From d0bb9a529100b8392a141b61bd98fefaf163b1b5 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 6 Feb 2024 17:00:42 +0000 Subject: [PATCH] Auto-Update: 2024-02-06T17:00:38.413558+00:00 --- CVE-2023/CVE-2023-351xx/CVE-2023-35188.json | 59 ++++++++++++++ CVE-2023/CVE-2023-461xx/CVE-2023-46183.json | 59 ++++++++++++++ CVE-2023/CVE-2023-490xx/CVE-2023-49038.json | 76 +++++++++++++++++- CVE-2023/CVE-2023-503xx/CVE-2023-50395.json | 59 ++++++++++++++ CVE-2023/CVE-2023-521xx/CVE-2023-52191.json | 61 +++++++++++++- CVE-2023/CVE-2023-55xx/CVE-2023-5584.json | 15 ++++ CVE-2023/CVE-2023-62xx/CVE-2023-6291.json | 14 ++-- CVE-2023/CVE-2023-66xx/CVE-2023-6679.json | 10 +-- CVE-2023/CVE-2023-69xx/CVE-2023-6915.json | 12 +-- CVE-2024/CVE-2024-09xx/CVE-2024-0911.json | 59 ++++++++++++++ CVE-2024/CVE-2024-12xx/CVE-2024-1251.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-221xx/CVE-2024-22146.json | 63 ++++++++++++++- CVE-2024/CVE-2024-221xx/CVE-2024-22150.json | 63 ++++++++++++++- CVE-2024/CVE-2024-221xx/CVE-2024-22153.json | 61 +++++++++++++- CVE-2024/CVE-2024-221xx/CVE-2024-22158.json | 63 ++++++++++++++- CVE-2024/CVE-2024-221xx/CVE-2024-22159.json | 63 ++++++++++++++- CVE-2024/CVE-2024-222xx/CVE-2024-22282.json | 63 ++++++++++++++- CVE-2024/CVE-2024-222xx/CVE-2024-22286.json | 63 ++++++++++++++- CVE-2024/CVE-2024-222xx/CVE-2024-22289.json | 63 ++++++++++++++- CVE-2024/CVE-2024-222xx/CVE-2024-22292.json | 63 ++++++++++++++- CVE-2024/CVE-2024-222xx/CVE-2024-22293.json | 61 +++++++++++++- CVE-2024/CVE-2024-222xx/CVE-2024-22295.json | 63 ++++++++++++++- CVE-2024/CVE-2024-222xx/CVE-2024-22297.json | 63 ++++++++++++++- CVE-2024/CVE-2024-223xx/CVE-2024-22302.json | 51 +++++++++++- CVE-2024/CVE-2024-223xx/CVE-2024-22307.json | 51 +++++++++++- CVE-2024/CVE-2024-223xx/CVE-2024-22310.json | 51 +++++++++++- CVE-2024/CVE-2024-228xx/CVE-2024-22859.json | 68 +++++++++++++++- CVE-2024/CVE-2024-233xx/CVE-2024-23344.json | 67 ++++++++++++++++ CVE-2024/CVE-2024-238xx/CVE-2024-23841.json | 56 ++++++++++++- CVE-2024/CVE-2024-240xx/CVE-2024-24000.json | 24 ++++++ CVE-2024/CVE-2024-240xx/CVE-2024-24013.json | 24 ++++++ CVE-2024/CVE-2024-240xx/CVE-2024-24015.json | 24 ++++++ CVE-2024/CVE-2024-242xx/CVE-2024-24291.json | 20 +++++ CVE-2024/CVE-2024-245xx/CVE-2024-24590.json | 55 +++++++++++++ CVE-2024/CVE-2024-245xx/CVE-2024-24591.json | 55 +++++++++++++ CVE-2024/CVE-2024-245xx/CVE-2024-24592.json | 55 +++++++++++++ CVE-2024/CVE-2024-245xx/CVE-2024-24593.json | 55 +++++++++++++ CVE-2024/CVE-2024-245xx/CVE-2024-24594.json | 55 +++++++++++++ README.md | 77 ++++++++++-------- 39 files changed, 1932 insertions(+), 120 deletions(-) create mode 100644 CVE-2023/CVE-2023-351xx/CVE-2023-35188.json create mode 100644 CVE-2023/CVE-2023-461xx/CVE-2023-46183.json create mode 100644 CVE-2023/CVE-2023-503xx/CVE-2023-50395.json create mode 100644 CVE-2023/CVE-2023-55xx/CVE-2023-5584.json create mode 100644 CVE-2024/CVE-2024-09xx/CVE-2024-0911.json create mode 100644 CVE-2024/CVE-2024-12xx/CVE-2024-1251.json create mode 100644 CVE-2024/CVE-2024-233xx/CVE-2024-23344.json create mode 100644 CVE-2024/CVE-2024-240xx/CVE-2024-24000.json create mode 100644 CVE-2024/CVE-2024-240xx/CVE-2024-24013.json create mode 100644 CVE-2024/CVE-2024-240xx/CVE-2024-24015.json create mode 100644 CVE-2024/CVE-2024-242xx/CVE-2024-24291.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24590.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24591.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24592.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24593.json create mode 100644 CVE-2024/CVE-2024-245xx/CVE-2024-24594.json diff --git a/CVE-2023/CVE-2023-351xx/CVE-2023-35188.json b/CVE-2023/CVE-2023-351xx/CVE-2023-35188.json new file mode 100644 index 00000000000..5faea41c9ee --- /dev/null +++ b/CVE-2023/CVE-2023-351xx/CVE-2023-35188.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-35188", + "sourceIdentifier": "psirt@solarwinds.com", + "published": "2024-02-06T16:15:51.140", + "lastModified": "2024-02-06T16:15:51.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@solarwinds.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@solarwinds.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm", + "source": "psirt@solarwinds.com" + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-35188", + "source": "psirt@solarwinds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-461xx/CVE-2023-46183.json b/CVE-2023/CVE-2023-461xx/CVE-2023-46183.json new file mode 100644 index 00000000000..3b69729b47c --- /dev/null +++ b/CVE-2023/CVE-2023-461xx/CVE-2023-46183.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-46183", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-02-06T16:15:51.370", + "lastModified": "2024-02-06T16:15:51.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1020.00 through FW1020.40, and FW1030.00 through FW1030.30 could allow a system administrator to obtain sensitive partition information. IBM X-Force ID: 269695." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/269695", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7114982", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49038.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49038.json index 6522a5ec754..0fc1993d8d0 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49038.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49038.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49038", "sourceIdentifier": "cve@mitre.org", "published": "2024-01-29T21:15:08.620", - "lastModified": "2024-01-30T14:18:33.