diff --git a/2015/CVE-2015-2426.json b/2015/CVE-2015-2426.json index 43faaf60e7..1b010b7b29 100644 --- a/2015/CVE-2015-2426.json +++ b/2015/CVE-2015-2426.json @@ -2,8 +2,8 @@ "id": "CVE-2015-2426", "sourceIdentifier": "secure@microsoft.com", "published": "2015-07-20T18:59:01.210", - "lastModified": "2024-11-21T02:27:22.747", - "vulnStatus": "Modified", + "lastModified": "2025-01-17T20:23:27.523", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { diff --git a/2021/CVE-2021-3918.json b/2021/CVE-2021-3918.json index 7c469253a1..2d1ff265e3 100644 --- a/2021/CVE-2021-3918.json +++ b/2021/CVE-2021-3918.json @@ -2,7 +2,7 @@ "id": "CVE-2021-3918", "sourceIdentifier": "security@huntr.dev", "published": "2021-11-13T09:15:06.737", - "lastModified": "2024-11-21T06:22:46.393", + "lastModified": "2025-01-17T20:15:26.073", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -193,6 +193,10 @@ "Mailing List", "Third Party Advisory" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20250117-0004/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/2022/CVE-2022-46286.json b/2022/CVE-2022-46286.json index 201dc4cb80..4f07d9caa1 100644 --- a/2022/CVE-2022-46286.json +++ b/2022/CVE-2022-46286.json @@ -2,7 +2,7 @@ "id": "CVE-2022-46286", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-03-21T23:15:12.477", - "lastModified": "2024-11-21T07:30:18.723", + "lastModified": "2025-01-17T19:15:26.120", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, diff --git a/2023/CVE-2023-0049.json b/2023/CVE-2023-0049.json index f7dd0688da..43ac7e197a 100644 --- a/2023/CVE-2023-0049.json +++ b/2023/CVE-2023-0049.json @@ -2,7 +2,7 @@ "id": "CVE-2023-0049", "sourceIdentifier": "security@huntr.dev", "published": "2023-01-04T16:15:09.047", - "lastModified": "2024-11-21T07:36:27.527", + "lastModified": "2025-01-17T20:15:26.260", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -180,6 +180,10 @@ "url": "https://security.gentoo.org/glsa/202305-16", "source": "af854a3a-2127-422b-91ae-364da2661108" }, + { + "url": "https://security.netapp.com/advisory/ntap-20250117-0005/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://support.apple.com/kb/HT213670", "source": "af854a3a-2127-422b-91ae-364da2661108" diff --git a/2023/CVE-2023-27923.json b/2023/CVE-2023-27923.json index 1705803231..70144907a8 100644 --- a/2023/CVE-2023-27923.json +++ b/2023/CVE-2023-27923.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27923", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-05-23T02:15:09.943", - "lastModified": "2024-11-21T07:53:42.473", + "lastModified": "2025-01-17T19:15:26.870", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-27925.json b/2023/CVE-2023-27925.json index 2816da7636..c4c86a4bf2 100644 --- a/2023/CVE-2023-27925.json +++ b/2023/CVE-2023-27925.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27925", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-05-23T02:15:09.983", - "lastModified": "2024-11-21T07:53:42.590", + "lastModified": "2025-01-17T19:15:27.060", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-27926.json b/2023/CVE-2023-27926.json index e11ff3888b..e108fae229 100644 --- a/2023/CVE-2023-27926.json +++ b/2023/CVE-2023-27926.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27926", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-05-23T02:15:10.023", - "lastModified": "2024-11-21T07:53:42.710", + "lastModified": "2025-01-17T19:15:27.213", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-28367.json b/2023/CVE-2023-28367.json index d75ac0938c..7f5776a704 100644 --- a/2023/CVE-2023-28367.json +++ b/2023/CVE-2023-28367.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28367", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-05-23T02:15:10.067", - "lastModified": "2024-11-21T07:54:56.047", + "lastModified": "2025-01-17T19:15:27.370", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-28390.json b/2023/CVE-2023-28390.json index 4c94ca3885..af230e5c26 100644 --- a/2023/CVE-2023-28390.json +++ b/2023/CVE-2023-28390.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28390", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-05-23T02:15:10.107", - "lastModified": "2024-11-21T07:54:58.627", + "lastModified": "2025-01-17T19:15:27.540", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 0.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 } ] }, diff --git a/2023/CVE-2023-28392.json b/2023/CVE-2023-28392.json index 2179b61d50..feea6d3382 100644 --- a/2023/CVE-2023-28392.json +++ b/2023/CVE-2023-28392.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28392", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-05-23T02:15:10.140", - "lastModified": "2024-11-21T07:54:58.867", + "lastModified": "2025-01-17T19:15:27.707", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-28394.json b/2023/CVE-2023-28394.json index dfd9103f5d..236646be46 100644 --- a/2023/CVE-2023-28394.json +++ b/2023/CVE-2023-28394.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28394", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-05-23T02:15:10.180", - "lastModified": "2024-11-21T07:54:59.103", + "lastModified": "2025-01-17T19:15:27.887", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-78" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-28408.json b/2023/CVE-2023-28408.json index e91d0f9c91..81153d54fa 100644 --- a/2023/CVE-2023-28408.json +++ b/2023/CVE-2023-28408.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28408", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-05-23T02:15:10.220", - "lastModified": "2024-11-21T07:55:00.487", + "lastModified": "2025-01-17T19:15:28.050", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-22" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-29919.json b/2023/CVE-2023-29919.json index 7633c4c055..f4f40aea0a 100644 --- a/2023/CVE-2023-29919.json +++ b/2023/CVE-2023-29919.