.json new file mode 100644 index 00000000000..0618f55b6ff --- /dev/null +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40545.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-40545", + "sourceIdentifier": "responsible-disclosure@pingidentity.com", + "published": "2024-02-06T18:15:58.470", + "lastModified": "2024-02-06T18:15:58.470", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Authentication\u00a0bypass when an OAuth2 Client is using client_secret_jwt as its authentication method on affected 11.3 versions via specially crafted requests.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "responsible-disclosure@pingidentity.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://docs.pingidentity.com/r/en-us/pingfederate-113/hro1701116403236", + "source": "responsible-disclosure@pingidentity.com" + }, + { + "url": "https://support.pingidentity.com/s/article/SECADV040-PingFederate-OAuth-Client-Authentication-Bypass", + "source": "responsible-disclosure@pingidentity.com" + }, + { + "url": "https://www.pingidentity.com/en/resources/downloads/pingfederate/previous-releases.html", + "source": "responsible-disclosure@pingidentity.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40548.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40548.json index 1fbf2842ae2..2ea7e29c26d 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40548.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40548.json @@ -2,16 +2,40 @@ "id": "CVE-2023-40548", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-29T15:15:08.893", - "lastModified": "2024-01-29T16:19:17.097", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:37:23.327", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes memory corruption and can lead to a crash or data integrity issues during the boot phase." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 un desbordamiento de b\u00fafer en Shim en el sistema de 32 bits. El desbordamiento ocurre debido a una operaci\u00f3n de suma que involucra un valor controlado por el usuario analizado del binario PE que utiliza Shim. Este valor se utiliza adem\u00e1s para operaciones de asignaci\u00f3n de memoria, lo que provoca un desbordamiento de b\u00fafer en la regi\u00f3n Heap de la memoria. Esta falla causa da\u00f1os en la memoria y puede provocar fallas o problemas de integridad de los datos durante la fase de inicio." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -35,6 +59,20 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + }, + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -46,14 +84,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:shim:*:*:*:*:*:*:*:*", + "versionEndIncluding": "15.8", + "matchCriteriaId": "A4D01344-F2B6-4206-9E1D-AAAAB1977EA0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:redhat:shim:15.8:rc1:*:*:*:*:*:*", + "matchCriteriaId": "BF11AEF9-B742-46DC-94D2-6160B93767BD" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-40548", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241782", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-426xx/CVE-2023-42664.json b/CVE-2023/CVE-2023-426xx/CVE-2023-42664.json new file mode 100644 index 00000000000..e472189052b --- /dev/null +++ b/CVE-2023/CVE-2023-426xx/CVE-2023-42664.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-42664", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2024-02-06T17:15:08.770", + "lastModified": "2024-02-06T18:15:58.670", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1856", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-434xx/CVE-2023-43482.json b/CVE-2023/CVE-2023-434xx/CVE-2023-43482.json new file mode 100644 index 00000000000..bd9937b60d2 --- /dev/null +++ b/CVE-2023/CVE-2023-434xx/CVE-2023-43482.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-43482", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2024-02-06T17:15:08.973", + "lastModified": "2024-02-06T18:15:58.757", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A command execution vulnerability exists in the guest resource functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1850", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46183.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46183.json index 3b69729b47c..f588868303c 100644 --- a/CVE-2023/CVE-2023-461xx/CVE-2023-46183.json +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46183.json @@ -2,8 +2,8 @@ "id": "CVE-2023-46183", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-06T16:15:51.370", - "lastModified": "2024-02-06T16:15:51.370", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-466xx/CVE-2023-46683.json b/CVE-2023/CVE-2023-466xx/CVE-2023-46683.json new file mode 100644 index 00000000000..dcbe421bd56 --- /dev/null +++ b/CVE-2023/CVE-2023-466xx/CVE-2023-46683.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-46683", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2024-02-06T17:15:09.180", + "lastModified": "2024-02-06T18:15:58.840", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A post authentication command injection vulnerability exists when configuring the wireguard VPN functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection . An attacker can make an authenticated HTTP request to trigger this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1857", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47167.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47167.json new file mode 100644 index 00000000000..ef5d0d2a9aa --- /dev/null +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47167.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47167", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2024-02-06T17:15:09.380", + "lastModified": "2024-02-06T18:15:58.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A post authentication command injection vulnerability exists in the GRE policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1855", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-472xx/CVE-2023-47209.json b/CVE-2023/CVE-2023-472xx/CVE-2023-47209.json new file mode 100644 index 00000000000..f3ebbde70dd --- /dev/null +++ b/CVE-2023/CVE-2023-472xx/CVE-2023-47209.