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T16:35:06.483", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,79 @@ "value": "La inyecci\u00f3n de comandos en la utilidad ping en Buffalo LS210D 1.78-0.03 permite a un atacante remoto autenticado inyectar comandos arbitrarios en el NAS como root." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:buffalo:ls210d_firmware:1.78-0.03:*:*:*:*:*:*:*", + "matchCriteriaId": "FBE4F37A-F2E5-45F4-A10C-CB92F4C9EF08" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:buffalo:ls210d:-:*:*:*:*:*:*:*", + "matchCriteriaId": "9960AF04-5AF3-408D-828C-FBDE6169C539" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/christopher-pace/CVE-2023-49038", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50395.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50395.json new file mode 100644 index 00000000000..bd48374e65f --- /dev/null +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50395.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-50395", + "sourceIdentifier": "psirt@solarwinds.com", + "published": "2024-02-06T16:15:51.573", + "lastModified": "2024-02-06T16:15:51.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nSQL Injection Remote Code Execution Vulnerability was found using an update statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@solarwinds.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@solarwinds.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2024-1_release_notes.htm", + "source": "psirt@solarwinds.com" + }, + { + "url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-50395", + "source": "psirt@solarwinds.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-521xx/CVE-2023-52191.json b/CVE-2023/CVE-2023-521xx/CVE-2023-52191.json index 33129dd75dd..b9182188783 100644 --- a/CVE-2023/CVE-2023-521xx/CVE-2023-52191.json +++ b/CVE-2023/CVE-2023-521xx/CVE-2023-52191.json @@ -2,16 +2,40 @@ "id": "CVE-2023-52191", "sourceIdentifier": "audit@patchstack.com", "published": "2024-02-01T10:15:09.700", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T16:58:26.023", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Torbjon Infogram \u2013 Add charts, maps and infographics allows Stored XSS.This issue affects Infogram \u2013 Add charts, maps and infographics: from n/a through 1.6.1.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Torbjon Infogram \u2013 Add charts, maps and infographics permite XSS almacenado. Este problema afecta a Infogram \u2013 Add charts, maps and infographics: desde n/a hasta 1.6. 1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:torbjon:infogram:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.1", + "matchCriteriaId": "E029EFBF-F440-46A1-981B-4E70EE5B8E25" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/infogram/wordpress-infogram-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-55xx/CVE-2023-5584.json b/CVE-2023/CVE-2023-55xx/CVE-2023-5584.json new file mode 100644 index 00000000000..e2b38fb5fb8 --- /dev/null +++ b/CVE-2023/CVE-2023-55xx/CVE-2023-5584.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2023-5584", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-02-06T15:15:08.247", + "lastModified": "2024-02-06T15:15:08.247", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: We have rejected this CVE as it was determined a non-security issue by the vendor." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json b/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json index 282dfa4adab..99f2e501749 100644 --- a/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json +++ b/CVE-2023/CVE-2023-62xx/CVE-2023-6291.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6291", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-26T15:15:08.280", - "lastModified": "2024-02-04T20:15:46.173", - "vulnStatus": "Modified", + "lastModified": "2024-02-06T16:09:02.867", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -21,7 +21,7 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -29,12 +29,12 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" }, "exploitabilityScore": 2.8, - "impactScore": 2.7 + "impactScore": 3.7 }, { "source": "secalert@redhat.com", diff --git a/CVE-2023/CVE-2023-66xx/CVE-2023-6679.json b/CVE-2023/CVE-2023-66xx/CVE-2023-6679.json index 76c52105604..cf87c659d3a 100644 --- a/CVE-2023/CVE-2023-66xx/CVE-2023-6679.json +++ b/CVE-2023/CVE-2023-66xx/CVE-2023-6679.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6679", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-11T19:15:09.440", - "lastModified": "2024-02-06T05:15:10.020", + "lastModified": "2024-02-06T15:15:08.397", "vulnStatus": "Modified", "descriptions": [ { @@ -41,19 +41,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", - "privilegesRequired": "HIGH", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 4.4, + "baseScore": 5.5, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 0.8, + "exploitabilityScore": 1.8, "impactScore": 3.6 } ] diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json index 1ff4cfa5cfb..f59d61a97e7 100644 --- a/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6915.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6915", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-15T10:15:26.627", - "lastModified": "2024-01-31T12:16:04.157", + "lastModified": "2024-02-06T15:15:08.610", "vulnStatus": "Modified", "descriptions": [ { @@ -41,8 +41,8 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "attackVector": "NETWORK", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", @@ -50,10 +50,10 @@ "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "baseScore": 6.2, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.5, "impactScore": 3.6 } ] diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0911.