diff --git a/CVE-2018/CVE-2018-250xx/CVE-2018-25095.json b/CVE-2018/CVE-2018-250xx/CVE-2018-25095.json new file mode 100644 index 00000000000..b5494d0b8de --- /dev/null +++ b/CVE-2018/CVE-2018-250xx/CVE-2018-25095.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2018-25095", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:08.377", + "lastModified": "2024-01-08T19:30:10.403", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/16cc47aa-cb31-4114-b014-7ac5fbc1d3ee", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-36xx/CVE-2021-3600.json b/CVE-2021/CVE-2021-36xx/CVE-2021-3600.json new file mode 100644 index 00000000000..c05c174b433 --- /dev/null +++ b/CVE-2021/CVE-2021-36xx/CVE-2021-3600.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2021-3600", + "sourceIdentifier": "security@ubuntu.com", + "published": "2024-01-08T19:15:08.470", + "lastModified": "2024-01-08T19:30:10.403", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "It was discovered that the eBPF implementation in the Linux kernel did not properly track bounds information for 32 bit registers when performing div and mod operations. A local attacker could use this to possibly execute arbitrary code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3600", + "source": "security@ubuntu.com" + }, + { + "url": "https://git.kernel.org/linus/e88b2c6e5a4d9ce30d75391e4d950da74bb2bd90", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-5003-1", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-469xx/CVE-2021-46901.json b/CVE-2021/CVE-2021-469xx/CVE-2021-46901.json index 1931145a0fc..b118c6272a5 100644 --- a/CVE-2021/CVE-2021-469xx/CVE-2021-46901.json +++ b/CVE-2021/CVE-2021-469xx/CVE-2021-46901.json @@ -2,23 +2,87 @@ "id": "CVE-2021-46901", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-31T07:15:07.443", - "lastModified": "2024-01-01T02:12:45.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:09:08.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "examples/6lbr/apps/6lbr-webserver/httpd.c in CETIC-6LBR (aka 6lbr) 1.5.0 has a strcat stack-based buffer overflow via a request for a long URL over a 6LoWPAN network." + }, + { + "lang": "es", + "value": "example/6lbr/apps/6lbr-webserver/httpd.c en CETIC-6LBR (tambi\u00e9n conocido como 6lbr) 1.5.0 tiene un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria strcat a trav\u00e9s de una solicitud de una URL larga a trav\u00e9s de una red 6LoWPAN." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:cetic:cetic-6lbr:1.5.0:*:*:*:*:*:*:*", + "matchCriteriaId": "E465E0D8-8E05-4C5D-B4FD-CE7B5AFC5E46" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cetic/6lbr/blob/c3092a1ccc6b6b0e668f33f6f4b2d6967975d664/examples/6lbr/apps/6lbr-webserver/httpd.c#L119", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/cetic/6lbr/issues/414", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2585.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2585.json index 5c6a0e83d64..8e625e869e5 100644 --- a/CVE-2022/CVE-2022-25xx/CVE-2022-2585.json +++ b/CVE-2022/CVE-2022-25xx/CVE-2022-2585.json @@ -2,8 +2,8 @@ "id": "CVE-2022-2585", "sourceIdentifier": "security@ubuntu.com", "published": "2024-01-08T18:15:44.383", - "lastModified": "2024-01-08T18:15:44.383", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2586.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2586.json index 3f521f364f3..398d807fd18 100644 --- a/CVE-2022/CVE-2022-25xx/CVE-2022-2586.json +++ b/CVE-2022/CVE-2022-25xx/CVE-2022-2586.json @@ -2,8 +2,8 @@ "id": "CVE-2022-2586", "sourceIdentifier": "security@ubuntu.com", "published": "2024-01-08T18:15:44.620", - "lastModified": "2024-01-08T18:15:44.620", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-25xx/CVE-2022-2588.json b/CVE-2022/CVE-2022-25xx/CVE-2022-2588.json index d5ffc0d3843..25233779814 100644 --- a/CVE-2022/CVE-2022-25xx/CVE-2022-2588.json +++ b/CVE-2022/CVE-2022-25xx/CVE-2022-2588.json @@ -2,8 +2,8 @@ "id": "CVE-2022-2588", "sourceIdentifier": "security@ubuntu.com", "published": "2024-01-08T18:15:44.840", - "lastModified": "2024-01-08T18:15:44.840", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-26xx/CVE-2022-2602.json b/CVE-2022/CVE-2022-26xx/CVE-2022-2602.json index 3fb1de5fecb..8eaa85c5322 100644 --- a/CVE-2022/CVE-2022-26xx/CVE-2022-2602.json +++ b/CVE-2022/CVE-2022-26xx/CVE-2022-2602.json @@ -2,8 +2,8 @@ "id": "CVE-2022-2602", "sourceIdentifier": "security@ubuntu.com", "published": "2024-01-08T18:15:45.037", - "lastModified": "2024-01-08T18:15:45.037", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-33xx/CVE-2022-3328.json b/CVE-2022/CVE-2022-33xx/CVE-2022-3328.json index 8e303fbb027..37058171ce1 100644 --- a/CVE-2022/CVE-2022-33xx/CVE-2022-3328.json +++ b/CVE-2022/CVE-2022-33xx/CVE-2022-3328.json @@ -2,8 +2,8 @@ "id": "CVE-2022-3328", "sourceIdentifier": "security@ubuntu.com", "published": "2024-01-08T18:15:45.233", - "lastModified": "2024-01-08T18:15:45.233", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-10xx/CVE-2023-1032.json b/CVE-2023/CVE-2023-10xx/CVE-2023-1032.json new file mode 100644 index 00000000000..e8d90fedf06 --- /dev/null +++ b/CVE-2023/CVE-2023-10xx/CVE-2023-1032.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2023-1032", + "sourceIdentifier": "security@ubuntu.com", + "published": "2024-01-08T19:15:08.663", + "lastModified": "2024-01-08T19:30:10.403", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Linux kernel io_uring IORING_OP_SOCKET operation contained a double free in function __sys_socket_file() in file net/socket.c. This issue was introduced in da214a475f8bd1d3e9e7a19ddfeb4d1617551bab and fixed in 649c15c7691e9b13cbe9bf6c65c365350e056067." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@ubuntu.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "references": [ + { + "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1032", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-5977-1", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-6024-1", + "source": "security@ubuntu.com" + }, + { + "url": "https://ubuntu.com/security/notices/USN-6033-1", + "source": "security@ubuntu.com" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2023/03/13/2", + "source": "security@ubuntu.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-261xx/CVE-2023-26157.json b/CVE-2023/CVE-2023-261xx/CVE-2023-26157.json index 0503f8cde35..8716c79252b 100644 --- a/CVE-2023/CVE-2023-261xx/CVE-2023-26157.json +++ b/CVE-2023/CVE-2023-261xx/CVE-2023-26157.json @@ -2,8 +2,8 @@ "id": "CVE-2023-26157", "sourceIdentifier": "report@snyk.io", "published": "2024-01-02T05:15:08.160", - "lastModified": "2024-01-02T13:47:24.843", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:33:27.113", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "report@snyk.io", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "report@snyk.io", "type": "Secondary", @@ -50,18 +80,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gnu:libredwg:*:*:*:*:*:*:*:*", + "versionEndExcluding": "0.12.5.6384", + "matchCriteriaId": "C0D7618D-9F7C-4654-822E-48A907537B85" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/LibreDWG/libredwg/commit/c8cf03ce4c2315b146caf582ea061c0460193bcc", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/LibreDWG/libredwg/issues/850", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch" + ] }, { "url": "https://security.snyk.io/vuln/SNYK-UNMANAGED-LIBREDWG-6070730", - "source": "report@snyk.io" + "source": "report@snyk.io", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45561.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45561.json index d1697e9d272..d792e1d3071 100644 --- a/CVE-2023/CVE-2023-455xx/CVE-2023-45561.json +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45561.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45561", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-02T21:15:09.530", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:32:10.703", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,80 @@ "value": "Un problema en A-WORLD OIRASE BEER_waiting Line v.13.6.1 permite a los atacantes enviar notificaciones manipuladas mediante la fuga del token de acceso al canal." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:linecorp:line:13.6.1:*:*:*:*:*:*:*", + "matchCriteriaId": "22743D41-3381-4220-8D9F-60CC36E48F78" + } + ] + } + ] + } + ], "references": [ { "url": "http://a-world.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "http://oirase.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45561.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45892.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45892.json index fb1befe4798..c0f570c3c6b 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45892.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45892.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45892", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-02T21:15:09.583", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:31:03.043", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Un problema descubierto en las p\u00e1ginas de Order y Invoice en Floorsight Insights Q3 2023 permite a un atacante remoto no autenticado ver informaci\u00f3n confidencial del cliente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:floorsightsoftware:insight:*:*:*:*:*:*:*:*", + "versionEndIncluding": "q3_2023", + "matchCriteriaId": "2E8DDEB0-C955-4205-A6A6-7E89ADCBB42D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45892.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45893.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45893.json index 77ffdea8210..ab672208b06 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45893.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45893.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45893", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-02T21:15:09.630", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:30:51.917", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Una referencia de objeto indirecto (IDOR) en las p\u00e1ginas Order y Invoice de Floorsight Customer Portal Q3 2023 permite a un atacante remoto no autenticado ver informaci\u00f3n confidencial del cliente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:floorsightsoftware:customer_portal:*:*:*:*:*:*:*:*", + "versionEndIncluding": "q3_2023", + "matchCriteriaId": "A14EA7C4-AC8E-40BE-9411-A3B153092532" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Oracle-Security/CVEs/blob/main/FloorsightSoftware/CVE-2023-45893.