From e82c9440e6a4398fbdfbe020d2fd98bbd69efe98 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 4 Jan 2024 00:55:18 +0000 Subject: [PATCH] Auto-Update: 2024-01-04T00:55:15.083229+00:00 --- CVE-2012/CVE-2012-56xx/CVE-2012-5639.json | 6 +- CVE-2022/CVE-2022-342xx/CVE-2022-34268.json | 70 +++++++++++++++++++-- CVE-2023/CVE-2023-312xx/CVE-2023-31224.json | 64 +++++++++++++++++-- CVE-2023/CVE-2023-502xx/CVE-2023-50256.json | 63 +++++++++++++++++++ CVE-2023/CVE-2023-51xx/CVE-2023-5138.json | 59 +++++++++++++++++ CVE-2024/CVE-2024-216xx/CVE-2024-21634.json | 55 ++++++++++++++++ README.md | 42 ++++--------- 7 files changed, 319 insertions(+), 40 deletions(-) create mode 100644 CVE-2023/CVE-2023-502xx/CVE-2023-50256.json create mode 100644 CVE-2023/CVE-2023-51xx/CVE-2023-5138.json create mode 100644 CVE-2024/CVE-2024-216xx/CVE-2024-21634.json diff --git a/CVE-2012/CVE-2012-56xx/CVE-2012-5639.json b/CVE-2012/CVE-2012-56xx/CVE-2012-5639.json index 024d951750b..c2885621876 100644 --- a/CVE-2012/CVE-2012-56xx/CVE-2012-5639.json +++ b/CVE-2012/CVE-2012-56xx/CVE-2012-5639.json @@ -2,7 +2,7 @@ "id": "CVE-2012-5639", "sourceIdentifier": "secalert@redhat.com", "published": "2019-12-20T14:15:11.400", - "lastModified": "2024-01-03T12:15:22.547", + "lastModified": "2024-01-04T00:15:10.050", "vulnStatus": "Modified", "descriptions": [ { @@ -149,6 +149,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/01/03/6", "source": "secalert@redhat.com" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/01/03/7", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/cve-2012-5639", "source": "secalert@redhat.com", diff --git a/CVE-2022/CVE-2022-342xx/CVE-2022-34268.json b/CVE-2022/CVE-2022-342xx/CVE-2022-34268.json index b16b4a93e00..68f7afceb49 100644 --- a/CVE-2022/CVE-2022-342xx/CVE-2022-34268.json +++ b/CVE-2022/CVE-2022-342xx/CVE-2022-34268.json @@ -2,8 +2,8 @@ "id": "CVE-2022-34268", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-25T08:15:07.353", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T23:10:41.060", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,15 +14,75 @@ "value": "Se descubri\u00f3 un problema en RWS WorldServer antes de la versi\u00f3n 11.7.3. /clientLogin deserializa los objetos Java sin autenticaci\u00f3n, lo que lleva a ejecuci\u00f3n de comandos en el host." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rws:worldserver:*:*:*:*:*:*:*:*", + "versionEndExcluding": "11.7.3", + "matchCriteriaId": "4DA9F10A-C38C-4700-9179-FEE984CBD440" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.rws.com/localization/products/trados-enterprise/worldserver/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] }, { "url": "https://www.triskelelabs.com/vulnerabilities-in-rws-worldserver", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-312xx/CVE-2023-31224.json b/CVE-2023/CVE-2023-312xx/CVE-2023-31224.json index 216a1e510b8..a74d6ae0050 100644 --- a/CVE-2023/CVE-2023-312xx/CVE-2023-31224.json +++ b/CVE-2023/CVE-2023-312xx/CVE-2023-31224.json @@ -2,8 +2,8 @@ "id": "CVE-2023-31224", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-25T08:15:07.430", - "lastModified": "2023-12-26T20:34:16.103", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-01-03T23:10:26.330", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,11 +14,67 @@ "value": "Hay un control de acceso roto durante la autenticaci\u00f3n en Jamf Pro Server anterior a 10.46.1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:jamf:jamf:*:*:*:*:pro:*:*:*", + "versionEndExcluding": "10.47.0", + "matchCriteriaId": "7F3614B7-23F7-409F-BC9E-2EB78D311056" + } + ] + } + ] + } + ], "references": [ { "url": "https://learn.jamf.com/bundle/jamf-pro-release-notes-10.47.0/page/Resolved_Issues.