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0911.json new file mode 100644 index 00000000000..b268d7f142f --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0911.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0911", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-02-06T15:15:08.827", + "lastModified": "2024-02-06T15:15:08.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found in Indent. This issue may allow a local user to use a specially-crafted file to trigger a heap-based buffer overflow, which can lead to an application crash." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-0911", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260399", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1251.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1251.json new file mode 100644 index 00000000000..d8c35194bc3 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1251.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1251", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-06T16:15:51.793", + "lastModified": "2024-02-06T16:15:51.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/rockersiyuan/CVE/blob/main/TongDa%20Sql%20inject.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.252990", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.252990", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22146.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22146.json index 47f53908b5d..793d482c52a 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22146.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22146.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22146", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T19:15:08.820", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T15:51:01.533", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Magazine3 Schema & Structured Data for WP & AMP permite XSS almacenado. Este problema afecta a Schema & Structured Data for WP & AMP: desde n/a hasta 1.25." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:magazine3:schema_\\&_structured_data_for_wp_\\&_amp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.25", + "matchCriteriaId": "2D561161-6D83-49C8-8323-BE6A7FBEB565" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/schema-and-structured-data-for-wp/wordpress-schema-structured-data-for-wp-amp-plugin-1-25-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22150.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22150.json index a736e21659a..0328e31018e 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22150.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22150.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22150", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T19:15:09.013", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T15:42:52.927", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n/a through 3.1.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en PWR Plugins Portfolio & Image Gallery para WordPress | PowerFolio permite XSS almacenado. Este problema afecta a Portfolio & Image Gallery para WordPress | PowerFolio: desde n/a hasta 3.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pwrplugins:powerfolio:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.1", + "matchCriteriaId": "E9ADCA69-47B9-4F97-B514-0E67CB790A66" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/portfolio-elementor/wordpress-powerfolio-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22153.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22153.json index d76a63d39cd..d4ed74f81c2 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22153.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22153.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22153", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T19:15:09.270", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T15:43:49.957", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS.This issue affects Stock Locations for WooCommerce: from n/a through 2.5.9.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Fahad Mahmood & Alexandre Faustino Stock Locations para WooCommerce permite XSS almacenado. Este problema afecta a Stock Locations para WooCommerce: desde n/a hasta 2.5.9." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fahadmahmood8:stock_locations_for_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.6.0", + "matchCriteriaId": "C8E3E37C-88B7-4E07-86B0-7CBEF8A9D007" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/stock-locations-for-woocommerce/wordpress-stock-locations-for-woocommerce-plugin-2-5-9-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22158.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22158.json index 791b9817151..b9366af375e 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22158.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22158.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22158", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T19:15:09.470", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T15:25:24.303", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles: from n/a before 6.3.1.0.