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json b/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json index 7ea35606e6d..098a7dfb5ef 100644 --- a/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json +++ b/CVE-2023/CVE-2023-470xx/CVE-2023-47039.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47039", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T06:15:13.737", - "lastModified": "2024-01-02T13:47:18.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:02:03.510", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,18 +80,58 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.32.1", + "matchCriteriaId": "941F7B31-C194-4B93-AA3E-4F84C0DB4AF5" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-47039", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Mailing List", + "Patch" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47458.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47458.json index 807e3b22157..ecb665b924b 100644 --- a/CVE-2023/CVE-2023-474xx/CVE-2023-47458.json +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47458.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47458", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-02T21:15:09.673", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:29:49.160", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,81 @@ "value": "Un problema en SpringBlade v.3.7.0 y anteriores permite a un atacante remoto escalar privilegios a trav\u00e9s de la falta de un framework de permisos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bladex:springblade:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.7.0", + "matchCriteriaId": "0316ED89-1327-46DA-BD43-995B6DC663DE" + } + ] + } + ] + } + ], "references": [ { "url": "http://springblade.com", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Broken Link" + ] }, { "url": "https://gist.github.com/Mr-F0reigner/b05487f5ca52d17e214fffd6e1e0312a", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://gitee.com/smallc/SpringBlade", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47488.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47488.json index 05139c4bf4e..123c0f4a7f8 100644 --- a/CVE-2023/CVE-2023-474xx/CVE-2023-47488.json +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47488.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47488", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-09T06:15:24.290", - "lastModified": "2023-11-16T16:42:19.467", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-08T20:15:44.340", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -74,6 +74,10 @@ "tags": [ "Broken Link" ] + }, + { + "url": "https://nitipoom-jar.github.io/CVE-2023-47488/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47804.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47804.json index 8261822a723..1555cf8829b 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47804.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47804.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47804", "sourceIdentifier": "security@apache.org", "published": "2023-12-29T15:15:09.157", - "lastModified": "2024-01-03T12:15:23.300", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:22:31.183", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,8 +14,41 @@ "value": "Los documentos de Apache OpenOffice pueden contener enlaces que llaman a macros internas con argumentos arbitrarios. Para este fin se definen varios esquemas de URI. Los enlaces se pueden activar mediante clics o mediante eventos autom\u00e1ticos del documento. La ejecuci\u00f3n de dichos enlaces debe estar sujeta a la aprobaci\u00f3n del usuario. En las versiones afectadas de OpenOffice, no se solicita aprobaci\u00f3n para ciertos enlaces; Cuando se activan, dichos enlaces podr\u00edan dar lugar a la ejecuci\u00f3n de scripts arbitrarios. Este es un caso de esquina de CVE-2022-47502." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + }, { "source": "security@apache.org", "type": "Secondary", @@ -31,18 +64,48 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apache:openoffice:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.1.15", + "matchCriteriaId": "767062E8-2AC4-433B-88DD-F7A36A9CB97C" + } + ] + } + ] + } + ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/01/03/3", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.apache.org/thread/ygp59swfcy6g46jf8v9s6qpwmxn8fsvb", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Mailing List", + "Vendor Advisory" + ] }, { "url": "https://www.openoffice.org/security/cves/CVE-2023-47804.html", - "source": "security@apache.org" + "source": "security@apache.org", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47858.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47858.json index e9efa26d8ce..4b05af05531 100644 --- a/CVE-2023/CVE-2023-478xx/CVE-2023-47858.json +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47858.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47858", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-01-02T10:15:08.117", - "lastModified": "2024-01-02T13:47:18.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:03:08.097", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -50,10 +80,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1.7", + "matchCriteriaId": "4FFBD373-195D-4481-B87D-5B329DBEC33D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.0.0", + "versionEndExcluding": "9.0.5", + "matchCriteriaId": "707E5CDF-AD8D-4D91-8DE8-B32E6E06003B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.0", + "versionEndExcluding": "9.1.4", + "matchCriteriaId": "689E6CCF-B722-4C95-AAB6-010CC285CF80" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.2.0", + "versionEndExcluding": "9.2.3", + "matchCriteriaId": "51A35D8A-9E04-4450-B27E-401B9D43CC12" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-478xx/CVE-2023-47890.json b/CVE-2023/CVE-2023-478xx/CVE-2023-47890.json new file mode 100644 index 00000000000..443dfae09af --- /dev/null +++ b/CVE-2023/CVE-2023-478xx/CVE-2023-47890.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-47890", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-08T20:15:44.453", + "lastModified": "2024-01-08T20:15:44.453", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "pyLoad 0.5.0 is vulnerable to Unrestricted File Upload." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://pyload.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/pyload/pyload/security/advisories/GHSA-h73m-pcfw-25h2", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-487xx/CVE-2023-48732.json b/CVE-2023/CVE-2023-487xx/CVE-2023-48732.json index 3c70498de7d..3fe5814cc97 100644 --- a/CVE-2023/CVE-2023-487xx/CVE-2023-48732.json +++ b/CVE-2023/CVE-2023-487xx/CVE-2023-48732.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48732", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-01-02T10:15:08.487", - "lastModified": "2024-01-02T13:47:18.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:03:27.590", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1.7", + "matchCriteriaId": "4FFBD373-195D-4481-B87D-5B329DBEC33D" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-497xx/CVE-2023-49794.json b/CVE-2023/CVE-2023-497xx/CVE-2023-49794.json index 513609fe569..bf569b3646e 100644 --- a/CVE-2023/CVE-2023-497xx/CVE-2023-49794.json +++ b/CVE-2023/CVE-2023-497xx/CVE-2023-49794.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49794", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-02T20:15:10.020", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:37:53.727", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kernelsu:kernelsu:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.7.1", + "matchCriteriaId": "4C6A3ED4-679D-46F9-A6EF-EF7A2D7E9135" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/1b9UrmG_co9EJXB_yMBneRArUIR5sTuaN/view?usp=drive_link", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/tiann/KernelSU/security/advisories/GHSA-8rc5-x54x-5qc4", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50333.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50333.json index 4e4123e7f7c..4c8cce7779d 100644 --- a/CVE-2023/CVE-2023-503xx/CVE-2023-50333.json +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50333.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50333", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-01-02T10:15:08.723", - "lastModified": "2024-01-02T13:47:18.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:04:13.117", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "responsibledisclosure@mattermost.com", "type": "Secondary", @@ -50,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1.7", + "matchCriteriaId": "4FFBD373-195D-4481-B87D-5B329DBEC33D" + } + ] + } + ] + } + ], "references": [ { "url": "https://mattermost.com/security-updates", - "source": "responsibledisclosure@mattermost.com" + "source": "responsibledisclosure@mattermost.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-507xx/CVE-2023-50711.json b/CVE-2023/CVE-2023-507xx/CVE-2023-50711.json index 0da13f930c2..1b06175195c 100644 --- a/CVE-2023/CVE-2023-507xx/CVE-2023-50711.json +++ b/CVE-2023/CVE-2023-507xx/CVE-2023-50711.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50711", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-02T20:15:10.250", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:36:27.290", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +80,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rust-vmm:vmm-sys-util:*:*:*:*:*:rust:*:*", + "versionStartIncluding": "0.5.0", + "versionEndExcluding": "0.12.0", + "matchCriteriaId": "8BF935A7-CACE-4181-AF8F-46107DE2240B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/rust-vmm/vmm-sys-util/commit/30172fca2a8e0a38667d934ee56682247e13f167", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/rust-vmm/vmm-sys-util/security/advisories/GHSA-875g-mfp6-g7f9", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50982.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50982.json new file mode 100644 index 00000000000..a9b03fdfa2e --- /dev/null +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50982.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-50982", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-08T20:15:44.513", + "lastModified": "2024-01-08T20:15:44.513", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Stud.IP 5.x through 5.3.3 allows XSS with resultant upload of executable files, because upload_action and edit_action in Admin_SmileysController do not check the file extension. This leads to remote code execution with the privileges of the www-data user. The fixed versions are 5.3.4, 5.2.6, 5.1.7, and 5.0.