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-502xx/CVE-2023-50256.json b/CVE-2023/CVE-2023-502xx/CVE-2023-50256.json new file mode 100644 index 00000000000..e46985a1f57 --- /dev/null +++ b/CVE-2023/CVE-2023-502xx/CVE-2023-50256.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2023-50256", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-03T23:15:08.517", + "lastModified": "2024-01-03T23:15:08.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Froxlor is open source server administration software. Prior to version 2.1.2, it was possible to submit the registration form with the essential fields, such as the username and password, left intentionally blank. This inadvertent omission allowed for a bypass of the mandatory field requirements (e.g. surname, company name) established by the system. Version 2.1.2 fixes this issue.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Froxlor/Froxlor/commit/4b1846883d4828962add91bd844596d89a9c7cac", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Froxlor/Froxlor/security/advisories/GHSA-625g-fm5w-w7w4", + "source": "security-advisories@github.com" + }, + { + "url": "https://user-images.githubusercontent.com/80028768/289675319-81ae8ebe-1308-4ee3-bedb-43cdc40da474.mp4", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5138.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5138.json new file mode 100644 index 00000000000..cbc271c969b --- /dev/null +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5138.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-5138", + "sourceIdentifier": "product-security@silabs.com", + "published": "2024-01-03T23:15:08.747", + "lastModified": "2024-01-03T23:15:08.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Glitch detection is not enabled by default for the CortexM33 core in Silicon Labs secure vault high parts EFx32xG2xB, except EFR32xG21B." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "product-security@silabs.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "product-security@silabs.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-909" + } + ] + } + ], + "references": [ + { + "url": "https://community.silabs.com/069Vm0000004f6DIAQ", + "source": "product-security@silabs.com" + }, + { + "url": "https://github.com/SiliconLabs/gecko_sdk", + "source": "product-security@silabs.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21634.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21634.json new file mode 100644 index 00000000000..07618d0d1d5 --- /dev/null +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21634.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-21634", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-01-03T23:15:08.943", + "lastModified": "2024-01-03T23:15:08.