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47209", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2024-02-06T17:15:09.593", + "lastModified": "2024-02-06T18:15:59.000", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A post authentication command injection vulnerability exists in the ipsec policy functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1854", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47617.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47617.json new file mode 100644 index 00000000000..5e3306d19b2 --- /dev/null +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47617.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47617", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2024-02-06T17:15:09.797", + "lastModified": "2024-02-06T18:15:59.080", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A post authentication command injection vulnerability exists when configuring the web group member of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1858", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-476xx/CVE-2023-47618.json b/CVE-2023/CVE-2023-476xx/CVE-2023-47618.json new file mode 100644 index 00000000000..2038c2f9dfa --- /dev/null +++ b/CVE-2023/CVE-2023-476xx/CVE-2023-47618.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-47618", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2024-02-06T17:15:10.013", + "lastModified": "2024-02-06T18:15:59.160", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "talos-cna@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1859", + "source": "talos-cna@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50165.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50165.json index 24b9706473b..e3637109d48 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50165.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50165.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50165", "sourceIdentifier": "security@pega.com", "published": "2024-01-31T18:15:46.320", - "lastModified": "2024-01-31T19:54:51.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T17:41:39.480", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents." + }, + { + "lang": "es", + "value": "Las versiones de Pega Platform 8.2.1 a Infinity 23.1.0 se ven afectadas por un problema de PDF generado que podr\u00eda exponer el contenido del archivo." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + }, { "source": "security@pega.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + }, { "source": "security@pega.com", "type": "Secondary", @@ -46,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.2.1", + "versionEndIncluding": "23.1.0", + "matchCriteriaId": "9AEA6DF6-D772-416F-AB6C-879B6596529C" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.pega.com/support-doc/pega-security-advisory-g23-vulnerability-remediation-note", - "source": "security@pega.com" + "source": "security@pega.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-501xx/CVE-2023-50166.json b/CVE-2023/CVE-2023-501xx/CVE-2023-50166.json index 1de6ef49602..95e9dc4fdfd 100644 --- a/CVE-2023/CVE-2023-501xx/CVE-2023-50166.json +++ b/CVE-2023/CVE-2023-501xx/CVE-2023-50166.json @@ -2,16 +2,40 @@ "id": "CVE-2023-50166", "sourceIdentifier": "security@pega.com", "published": "2024-01-31T18:15:46.513", - "lastModified": "2024-01-31T19:54:51.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T17:42:52.830", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter." + }, + { + "lang": "es", + "value": "Pega Platform de 8.5.4 a 8.8.3 se ve afectada por un problema XSS con un usuario no autenticado y el par\u00e1metro redirect." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security@pega.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security@pega.com", "type": "Secondary", @@ -46,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.5.4", + "versionEndIncluding": "8.8.3", + "matchCriteriaId": "444C349E-92AB-4143-9526-F8F6DEAED9D8" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.pega.com/support-doc/pega-security-advisory-h23-vulnerability-remediation-note", - "source": "security@pega.com" + "source": "security@pega.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50395.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50395.json index bd48374e65f..c2572c53b9a 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50395.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50395.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50395", "sourceIdentifier": "psirt@solarwinds.com", "published": "2024-02-06T16:15:51.573", - "lastModified": "2024-02-06T16:15:51.573", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51532.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51532.json index 368a7481dda..c671f36f833 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51532.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51532.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51532", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T11:15:08.710", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T17:24:30.553", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Icegram Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building allows Stored XSS.This issue affects Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: from n/a through 3.1.19.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Icegram Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building permiten XSS almacenado. Este problema afecta a Icegram Engage \u2013 WordPress Lead Generation, Popup Builder, CTA, Optins and Email List Building: desde n/a hasta el 3.1.19." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:icegram:icegram_engage:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1.19", + "matchCriteriaId": "CC14B70E-FCCC-4703-A879-D19B3FE137AF" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/icegram/wordpress-icegram-engage-plugin-3-1-19-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51534.