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://gitlab.studip.de/studip/studip/-/tags", + "source": "cve@mitre.org" + }, + { + "url": "https://rehmeinfosec.de/labor/cve-2023-50982", + "source": "cve@mitre.org" + }, + { + "url": "https://sourceforge.net/projects/studip/files/Stud.IP/5.4/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-512xx/CVE-2023-51246.json b/CVE-2023/CVE-2023-512xx/CVE-2023-51246.json new file mode 100644 index 00000000000..57c39bc7a08 --- /dev/null +++ b/CVE-2023/CVE-2023-512xx/CVE-2023-51246.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-51246", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-08T20:15:44.723", + "lastModified": "2024-01-08T20:15:44.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Cross Site Scripting (XSS) vulnerability in GetSimple CMS 3.3.16 exists when using Source Code Mode as a backend user to add articles via the /admin/edit.php page." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/NING0121/25498c5326c2590423b26ace38d2cf39", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/NING0121/CVE/issues/1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51652.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51652.json index 309cc1f3dbc..a9a69451277 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51652.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51652.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51652", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-02T20:15:10.453", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:35:18.890", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,18 +70,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:spassarop:owasp_antisamy_.net:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.2.0", + "matchCriteriaId": "13BDB025-E8FE-41BA-8BEC-53FC1A8994D3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/spassarop/antisamy-dotnet/commit/7e500daef6ad9c10e97c68feab78f4cb6e3083c6", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/spassarop/antisamy-dotnet/commit/8117911933e75a25cd0054ef017577486338444a", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/spassarop/antisamy-dotnet/security/advisories/GHSA-8x6f-956f-q43w", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-516xx/CVE-2023-51675.json b/CVE-2023/CVE-2023-516xx/CVE-2023-51675.json index 0a942efe844..d6ef0e34099 100644 --- a/CVE-2023/CVE-2023-516xx/CVE-2023-51675.json +++ b/CVE-2023/CVE-2023-516xx/CVE-2023-51675.json @@ -2,16 +2,40 @@ "id": "CVE-2023-51675", "sourceIdentifier": "audit@patchstack.com", "published": "2023-12-29T14:15:48.117", - "lastModified": "2023-12-29T14:46:03.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:23:02.507", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More.This issue affects Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: from n/a through 6.9.18.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de redirecci\u00f3n de URL a un sitio que no es de confianza (\"Open Redirect\") en AAM Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More. Este problema afecta a Advanced Access Manager \u2013 Restricted Content, Users & Roles, Enhanced Security and More: desde n/a hasta el 6.9.18." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:vasyltech:advanced_access_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.9.19", + "matchCriteriaId": "DA6B31DA-F955-4FFF-B547-6DA36ECCFF48" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-18-open-redirection-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51713.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51713.json index 572dd94b5f8..500be9ace79 100644 --- a/CVE-2023/CVE-2023-517xx/CVE-2023-51713.json +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51713.json @@ -2,8 +2,8 @@ "id": "CVE-2023-51713", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-22T03:15:09.730", - "lastModified": "2023-12-22T12:18:32.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:06:50.837", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,87 @@ "value": "make_ftp_cmd en main.c en ProFTPD anterior a 1.3.8a tiene una lectura fuera de los l\u00edmites de un byte y el daemon falla debido a un mal manejo de las sem\u00e1nticas de quote/backslash." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:proftpd:proftpd:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.8a", + "matchCriteriaId": "82A8E114-13E4-4799-8838-37D9BB4BB4D1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/proftpd/proftpd/blob/1.3.8/NEWS", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/proftpd/proftpd/issues/1683", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/proftpd/proftpd/issues/1683#issuecomment-1712887554", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52190.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52190.json new file mode 100644 index 00000000000..9509ad014d6 --- /dev/null +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52190.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52190", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T19:15:08.863", + "lastModified": "2024-01-08T19:30:10.403", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/coupon-referral-program/wordpress-coupon-referral-program-plugin-1-7-2-unauthenticated-sensitive-data-pii-coupon-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52200.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52200.json new file mode 100644 index 00000000000..acaf8eea9a8 --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52200.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-52200", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T20:15:44.777", + "lastModified": "2024-01-08T20:15:44.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute Infosystems ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup.This issue affects ARMember \u2013 Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: n/a.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-lite-plugin-4-0-22-cross-site-request-forgery-csrf-to-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52203.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52203.json new file mode 100644 index 00000000000..4ed923e8742 --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52203.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52203", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T20:15:45.010", + "lastModified": "2024-01-08T20:15:45.010", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Seidel, Bastian Germann cformsII allows Stored XSS.This issue affects cformsII: from n/a through 15.0.5.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/cforms2/wordpress-cformsii-plugin-15-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52204.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52204.json new file mode 100644 index 00000000000..86206c86f9c --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52204.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52204", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T20:15:45.263", + "lastModified": "2024-01-08T20:15:45.263", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Javik Randomize.This issue affects Randomize: from n/a through 1.4.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/randomize/wordpress-randomize-plugin-1-4-3-contributor-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52205.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52205.json new file mode 100644 index 00000000000..e2fb446835f --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52205.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52205", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T20:15:45.463", + "lastModified": "2024-01-08T20:15:45.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 SoundCloud Player with Playlist Free.This issue affects HTML5 SoundCloud Player with Playlist Free: from n/a through 2.8.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/html5-soundcloud-player-with-playlist/wordpress-html5-soundcloud-player-plugin-2-8-0-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52206.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52206.json new file mode 100644 index 00000000000..6260e738724 --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52206.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52206", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T20:15:45.680", + "lastModified": "2024-01-08T20:15:45.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer live-composer-page-builder.This issue affects Page Builder: Live Composer: from n/a through 1.5.25.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/live-composer-page-builder/wordpress-page-builder-live-composer-plugin-1-5-25-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52207.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52207.json new file mode 100644 index 00000000000..f77f9c9e78c --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52207.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52207", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T19:15:09.053", + "lastModified": "2024-01-08T19:30:10.403", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in SVNLabs Softwares HTML5 MP3 Player with Playlist Free.This issue affects HTML5 MP3 Player with Playlist Free: from n/a through 3.0.0.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/html5-mp3-player-with-playlist/wordpress-html5-mp3-player-plugin-3-0-0-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52208.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52208.json new file mode 100644 index 00000000000..ac4bddab2de --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52208.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52208", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T19:15:09.380", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Constant Contact Constant Contact Forms.This issue affects Constant Contact Forms: from n/a through 2.4.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/constant-contact-forms/wordpress-constant-contact-forms-plugin-2-4-2-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52213.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52213.json new file mode 100644 index 00000000000..7eba55b72fa --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52213.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52213", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T20:15:45.920", + "lastModified": "2024-01-08T20:15:45.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VideoWhisper Rate Star Review \u2013 AJAX Reviews for Content, with Star Ratings allows Reflected XSS.This issue affects Rate Star Review \u2013 AJAX Reviews for Content, with Star Ratings: from n/a through 1.5.1.