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en PeepSo Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles permite XSS almacenado. Este problema afecta a Community by PeepSo \u2013 Social Network, Membership, Registration, User Profiles: desde n/a antes de 6.3.1.0." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:peepso:peepso:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "6.3.1.0", + "matchCriteriaId": "ECA12CC3-0411-469A-AF91-9366DB139284" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/peepso-photos/wordpress-peepso-photos-add-on-plugin-6-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-221xx/CVE-2024-22159.json b/CVE-2024/CVE-2024-221xx/CVE-2024-22159.json index 98a971fe500..ecc75128ec3 100644 --- a/CVE-2024/CVE-2024-221xx/CVE-2024-22159.json +++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22159.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22159", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T19:15:09.650", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T15:37:01.700", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.This issue affects WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en realmag777 WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional permite XSS reflejado. Este problema afecta a WOLF \u2013 WordPress Posts Bulk Editor and Manager Professional: desde n/a hasta 1.0.8." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pluginus:wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.8", + "matchCriteriaId": "0F354D3C-B26C-4866-92D1-DE33AE6D8732" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22282.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22282.json index 9834b868025..21776602535 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22282.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22282.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22282", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T18:15:48.423", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T16:55:19.983", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.This issue affects SimpleMap Store Locator: from n/a through 2.6.1.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Michael Torbert SimpleMap Store Locator permite XSS reflejado. Este problema afecta a SimpleMap Store Locator: desde n/a hasta 2.6.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:simplemap-plugin:simplemap_store_locator:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.6.1", + "matchCriteriaId": "4DBDD7B6-8025-4661-A989-4CECD3B9D288" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/simplemap/wordpress-simplemap-store-locator-plugin-2-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22286.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22286.json index ce47444fc50..c408f8483c1 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22286.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22286.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22286", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T18:15:48.663", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T15:08:36.300", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aluka BA Plus \u2013 Before & After Image Slider FREE allows Reflected XSS.This issue affects BA Plus \u2013 Before & After Image Slider FREE: from n/a through 1.0.3.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Aluka BA Plus \u2013 Before & After Image Slider FREE permite XSS reflejado. Este problema afecta a BA Plus \u2013 Before & After Image Slider FREE: desde n/a hasta 1.0.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:aluka:ba_plus:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.3", + "matchCriteriaId": "3AF2463C-B445-46C3-8781-17B475FD56A9" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ba-plus-before-after-image-slider-free/wordpress-ba-plus-plugin-1-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22289.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22289.json index 0de17389b05..4ee470c6776 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22289.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22289.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22289", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T18:15:48.863", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T15:15:04.717", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Post views Stats allows Reflected XSS.This issue affects Post views Stats: from n/a through 1.3.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en cybernetikz Post views Stats permiten XSS reflejado. Este problema afecta a Post views Stats: desde n/a hasta 1.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:cybernetikz:post_views_stats:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.3", + "matchCriteriaId": "168B4545-E28B-4DF8-B5D0-1B846D58933B" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/post-views-stats/wordpress-post-views-stats-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22292.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22292.json index e0b989b18ca..cec4a811aa6 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22292.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22292.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22292", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T18:15:49.053", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T15:23:23.247", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.2.8.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Delower WP To Do permite XSS almacenado. Este problema afecta a WP To Do: desde n/a hasta 1.2.8." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:delower:wp_to_do:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2.8", + "matchCriteriaId": "9F8E9731-5ED1-47A1-8842-9E2C3C5B7277" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-todo/wordpress-wp-to-do-plugin-1-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22293.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22293.json index eb72df8029d..e9c9c667496 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22293.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22293.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22293", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T18:15:49.250", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T15:44:56.407", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Andrea Tarantini BP Profile Search permite XSS reflejado. Este problema afecta a BP Profile Search: desde n/a hasta 5.5." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -35,6 +59,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +80,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dontdream:bp_profile_search:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.5", + "matchCriteriaId": "5C5BF536-8E69-424D-BC6A-87A35064406B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bp-profile-search/wordpress-bp-profile-search-plugin-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22295.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22295.json index 97d6a7be0bd..5d63861d54d 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22295.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22295.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22295", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T18:15:49.443", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T15:49:30.457", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en RoboSoft Photo Gallery, Images, Slider en Rbs Image Gallery permite XSS almacenado. Este problema afecta a Photo Gallery, Images y Slider en Rbs Image Gallery: desde n/ a hasta 3.2.17." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:robogallery:robo_gallery:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2.17", + "matchCriteriaId": "29B1FD90-1044-4572-A252-04C020312665" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/robo-gallery/wordpress-robo-gallery-plugin-3-2-17-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22297.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22297.json index 2dc745c0b6b..b275acf4a5a 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22297.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22297.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22297", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T18:15:49.627", - "lastModified": "2024-01-31T19:54:43.623", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-02-06T15:38:07.050", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS.This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.11.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante de generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Codeboxr CBX Map para Google Map y OpenStreetMap permite XSS almacenado. Este problema afecta a CBX Map para Google Map y OpenStreetMap: desde n/a hasta 1.1.11." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,7 +60,7 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", "description": [ { @@ -44,12 +68,43 @@ "value": "CWE-79" } ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codeboxr:cbx_map:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.1.11", + "matchCriteriaId": "CDADD17B-CAB4-427A-BBAC-480B75E27270" + } + ] + } + ] } ], "references": [ { "url": "https://patchstack.com/database/vulnerability/cbxgooglemap/wordpress-cbx-map-for-google-map-openstreetmap-plugin-1-1-11-cross-site-scripting-xss-vulnerability-2?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22302.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22302.json index 4aac3f3979c..1cfe8a2b157 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22302.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22302.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22302", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T17:15:34.247", - "lastModified": "2024-01-31T19:54:51.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T15:03:44.550", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Ignazio Scimone Albo Pretorio On line permite XSS almacenado. Este problema afecta a Albo Pretorio On line: desde n/a hasta 4.6.6." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:albo_pretorio_on_line_project:albo_pretorio_on_line:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "4.6.6", + "matchCriteriaId": "78A016F4-8BA6-4855-9C13-13D9B5A5F132" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22307.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22307.json index c252adf885e..c9c6306b0fa 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22307.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22307.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22307", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T17:15:36.710", - "lastModified": "2024-01-31T19:54:51.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T15:52:58.037", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en WP Lab WP-Lister Lite para eBay permite XSS reflejado. Este problema afecta a WP-Lister Lite para eBay: desde n/a hasta 3.5.7." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wplab:wp-lister_lite_for_ebay:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.5.7", + "matchCriteriaId": "F704E8AF-694F-4B2D-884D-83308B5F5D18" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/wp-lister-for-ebay/wordpress-wp-lister-lite-for-ebay-plugin-3-5-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22310.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22310.json index 1bc60bb95fb..a0ac06bf7ae 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22310.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22310.json @@ -2,16 +2,40 @@ "id": "CVE-2024-22310", "sourceIdentifier": "audit@patchstack.com", "published": "2024-01-31T17:15:38.113", - "lastModified": "2024-01-31T19:54:51.757", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T16:08:42.910", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.7.\n\n" + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en Formzu Inc. Formzu WP permite XSS almacenado. Este problema afecta a Formzu WP: desde n/a hasta 1.6.7." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -46,10 +70,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:formzu:formzu_wp:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.7", + "matchCriteriaId": "24EF936C-2730-4281-BD95-D02CC98C9AB5" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/formzu-wp/wordpress-formzu-wp-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22859.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22859.json index 9412f43b287..7017fd83f3a 100644 --- a/CVE-2024/CVE-2024-228xx/CVE-2024-22859.json +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22859.json @@ -2,19 +2,79 @@ "id": "CVE-2024-22859", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-01T07:15:08.793", - "lastModified": "2024-02-01T13:41:44.257", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T16:29:48.453", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Request Forgery (CSRF) en livewire anterior a v3.0.4, permite a atacantes remotos ejecutar c\u00f3digo arbitrario en la funci\u00f3n getCsrfToken." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:laravel:livewire:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0.4", + "matchCriteriaId": "E69D02F4-9773-421F-AF91-21CC5069FD1E" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/livewire/livewire/commit/5d887316f2aaf83c0e380ac5e72766f19700fa3b", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23344.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23344.json new file mode 100644 index 00000000000..6bb2ea7fda6 --- /dev/null +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23344.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-23344", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-02-06T16:15:52.120", + "lastModified": "2024-02-06T16:15:52.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w", + "source": "security-advisories@github.com" + }, + { + "url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42", + "source": "security-advisories@github.com" + }, + { + "url": "https://tuleap.net/plugins/tracker/?aid=35862", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23841.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23841.json index f61d378ce9f..ac265d49da0 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23841.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23841.json @@ -2,16 +2,40 @@ "id": "CVE-2024-23841", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-30T18:15:48.313", - "lastModified": "2024-01-30T20:48:58.267", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-02-06T15:20:17.970", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e.g. by redirecting a user to a specifically-crafted link) or arrange to have malicious input be returned by a GraphQL server (e.g. by persisting it in a database). To fix this issue, please update to version 0.7.0 or later." + }, + { + "lang": "es", + "value": "apollo-client-nextjs es el soporte del cliente Apollo para el enrutador de aplicaciones Next.js. El paquete NPM @apollo/experimental-apollo-client-nextjs es afectado por una vulnerabilidad de cross site scripting. Para aprovechar esta vulnerabilidad, un atacante necesitar\u00eda inyectar informaci\u00f3n maliciosa (por ejemplo, redirigiendo a un usuario a un enlace manipulado espec\u00edficamente) o hacer arreglos para que un servidor GraphQL devuelva la informaci\u00f3n maliciosa (por ejemplo, persisti\u00e9ndola en una base de datos). Para solucionar este problema, actualice a la versi\u00f3n 0.7.0 o posterior." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -46,14 +70,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:apollographql:apollo_client:*:*:*:*:*:node.js:*:*", + "versionEndExcluding": "0.7.0", + "matchCriteriaId": "B087C2A8-7ACE-448A-9BC0-F2C5BEA8C1B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/apollographql/apollo-client-nextjs/commit/b92bc42abd5f8e17d4db361c36bd08e4f541a46b", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/apollographql/apollo-client-nextjs/security/advisories/GHSA-rv8p-rr2h-fgpg", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24000.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24000.json new file mode 100644 index 00000000000..6d208dde66a --- /dev/null +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24000.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-24000", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-06T16:15:52.317", + "lastModified": "2024-02-06T16:15:52.