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51534.json index 12b4f114d54..365c5128446 100644 --- a/CVE-2023/CVE-2023-515xx/CVE-2023-51534.json +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51534.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51534", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T11:15:09.527", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T17:04:08.383", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brave Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content allows Stored XSS.This issue affects Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: from n/a through 0.6.2.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Brave Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content permite XSS almacenado. Este problema afecta a Brave \u2013 Create Popup, Optins, Lead Generation, Survey, Sticky Elements & Interactive Content: desde n/a hasta 0.6.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:getbrave:brave:*:*:*:*:wordpress:*:*:*", + "versionEndIncluding": "0.6.2", + "matchCriteriaId": "ED70BA1A-A2BF-449A-85BB-22E7DD68202A" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/brave-popup-builder/wordpress-brave-popup-plugin-0-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json index 1ae4def101c..8db561b6ce5 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51839.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51839", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T20:15:15.047", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T17:02:34.433", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "DeviceFarmer stf v3.6.6 sufre de uso de un algoritmo criptogr\u00e1fico defectuoso o riesgoso." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:devicefarmer:smartphone_test_farm:3.6.6:*:*:*:*:*:*:*", + "matchCriteriaId": "7E2F07D0-CA08-40E2-B7FE-3353CD83B6D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DeviceFarmer/stf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://github.com/DeviceFarmer/stf/issues/736", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Issue Tracking", + "Vendor Advisory" + ] }, { "url": "https://github.com/tianjk99/Cryptographic-Misuses/blob/main/CVE-2023-51839.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-519xx/CVE-2023-51982.json b/CVE-2023/CVE-2023-519xx/CVE-2023-51982.json index 2dd0fe15029..db52f312d83 100644 --- a/CVE-2023/CVE-2023-519xx/CVE-2023-51982.json +++ b/CVE-2023/CVE-2023-519xx/CVE-2023-51982.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51982", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-30T01:15:59.013", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:30:13.563", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "CrateDB 5.5.1 contiene una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en el componente de la interfaz de usuario de administraci\u00f3n. Despu\u00e9s de configurar la autenticaci\u00f3n de contrase\u00f1a y_ Local_ En el caso de una direcci\u00f3n, la autenticaci\u00f3n de identidad se puede omitir configurando el encabezado de solicitud de IP de X-Real en un valor espec\u00edfico y accediendo a la interfaz de usuario del administrador directamente utilizando la identidad de usuario predeterminada. (https://github. es/crate/crate/issues/15231)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cratedb:cratedb:5.5.1:*:*:*:*:*:*:*", + "matchCriteriaId": "DCA795AD-7B75-41DA-B82D-3A032DBAE7BF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/crate/crate/issues/15231", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52193.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52193.json index abaa053fcb3..b4e1af17748 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52193.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52193.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52193", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T10:15:10.423", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T17:22:44.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Live Composer Team Page Builder: Live Composer allows Stored XSS.This issue affects Page Builder: Live Composer: from n/a through 1.5.23.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Live Composer Team Page Builder: Live Composer permite XSS almacenado. Este problema afecta a Page Builder: Live Composer: desde n/a hasta 1.5.23." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:livecomposerplugin:live-composer-page-builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.5.23", + "matchCriteriaId": "A6FA7337-71AF-4267-B042-F9206CDC49C7" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-23-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52194.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52194.json index c3dd5352207..1cff8ecf933 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52194.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52194.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52194", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T10:15:10.880", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T17:38:15.577", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takayuki Miyauchi oEmbed Gist allows Stored XSS.This issue affects oEmbed Gist: from n/a through 4.9.1.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Takayuki Miyauchi oEmbed Gist permite XSS almacenado. Este problema afecta a oEmbed Gist: desde n/a hasta 4.9.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:takayukimiyauchi:oembed_gist:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.9.1", + "matchCriteriaId": "44DCF5EE-3719-443F-9111-773782C050B4" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/oembed-gist/wordpress-oembed-gist-plugin-4-9-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52195.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52195.json index a22edd16718..61b95346543 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52195.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52195.