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29919", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-23T01:15:09.820", - "lastModified": "2024-11-21T07:57:38.723", + "lastModified": "2025-01-17T19:15:28.213", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-276" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-276" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-30382.json b/2023/CVE-2023-30382.json index 7ee595677d..92244ea1ae 100644 --- a/2023/CVE-2023-30382.json +++ b/2023/CVE-2023-30382.json @@ -2,7 +2,7 @@ "id": "CVE-2023-30382", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-23T21:15:09.073", - "lastModified": "2024-11-21T08:00:06.900", + "lastModified": "2025-01-17T19:15:28.400", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.3, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-787" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-31759.json b/2023/CVE-2023-31759.json index 0b1b02ac8e..207a023876 100644 --- a/2023/CVE-2023-31759.json +++ b/2023/CVE-2023-31759.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31759", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-24T00:15:09.450", - "lastModified": "2024-11-21T08:02:15.057", + "lastModified": "2025-01-17T20:15:26.417", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-294" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-31761.json b/2023/CVE-2023-31761.json index eb45fbf31a..d4e8a563e7 100644 --- a/2023/CVE-2023-31761.json +++ b/2023/CVE-2023-31761.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31761", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-24T00:15:09.497", - "lastModified": "2024-11-21T08:02:15.193", + "lastModified": "2025-01-17T20:15:26.607", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-294" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-31762.json b/2023/CVE-2023-31762.json index bbc87845ba..9572351705 100644 --- a/2023/CVE-2023-31762.json +++ b/2023/CVE-2023-31762.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31762", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-24T00:15:09.543", - "lastModified": "2024-11-21T08:02:15.327", + "lastModified": "2025-01-17T20:15:26.797", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-294" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-41913.json b/2023/CVE-2023-41913.json index de0f5f1f95..67048fa19f 100644 --- a/2023/CVE-2023-41913.json +++ b/2023/CVE-2023-41913.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41913", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-07T05:15:09.173", - "lastModified": "2024-11-21T08:21:54.430", + "lastModified": "2025-01-17T20:15:26.993", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -100,6 +100,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPJZPYHBCRXUQGGKQE6TYH4J4RIJH6HO/", "source": "af854a3a-2127-422b-91ae-364da2661108" }, + { + "url": "https://security.netapp.com/advisory/ntap-20250117-0003/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://www.strongswan.org/blog/2023/11/20/strongswan-vulnerability-%28cve-2023-41913%29.html", "source": "af854a3a-2127-422b-91ae-364da2661108", diff --git a/2023/CVE-2023-42785.json b/2023/CVE-2023-42785.json index 751b6de5e3..3d8b63f724 100644 --- a/2023/CVE-2023-42785.json +++ b/2023/CVE-2023-42785.json @@ -2,13 +2,17 @@ "id": "CVE-2023-42785", "sourceIdentifier": "psirt@fortinet.com", "published": "2025-01-14T14:15:27.083", - "lastModified": "2025-01-14T14:15:27.083", - "vulnStatus": "Received", + "lastModified": "2025-01-17T20:42:36.303", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request." + }, + { + "lang": "es", + "value": "Una desreferencia de puntero nulo en las versiones de FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.5, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones y 6.0 todas las versiones permite a un atacante activar una denegaci\u00f3n de servicio a trav\u00e9s de una solicitud http manipulada." } ], "metrics": { @@ -32,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -47,10 +71,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "7.2.6", + "matchCriteriaId": "C4D18D6E-AD93-4183-B9A9-458E791ED126" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.4.0", + "versionEndExcluding": "7.4.2", + "matchCriteriaId": "4316C2EA-3D6E-4A0C-B81D-ADCE040E03E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-293", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-42786.json b/2023/CVE-2023-42786.json index 3939c27f42..73c391ffe4 100644 --- a/2023/CVE-2023-42786.json +++ b/2023/CVE-2023-42786.json @@ -2,13 +2,17 @@ "id": "CVE-2023-42786", "sourceIdentifier": "psirt@fortinet.com", "published": "2025-01-14T14:15:27.237", - "lastModified": "2025-01-14T14:15:27.237", - "vulnStatus": "Received", + "lastModified": "2025-01-17T20:42:31.930", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request." + }, + { + "lang": "es", + "value": "Una desreferencia de puntero nulo en las versiones de FortiOS 7.4.0 a 7.4.1, 7.2.0 a 7.2.5, 7.0 todas las versiones, 6.4 todas las versiones, 6.2 todas las versiones y 6.0 todas las versiones permite a un atacante activar una denegaci\u00f3n de servicio a trav\u00e9s de una solicitud http manipulada." } ], "metrics": { @@ -32,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, @@ -47,10 +71,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "7.2.6", + "matchCriteriaId": "C4D18D6E-AD93-4183-B9A9-458E791ED126" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.4.0", + "versionEndExcluding": "7.4.2", + "matchCriteriaId": "4316C2EA-3D6E-4A0C-B81D-ADCE040E03E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-293", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-52434.json b/2023/CVE-2023-52434.json index 5ea5119bb8..e1fde48b80 100644 --- a/2023/CVE-2023-52434.json +++ b/2023/CVE-2023-52434.