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/rate-star-review/wordpress-rate-star-review-plugin-1-5-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52215.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52215.json index 47023812035..1aa4b03cb74 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52215.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52215.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52215", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T18:15:51.680", - "lastModified": "2024-01-08T18:15:51.680", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52216.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52216.json new file mode 100644 index 00000000000..99d8fa00d88 --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52216.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52216", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T20:15:46.173", + "lastModified": "2024-01-08T20:15:46.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Yevhen Kotelnytskyi JS & CSS Script Optimizer.This issue affects JS & CSS Script Optimizer: from n/a through 0.3.3.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/js-css-script-optimizer/wordpress-js-css-script-optimizer-plugin-0-3-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52218.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52218.json index 27d0f1db876..b421a111e52 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52218.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52218.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52218", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T18:15:51.870", - "lastModified": "2024-01-08T18:15:51.870", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52219.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52219.json index 676224fa725..71b75a322b6 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52219.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52219.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52219", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T18:15:52.070", - "lastModified": "2024-01-08T18:15:52.070", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52222.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52222.json new file mode 100644 index 00000000000..fedfab0254c --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52222.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-52222", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-01-08T19:15:09.577", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Automattic WooCommerce.This issue affects WooCommerce: from n/a through 8.2.2.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woocommerce/wordpress-woocommerce-plugin-8-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52225.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52225.json index 95fcf9aee18..752c8931e89 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52225.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52225.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52225", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T18:15:52.273", - "lastModified": "2024-01-08T18:15:52.273", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52271.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52271.json new file mode 100644 index 00000000000..3f9dafcd2f4 --- /dev/null +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52271.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-52271", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-08T20:15:46.387", + "lastModified": "2024-01-08T20:15:46.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any (Protected Process Light) process via an IOCTL (which will be named at a later time)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://northwave-cybersecurity.com/vulnerability-notice-topaz-antifraud", + "source": "cve@mitre.org" + }, + { + "url": "https://www.topazevolution.com/en/antifraud/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-522xx/CVE-2023-52284.json b/CVE-2023/CVE-2023-522xx/CVE-2023-52284.json index d7f8fb447ec..695b5c056dc 100644 --- a/CVE-2023/CVE-2023-522xx/CVE-2023-52284.json +++ b/CVE-2023/CVE-2023-522xx/CVE-2023-52284.json @@ -2,27 +2,96 @@ "id": "CVE-2023-52284", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-31T06:15:08.487", - "lastModified": "2024-01-01T02:12:45.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:07:52.047", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an \"double free or corruption\" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled." + }, + { + "lang": "es", + "value": "Bytecode Alliance wasm-micro-runtime (tambi\u00e9n conocido como WebAssembly Micro Runtime o WAMR) anterior a 1.3.0 puede tener un error de \"double free or corruption\" para un m\u00f3dulo WebAssembly v\u00e1lido porque push_pop_frame_ref_offset no se maneja correctamente." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bytecodealliance:webassembly_micro_runtime:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.3.0", + "matchCriteriaId": "8D76C425-15E0-42A8-B9E2-8EC56FF15980" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/bytecodealliance/wasm-micro-runtime/compare/WAMR-1.2.3...WAMR-1.3.0", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/bytecodealliance/wasm-micro-runtime/issues/2586", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] }, { "url": "https://github.com/bytecodealliance/wasm-micro-runtime/pull/2590", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-52xx/CVE-2023-5235.json b/CVE-2023/CVE-2023-52xx/CVE-2023-5235.json new file mode 100644 index 00000000000..f69d51741f5 --- /dev/null +++ b/CVE-2023/CVE-2023-52xx/CVE-2023-5235.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-5235", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:09.790", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Ovic Responsive WPBakery WordPress plugin before 1.2.9 does not limit which options can be updated via some of its AJAX actions, which may allow attackers with a subscriber+ account to update blog options, such as 'users_can_register' and 'default_role'. It also unserializes user input in the process, which may lead to Object Injection attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/35c9a954-37fc-4818-a71f-34aaaa0fa3db", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5911.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5911.json new file mode 100644 index 00000000000..b6372286224 --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5911.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-5911", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:09.843", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WP Custom Cursors | WordPress Cursor Plugin WordPress plugin through 3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/dde0767d-1dff-4261-adbe-1f3fdf2d9aae", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-59xx/CVE-2023-5957.json b/CVE-2023/CVE-2023-59xx/CVE-2023-5957.json new file mode 100644 index 00000000000..9bf96c958b8 --- /dev/null +++ b/CVE-2023/CVE-2023-59xx/CVE-2023-5957.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-5957", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:09.890", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Ni Purchase Order(PO) For WooCommerce WordPress plugin through 1.2.1 does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/70f823ff-64ad-4f05-9eb3-b69b3b79dc12", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6042.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6042.json new file mode 100644 index 00000000000..aa7ae9f444f --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6042.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6042", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:09.937", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Any unauthenticated user may send e-mail from the site with any title or content to the admin" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/56a1c050-67b5-43bc-b5b6-28d9a5a59eba", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6093.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6093.json index 40c22728a93..4c6a3f9e10e 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6093.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6093.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6093", "sourceIdentifier": "psirt@moxa.com", "published": "2023-12-31T10:15:08.570", - "lastModified": "2024-01-04T15:15:10.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:09:29.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,11 +11,31 @@ }, { "lang": "es", - "value": "Se ha identificado una vulnerabilidad en las versiones de firmware de la serie OnCell G3150A-LTE v1.3 y anteriores. La vulnerabilidad es el resultado de restringir incorrectamente los objetos del marco, lo que genera confusi\u00f3n en el usuario sobre con qu\u00e9 interfaz est\u00e1 interactuando. Esta vulnerabilidad puede llevar al atacante a enga\u00f1ar al usuario para que interact\u00fae con la aplicaci\u00f3n." + "value": "Se ha identificado una vulnerabilidad en las versiones de firmware de la serie OnCell G3150A-LTE v1.3 y anteriores. La vulnerabilidad es el resultado de restringir incorrectamente los objetos del frame, lo que genera confusi\u00f3n en el usuario sobre con qu\u00e9 interfaz est\u00e1 interactuando. Esta vulnerabilidad puede llevar al atacante a enga\u00f1ar al usuario para que interact\u00fae con la aplicaci\u00f3n." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "psirt@moxa.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1021" + } + ] + }, { "source": "psirt@moxa.com", "type": "Secondary", @@ -50,10 +80,43 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:moxa:oncell_g3150a-lte_firmware:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.3", + "matchCriteriaId": "4F758200-C50E-4456-AAA9-870206050FAE" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:moxa:oncell_g3150a-lte:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A4BDE004-9181-4030-AEB3-594B9B478879" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3150a-lte-series-multiple-web-application-vulnerabilities-and-security-enhancement", - "source": "psirt@moxa.com" + "source": "psirt@moxa.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json index ff1e0a32bfa..85625ed4563 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6113.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6113", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:43.243", - "lastModified": "2024-01-02T13:47:38.