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52195", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T10:15:11.207", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T17:29:48.320", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Posts to Page Kerry James allows Stored XSS.This issue affects Kerry James: from n/a through 1.7.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Posts to Page Kerry James permite XSS almacenado. Este problema afecta a Kerry James: desde n/a hasta 1.7." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kerryjames:posts_to_page:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7", + "matchCriteriaId": "7020F848-9DA0-4216-BC3C-287E8D450A9E" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/posts-to-page/wordpress-posts-to-page-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json index 244fb784f69..37cd4d98fcd 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6238.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6238", "sourceIdentifier": "secalert@redhat.com", "published": "2023-11-21T21:15:09.273", - "lastModified": "2024-02-06T12:15:55.410", - "vulnStatus": "Modified", + "lastModified": "2024-02-06T18:53:02.780", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,19 +21,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "baseScore": 6.7, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.8, + "exploitabilityScore": 0.8, "impactScore": 5.9 }, { diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6374.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6374.json index 36024f74c6a..5d10da093ea 100644 --- a/CVE-2023/CVE-2023-63xx/CVE-2023-6374.json +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6374.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6374", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2024-01-30T09:15:47.520", - "lastModified": "2024-01-31T09:15:44.263", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:50:48.063", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "type": "Secondary", @@ -50,18 +70,57 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishielectric:melsec_ws0-geth00200_firmware:-:*:*:*:*:*:*:*", + "matchCriteriaId": "31C1CF5D-1E46-4E97-85D2-C92C40D1EADF" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishielectric:melsec_ws0-geth00200:-:*:*:*:*:*:*:*", + "matchCriteriaId": "2309DB7C-07CA-4821-A7A2-F461652E62C8" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/vu/JVNVU99497477", - "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-030-03", - "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "tags": [ + "Third Party Advisory", + "US Government Resource" + ] }, { "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-019_en.pdf", - "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6672.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6672.json index 5d01dc7f48e..a73042675b5 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6672.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6672.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6672", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-02-02T13:15:08.890", - "lastModified": "2024-02-02T13:36:23.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T17:03:45.610", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nationalkeep:cybermath:1.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D54B8707-6EDE-4581-AEA4-79577E916FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-24-0080", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6673.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6673.json index 09d0e47fb56..3dc38dbb194 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6673.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6673.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6673", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-02-02T13:15:09.100", - "lastModified": "2024-02-02T13:36:23.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T17:03:31.730", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "iletisim@usom.gov.tr", "type": "Secondary", @@ -50,10 +70,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nationalkeep:cybermath:1.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D54B8707-6EDE-4581-AEA4-79577E916FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-24-0080", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6675.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6675.json index 6d4af401314..696e678bc68 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6675.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6675.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6675", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-02-02T13:15:09.300", - "lastModified": "2024-02-02T13:36:23.853", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T17:03:12.913", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -50,10 +50,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nationalkeep:cybermath:1.4:*:*:*:*:*:*:*", + "matchCriteriaId": "D54B8707-6EDE-4581-AEA4-79577E916FEA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-24-0080", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0911.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0911.json index b268d7f142f..c17199bd2d1 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0911.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0911.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0911", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-02-06T15:15:08.827", - "lastModified": "2024-02-06T15:15:08.827", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:53:00.620", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-10xx/CVE-2024-1048.json b/CVE-2024/CVE-2024-10xx/CVE-2024-1048.json new file mode 100644 index 00000000000..d2f8ec4db29 --- /dev/null +++ b/CVE-2024/CVE-2024-10xx/CVE-2024-1048.