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52434", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-02-20T18:15:50.790", - "lastModified": "2025-01-10T19:04:33.103", - "vulnStatus": "Analyzed", + "lastModified": "2025-01-17T20:15:27.203", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -229,6 +229,10 @@ "tags": [ "Mailing List" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20250117-0009/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/2024/CVE-2024-0588.json b/2024/CVE-2024-0588.json index f89c0f1a5b..6029448495 100644 --- a/2024/CVE-2024-0588.json +++ b/2024/CVE-2024-0588.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0588", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:14.363", - "lastModified": "2024-11-21T08:46:57.253", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:25:52.137", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,22 +39,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0", + "matchCriteriaId": "056698AA-9625-4637-B733-41DE0235F5E3" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3058329/paid-memberships-pro/tags/3.0/includes/compatibility/lifterlms.php?old=2952976&old_path=paid-memberships-pro/trunk/includes/compatibility/lifterlms.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3058329/paid-memberships-pro/tags/3.0/includes/compatibility/lifterlms.php?old=2952976&old_path=paid-memberships-pro/trunk/includes/compatibility/lifterlms.php", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6fd87d34-2e7f-4c75-8816-b39820309077?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-0690.json b/2024/CVE-2024-0690.json index 20ee97855e..cca5443935 100644 --- a/2024/CVE-2024-0690.json +++ b/2024/CVE-2024-0690.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0690", "sourceIdentifier": "secalert@redhat.com", "published": "2024-02-06T12:15:55.530", - "lastModified": "2024-11-21T08:47:09.350", + "lastModified": "2025-01-17T20:15:27.403", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -259,6 +259,10 @@ "Issue Tracking", "Patch" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20250117-0001/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/2024/CVE-2024-10850.json b/2024/CVE-2024-10850.json index d6236c5694..e56b8f60a4 100644 --- a/2024/CVE-2024-10850.json +++ b/2024/CVE-2024-10850.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10850", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-13T02:15:14.873", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:25:39.717", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.7 @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:razorpay:razorpay_payment_button:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.6", + "matchCriteriaId": "AC37BC95-E047-4F97-BCA0-771E7E8E0314" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/razorpay-payment-button-elementor/tags/1.2.5/includes/rzp-payment-buttons.php#L78", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9331aa66-2eee-4745-b286-fa6db3bd9f37?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-10851.json b/2024/CVE-2024-10851.json index 36062f79e5..c4c9ca8d62 100644 --- a/2024/CVE-2024-10851.json +++ b/2024/CVE-2024-10851.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10851", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-13T02:15:15.090", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:19:49.767", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.7 @@ -51,18 +51,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:razorpay:razorpay_payment_button:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.4.7", + "matchCriteriaId": "0DB7334C-5940-445C-A08C-D42B368CB091" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/razorpay-payment-button/tags/2.4.6/includes/rzp-payment-buttons.php#L78", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/razorpay-payment-button/tags/2.4.6/includes/rzp-subscription-buttons.php#L78", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5c0e8e63-2603-4ee4-88f5-e132f9bc7fae?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-10853.json b/2024/CVE-2024-10853.json index d93a1efdc7..a4a8cf3a07 100644 --- a/2024/CVE-2024-10853.json +++ b/2024/CVE-2024-10853.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10853", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-13T02:15:15.503", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:17:28.650", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zixn:buy_one_click_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2.9", + "matchCriteriaId": "9E232F1A-032D-4D5D-8883-51FD705F375C" + } + ] + } + ] + } + ], "references": [ { "url": "https://wordpress.org/plugins/buy-one-click-woocommerce/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ad73f105-fea8-4bbe-946b-97e61b4b9e57?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-10854.json b/2024/CVE-2024-10854.json index 4203d9274c..b6564497e9 100644 --- a/2024/CVE-2024-10854.json +++ b/2024/CVE-2024-10854.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10854", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-13T02:15:15.717", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:16:10.667", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:zixn:buy_one_click_woocommerce:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.2.9", + "matchCriteriaId": "9E232F1A-032D-4D5D-8883-51FD705F375C" + } + ] + } + ] + } + ], "references": [ { "url": "https://wordpress.org/plugins/buy-one-click-woocommerce/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b3d9b755-1e6e-44ac-989a-201237f6dc9f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-11004.json b/2024/CVE-2024-11004.json index c4dc50ee71..707fe77997 100644 --- a/2024/CVE-2024-11004.json +++ b/2024/CVE-2024-11004.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11004", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T17:15:06.943", - "lastModified": "2024-11-21T17:15:10.277", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:05:17.653", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, @@ -49,12 +69,99 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-11005.json b/2024/CVE-2024-11005.json index f4c82cfe93..7e9e7fa922 100644 --- a/2024/CVE-2024-11005.json +++ b/2024/CVE-2024-11005.