Auto-Update: 2024-01-04T03:00:26.081104+00:00

fkie-cad · Jan 4, 2024 · fdbe8a0 · fdbe8a0
1 parent e82c944
commit fdbe8a0
Show file tree

Hide file tree

Showing 152 changed files with 3,217 additions and 519 deletions.
diff --git a/CVE-2012/CVE-2012-100xx/CVE-2012-10017.json b/CVE-2012/CVE-2012-100xx/CVE-2012-10017.json
@@ -2,8 +2,8 @@
   "id": "CVE-2012-10017",
   "sourceIdentifier": "[email protected]",
   "published": "2023-12-26T10:15:07.483",
-  "lastModified": "2023-12-26T20:34:16.103",
-  "vulnStatus": "Awaiting Analysis",
+  "lastModified": "2024-01-04T02:51:03.117",
+  "vulnStatus": "Analyzed",
   "descriptions": [
     {
       "lang": "en",
@@ -16,6 +16,26 @@
   ],
   "metrics": {
     "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      },
       {
         "source": "[email protected]",
         "type": "Secondary",
@@ -75,18 +95,47 @@
       ]
     }
   ],
+  "configurations": [
+    {
+      "nodes": [
+        {
+          "operator": "OR",
+          "negate": false,
+          "cpeMatch": [
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:bestwebsoft:portfolio:*:*:*:*:*:wordpress:*:*",
+              "versionEndExcluding": "2.06",
+              "matchCriteriaId": "A61C4276-4B1B-4F53-B0A3-0FDE7E30E50C"
+            }
+          ]
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://github.com/wp-plugins/portfolio/commit/68af950330c3202a706f0ae9bbb52ceaa17dda9d",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Patch"
+      ]
     },
     {
       "url": "https://vuldb.com/?ctiid.248955",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Permissions Required",
+        "Third Party Advisory"
+      ]
     },
     {
       "url": "https://vuldb.com/?id.248955",
-      "source": "[email protected]"
+      "source": "[email protected]",
+      "tags": [
+        "Permissions Required",
+        "Third Party Advisory"
+      ]
     }
   ]
 }
diff --git a/CVE-2020/CVE-2020-06xx/CVE-2020-0604.json b/CVE-2020/CVE-2020-06xx/CVE-2020-0604.json
@@ -2,12 +2,12 @@
   "id": "CVE-2020-0604",
   "sourceIdentifier": "[email protected]",
   "published": "2020-08-17T19:15:13.817",
-  "lastModified": "2020-08-24T15:28:44.690",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-04T02:15:08.693",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project, aka 'Visual Studio Code Remote Code Execution Vulnerability'."
+      "value": "<p>A remote code execution vulnerability exists in Visual Studio Code when it process environment variables after opening a project. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>To exploit this vulnerability, an attacker would need to convince a target to clone a repository and open it in Visual Studio Code. Attacker-specified code would execute when the target opened the integrated terminal.</p>\n<p>The update address the vulnerability by modifying the way Visual Studio Code handles environment variables.</p>\n"
     },
     {
       "lang": "es",
@@ -17,8 +17,28 @@
   "metrics": {
     "cvssMetricV31": [
       {
-        "source": "[email protected]",
+        "source": "[email protected]",
         "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      },
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
         "cvssData": {
           "version": "3.1",
           "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

diff --git a/CVE-2020/CVE-2020-10xx/CVE-2020-1046.json b/CVE-2020/CVE-2020-10xx/CVE-2020-1046.json
@@ -2,12 +2,12 @@
   "id": "CVE-2020-1046",
   "sourceIdentifier": "[email protected]",
   "published": "2020-08-17T19:15:14.083",
-  "lastModified": "2020-08-24T15:28:46.567",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-04T02:15:08.990",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A remote code execution vulnerability exists when Microsoft .NET Framework processes input, aka '.NET Framework Remote Code Execution Vulnerability'."
+      "value": "<p>A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.</p>\n<p>To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application.</p>\n<p>The security update addresses the vulnerability by correcting how .NET Framework processes input.</p>\n"
     },
     {
       "lang": "es",

diff --git a/CVE-2020/CVE-2020-11xx/CVE-2020-1182.json b/CVE-2020/CVE-2020-11xx/CVE-2020-1182.json
@@ -2,12 +2,12 @@
   "id": "CVE-2020-1182",
   "sourceIdentifier": "[email protected]",
   "published": "2020-08-17T19:15:14.147",
-  "lastModified": "2021-07-21T11:39:23.747",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-04T02:15:09.087",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11, aka 'Microsoft Dynamics 365 for Finance and Operations (on-premises) Remote Code Execution Vulnerability'."
+      "value": "<p>A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server.</p>\n<p>An authenticated attacker with privileges to import and export data could exploit this vulnerability by sending a specially crafted file to a vulnerable Dynamics server.</p>\n<p>The security update addresses the vulnerability by correcting how Microsoft Dynamics 365 for Finance and Operations (on-premises) version 10.0.11 handles user input.</p>\n"
     },
     {
       "lang": "es",
@@ -17,8 +17,28 @@
   "metrics": {
     "cvssMetricV31": [
       {
-        "source": "[email protected]",
+        "source": "[email protected]",
         "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 5.2
+      },
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
         "cvssData": {
           "version": "3.1",
           "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",

diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1337.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1337.json
@@ -2,12 +2,12 @@
   "id": "CVE-2020-1337",
   "sourceIdentifier": "[email protected]",
   "published": "2020-08-17T19:15:14.210",
-  "lastModified": "2021-07-21T11:39:23.747",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-04T02:15:09.277",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system, aka 'Windows Print Spooler Elevation of Privilege Vulnerability'."
+      "value": "<p>An elevation of privilege vulnerability exists when the Windows Print Spooler service improperly allows arbitrary writing to the file system. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.</p>\n<p>To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted script or application.</p>\n<p>The update addresses the vulnerability by correcting how the Windows Print Spooler Component writes to the file system.</p>\n"
     },
     {
       "lang": "es",
@@ -17,7 +17,7 @@
   "metrics": {
     "cvssMetricV31": [
       {
-        "source": "[email protected]",
+        "source": "[email protected]",
         "type": "Primary",
         "cvssData": {
           "version": "3.1",
@@ -35,6 +35,26 @@
         },
         "exploitabilityScore": 1.8,
         "impactScore": 5.9
+      },
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
       }
     ],
     "cvssMetricV2": [

diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1339.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1339.json
@@ -2,12 +2,12 @@
   "id": "CVE-2020-1339",
   "sourceIdentifier": "[email protected]",
   "published": "2020-08-17T19:15:14.287",
-  "lastModified": "2021-07-21T11:39:23.747",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-04T02:15:09.493",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects, aka 'Windows Media Remote Code Execution Vulnerability'."
+      "value": "<p>A remote code execution vulnerability exists when Windows Media Audio Codec improperly handles objects. An attacker who successfully exploited the vulnerability could take control of an affected system.</p>\n<p>There are multiple ways an attacker could exploit the vulnerability, such as by convincing a user to open a specially crafted document, or by convincing a user to visit a malicious webpage.</p>\n<p>The security update addresses the vulnerability by correcting how Windows Media Audio Codec handles objects.</p>\n"
     },
     {
       "lang": "es",
@@ -17,8 +17,28 @@
   "metrics": {
     "cvssMetricV31": [
       {
-        "source": "[email protected]",
+        "source": "[email protected]",
         "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      },
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
         "cvssData": {
           "version": "3.1",
           "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1377.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1377.json
@@ -2,12 +2,12 @@
   "id": "CVE-2020-1377",
   "sourceIdentifier": "[email protected]",
   "published": "2020-08-17T19:15:14.350",
-  "lastModified": "2022-05-03T13:02:29.087",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-04T02:15:09.683",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1378."
+      "value": "<p>An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p>\n<p>A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.</p>\n<p>The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.</p>\n"
     },
     {
       "lang": "es",
@@ -17,7 +17,7 @@
   "metrics": {
     "cvssMetricV31": [
       {
-        "source": "[email protected]",
+        "source": "[email protected]",
         "type": "Primary",
         "cvssData": {
           "version": "3.1",
@@ -35,6 +35,26 @@
         },
         "exploitabilityScore": 1.8,
         "impactScore": 5.9
+      },
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
       }
     ],
     "cvssMetricV2": [

diff --git a/CVE-2020/CVE-2020-13xx/CVE-2020-1378.json b/CVE-2020/CVE-2020-13xx/CVE-2020-1378.json
@@ -2,12 +2,12 @@
   "id": "CVE-2020-1378",
   "sourceIdentifier": "[email protected]",
   "published": "2020-08-17T19:15:14.413",
-  "lastModified": "2022-05-03T13:00:56.777",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-01-04T02:15:09.907",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
-      "value": "An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka 'Windows Registry Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1377."
+      "value": "<p>An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory. An attacker who successfully exploited the vulnerability could gain elevated privileges on a targeted system.</p>\n<p>A locally authenticated attacker could exploit this vulnerability by running a specially crafted application.</p>\n<p>The security update addresses the vulnerability by helping to ensure that the Windows Kernel API properly handles objects in memory.</p>\n"
     },
     {
       "lang": "es",
@@ -17,8 +17,28 @@
   "metrics": {
     "cvssMetricV31": [
       {
-        "source": "[email protected]",
+        "source": "[email protected]",
         "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.6,
+        "impactScore": 5.9
+      },
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
         "cvssData": {
           "version": "3.1",
           "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",