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1048", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-02-06T18:15:59.250", + "lastModified": "2024-02-06T18:15:59.250", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.2, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.5, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/02/06/3", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/security/cve/CVE-2024-1048", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256827", + "source": "secalert@redhat.com" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2024/02/06/3", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1111.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1111.json index 6a07393e410..3c812f7d21e 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1111.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1111.json @@ -2,16 +2,40 @@ "id": "CVE-2024-1111", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-31T19:15:08.187", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T18:11:45.033", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched remotely. VDB-252470 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en SourceCodester QR Code Login System 1.0 y clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo add-user.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento qr-code conduce a cross site scripting. El ataque puede lanzarse de forma remota. VDB-252470 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -60,6 +84,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -71,14 +105,37 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:remyandrade:qr_code_login_system:1.0:*:*:*:*:wordpress:*:*", + "matchCriteriaId": "8396C7C3-5EDE-46DF-99D3-937533F7C8F1" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.252470", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.252470", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1251.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1251.json index d8c35194bc3..0ca037f818c 100644 --- a/CVE-2024/CVE-2024-12xx/CVE-2024-1251.json +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1251.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1251", "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-06T16:15:51.793", - "lastModified": "2024-02-06T16:15:51.793", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1252.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1252.json new file mode 100644 index 00000000000..7db652a8bbe --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1252.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1252", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-06T17:15:10.280", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/b51s77/cve/blob/main/sql.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252991", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252991", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1253.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1253.json new file mode 100644 index 00000000000..b19b18aefb7 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1253.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1253", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-06T17:15:10.507", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/b51s77/cve/blob/main/upload.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252992", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252992", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21388.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21388.json index 1e99129c6f2..a9914637393 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21388.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21388.json @@ -2,12 +2,16 @@ "id": "CVE-2024-21388", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-30T18:15:48.140", - "lastModified": "2024-01-30T20:48:58.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:21:15.953", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft Edge (basado en Chromium)" } ], "metrics": { @@ -34,10 +38,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "121.0.2277.83", + "matchCriteriaId": "00804700-C068-4562-9F64-4D348E1B76F5" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21488.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21488.json index bf5c65b29f0..55886704a2c 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21488.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21488.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21488", "sourceIdentifier": "report@snyk.io", "published": "2024-01-30T05:15:09.277", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:56:43.787", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "report@snyk.io", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + }, { "source": "report@snyk.io", "type": "Secondary", @@ -50,26 +80,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:forkhq:network:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "0.7.0", + "matchCriteriaId": "D7E1F6C0-7EF1-4EE0-9BEE-BD4B94EA0B33" + } + ] + } + ] + } + ], "references": [ { "url": "https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Exploit", + "Mitigation", + "Third Party Advisory" + ] }, { "url": "https://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Patch" + ] }, { "url": "https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-218xx/CVE-2024-21840.json b/CVE-2024/CVE-2024-218xx/CVE-2024-21840.json index 83a35f7c985..3d5878970cd 100644 --- a/CVE-2024/CVE-2024-218xx/CVE-2024-21840.json +++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21840.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21840", "sourceIdentifier": "hirt@hitachi.co.jp", "published": "2024-01-30T03:15:07.867", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:32:20.340", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "hirt@hitachi.co.jp", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] + }, { "source": "hirt@hitachi.co.jp", "type": "Secondary", @@ -50,10 +80,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hitachi:storage_plug-in:*:*:*:*:*:vmware_vcenter:*:*", + "versionStartIncluding": "04.0.0", + "versionEndExcluding": "04.10.0", + "matchCriteriaId": "618B27D3-9BD5-4A12-8B73-F5DF27AD92B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html", - "source": "hirt@hitachi.co.jp" + "source": "hirt@hitachi.co.jp", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22306.