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11005", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T17:15:07.130", - "lastModified": "2024-11-22T17:15:06.803", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:23:26.140", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,12 +69,108 @@ "value": "CWE-78" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "3281AC31-EAEC-4C8D-A0AA-3CDD1092D3EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionStartExcluding": "9.1", + "versionEndExcluding": "22.7", + "matchCriteriaId": "C8B38BEE-671B-4B29-A230-C92ACEE60C74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "368E8A56-50E4-4400-8C18-B7426B112FFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionStartExcluding": "9.1", + "versionEndExcluding": "22.7", + "matchCriteriaId": "0905A2B5-F9DF-48C9-9DA4-2D4C1C7BC0F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-11006.json b/2024/CVE-2024-11006.json index be975dc108..d14e4fe34f 100644 --- a/2024/CVE-2024-11006.json +++ b/2024/CVE-2024-11006.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11006", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T17:15:07.333", - "lastModified": "2024-11-22T17:15:06.913", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:23:23.497", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,12 +69,108 @@ "value": "CWE-78" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "3281AC31-EAEC-4C8D-A0AA-3CDD1092D3EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionStartExcluding": "9.1", + "versionEndExcluding": "22.7", + "matchCriteriaId": "C8B38BEE-671B-4B29-A230-C92ACEE60C74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "368E8A56-50E4-4400-8C18-B7426B112FFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionStartExcluding": "9.1", + "versionEndExcluding": "22.7", + "matchCriteriaId": "0905A2B5-F9DF-48C9-9DA4-2D4C1C7BC0F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-11633.json b/2024/CVE-2024-11633.json index c59a258334..4133019255 100644 --- a/2024/CVE-2024-11633.json +++ b/2024/CVE-2024-11633.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11633", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-12-10T19:15:19.443", - "lastModified": "2024-12-10T19:15:19.443", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:35:05.380", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,12 +69,98 @@ "value": "CWE-88" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*", + "matchCriteriaId": "3447428E-DBCD-4553-B51D-AC08ECAFD881" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-11634.json b/2024/CVE-2024-11634.json index 60c1545e73..cb1e434502 100644 --- a/2024/CVE-2024-11634.json +++ b/2024/CVE-2024-11634.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11634", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-12-10T19:15:19.570", - "lastModified": "2024-12-10T19:15:19.570", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:32:48.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,12 +69,114 @@ "value": "CWE-77" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-11639.json b/2024/CVE-2024-11639.json index 6bb5714ca2..3a55f09c9f 100644 --- a/2024/CVE-2024-11639.json +++ b/2024/CVE-2024-11639.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11639", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-12-10T19:15:19.690", - "lastModified": "2024-12-10T19:15:19.690", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:40:09.763", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -49,12 +69,43 @@ "value": "CWE-288" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:cloud_services_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.0.3", + "matchCriteriaId": "60628283-69C1-4274-9BC8-5C2B91A7AA6E" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-11772.json b/2024/CVE-2024-11772.json index 2425176840..4fdfdf0e9a 100644 --- a/2024/CVE-2024-11772.json +++ b/2024/CVE-2024-11772.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11772", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-12-10T19:15:19.817", - "lastModified": "2024-12-10T19:15:19.817", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:40:52.337", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,12 +69,43 @@ "value": "CWE-77" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:cloud_services_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.0.3", + "matchCriteriaId": "60628283-69C1-4274-9BC8-5C2B91A7AA6E" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-11773.json b/2024/CVE-2024-11773.json index ced23bc722..232d3ba45a 100644 --- a/2024/CVE-2024-11773.json +++ b/2024/CVE-2024-11773.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11773", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-12-10T19:15:19.943", - "lastModified": "2024-12-10T19:15:19.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:41:50.450", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 } ] }, @@ -49,12 +69,43 @@ "value": "CWE-89" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:cloud_services_appliance:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.0.3", + "matchCriteriaId": "60628283-69C1-4274-9BC8-5C2B91A7AA6E" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-13026.json b/2024/CVE-2024-13026.json new file mode 100644 index 0000000000..c7522c3b44 --- /dev/null +++ b/2024/CVE-2024-13026.json @@ -0,0 +1,85 @@ +{ + "id": "CVE-2024-13026", + "sourceIdentifier": "5cdcf916-2b10-4ec8-bfc1-d054821e439e", + "published": "2025-01-17T20:15:27.600", + "lastModified": "2025-01-17T20:15:27.600", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "5cdcf916-2b10-4ec8-bfc1-d054821e439e", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify\u00ae Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify\u00ae Algorithm Suite are not affected." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "5cdcf916-2b10-4ec8-bfc1-d054821e439e", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:L/U:Clear", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NEGLIGIBLE", + "automatable": "NO", + "recovery": "AUTOMATIC", + "valueDensity": "DIFFUSE", + "vulnerabilityResponseEffort": "LOW", + "providerUrgency": "CLEAR" + } + } + ] + }, + "weaknesses": [ + { + "source": "5cdcf916-2b10-4ec8-bfc1-d054821e439e", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], + "references": [ + { + "url": "https://diagnostics.roche.com/content/dam/diagnostics/Blueprint/en/pdf/Algo%20Edge%20-%20Authentication%20Vulnerability%20-%20Product%20Security%20Advisory.pdf", + "source": "5cdcf916-2b10-4ec8-bfc1-d054821e439e" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-1358.json b/2024/CVE-2024-1358.json index db3df4532a..2cdc047b2f 100644 --- a/2024/CVE-2024-1358.json +++ b/2024/CVE-2024-1358.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1358", "sourceIdentifier": "security@wordfence.com", "published": "2024-03-13T16:15:19.870", - "lastModified": "2024-11-21T08:50:24.403", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:52:41.687", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.13", + "matchCriteriaId": "A7CA62DB-FA1A-4082-A265-E544B1E05957" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/shape-separator/widgets/shape-separator.php#L89", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3037925/addon-elements-for-elementor-page-builder/trunk/modules/shape-separator/widgets/shape-separator.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20cd3fff-0488-4bc2-961b-2427925e6a96?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/shape-separator/widgets/shape-separator.php#L89", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3037925/addon-elements-for-elementor-page-builder/trunk/modules/shape-separator/widgets/shape-separator.php", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/20cd3fff-0488-4bc2-961b-2427925e6a96?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1391.json b/2024/CVE-2024-1391.json index 3bf146d5a1..b5e5069add 100644 --- a/2024/CVE-2024-1391.json +++ b/2024/CVE-2024-1391.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1391", "sourceIdentifier": "security@wordfence.com", "published": "2024-03-13T16:15:21.387", - "lastModified": "2024-11-21T08:50:28.720", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:52:57.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.13", + "matchCriteriaId": "A7CA62DB-FA1A-4082-A265-E544B1E05957" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/bg-slider/module.php#L255", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/bg-slider/module.php#L255", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/977bab12-969d-4b15-9942-2b17c8541f61?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/bg-slider/module.php#L255", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/bg-slider/module.php#L255", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/977bab12-969d-4b15-9942-2b17c8541f61?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1392.json b/2024/CVE-2024-1392.json index 707316c8f5..a105ce5f03 100644 --- a/2024/CVE-2024-1392.json +++ b/2024/CVE-2024-1392.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1392", "sourceIdentifier": "security@wordfence.com", "published": "2024-03-13T16:15:21.590", - "lastModified": "2024-11-21T08:50:28.840", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:53:57.010", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.13", + "matchCriteriaId": "A7CA62DB-FA1A-4082-A265-E544B1E05957" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/dual-button/widgets/dual-button.php#L885", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/dual-button/widgets/dual-button.php#L885", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33d7dc4d-bb41-456a-bd1a-37d8f2aada30?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/dual-button/widgets/dual-button.php#L885", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/dual-button/widgets/dual-button.php#L885", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/33d7dc4d-bb41-456a-bd1a-37d8f2aada30?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1393.json b/2024/CVE-2024-1393.json index fdca4abbd8..9966f2c1af 100644 --- a/2024/CVE-2024-1393.json +++ b/2024/CVE-2024-1393.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1393", "sourceIdentifier": "security@wordfence.com", "published": "2024-03-13T16:15:21.770", - "lastModified": "2024-11-21T08:50:28.977", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:54:07.350", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.13", + "matchCriteriaId": "A7CA62DB-FA1A-4082-A265-E544B1E05957" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/content-switcher/skins/skin-3.php#L39", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/content-switcher/skins/skin-3.php#L39", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0888d6-30e6-4957-b270-1968eace462e?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/content-switcher/skins/skin-3.php#L39", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/content-switcher/skins/skin-3.php#L39", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0888d6-30e6-4957-b270-1968eace462e?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1422.json b/2024/CVE-2024-1422.json index 8063350e44..5002308bb7 100644 --- a/2024/CVE-2024-1422.json +++ b/2024/CVE-2024-1422.