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24000.txt", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/jishenghua/jshERP", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24013.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24013.json new file mode 100644 index 00000000000..924f8699c09 --- /dev/null +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24013.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-24013", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-06T16:15:52.363", + "lastModified": "2024-02-06T16:15:52.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/201206030/novel-plus", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24013.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json b/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json new file mode 100644 index 00000000000..aeaf4d1b675 --- /dev/null +++ b/CVE-2024/CVE-2024-240xx/CVE-2024-24015.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-24015", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-06T16:15:52.410", + "lastModified": "2024-02-06T16:15:52.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/201206030/novel-plus", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24015.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24291.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24291.json new file mode 100644 index 00000000000..00fbf3d9727 --- /dev/null +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24291.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-24291", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-06T16:15:52.460", + "lastModified": "2024-02-06T16:15:52.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gitee.com/wgd0ay/wgd0ay/issues/I8WSD1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json new file mode 100644 index 00000000000..d9c92da97fd --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24590.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24590", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-02-06T15:15:09.100", + "lastModified": "2024-02-06T15:15:09.100", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of untrusted data can occur in version 0.17.0 or newer of Allegro AI\u2019s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user\u2019s system when interacted with.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json new file mode 100644 index 00000000000..ba848df9b37 --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24591.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24591", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-02-06T15:15:09.367", + "lastModified": "2024-02-06T15:15:09.367", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A path traversal vulnerability in version 1.4.0 or newer of Allegro AI\u2019s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user\u2019s system when interacted with.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json new file mode 100644 index 00000000000..80198149ba2 --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24592.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24592", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-02-06T15:15:09.730", + "lastModified": "2024-02-06T15:15:09.730", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Lack of authentication in all versions of the fileserver component of Allegro AI\u2019s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. \n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-425" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json new file mode 100644 index 00000000000..8e2cd04c8c1 --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24593.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24593", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-02-06T15:15:09.977", + "lastModified": "2024-02-06T15:15:09.977", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server components of Allegro AI\u2019s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json new file mode 100644 index 00000000000..3febdba654c --- /dev/null +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24594.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24594", + "sourceIdentifier": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "published": "2024-02-06T15:15:10.203", + "lastModified": "2024-02-06T15:15:10.203", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI\u2019s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/", + "source": "6f8de1f0-f67e-45a6-b68f-98777fdb759c" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e7f502973b1..89690dc52ca 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-06T15:00:56.371292+00:00 +2024-02-06T17:00:38.413558+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-06T14:57:33.760000+00:00 +2024-02-06T16:58:26.023000+00:00 ``` ### Last Data Feed Release @@ -29,44 +29,57 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -237767 +237783 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` - +Recently added CVEs: `16` + +* [CVE-2023-5584](CVE-2023/CVE-2023-55xx/CVE-2023-5584.json) (`2024-02-06T15:15:08.247`) +* [CVE-2023-35188](CVE-2023/CVE-2023-351xx/CVE-2023-35188.json) (`2024-02-06T16:15:51.140`) +* [CVE-2023-46183](CVE-2023/CVE-2023-461xx/CVE-2023-46183.json) (`2024-02-06T16:15:51.370`) +* [CVE-2023-50395](CVE-2023/CVE-2023-503xx/CVE-2023-50395.json) (`2024-02-06T16:15:51.573`) +* [CVE-2024-0911](CVE-2024/CVE-2024-09xx/CVE-2024-0911.json) (`2024-02-06T15:15:08.827`) +* [CVE-2024-24590](CVE-2024/CVE-2024-245xx/CVE-2024-24590.json) (`2024-02-06T15:15:09.100`) +* [CVE-2024-24591](CVE-2024/CVE-2024-245xx/CVE-2024-24591.json) (`2024-02-06T15:15:09.367`) +* [CVE-2024-24592](CVE-2024/CVE-2024-245xx/CVE-2024-24592.json) (`2024-02-06T15:15:09.730`) +* [CVE-2024-24593](CVE-2024/CVE-2024-245xx/CVE-2024-24593.json) (`2024-02-06T15:15:09.977`) +* [CVE-2024-24594](CVE-2024/CVE-2024-245xx/CVE-2024-24594.json) (`2024-02-06T15:15:10.203`) +* [CVE-2024-1251](CVE-2024/CVE-2024-12xx/CVE-2024-1251.json) (`2024-02-06T16:15:51.793`) +* [CVE-2024-23344](CVE-2024/CVE-2024-233xx/CVE-2024-23344.json) (`2024-02-06T16:15:52.120`) +* [CVE-2024-24000](CVE-2024/CVE-2024-240xx/CVE-2024-24000.json) (`2024-02-06T16:15:52.317`) +* [CVE-2024-24013](CVE-2024/CVE-2024-240xx/CVE-2024-24013.json) (`2024-02-06T16:15:52.363`) +* [CVE-2024-24015](CVE-2024/CVE-2024-240xx/CVE-2024-24015.json) (`2024-02-06T16:15:52.410`) +* [CVE-2024-24291](CVE-2024/CVE-2024-242xx/CVE-2024-24291.json) (`2024-02-06T16:15:52.460`) ### CVEs modified in the last Commit -Recently modified CVEs: `92` - -* [CVE-2024-20823](CVE-2024/CVE-2024-208xx/CVE-2024-20823.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-20824](CVE-2024/CVE-2024-208xx/CVE-2024-20824.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-20825](CVE-2024/CVE-2024-208xx/CVE-2024-20825.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-20826](CVE-2024/CVE-2024-208xx/CVE-2024-20826.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-20827](CVE-2024/CVE-2024-208xx/CVE-2024-20827.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-20828](CVE-2024/CVE-2024-208xx/CVE-2024-20828.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-24808](CVE-2024/CVE-2024-248xx/CVE-2024-24808.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-23304](CVE-2024/CVE-2024-233xx/CVE-2024-23304.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-22433](CVE-2024/CVE-2024-224xx/CVE-2024-22433.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-22365](CVE-2024/CVE-2024-223xx/CVE-2024-22365.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-0684](CVE-2024/CVE-2024-06xx/CVE-2024-0684.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-25140](CVE-2024/CVE-2024-251xx/CVE-2024-25140.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-23917](CVE-2024/CVE-2024-239xx/CVE-2024-23917.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-24936](CVE-2024/CVE-2024-249xx/CVE-2024-24936.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-24937](CVE-2024/CVE-2024-249xx/CVE-2024-24937.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-24938](CVE-2024/CVE-2024-249xx/CVE-2024-24938.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-24939](CVE-2024/CVE-2024-249xx/CVE-2024-24939.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-24940](CVE-2024/CVE-2024-249xx/CVE-2024-24940.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-24941](CVE-2024/CVE-2024-249xx/CVE-2024-24941.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-24942](CVE-2024/CVE-2024-249xx/CVE-2024-24942.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-24943](CVE-2024/CVE-2024-249xx/CVE-2024-24943.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-0690](CVE-2024/CVE-2024-06xx/CVE-2024-0690.json) (`2024-02-06T13:53:38.513`) -* [CVE-2024-23673](CVE-2024/CVE-2024-236xx/CVE-2024-23673.json) (`2024-02-06T14:15:55.190`) -* [CVE-2024-22162](CVE-2024/CVE-2024-221xx/CVE-2024-22162.json) (`2024-02-06T14:46:24.473`) -* [CVE-2024-22163](CVE-2024/CVE-2024-221xx/CVE-2024-22163.json) (`2024-02-06T14:57:33.760`) +Recently modified CVEs: `22` + +* [CVE-2023-6679](CVE-2023/CVE-2023-66xx/CVE-2023-6679.json) (`2024-02-06T15:15:08.397`) +* [CVE-2023-6915](CVE-2023/CVE-2023-69xx/CVE-2023-6915.json) (`2024-02-06T15:15:08.610`) +* [CVE-2023-6291](CVE-2023/CVE-2023-62xx/CVE-2023-6291.json) (`2024-02-06T16:09:02.867`) +* [CVE-2023-49038](CVE-2023/CVE-2023-490xx/CVE-2023-49038.json) (`2024-02-06T16:35:06.483`) +* [CVE-2023-52191](CVE-2023/CVE-2023-521xx/CVE-2023-52191.json) (`2024-02-06T16:58:26.023`) +* [CVE-2024-22302](CVE-2024/CVE-2024-223xx/CVE-2024-22302.json) (`2024-02-06T15:03:44.550`) +* [CVE-2024-22286](CVE-2024/CVE-2024-222xx/CVE-2024-22286.json) (`2024-02-06T15:08:36.300`) +* [CVE-2024-22289](CVE-2024/CVE-2024-222xx/CVE-2024-22289.json) (`2024-02-06T15:15:04.717`) +* [CVE-2024-23841](CVE-2024/CVE-2024-238xx/CVE-2024-23841.json) (`2024-02-06T15:20:17.970`) +* [CVE-2024-22292](CVE-2024/CVE-2024-222xx/CVE-2024-22292.json) (`2024-02-06T15:23:23.247`) +* [CVE-2024-22158](CVE-2024/CVE-2024-221xx/CVE-2024-22158.json) (`2024-02-06T15:25:24.303`) +* [CVE-2024-22159](CVE-2024/CVE-2024-221xx/CVE-2024-22159.json) (`2024-02-06T15:37:01.700`) +* [CVE-2024-22297](CVE-2024/CVE-2024-222xx/CVE-2024-22297.json) (`2024-02-06T15:38:07.050`) +* [CVE-2024-22150](CVE-2024/CVE-2024-221xx/CVE-2024-22150.json) (`2024-02-06T15:42:52.927`) +* [CVE-2024-22153](CVE-2024/CVE-2024-221xx/CVE-2024-22153.json) (`2024-02-06T15:43:49.957`) +* [CVE-2024-22293](CVE-2024/CVE-2024-222xx/CVE-2024-22293.json) (`2024-02-06T15:44:56.407`) +* [CVE-2024-22295](CVE-2024/CVE-2024-222xx/CVE-2024-22295.json) (`2024-02-06T15:49:30.457`) +* [CVE-2024-22146](CVE-2024/CVE-2024-221xx/CVE-2024-22146.json) (`2024-02-06T15:51:01.533`) +* [CVE-2024-22307](CVE-2024/CVE-2024-223xx/CVE-2024-22307.json) (`2024-02-06T15:52:58.037`) +* [CVE-2024-22310](CVE-2024/CVE-2024-223xx/CVE-2024-22310.json) (`2024-02-06T16:08:42.910`) +* [CVE-2024-22859](CVE-2024/CVE-2024-228xx/CVE-2024-22859.json) (`2024-02-06T16:29:48.453`) +* [CVE-2024-22282](CVE-2024/CVE-2024-222xx/CVE-2024-22282.json) (`2024-02-06T16:55:19.983`) ## Download and Usage