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22306.json index 4be81d94170..5279faafa5b 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22306.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22306.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22306", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T17:15:35.560", - "lastModified": "2024-01-31T19:54:51.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:20:46.017", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.This issue affects Mang Board WP: from n/a through 1.7.7.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Hometory Mang Board WP permite XSS almacenado. Este problema afecta a Mang Board WP: desde n/a hasta 1.7.7." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mangboard:mang_board:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7.7", + "matchCriteriaId": "02F38FD7-C61F-4366-8227-06C4ADC650A1" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22331.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22331.json new file mode 100644 index 00000000000..8572073c041 --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22331.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-22331", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-02-06T17:15:10.740", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/279971", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7114131", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22569.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22569.json index ec6c8f1b0b8..3a35e6f036c 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22569.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22569.json @@ -2,8 +2,8 @@ "id": "CVE-2024-22569", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-31T02:15:54.467", - "lastModified": "2024-01-31T14:05:27.507", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:07:39.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,68 @@ "value": "Vulnerabilidad de cross site scripting (XSS) almacenado en POSCMS v4.6.2 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en /index.php?c=install&m=index&step=2&is_install_db=0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:poscms:poscms:4.6.2:*:*:*:*:*:*:*", + "matchCriteriaId": "A62614D0-0876-4DEA-BADB-2ADDA028B7FA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Num-Nine/CVE/issues/12", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23342.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23342.json index 0317555dadf..1f345480976 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23342.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23342.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23342", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-23T00:15:26.397", - "lastModified": "2024-01-23T13:44:14.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:36:47.733", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.2 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -58,22 +78,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tlsfuzzer:ecdsa:*:*:*:*:*:python:*:*", + "versionEndIncluding": "1.8.0", + "matchCriteriaId": "32CDB19B-B6CA-4F1D-B5DC-9140D7EB7B3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://minerva.crocs.fi.muni.cz/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Technical Description" + ] }, { "url": "https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Technical Description" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23344.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23344.json index 6bb2ea7fda6..bc1ea0cabd7 100644 --- a/CVE-2024/CVE-2024-233xx/CVE-2024-23344.json +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23344.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23344", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-06T16:15:52.120", - "lastModified": "2024-02-06T16:15:52.120", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23647.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23647.json index b5b4d2e6d49..9d4c88b4492 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23647.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23647.json @@ -2,16 +2,40 @@ "id": "CVE-2024-23647", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-30T17:15:10.913", - "lastModified": "2024-01-30T20:48:58.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:22:58.250", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the code_challenge parameter to the authorization request and adds the code_verifier parameter to the token request. Prior to 2023.8.7 and 2023.10.7, a downgrade scenario is possible: if the attacker removes the code_challenge parameter from the authorization request, authentik will not do the PKCE check. Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. Versions 2023.8.7 and 2023.10.7 fix the issue." + }, + { + "lang": "es", + "value": "Authentik es un proveedor de identidades de c\u00f3digo abierto. Hay un error en nuestra implementaci\u00f3n de PKCE que permite a un atacante eludir la protecci\u00f3n que ofrece PKCE. PKCE agrega el par\u00e1metro code_challenge a la solicitud de autorizaci\u00f3n y agrega el par\u00e1metro code_verifier a la solicitud de token. Antes de 2023.8.7 y 2023.10.7, es posible un escenario de degradaci\u00f3n: si el atacante elimina el par\u00e1metro code_challenge de la solicitud de autorizaci\u00f3n, authentik no realizar\u00e1 la verificaci\u00f3n PKCE. Debido a este error, un atacante puede eludir la protecci\u00f3n que ofrece PKCE, como los ataques CSRF y los ataques de inyecci\u00f3n de c\u00f3digo. Las versiones 2023.8.7 y 2023.10.7 solucionan el problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023.8.7", + "matchCriteriaId": "026E19BC-D2BB-4B89-916F-565B498F0C87" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:goauthentik:authentik:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2023.10.0", + "versionEndExcluding": "2023.10.7", + "matchCriteriaId": "6E579B4B-ACB8-4917-915B-D0FB5FC17F64" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31a", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/goauthentik/authentik/security/advisories/GHSA-mrx3-gxjx-hjqj", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23829.