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1422", "sourceIdentifier": "security@wordfence.com", "published": "2024-03-13T16:15:22.457", - "lastModified": "2024-11-21T08:50:33.127", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:56:49.607", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,41 +36,115 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.13", + "matchCriteriaId": "A7CA62DB-FA1A-4082-A265-E544B1E05957" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1048", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1062", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037925%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3031349%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file26", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1048", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1062", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037925%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3031349%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file26", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1904.json b/2024/CVE-2024-1904.json index 7ef9290fb2..58f17d79e2 100644 --- a/2024/CVE-2024-1904.json +++ b/2024/CVE-2024-1904.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1904", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:20.680", - "lastModified": "2024-11-21T08:51:33.987", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:22:36.853", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,22 +39,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.3.0", + "matchCriteriaId": "2C2E0A32-DC59-4E43-B711-143AD4BFDDBA" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3050967/masterstudy-lms-learning-management-system", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1be686d3-16b1-4ec7-b304-848ca4d7162c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3050967/masterstudy-lms-learning-management-system", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1be686d3-16b1-4ec7-b304-848ca4d7162c?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1990.json b/2024/CVE-2024-1990.json index 42d401943d..7b8b5d0d1c 100644 --- a/2024/CVE-2024-1990.json +++ b/2024/CVE-2024-1990.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1990", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:21.703", - "lastModified": "2024-11-21T08:51:44.900", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:30:21.120", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,30 +39,78 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:metagauss:registrationmagic:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.3.2.0", + "matchCriteriaId": "EFDE3263-C1AE-4DBE-9B26-AF13F57287CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3049490/custom-registration-form-builder-with-submission-manager/trunk/public/class_rm_public.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3057216/custom-registration-form-builder-with-submission-manager/trunk/public/class_rm_public.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6478cdbc-a20e-4fe2-bbd6-8a550e5da895?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3049490/custom-registration-form-builder-with-submission-manager/trunk/public/class_rm_public.php", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3057216/custom-registration-form-builder-with-submission-manager/trunk/public/class_rm_public.php", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6478cdbc-a20e-4fe2-bbd6-8a550e5da895?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-2042.json b/2024/CVE-2024-2042.json index 8038c86ead..5641787637 100644 --- a/2024/CVE-2024-2042.json +++ b/2024/CVE-2024-2042.json @@ -2,8 +2,8 @@ "id": "CVE-2024-2042", "sourceIdentifier": "security@wordfence.com", "published": "2024-03-16T03:15:07.143", - "lastModified": "2024-11-21T09:08:54.860", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:57:25.747", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmet:elements_kit_elementor_addons:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0.6", + "matchCriteriaId": "B84C60D7-8C96-4E02-B38D-6B87C0D499EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.4/widgets/image-accordion/image-accordion.php#L962", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050248%40elementskit-lite&new=3050248%40elementskit-lite&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be4ce3e6-8baa-419f-a48e-4256c306fbc1?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.4/widgets/image-accordion/image-accordion.php#L962", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050248%40elementskit-lite&new=3050248%40elementskit-lite&sfp_email=&sfph_mail=", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/be4ce3e6-8baa-419f-a48e-4256c306fbc1?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-21409.json b/2024/CVE-2024-21409.json index a8eb0d869c..90417d8c05 100644 --- a/2024/CVE-2024-21409.json +++ b/2024/CVE-2024-21409.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21409", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:34.803", - "lastModified": "2025-01-08T16:41:34.453", - "vulnStatus": "Analyzed", + "lastModified": "2025-01-17T20:15:27.787", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -449,6 +449,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20250117-0002/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/2024/CVE-2024-21641.json b/2024/CVE-2024-21641.json index 7638fa6a9e..2b2e8050ab 100644 --- a/2024/CVE-2024-21641.json +++ b/2024/CVE-2024-21641.json @@ -2,7 +2,7 @@ "id": "CVE-2024-21641", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-05T21:15:43.337", - "lastModified": "2024-11-21T08:54:47.033", + "lastModified": "2025-01-17T19:15:28.590", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -22,19 +22,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", - "baseScore": 7.5, - "baseSeverity": "HIGH", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", - "userInteraction": "NONE", + "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.8, "impactScore": 3.6 }, { diff --git a/2024/CVE-2024-2242.json b/2024/CVE-2024-2242.json index 840f1c9ce9..9c5a32b981 100644 --- a/2024/CVE-2024-2242.json +++ b/2024/CVE-2024-2242.json @@ -2,8 +2,8 @@ "id": "CVE-2024-2242", "sourceIdentifier": "security@wordfence.com", "published": "2024-03-13T22:15:12.173", - "lastModified": "2024-11-21T09:09:20.