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in\u00a0`ion-java`\u00a0for applications that use\u00a0`ion-java`\u00a0to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the\u00a0`IonValue`\u00a0model and then invoke certain\u00a0`IonValue`\u00a0methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the\u00a0`IonValue`\u00a0model, results in a\u00a0`StackOverflowError`\u00a0originating from the\u00a0`ion-java`\u00a0library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 35c0f5a5dd6..c9aff6446c4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-03T23:00:25.423840+00:00 +2024-01-04T00:55:15.083229+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-03T22:54:54.397000+00:00 +2024-01-04T00:15:10.050000+00:00 ``` ### Last Data Feed Release @@ -29,43 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -234824 +234827 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `3` -* [CVE-2023-49442](CVE-2023/CVE-2023-494xx/CVE-2023-49442.json) (`2024-01-03T21:15:08.467`) -* [CVE-2023-6338](CVE-2023/CVE-2023-63xx/CVE-2023-6338.json) (`2024-01-03T21:15:08.547`) -* [CVE-2023-6540](CVE-2023/CVE-2023-65xx/CVE-2023-6540.json) (`2024-01-03T21:15:08.940`) -* [CVE-2023-52140](CVE-2023/CVE-2023-521xx/CVE-2023-52140.json) (`2024-01-03T22:15:11.187`) -* [CVE-2023-52141](CVE-2023/CVE-2023-521xx/CVE-2023-52141.json) (`2024-01-03T22:15:11.380`) +* [CVE-2023-50256](CVE-2023/CVE-2023-502xx/CVE-2023-50256.json) (`2024-01-03T23:15:08.517`) +* [CVE-2023-5138](CVE-2023/CVE-2023-51xx/CVE-2023-5138.json) (`2024-01-03T23:15:08.747`) +* [CVE-2024-21634](CVE-2024/CVE-2024-216xx/CVE-2024-21634.json) (`2024-01-03T23:15:08.943`) ### CVEs modified in the last Commit -Recently modified CVEs: `19` - -* [CVE-2022-41762](CVE-2022/CVE-2022-417xx/CVE-2022-41762.json) (`2024-01-03T21:00:55.163`) -* [CVE-2022-41761](CVE-2022/CVE-2022-417xx/CVE-2022-41761.json) (`2024-01-03T21:01:06.787`) -* [CVE-2022-41760](CVE-2022/CVE-2022-417xx/CVE-2022-41760.json) (`2024-01-03T21:01:14.330`) -* [CVE-2022-39822](CVE-2022/CVE-2022-398xx/CVE-2022-39822.json) (`2024-01-03T21:01:25.960`) -* [CVE-2022-39820](CVE-2022/CVE-2022-398xx/CVE-2022-39820.json) (`2024-01-03T21:01:40.990`) -* [CVE-2022-39818](CVE-2022/CVE-2022-398xx/CVE-2022-39818.json) (`2024-01-03T21:01:51.820`) -* [CVE-2023-51771](CVE-2023/CVE-2023-517xx/CVE-2023-51771.json) (`2024-01-03T21:02:26.533`) -* [CVE-2023-30451](CVE-2023/CVE-2023-304xx/CVE-2023-30451.json) (`2024-01-03T21:02:47.050`) -* [CVE-2023-49880](CVE-2023/CVE-2023-498xx/CVE-2023-49880.json) (`2024-01-03T21:03:07.817`) -* [CVE-2023-43064](CVE-2023/CVE-2023-430xx/CVE-2023-43064.json) (`2024-01-03T21:03:54.537`) -* [CVE-2023-51363](CVE-2023/CVE-2023-513xx/CVE-2023-51363.json) (`2024-01-03T21:08:47.153`) -* [CVE-2023-27150](CVE-2023/CVE-2023-271xx/CVE-2023-27150.json) (`2024-01-03T22:26:47.350`) -* [CVE-2023-38321](CVE-2023/CVE-2023-383xx/CVE-2023-38321.json) (`2024-01-03T22:30:12.113`) -* [CVE-2023-49954](CVE-2023/CVE-2023-499xx/CVE-2023-49954.json) (`2024-01-03T22:32:37.550`) -* [CVE-2023-49944](CVE-2023/CVE-2023-499xx/CVE-2023-49944.json) (`2024-01-03T22:53:45.343`) -* [CVE-2023-49226](CVE-2023/CVE-2023-492xx/CVE-2023-49226.json) (`2024-01-03T22:54:12.677`) -* [CVE-2023-38826](CVE-2023/CVE-2023-388xx/CVE-2023-38826.json) (`2024-01-03T22:54:24.607`) -* [CVE-2023-36486](CVE-2023/CVE-2023-364xx/CVE-2023-36486.json) (`2024-01-03T22:54:36.863`) -* [CVE-2023-36485](CVE-2023/CVE-2023-364xx/CVE-2023-36485.json) (`2024-01-03T22:54:54.397`) +Recently modified CVEs: `3` + +* [CVE-2012-5639](CVE-2012/CVE-2012-56xx/CVE-2012-5639.json) (`2024-01-04T00:15:10.050`) +* [CVE-2022-34268](CVE-2022/CVE-2022-342xx/CVE-2022-34268.json) (`2024-01-03T23:10:41.060`) +* [CVE-2023-31224](CVE-2023/CVE-2023-312xx/CVE-2023-31224.json) (`2024-01-03T23:10:26.330`) ## Download and Usage