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:05:26.813", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,76 @@ "value": "WP STAGING WordPress Backup Plugin anterior a 3.1.3 y WP STAGING Pro WordPress Backup Plugin anterior a 5.1.3 no impiden que los visitantes filtren informaci\u00f3n clave sobre los procesos de copia de seguridad en curso, lo que permite a atacantes no autenticados descargar dichas copias de seguridad m\u00e1s tarde." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp-staging:wp_staging:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.1.3", + "matchCriteriaId": "6249078F-54BE-4941-9345-AD52EBC82EEC" + } + ] + } + ] + } + ], "references": [ { "url": "https://research.cleantalk.org/cve-2023-6113-wp-staging-unauth-sensitive-data-exposure-to-account-takeover-poc-exploit/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://wpscan.com/vulnerability/5a71049a-09a6-40ab-a4e8-44634869d4fb", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6139.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6139.json new file mode 100644 index 00000000000..2dc0781632b --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6139.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6139", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:09.980", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/96396a22-f523-4c51-8b72-52be266988aa", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6140.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6140.json new file mode 100644 index 00000000000..990aa1341e4 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6140.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6140", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.027", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Essential Real Estate WordPress plugin before 4.4.0 does not prevent users with limited privileges on the site, like subscribers, from momentarily uploading malicious PHP files disguised as ZIP archives, which may lead to remote code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/c837eaf3-fafd-45a2-8f5e-03afb28a765b", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6141.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6141.json new file mode 100644 index 00000000000..db867dcbd31 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6141.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6141", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.083", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Stored XSS attacks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/df12513b-9664-45be-8824-2924bfddf364", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6161.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6161.json new file mode 100644 index 00000000000..be8e26a33b8 --- /dev/null +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6161.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6161", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.137", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WP Crowdfunding WordPress plugin before 2.1.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/ca7b6a39-a910-4b4f-b9cc-be444ec44942", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6383.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6383.json new file mode 100644 index 00000000000..525af309c74 --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6383.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6383", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.183", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Debug Log Manager WordPress plugin before 2.3.0 contains a Directory listing vulnerability was discovered, which allows you to download the debug log without authorization and gain access to sensitive data" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/eae63103-3de6-4100-8f48-2bcf9a5c91fb", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json index 4ecc2715284..282378e4aa4 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6421.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6421", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:43.347", - "lastModified": "2024-01-02T13:47:38.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:08:31.977", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,14 +11,72 @@ }, { "lang": "es", - "value": "Download Manager WordPress plugin anterior a 3.2.83 no protege las contrase\u00f1as de descarga de archivos y las filtra al recibir una no v\u00e1lida." + "value": "El complemento Download Manager de WordPress anterior a 3.2.83 no protege las contrase\u00f1as de descarga de archivos y las filtra al recibir una no v\u00e1lida." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpdownloadmanager:wordpress_download_manager:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2.83", + "matchCriteriaId": "9EA740C8-DEA3-4F7E-A804-8E59102ECB35" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/244c7c00-fc8d-4a73-bbe0-7865c621d410", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Broken Link", + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6436.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6436.json index 6fcf749974f..793d2c930da 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6436.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6436.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6436", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-01-02T13:15:08.930", - "lastModified": "2024-01-02T13:47:18.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:40:27.743", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "iletisim@usom.gov.tr", "type": "Secondary", @@ -50,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ekolbilisim:web_sablonu_yazilimi:*:*:*:*:*:*:*:*", + "versionEndIncluding": "20231215", + "matchCriteriaId": "D95E015B-13FA-40D2-B95F-4FE7CF7B6ABD" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.usom.gov.tr/bildirim/tr-24-0001", - "source": "iletisim@usom.gov.tr" + "source": "iletisim@usom.gov.tr", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json index de478c159c1..5da222d94bf 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6485.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6485", "sourceIdentifier": "contact@wpscan.com", "published": "2024-01-01T15:15:43.393", - "lastModified": "2024-01-02T13:47:38.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:31:52.377", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,14 +11,71 @@ }, { "lang": "es", - "value": "Html5 Video Player WordPress plugin anterior a 2.5.19 no sanitiza ni escapa a algunas de las configuraciones de su reproductor, lo que, combinado con la falta de comprobaciones de capacidad en torno al plugin, podr\u00eda permitir que cualquier usuario autenticado, como suscriptores bajos, realice ataques de Cross-Site Scripting almacenado contra usuarios con altos privilegios como administradores" + "value": "El complemento Html5 Video Player de WordPress anterior a 2.5.19 no sanitiza ni escapa a algunas de las configuraciones de su reproductor, lo que, combinado con la falta de comprobaciones de capacidad en torno al complemento, podr\u00eda permitir que cualquier usuario autenticado, como suscriptores bajos, realice ataques de Cross-Site Scripting almacenado contra usuarios con altos privilegios como administradores" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bplugins:html5_video_player:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.5.19", + "matchCriteriaId": "18C2421F-4BDD-46B6-85AA-C5FDA095A6C8" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://wpscan.com/vulnerability/759b3866-c619-42cc-94a8-0af6d199cc81", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6505.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6505.json new file mode 100644 index 00000000000..333bdb922e4 --- /dev/null +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6505.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6505", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.230", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Migrate WordPress Website & Backups WordPress plugin before 1.9.3 does not prevent directory listing in sensitive directories containing export files." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/eca6f099-6af0-4f42-aade-ab61dd792629", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6528.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6528.json new file mode 100644 index 00000000000..9e50020878f --- /dev/null +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6528.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6528", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.273", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Slider Revolution WordPress plugin before 6.6.19 does not prevent users with at least the Author role from unserializing arbitrary content when importing sliders, potentially leading to Remote Code Execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/36ced447-84ea-4162-80d2-6df226cb53cb", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6529.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6529.json new file mode 100644 index 00000000000..8b38a4d0824 --- /dev/null +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6529.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6529", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.320", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WP VR WordPress plugin before 8.3.15 does not authorisation and CSRF in a function hooked to admin_init, allowing unauthenticated users to downgrade the plugin, thus leading to Reflected or Stored XSS, as previous versions have such vulnerabilities." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/c36314c1-a2c0-4816-93c9-e61f9cf7f27a", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6532.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6532.json new file mode 100644 index 00000000000..d36ceda1771 --- /dev/null +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6532.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6532", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.363", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WP Blogs' Planetarium WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://magos-securitas.com/txt/CVE-2023-6532.txt", + "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/05a730bc-2d72-49e3-a608-e4390b19e97f", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6555.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6555.json new file mode 100644 index 00000000000..9e5ced692dd --- /dev/null +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6555.