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:57:07.283", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,22 +39,64 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rocklobster:contact_form_7:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.9.2", + "matchCriteriaId": "357F32F3-4A95-4E33-998F-0ADF9EFF7649" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3049594/contact-form-7/trunk/admin/edit-contact-form.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3049594/contact-form-7/trunk/admin/edit-contact-form.php", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Broken Link" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-2539.json b/2024/CVE-2024-2539.json index 9bb47d6a3d..89a620eacd 100644 --- a/2024/CVE-2024-2539.json +++ b/2024/CVE-2024-2539.json @@ -2,8 +2,8 @@ "id": "CVE-2024-2539", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-10T06:15:06.530", - "lastModified": "2024-11-21T09:09:58.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:20:18.470", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,25 +36,87 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:livemeshelementor:addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.3.7", + "matchCriteriaId": "68D44D58-3CEE-486E-90C7-CED414B3E13F" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3065560/addons-for-elementor/trunk/templates/addons/marquee-text/content.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52d79cdd-739f-4ae9-9214-bc64ca7d8ecb?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3065560/addons-for-elementor/trunk/templates/addons/marquee-text/content.php", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52d79cdd-739f-4ae9-9214-bc64ca7d8ecb?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-2655.json b/2024/CVE-2024-2655.json index 932aeaccca..2cbfea1872 100644 --- a/2024/CVE-2024-2655.json +++ b/2024/CVE-2024-2655.json @@ -2,8 +2,8 @@ "id": "CVE-2024-2655", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-10T06:15:06.940", - "lastModified": "2024-11-21T09:10:13.457", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:18:36.207", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,25 +36,87 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:livemeshelementor:addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.3.6", + "matchCriteriaId": "CCF3EDE8-523A-4719-963E-26312EB2A4CD" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/post-meta/author.php#L8", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69f2fc37-4c02-48da-b1e8-350ecc8ba086?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/post-meta/author.php#L8", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/69f2fc37-4c02-48da-b1e8-350ecc8ba086?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-29415.json b/2024/CVE-2024-29415.json index cc0c1d1246..128e7dffb0 100644 --- a/2024/CVE-2024-29415.json +++ b/2024/CVE-2024-29415.json @@ -2,7 +2,7 @@ "id": "CVE-2024-29415", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-27T20:15:08.970", - "lastModified": "2024-11-21T09:08:01.093", + "lastModified": "2025-01-17T20:15:27.950", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -79,6 +79,10 @@ { "url": "https://github.com/indutny/node-ip/pull/144", "source": "af854a3a-2127-422b-91ae-364da2661108" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20250117-0010/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/2024/CVE-2024-31343.json b/2024/CVE-2024-31343.json index 9c266f9f6f..1a04905b9f 100644 --- a/2024/CVE-2024-31343.json +++ b/2024/CVE-2024-31343.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31343", "sourceIdentifier": "audit@patchstack.com", "published": "2024-04-10T17:15:55.417", - "lastModified": "2024-11-21T09:13:20.033", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:32:04.977", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sonaar:mp3_audio_player_for_music\\,_radio_\\&_podcast:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.0", + "matchCriteriaId": "700F62E4-A3E8-4A05-AE2D-B25E58D0742B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/mp3-music-player-by-sonaar/wordpress-mp3-audio-player-for-music-radio-podcast-by-sonaar-plugin-4-10-1-arbitrary-file-download-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/mp3-music-player-by-sonaar/wordpress-mp3-audio-player-for-music-radio-podcast-by-sonaar-plugin-4-10-1-arbitrary-file-download-vulnerability?_s_id=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-3136.json b/2024/CVE-2024-3136.json index 1f129fc138..df72436a77 100644 --- a/2024/CVE-2024-3136.json +++ b/2024/CVE-2024-3136.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3136", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:39.720", - "lastModified": "2024-11-21T09:28:58.537", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:21:25.430", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,30 +39,78 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stylemixthemes:masterstudy_lms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.3.4", + "matchCriteriaId": "DECBBEDC-BB3C-4584-81D4-1B6C300F2535" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/helpers.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/templates.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/helpers.php", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3064337/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/templates.php", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a573740-cdfe-4b58-b33b-5e50bcbc4779?