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23829.json index 5b482fbe31c..b0571a1f037 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23829.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23829.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23829", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-29T23:15:08.767", - "lastModified": "2024-02-05T02:15:47.367", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T18:38:53.870", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,22 +70,69 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aiohttp:aiohttp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.9.2", + "matchCriteriaId": "A69737C5-7602-4816-A6FD-4483CDBE3C39" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/aio-libs/aiohttp/pull/8074", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Mailing List" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24000.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24000.json index 6d208dde66a..f8c975080b5 100644 --- a/CVE-2024/CVE-2024-240xx/CVE-2024-24000.json +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24000.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24000", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-06T16:15:52.317", - "lastModified": "2024-02-06T16:15:52.317", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24013.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24013.json index 924f8699c09..76cce42c7bb 100644 --- a/CVE-2024/CVE-2024-240xx/CVE-2024-24013.json +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24013.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24013", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-06T16:15:52.363", - "lastModified": "2024-02-06T16:15:52.363", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json index aeaf4d1b675..7746f00029e 100644 --- a/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24015", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-06T16:15:52.410", - "lastModified": "2024-02-06T16:15:52.410", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24291.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24291.json index 00fbf3d9727..077ec77af38 100644 --- a/CVE-2024/CVE-2024-242xx/CVE-2024-24291.json +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24291.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24291", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-06T16:15:52.460", - "lastModified": "2024-02-06T16:15:52.460", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:52:56.963", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json index d9c92da97fd..1936ba64f29 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24590", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-02-06T15:15:09.100", - "lastModified": "2024-02-06T15:15:09.100", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:53:00.620", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json index ba848df9b37..ffef6d5cd74 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24591", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-02-06T15:15:09.367", - "lastModified": "2024-02-06T15:15:09.367", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:53:00.620", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json index 80198149ba2..a45ac4928ef 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24592", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-02-06T15:15:09.730", - "lastModified": "2024-02-06T15:15:09.730", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:53:00.620", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json index 8e2cd04c8c1..e488ca4352a 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24593", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-02-06T15:15:09.977", - "lastModified": "2024-02-06T15:15:09.977", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:53:00.620", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json index 3febdba654c..bbe1f810cce 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24594", "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", "published": "2024-02-06T15:15:10.203", - "lastModified": "2024-02-06T15:15:10.203", - "vulnStatus": "Received", + "lastModified": "2024-02-06T17:53:00.620", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 89690dc52ca..cb1eaf4d775 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-06T17:00:38.413558+00:00 +2024-02-06T19:00:33.081430+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-06T16:58:26.023000+00:00 +2024-02-06T18:56:43.787000+00:00 ``` ### Last Data Feed Release @@ -29,57 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237783 +237796 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` - -* [CVE-2023-5584](CVE-2023/CVE-2023-55xx/CVE-2023-5584.json) (`2024-02-06T15:15:08.247`) -* [CVE-2023-35188](CVE-2023/CVE-2023-351xx/CVE-2023-35188.json) (`2024-02-06T16:15:51.140`) -* [CVE-2023-46183](CVE-2023/CVE-2023-461xx/CVE-2023-46183.json) (`2024-02-06T16:15:51.370`) -* [CVE-2023-50395](CVE-2023/CVE-2023-503xx/CVE-2023-50395.json) (`2024-02-06T16:15:51.573`) -* [CVE-2024-0911](CVE-2024/CVE-2024-09xx/CVE-2024-0911.json) (`2024-02-06T15:15:08.827`) -* [CVE-2024-24590](CVE-2024/CVE-2024-245xx/CVE-2024-24590.json) (`2024-02-06T15:15:09.100`) -* [CVE-2024-24591](CVE-2024/CVE-2024-245xx/CVE-2024-24591.json) (`2024-02-06T15:15:09.367`) -* [CVE-2024-24592](CVE-2024/CVE-2024-245xx/CVE-2024-24592.json) (`2024-02-06T15:15:09.730`) -* [CVE-2024-24593](CVE-2024/CVE-2024-245xx/CVE-2024-24593.json) (`2024-02-06T15:15:09.977`) -* [CVE-2024-24594](CVE-2024/CVE-2024-245xx/CVE-2024-24594.json) (`2024-02-06T15:15:10.203`) -* [CVE-2024-1251](CVE-2024/CVE-2024-12xx/CVE-2024-1251.json) (`2024-02-06T16:15:51.793`) -* [CVE-2024-23344](CVE-2024/CVE-2024-233xx/CVE-2024-23344.json) (`2024-02-06T16:15:52.120`) -* [CVE-2024-24000](CVE-2024/CVE-2024-240xx/CVE-2024-24000.json) (`2024-02-06T16:15:52.317`) -* [CVE-2024-24013](CVE-2024/CVE-2024-240xx/CVE-2024-24013.json) (`2024-02-06T16:15:52.363`) -* [CVE-2024-24015](CVE-2024/CVE-2024-240xx/CVE-2024-24015.json) (`2024-02-06T16:15:52.410`) -* [CVE-2024-24291](CVE-2024/CVE-2024-242xx/CVE-2024-24291.json) (`2024-02-06T16:15:52.460`) +Recently