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6555", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.413", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Email Subscription Popup WordPress plugin before 1.2.20 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/58803934-dbd3-422d-88e7-ebbc5e8c0886", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6627.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6627.json new file mode 100644 index 00000000000..5d825fa3d58 --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6627.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6627", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.460", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WP Go Maps (formerly WP Google Maps) WordPress plugin before 9.0.28 does not properly protect most of its REST API routes, which attackers can abuse to store malicious HTML/Javascript on the site." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/blog/stored-xss-fixed-in-wp-go-maps-9-0-28/", + "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/f5687d0e-98ca-4449-98d6-7170c97c8f54", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6631.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6631.json new file mode 100644 index 00000000000..4e523ffeefd --- /dev/null +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6631.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-6631", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2024-01-08T19:15:10.507", + "lastModified": "2024-01-08T20:15:46.437", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "PowerSYSTEM Center versions 2020 Update 16 and prior contain a vulnerability that may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-428" + } + ] + } + ], + "references": [ + { + "url": "https://subnet.com/contact/", + "source": "ics-cert@hq.dhs.gov" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-23-353-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json index a62f26727c9..ff3f2fe4b0f 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6693.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6693", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-02T10:15:08.930", - "lastModified": "2024-01-02T13:47:18.233", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:04:42.353", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -39,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "secalert@redhat.com", "type": "Secondary", @@ -50,14 +80,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:qemu:qemu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "6D9E0C78-9678-4CEE-9389-962CF618A51F" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:-:*:*:*", + "matchCriteriaId": "053C1B35-3869-41C2-9551-044182DE0A64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:advanced_virtualization:*:*:*", + "matchCriteriaId": "3AA08768-75AF-4791-B229-AE938C780959" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D" + } + ] + } + ] + } + ], "references": [ { "url": "https://access.redhat.com/security/cve/CVE-2023-6693", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2254580", - "source": "secalert@redhat.com" + "source": "secalert@redhat.com", + "tags": [ + "Issue Tracking", + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6750.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6750.json new file mode 100644 index 00000000000..4d45b042322 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6750.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6750", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.680", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Clone WordPress plugin before 2.4.3 uses buffer files to store in-progress backup informations, which is stored at a publicly accessible, statically defined file path." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/fad9eefe-4552-4d20-a1fd-bb2e172ec8d7", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6845.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6845.json new file mode 100644 index 00000000000..e1ae787a166 --- /dev/null +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6845.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-6845", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-01-08T19:15:10.727", + "lastModified": "2024-01-08T19:30:06.923", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The CommentTweets WordPress plugin through 0.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://magos-securitas.com/txt/2023-6845", + "source": "contact@wpscan.com" + }, + { + "url": "https://wpscan.com/vulnerability/cbdaf158-f277-4be4-b022-68d18dae4c55", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0182.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0182.json index cba3d3a95ba..6129b8bd611 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0182.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0182.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0182", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-01T21:15:24.777", - "lastModified": "2024-01-02T13:47:38.167", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:25:18.583", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,14 +95,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:janobe:engineers_online_portal:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "461D780B-1D99-40B8-BE65-497FAD073EBE" + } + ] + } + ] + } + ], "references": [ { "url": "https://vuldb.com/?ctiid.249440", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249440", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0186.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0186.json index e7a98a71ae1..4ecb2fb30cd 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0186.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0186.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0186", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-02T01:15:08.273", - "lastModified": "2024-01-02T13:47:31.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:26:38.947", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:huiran_host_reseller_system_project:huiran_host_reseller_system:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.0.0", + "matchCriteriaId": "10DCC976-72AC-4F2C-AB2F-282987111DBF" + } + ] + } + ] + } + ], "references": [ { "url": "https://note.zhaoj.in/share/WwPWWizD2Spk", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://vuldb.com/?ctiid.249444", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249444", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0194.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0194.json index 06ab05ac688..a7aaf0753bd 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0194.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0194.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0194", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-02T21:15:09.760", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:44:29.260", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeastro:internet_banking_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "1E22B024-DF7A-4CC7-BE59-CFA07165DC9F" + } + ] + } + ] + } + ], "references": [ { "url": "https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.249509", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249509", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0222.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0222.json index 09d958c4e4e..e4861016d35 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0222.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0222.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0222", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-04T02:15:28.933", - "lastModified": "2024-01-07T02:15:44.190", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:43:37.003", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,112 @@ "value": "El use after free en ANGLE en Google Chrome anterior a 120.0.6099.199 permiti\u00f3 a un atacante remoto que hab\u00eda comprometido el proceso de renderizado explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0.6099.199", + "matchCriteriaId": "281E8DFE-903C-4F9E-8698-9183F2309F23" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://crbug.com/1501798", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0223.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0223.json index e3ace710990..2aa5ec605df 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0223.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0223.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0223", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-04T02:15:28.987", - "lastModified": "2024-01-07T02:15:44.243", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:43:03.690", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,111 @@ "value": "El desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en ANGLE en Google Chrome anterior a 120.0.6099.199 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0.6099.199", + "matchCriteriaId": "281E8DFE-903C-4F9E-8698-9183F2309F23" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://crbug.com/1505009", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0224.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0224.json index 9609147c86a..af18d3dba34 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0224.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0224.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0224", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-04T02:15:29.033", - "lastModified": "2024-01-07T02:15:44.293", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:42:29.143", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,111 @@ "value": "El use after free en WebAudio en Google Chrome anterior a 120.0.6099.199 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0.6099.199", + "matchCriteriaId": "281E8DFE-903C-4F9E-8698-9183F2309F23" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://crbug.com/1505086", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0225.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0225.json index 8efdeff36e5..5fda72bebb9 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0225.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0225.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0225", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-04T02:15:29.080", - "lastModified": "2024-01-07T02:15:44.340", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:41:43.560", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,23 +14,111 @@ "value": "El use after free en WebGPU en Google Chrome anterior a 120.0.6099.199 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "120.0.6099.199", + "matchCriteriaId": "281E8DFE-903C-4F9E-8698-9183F2309F23" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", + "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*", + "matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://crbug.com/1506923", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required", + "Vendor Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0270.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0270.json index 5ffb943a78b..7f77a5afabc 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0270.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0270.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0270", "sourceIdentifier": "cna@vuldb.com", "published": "2024-01-07T08:15:07.840", - "lastModified": "2024-01-08T12:02:30.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:04:24.233", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -75,18 +95,47 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kashipara:food_management_system:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.0", + "matchCriteriaId": "BBBECC06-F3D5-4B63-8EB2-8E44A64624C5" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%201.pdf", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.249825", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.249825", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21623.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21623.json index be5c34a4413..86de87b30e8 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21623.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21623.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21623", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-02T21:15:10.250", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:29:32.277", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,11 +11,31 @@ }, { "lang": "es", - "value": "OTCLient es un cliente de tibia alternativo para otserv. Antes de confirmar db560de0b56476c87a2f967466407939196dd254, el workflow /mehah/otclient \"`Analysis - SonarCloud`\" es vulnerable a una inyecci\u00f3n de expresi\u00f3n en Actions, lo que permite a un atacante ejecutar comandos de forma remota en el ejecutor, filtrar secretos y alterar el repositorio utilizando este workflow. La confirmaci\u00f3n db560de0b56476c87a2f967466407939196dd254 contiene una soluci\u00f3n para este problema." + "value": "OTCLient es un cliente de tibia alternativo para otserv. Antes del commit db560de0b56476c87a2f967466407939196dd254, el workflow /mehah/otclient \"`Analysis - SonarCloud`\" es vulnerable a una inyecci\u00f3n de expresi\u00f3n en Actions, lo que permite a un atacante ejecutar comandos de forma remota en el ejecutor, filtrar secretos y alterar el repositorio utilizando este workflow. El commit db560de0b56476c87a2f967466407939196dd254 contiene una soluci\u00f3n para este problema." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,26 +70,62 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mehah:otclient:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2023-12-30", + "matchCriteriaId": "60A3865E-2453-4A5A-9685-34494CC8BCD1" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] }, { "url": "https://securitylab.github.com/research/github-actions-preventing-pwn-requests/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://securitylab.github.com/research/github-actions-untrusted-input/", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21627.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21627.json index 5b38e1f9824..12286f9ae77 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21627.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21627.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21627", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-02T21:15:10.467", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:23:49.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -11,11 +11,31 @@ }, { "lang": "es", - "value": "PrestaShop es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. Antes de las versiones 8.1.3 y 1.7.8.11, el m\u00e9todo `isCleanHTML` no detecta algunos atributos de eventos. Algunos m\u00f3dulos que utilizan el m\u00e9todo `isCleanHTML` podr\u00edan ser vulnerables a cross site scripting. Las versiones 8.1.3 y 1.7.8.11 contienen un parche para este problema. La mejor soluci\u00f3n es utilizar la biblioteca `HTMLPurifier` para sanitizar la entrada HTML proveniente de los usuarios. La biblioteca ya est\u00e1 disponible como dependencia en el proyecto PrestaShop. Sin embargo, tenga en cuenta que en los modelos de objetos heredados, los campos de tipo `HTML` llamar\u00e1n `isCleanHTML`." + "value": "PrestaShop es una plataforma de comercio electr\u00f3nico de c\u00f3digo abierto. Antes de las versiones 8.1.3 y 1.7.8.11, el m\u00e9todo `isCleanHTML` no detecta algunos atributos de eventos. Algunos m\u00f3dulos que utilizan el m\u00e9todo `isCleanHTML` podr\u00edan ser vulnerables a cross site scripting. Las versiones 8.1.3 y 1.7.8.11 contienen un parche para este problema. La mejor soluci\u00f3n es utilizar la librer\u00eda `HTMLPurifier` para sanitizar la entrada HTML proveniente de los usuarios. La librer\u00eda ya est\u00e1 disponible como dependencia en el proyecto PrestaShop. Sin embargo, tenga en cuenta que en los modelos de objetos heredados, los campos de tipo `HTML` llamar\u00e1n `isCleanHTML`." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,8 +60,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -54,18 +84,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.7.8.11", + "matchCriteriaId": "A2437874-DFE9-40D7-830C-727A225366DD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.1.3", + "matchCriteriaId": "6D8ED724-5385-47E2-8BE2-C2588964AADA" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21628.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21628.json index f9aa7d64cd1..86d016bb466 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21628.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21628.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21628", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-02T22:15:09.687", - "lastModified": "2024-01-03T13:48:00.677", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:11:25.070", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -16,6 +16,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -50,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.1.3", + "matchCriteriaId": "A2753F25-DACD-4FB1-A8B6-299D04D7F40A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21650.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21650.json index 6a9fbd5d424..be288fcfb2b 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21650.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21650.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21650", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-08T16:15:46.903", - "lastModified": "2024-01-08T16:15:46.903", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21744.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21744.json index 7b856668312..6a589ca5cd5 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21744.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21744.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21744", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T17:15:07.763", - "lastModified": "2024-01-08T17:15:07.763", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21745.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21745.json index e167a330a09..7eb96702575 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21745.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21745.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21745", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T17:15:07.973", - "lastModified": "2024-01-08T17:15:07.973", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-217xx/CVE-2024-21747.json b/CVE-2024/CVE-2024-217xx/CVE-2024-21747.json index 1958f7bf323..ba13b6f5b5a 100644 --- a/CVE-2024/CVE-2024-217xx/CVE-2024-21747.json +++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21747.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21747", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-08T17:15:08.163", - "lastModified": "2024-01-08T17:15:08.163", - "vulnStatus": "Received", + "lastModified": "2024-01-08T19:05:05.707", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21908.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21908.json index 16b0c061cd0..3f55c2a3d94 100644 --- a/CVE-2024/CVE-2024-219xx/CVE-2024-21908.json +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21908.json @@ -2,16 +2,53 @@ "id": "CVE-2024-21908", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-03T16:15:08.913", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:46:41.157", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "\nTinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.\n\n\n\n" + }, + { + "lang": "es", + "value": "Las versiones de TinyMCE anteriores a la 5.9.0 se ven afectadas por una vulnerabilidad de cross site scripting almacenado. Un atacante remoto y no autenticado podr\u00eda insertar HTML manipulado en el editor, lo que provocar\u00eda la ejecuci\u00f3n arbitraria de JavaScript en el navegador de otro usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -23,22 +60,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.9.0", + "matchCriteriaId": "ABCA10B9-8E44-481C-A931-D81D95400CDF" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advisories/GHSA-5h9g-x5rv-25wg", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21910.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21910.json index 92c914fac6a..1009f430931 100644 --- a/CVE-2024/CVE-2024-219xx/CVE-2024-21910.json +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21910.json @@ -2,16 +2,53 @@ "id": "CVE-2024-21910", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-03T16:15:09.090", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:46:25.757", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.\n" + }, + { + "lang": "es", + "value": "Las versiones de TinyMCE anteriores a la 5.10.0 se ven afectadas por una vulnerabilidad de cross site scripting. Un atacante remoto y no autenticado podr\u00eda introducir im\u00e1genes manipuladas o URL de enlaces que dar\u00edan como resultado la ejecuci\u00f3n de JavaScript arbitrario en el navegador de un usuario que est\u00e9 editando." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -23,30 +60,68 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.0", + "matchCriteriaId": "1CDEC000-8A31-496B-9137-F71208146F9D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advisories/GHSA-r8hm-w5f7-wj39", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/jazzband/django-tinymce/issues/366", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Issue Tracking", + "Third Party Advisory" + ] }, { "url": "https://github.com/jazzband/django-tinymce/releases/tag/3.4.0", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://pypi.org/project/django-tinymce/3.4.0/", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21911.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21911.json index a289773f91e..2f2566947e4 100644 --- a/CVE-2024/CVE-2024-219xx/CVE-2024-21911.json +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21911.json @@ -2,16 +2,53 @@ "id": "CVE-2024-21911", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-01-03T16:15:09.170", - "lastModified": "2024-01-03T17:26:57.957", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-08T19:46:14.513", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser." + }, + { + "lang": "es", + "value": "Las versiones de TinyMCE anteriores a la 5.6.0 se ven afectadas por una vulnerabilidad de cross site scripting almacenado. Un atacante remoto y no autenticado podr\u00eda insertar HTML manipulado en el editor, lo que provocar\u00eda la ejecuci\u00f3n arbitraria de JavaScript en el navegador de otro usuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "disclosure@vulncheck.com", "type": "Secondary", @@ -23,26 +60,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tiny:tinymce:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.6.0", + "matchCriteriaId": "F64C0DD4-B960-418F-A2B0-07A5BFAD3DA3" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/advisories/GHSA-w7jx-j77m-wp65", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.npmjs.com/package/tinymce", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes", - "source": "disclosure@vulncheck.com" + "source": "disclosure@vulncheck.com", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 5685ca47dbb..cb2f7521468 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-08T19:00:24.884214+00:00 +2024-01-08T21:00:24.445554+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-08T18:59:13.010000+00:00 +2024-01-08T20:15:46.437000+00:00 ``` ### Last Data Feed Release @@ -29,56 +29,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235140 +235176 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` - -* [CVE-2022-2585](CVE-2022/CVE-2022-25xx/CVE-2022-2585.json) (`2024-01-08T18:15:44.383`) -* [CVE-2022-2586](CVE-2022/CVE-2022-25xx/CVE-2022-2586.json) (`2024-01-08T18:15:44.620`) -* [CVE-2022-2588](CVE-2022/CVE-2022-25xx/CVE-2022-2588.json) (`2024-01-08T18:15:44.840`) -* [CVE-2022-2602](CVE-2022/CVE-2022-26xx/CVE-2022-2602.json) (`2024-01-08T18:15:45.037`) -* [CVE-2022-3328](CVE-2022/CVE-2022-33xx/CVE-2022-3328.json) (`2024-01-08T18:15:45.233`) -* [CVE-2023-52215](CVE-2023/CVE-2023-522xx/CVE-2023-52215.json) (`2024-01-08T18:15:51.680`) -* [CVE-2023-52218](CVE-2023/CVE-2023-522xx/CVE-2023-52218.json) (`2024-01-08T18:15:51.870`) -* [CVE-2023-52219](CVE-2023/CVE-2023-522xx/CVE-2023-52219.json) (`2024-01-08T18:15:52.070`) -* [CVE-2023-52225](CVE-2023/CVE-2023-522xx/CVE-2023-52225.json) (`2024-01-08T18:15:52.273`) -* [CVE-2024-21744](CVE-2024/CVE-2024-217xx/CVE-2024-21744.json) (`2024-01-08T17:15:07.763`) -* [CVE-2024-21745](CVE-2024/CVE-2024-217xx/CVE-2024-21745.json) (`2024-01-08T17:15:07.973`) -* [CVE-2024-21747](CVE-2024/CVE-2024-217xx/CVE-2024-21747.json) (`2024-01-08T17:15:08.163`) +Recently added CVEs: `36` + +* [CVE-2023-6161](CVE-2023/CVE-2023-61xx/CVE-2023-6161.json) (`2024-01-08T19:15:10.137`) +* [CVE-2023-6383](CVE-2023/CVE-2023-63xx/CVE-2023-6383.json) (`2024-01-08T19:15:10.183`) +* [CVE-2023-6505](CVE-2023/CVE-2023-65xx/CVE-2023-6505.json) (`2024-01-08T19:15:10.230`) +* [CVE-2023-6528](CVE-2023/CVE-2023-65xx/CVE-2023-6528.json) (`2024-01-08T19:15:10.273`) +* [CVE-2023-6529](CVE-2023/CVE-2023-65xx/CVE-2023-6529.json) (`2024-01-08T19:15:10.320`) +* [CVE-2023-6532](CVE-2023/CVE-2023-65xx/CVE-2023-6532.json) (`2024-01-08T19:15:10.363`) +* [CVE-2023-6555](CVE-2023/CVE-2023-65xx/CVE-2023-6555.json) (`2024-01-08T19:15:10.413`) +* [CVE-2023-6627](CVE-2023/CVE-2023-66xx/CVE-2023-6627.json) (`2024-01-08T19:15:10.460`) +* [CVE-2023-6750](CVE-2023/CVE-2023-67xx/CVE-2023-6750.json) (`2024-01-08T19:15:10.680`) +* [CVE-2023-6845](CVE-2023/CVE-2023-68xx/CVE-2023-6845.json) (`2024-01-08T19:15:10.727`) +* [CVE-2023-1032](CVE-2023/CVE-2023-10xx/CVE-2023-1032.json) (`2024-01-08T19:15:08.663`) +* [CVE-2023-52190](CVE-2023/CVE-2023-521xx/CVE-2023-52190.json) (`2024-01-08T19:15:08.863`) +* [CVE-2023-52207](CVE-2023/CVE-2023-522xx/CVE-2023-52207.json) (`2024-01-08T19:15:09.053`) +* [CVE-2023-47890](CVE-2023/CVE-2023-478xx/CVE-2023-47890.json) (`2024-01-08T20:15:44.453`) +* [CVE-2023-50982](CVE-2023/CVE-2023-509xx/CVE-2023-50982.json) (`2024-01-08T20:15:44.513`) +* [CVE-2023-51246](CVE-2023/CVE-2023-512xx/CVE-2023-51246.json) (`2024-01-08T20:15:44.723`) +* [CVE-2023-52200](CVE-2023/CVE-2023-522xx/CVE-2023-52200.json) (`2024-01-08T20:15:44.777`) +* [CVE-2023-52203](CVE-2023/CVE-2023-522xx/CVE-2023-52203.json) (`2024-01-08T20:15:45.010`) +* [CVE-2023-52204](CVE-2023/CVE-2023-522xx/CVE-2023-52204.json) (`2024-01-08T20:15:45.263`) +* [CVE-2023-52205](CVE-2023/CVE-2023-522xx/CVE-2023-52205.json) (`2024-01-08T20:15:45.463`) +* [CVE-2023-52206](CVE-2023/CVE-2023-522xx/CVE-2023-52206.json) (`2024-01-08T20:15:45.680`) +* [CVE-2023-52213](CVE-2023/CVE-2023-522xx/CVE-2023-52213.json) (`2024-01-08T20:15:45.920`) +* [CVE-2023-52216](CVE-2023/CVE-2023-522xx/CVE-2023-52216.json) (`2024-01-08T20:15:46.173`) +* [CVE-2023-52271](CVE-2023/CVE-2023-522xx/CVE-2023-52271.json) (`2024-01-08T20:15:46.387`) +* [CVE-2023-6631](CVE-2023/CVE-2023-66xx/CVE-2023-6631.json) (`2024-01-08T19:15:10.507`) ### CVEs modified in the last Commit -Recently modified CVEs: `129` - -* [CVE-2023-43512](CVE-2023/CVE-2023-435xx/CVE-2023-43512.json) (`2024-01-08T18:58:42.300`) -* [CVE-2023-43514](CVE-2023/CVE-2023-435xx/CVE-2023-43514.json) (`2024-01-08T18:59:13.010`) -* [CVE-2024-0284](CVE-2024/CVE-2024-02xx/CVE-2024-0284.json) (`2024-01-08T17:50:23.470`) -* [CVE-2024-0287](CVE-2024/CVE-2024-02xx/CVE-2024-0287.json) (`2024-01-08T17:51:58.093`) -* [CVE-2024-0288](CVE-2024/CVE-2024-02xx/CVE-2024-0288.json) (`2024-01-08T17:52:18.343`) -* [CVE-2024-0289](CVE-2024/CVE-2024-02xx/CVE-2024-0289.json) (`2024-01-08T17:52:33.037`) -* [CVE-2024-0290](CVE-2024/CVE-2024-02xx/CVE-2024-0290.json) (`2024-01-08T17:52:47.720`) -* [CVE-2024-0283](CVE-2024/CVE-2024-02xx/CVE-2024-0283.json) (`2024-01-08T17:55:40.947`) -* [CVE-2024-0282](CVE-2024/CVE-2024-02xx/CVE-2024-0282.json) (`2024-01-08T17:55:46.990`) -* [CVE-2024-0281](CVE-2024/CVE-2024-02xx/CVE-2024-0281.json) (`2024-01-08T18:04:28.407`) -* [CVE-2024-0280](CVE-2024/CVE-2024-02xx/CVE-2024-0280.json) (`2024-01-08T18:04:43.933`) -* [CVE-2024-0276](CVE-2024/CVE-2024-02xx/CVE-2024-0276.json) (`2024-01-08T18:18:13.730`) -* [CVE-2024-0277](CVE-2024/CVE-2024-02xx/CVE-2024-0277.json) (`2024-01-08T18:18:21.587`) -* [CVE-2024-0278](CVE-2024/CVE-2024-02xx/CVE-2024-0278.json) (`2024-01-08T18:18:29.317`) -* [CVE-2024-0279](CVE-2024/CVE-2024-02xx/CVE-2024-0279.json) (`2024-01-08T18:18:37.673`) -* [CVE-2024-0273](CVE-2024/CVE-2024-02xx/CVE-2024-0273.json) (`2024-01-08T18:19:08.660`) -* [CVE-2024-0274](CVE-2024/CVE-2024-02xx/CVE-2024-0274.json) (`2024-01-08T18:19:13.867`) -* [CVE-2024-0275](CVE-2024/CVE-2024-02xx/CVE-2024-0275.json) (`2024-01-08T18:19:20.420`) -* [CVE-2024-0271](CVE-2024/CVE-2024-02xx/CVE-2024-0271.json) (`2024-01-08T18:21:11.393`) -* [CVE-2024-0272](CVE-2024/CVE-2024-02xx/CVE-2024-0272.json) (`2024-01-08T18:21:25.347`) -* [CVE-2024-0185](CVE-2024/CVE-2024-01xx/CVE-2024-0185.json) (`2024-01-08T18:33:53.383`) -* [CVE-2024-0184](CVE-2024/CVE-2024-01xx/CVE-2024-0184.json) (`2024-01-08T18:34:12.340`) -* [CVE-2024-0183](CVE-2024/CVE-2024-01xx/CVE-2024-0183.json) (`2024-01-08T18:34:33.723`) -* [CVE-2024-0181](CVE-2024/CVE-2024-01xx/CVE-2024-0181.json) (`2024-01-08T18:37:21.657`) -* [CVE-2024-21732](CVE-2024/CVE-2024-217xx/CVE-2024-21732.json) (`2024-01-08T18:51:23.740`) +Recently modified CVEs: `51` + +* [CVE-2023-45561](CVE-2023/CVE-2023-455xx/CVE-2023-45561.json) (`2024-01-08T19:32:10.703`) +* [CVE-2023-26157](CVE-2023/CVE-2023-261xx/CVE-2023-26157.json) (`2024-01-08T19:33:27.113`) +* [CVE-2023-51652](CVE-2023/CVE-2023-516xx/CVE-2023-51652.json) (`2024-01-08T19:35:18.890`) +* [CVE-2023-50711](CVE-2023/CVE-2023-507xx/CVE-2023-50711.json) (`2024-01-08T19:36:27.290`) +* [CVE-2023-49794](CVE-2023/CVE-2023-497xx/CVE-2023-49794.json) (`2024-01-08T19:37:53.727`) +* [CVE-2023-6436](CVE-2023/CVE-2023-64xx/CVE-2023-6436.json) (`2024-01-08T19:40:27.743`) +* [CVE-2023-47488](CVE-2023/CVE-2023-474xx/CVE-2023-47488.json) (`2024-01-08T20:15:44.340`) +* [CVE-2024-0270](CVE-2024/CVE-2024-02xx/CVE-2024-0270.json) (`2024-01-08T19:04:24.233`) +* [CVE-2024-21650](CVE-2024/CVE-2024-216xx/CVE-2024-21650.json) (`2024-01-08T19:05:05.707`) +* [CVE-2024-21744](CVE-2024/CVE-2024-217xx/CVE-2024-21744.json) (`2024-01-08T19:05:05.707`) +* [CVE-2024-21745](CVE-2024/CVE-2024-217xx/CVE-2024-21745.json) (`2024-01-08T19:05:05.707`) +* [CVE-2024-21747](CVE-2024/CVE-2024-217xx/CVE-2024-21747.json) (`2024-01-08T19:05:05.707`) +* [CVE-2024-21628](CVE-2024/CVE-2024-216xx/CVE-2024-21628.json) (`2024-01-08T19:11:25.070`) +* [CVE-2024-21627](CVE-2024/CVE-2024-216xx/CVE-2024-21627.json) (`2024-01-08T19:23:49.707`) +* [CVE-2024-0182](CVE-2024/CVE-2024-01xx/CVE-2024-0182.json) (`2024-01-08T19:25:18.583`) +* [CVE-2024-0186](CVE-2024/CVE-2024-01xx/CVE-2024-0186.json) (`2024-01-08T19:26:38.947`) +* [CVE-2024-21623](CVE-2024/CVE-2024-216xx/CVE-2024-21623.json) (`2024-01-08T19:29:32.277`) +* [CVE-2024-0225](CVE-2024/CVE-2024-02xx/CVE-2024-0225.json) (`2024-01-08T19:41:43.560`) +* [CVE-2024-0224](CVE-2024/CVE-2024-02xx/CVE-2024-0224.json) (`2024-01-08T19:42:29.143`) +* [CVE-2024-0223](CVE-2024/CVE-2024-02xx/CVE-2024-0223.json) (`2024-01-08T19:43:03.690`) +* [CVE-2024-0222](CVE-2024/CVE-2024-02xx/CVE-2024-0222.json) (`2024-01-08T19:43:37.003`) +* [CVE-2024-0194](CVE-2024/CVE-2024-01xx/CVE-2024-0194.json) (`2024-01-08T19:44:29.260`) +* [CVE-2024-21911](CVE-2024/CVE-2024-219xx/CVE-2024-21911.json) (`2024-01-08T19:46:14.513`) +* [CVE-2024-21910](CVE-2024/CVE-2024-219xx/CVE-2024-21910.json) (`2024-01-08T19:46:25.757`) +* [CVE-2024-21908](CVE-2024/CVE-2024-219xx/CVE-2024-21908.json) (`2024-01-08T19:46:41.157`) ## Download and Usage