added CVEs: `13` + +* [CVE-2023-36498](CVE-2023/CVE-2023-364xx/CVE-2023-36498.json) (`2024-02-06T17:15:08.527`) +* [CVE-2023-40545](CVE-2023/CVE-2023-405xx/CVE-2023-40545.json) (`2024-02-06T18:15:58.470`) +* [CVE-2023-42664](CVE-2023/CVE-2023-426xx/CVE-2023-42664.json) (`2024-02-06T17:15:08.770`) +* [CVE-2023-43482](CVE-2023/CVE-2023-434xx/CVE-2023-43482.json) (`2024-02-06T17:15:08.973`) +* [CVE-2023-46683](CVE-2023/CVE-2023-466xx/CVE-2023-46683.json) (`2024-02-06T17:15:09.180`) +* [CVE-2023-47167](CVE-2023/CVE-2023-471xx/CVE-2023-47167.json) (`2024-02-06T17:15:09.380`) +* [CVE-2023-47209](CVE-2023/CVE-2023-472xx/CVE-2023-47209.json) (`2024-02-06T17:15:09.593`) +* [CVE-2023-47617](CVE-2023/CVE-2023-476xx/CVE-2023-47617.json) (`2024-02-06T17:15:09.797`) +* [CVE-2023-47618](CVE-2023/CVE-2023-476xx/CVE-2023-47618.json) (`2024-02-06T17:15:10.013`) +* [CVE-2024-1252](CVE-2024/CVE-2024-12xx/CVE-2024-1252.json) (`2024-02-06T17:15:10.280`) +* [CVE-2024-1253](CVE-2024/CVE-2024-12xx/CVE-2024-1253.json) (`2024-02-06T17:15:10.507`) +* [CVE-2024-22331](CVE-2024/CVE-2024-223xx/CVE-2024-22331.json) (`2024-02-06T17:15:10.740`) +* [CVE-2024-1048](CVE-2024/CVE-2024-10xx/CVE-2024-1048.json) (`2024-02-06T18:15:59.250`) ### CVEs modified in the last Commit -Recently modified CVEs: `22` - -* [CVE-2023-6679](CVE-2023/CVE-2023-66xx/CVE-2023-6679.json) (`2024-02-06T15:15:08.397`) -* [CVE-2023-6915](CVE-2023/CVE-2023-69xx/CVE-2023-6915.json) (`2024-02-06T15:15:08.610`) -* [CVE-2023-6291](CVE-2023/CVE-2023-62xx/CVE-2023-6291.json) (`2024-02-06T16:09:02.867`) -* [CVE-2023-49038](CVE-2023/CVE-2023-490xx/CVE-2023-49038.json) (`2024-02-06T16:35:06.483`) -* [CVE-2023-52191](CVE-2023/CVE-2023-521xx/CVE-2023-52191.json) (`2024-02-06T16:58:26.023`) -* [CVE-2024-22302](CVE-2024/CVE-2024-223xx/CVE-2024-22302.json) (`2024-02-06T15:03:44.550`) -* [CVE-2024-22286](CVE-2024/CVE-2024-222xx/CVE-2024-22286.json) (`2024-02-06T15:08:36.300`) -* [CVE-2024-22289](CVE-2024/CVE-2024-222xx/CVE-2024-22289.json) (`2024-02-06T15:15:04.717`) -* [CVE-2024-23841](CVE-2024/CVE-2024-238xx/CVE-2024-23841.json) (`2024-02-06T15:20:17.970`) -* [CVE-2024-22292](CVE-2024/CVE-2024-222xx/CVE-2024-22292.json) (`2024-02-06T15:23:23.247`) -* [CVE-2024-22158](CVE-2024/CVE-2024-221xx/CVE-2024-22158.json) (`2024-02-06T15:25:24.303`) -* [CVE-2024-22159](CVE-2024/CVE-2024-221xx/CVE-2024-22159.json) (`2024-02-06T15:37:01.700`) -* [CVE-2024-22297](CVE-2024/CVE-2024-222xx/CVE-2024-22297.json) (`2024-02-06T15:38:07.050`) -* [CVE-2024-22150](CVE-2024/CVE-2024-221xx/CVE-2024-22150.json) (`2024-02-06T15:42:52.927`) -* [CVE-2024-22153](CVE-2024/CVE-2024-221xx/CVE-2024-22153.json) (`2024-02-06T15:43:49.957`) -* [CVE-2024-22293](CVE-2024/CVE-2024-222xx/CVE-2024-22293.json) (`2024-02-06T15:44:56.407`) -* [CVE-2024-22295](CVE-2024/CVE-2024-222xx/CVE-2024-22295.json) (`2024-02-06T15:49:30.457`) -* [CVE-2024-22146](CVE-2024/CVE-2024-221xx/CVE-2024-22146.json) (`2024-02-06T15:51:01.533`) -* [CVE-2024-22307](CVE-2024/CVE-2024-223xx/CVE-2024-22307.json) (`2024-02-06T15:52:58.037`) -* [CVE-2024-22310](CVE-2024/CVE-2024-223xx/CVE-2024-22310.json) (`2024-02-06T16:08:42.910`) -* [CVE-2024-22859](CVE-2024/CVE-2024-228xx/CVE-2024-22859.json) (`2024-02-06T16:29:48.453`) -* [CVE-2024-22282](CVE-2024/CVE-2024-222xx/CVE-2024-22282.json) (`2024-02-06T16:55:19.983`) +Recently modified CVEs: `40` + +* [CVE-2023-51982](CVE-2023/CVE-2023-519xx/CVE-2023-51982.json) (`2024-02-06T18:30:13.563`) +* [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-02-06T18:37:23.327`) +* [CVE-2023-6374](CVE-2023/CVE-2023-63xx/CVE-2023-6374.json) (`2024-02-06T18:50:48.063`) +* [CVE-2023-6238](CVE-2023/CVE-2023-62xx/CVE-2023-6238.json) (`2024-02-06T18:53:02.780`) +* [CVE-2024-1251](CVE-2024/CVE-2024-12xx/CVE-2024-1251.json) (`2024-02-06T17:52:56.963`) +* [CVE-2024-23344](CVE-2024/CVE-2024-233xx/CVE-2024-23344.json) (`2024-02-06T17:52:56.963`) +* [CVE-2024-24000](CVE-2024/CVE-2024-240xx/CVE-2024-24000.json) (`2024-02-06T17:52:56.963`) +* [CVE-2024-24013](CVE-2024/CVE-2024-240xx/CVE-2024-24013.json) (`2024-02-06T17:52:56.963`) +* [CVE-2024-24015](CVE-2024/CVE-2024-240xx/CVE-2024-24015.json) (`2024-02-06T17:52:56.963`) +* [CVE-2024-24291](CVE-2024/CVE-2024-242xx/CVE-2024-24291.json) (`2024-02-06T17:52:56.963`) +* [CVE-2024-0911](CVE-2024/CVE-2024-09xx/CVE-2024-0911.json) (`2024-02-06T17:53:00.620`) +* [CVE-2024-24590](CVE-2024/CVE-2024-245xx/CVE-2024-24590.json) (`2024-02-06T17:53:00.620`) +* [CVE-2024-24591](CVE-2024/CVE-2024-245xx/CVE-2024-24591.json) (`2024-02-06T17:53:00.620`) +* [CVE-2024-24592](CVE-2024/CVE-2024-245xx/CVE-2024-24592.json) (`2024-02-06T17:53:00.620`) +* [CVE-2024-24593](CVE-2024/CVE-2024-245xx/CVE-2024-24593.json) (`2024-02-06T17:53:00.620`) +* [CVE-2024-24594](CVE-2024/CVE-2024-245xx/CVE-2024-24594.json) (`2024-02-06T17:53:00.620`) +* [CVE-2024-22569](CVE-2024/CVE-2024-225xx/CVE-2024-22569.json) (`2024-02-06T18:07:39.733`) +* [CVE-2024-1111](CVE-2024/CVE-2024-11xx/CVE-2024-1111.json) (`2024-02-06T18:11:45.033`) +* [CVE-2024-22306](CVE-2024/CVE-2024-223xx/CVE-2024-22306.json) (`2024-02-06T18:20:46.017`) +* [CVE-2024-21388](CVE-2024/CVE-2024-213xx/CVE-2024-21388.json) (`2024-02-06T18:21:15.953`) +* [CVE-2024-23647](CVE-2024/CVE-2024-236xx/CVE-2024-23647.json) (`2024-02-06T18:22:58.250`) +* [CVE-2024-21840](CVE-2024/CVE-2024-218xx/CVE-2024-21840.json) (`2024-02-06T18:32:20.340`) +* [CVE-2024-23342](CVE-2024/CVE-2024-233xx/CVE-2024-23342.json) (`2024-02-06T18:36:47.733`) +* [CVE-2024-23829](CVE-2024/CVE-2024-238xx/CVE-2024-23829.json) (`2024-02-06T18:38:53.870`) +* [CVE-2024-21488](CVE-2024/CVE-2024-214xx/CVE-2024-21488.json) (`2024-02-06T18:56:43.787`) ## Download and Usage