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-32118.json b/2024/CVE-2024-32118.json index e373593176..14672b7249 100644 --- a/2024/CVE-2024-32118.json +++ b/2024/CVE-2024-32118.json @@ -2,8 +2,8 @@ "id": "CVE-2024-32118", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-11-12T19:15:09.287", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:42:17.053", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,9 +32,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 6.7, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.8, "impactScore": 5.9 @@ -51,10 +71,65 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndExcluding": "7.2.6", + "matchCriteriaId": "FF6CA5B2-29DE-4FB3-8D7D-D248A593AB79" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.4.0", + "versionEndExcluding": "7.4.3", + "matchCriteriaId": "AF309EFD-1770-44AF-B192-3D9816F792CB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.1", + "versionEndExcluding": "7.2.8", + "matchCriteriaId": "1A9C272F-2E14-4BC3-B3A3-1EF4E93BDBFF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer_big_data:7.4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "80598594-A45A-4E69-B968-1DD3DBD30FF9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndExcluding": "7.2.6", + "matchCriteriaId": "A3F113AF-AA71-466D-9841-15A5243ECFF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.4.0", + "versionEndExcluding": "7.4.3", + "matchCriteriaId": "E4490512-36ED-4212-9D34-D74739A56E84" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-116", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-33510.json b/2024/CVE-2024-33510.json index b26664a170..cdba09d553 100644 --- a/2024/CVE-2024-33510.json +++ b/2024/CVE-2024-33510.json @@ -2,8 +2,8 @@ "id": "CVE-2024-33510", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-11-12T19:15:09.723", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:35:31.247", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 @@ -42,19 +62,79 @@ "weaknesses": [ { "source": "psirt@fortinet.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-358" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.17", + "matchCriteriaId": "C98BE382-7A23-4231-9D1B-5D7946848F99" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndExcluding": "7.2.10", + "matchCriteriaId": "EDFFA2C3-0A23-4884-B751-785BE598DFF3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.4.0", + "versionEndExcluding": "7.4.4", + "matchCriteriaId": "3F2C29AD-A11F-4A5F-8BB0-8600D5F77E72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.2.9", + "matchCriteriaId": "AC7395B0-2864-49E3-8B70-935A17EF3162" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.4.0", + "versionEndExcluding": "7.4.4", + "matchCriteriaId": "1FDDB5F3-D229-4208-9110-8860A03C8B59" + } + ] + } + ] } ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-033", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-35274.json b/2024/CVE-2024-35274.json index 1ad0b5ccaa..3203a96dbf 100644 --- a/2024/CVE-2024-35274.json +++ b/2024/CVE-2024-35274.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35274", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-11-12T19:15:09.993", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:29:43.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 2.3, + "baseSeverity": "LOW", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "HIGH", @@ -30,9 +32,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", "baseScore": 2.3, - "baseSeverity": "LOW" + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" }, "exploitabilityScore": 0.8, "impactScore": 1.4 @@ -42,19 +62,65 @@ "weaknesses": [ { "source": "psirt@fortinet.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-23" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndExcluding": "7.4.3", + "matchCriteriaId": "452AE920-49A0-4A7C-840C-4AD5510B7AF2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortianalyzer_big_data:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.1", + "versionEndExcluding": "7.4.1", + "matchCriteriaId": "35854F9A-432E-4185-A6D2-8C6D59A4CE98" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2.0", + "versionEndExcluding": "7.4.3", + "matchCriteriaId": "D7F7A7D1-A7E0-429D-B4F8-BD64A6E2497F" + } + ] + } + ] } ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-179", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-38807.json b/2024/CVE-2024-38807.json index 13f9852a08..6c18378c80 100644 --- a/2024/CVE-2024-38807.json +++ b/2024/CVE-2024-38807.json @@ -2,7 +2,7 @@ "id": "CVE-2024-38807", "sourceIdentifier": "security@vmware.com", "published": "2024-08-23T09:15:07.453", - "lastModified": "2024-08-23T16:18:28.547", + "lastModified": "2025-01-17T20:15:28.130", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 6.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 1.0, "impactScore": 5.2 @@ -43,6 +43,10 @@ { "url": "https://spring.io/security/cve-2024-38807", "source": "security@vmware.com" + }, + { + "url": "https://security.netapp.com/advisory/ntap-20250117-0006/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/2024/CVE-2024-39908.json b/2024/CVE-2024-39908.json index f6eecb7a73..1912bae949 100644 --- a/2024/CVE-2024-39908.json +++ b/2024/CVE-2024-39908.json @@ -2,7 +2,7 @@ "id": "CVE-2024-39908", "sourceIdentifier": "security-advisories@github.com", "published": "2024-07-16T18:15:08.167", - "lastModified": "2024-11-21T09:28:32.747", + "lastModified": "2025-01-17T20:15:28.250", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -64,6 +64,10 @@ "url": "https://github.com/ruby/rexml/security/advisories/GHSA-4xqq-m2hx-25v8", "source": "af854a3a-2127-422b-91ae-364da2661108" }, + { + "url": "https://security.netapp.com/advisory/ntap-20250117-0008/", + "source": "af854a3a-2127-422b-91ae-364da2661108" + }, { "url": "https://www.ruby-lang.org/en/news/2024/07/16/dos-rexml-cve-2024-39908", "source": "af854a3a-2127-422b-91ae-364da2661108" diff --git a/2024/CVE-2024-41946.json b/2024/CVE-2024-41946.json index db36b1452a..e3d51cc615 100644 --- a/2024/CVE-2024-41946.json +++ b/2024/CVE-2024-41946.json @@ -2,8 +2,8 @@ "id": "CVE-2024-41946", "sourceIdentifier": "security-advisories@github.com", "published": "2024-08-01T15:15:14.100", - "lastModified": "2024-09-05T16:09:45.503", - "vulnStatus": "Analyzed", + "lastModified": "2025-01-17T20:15:28.380", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -18,11 +18,13 @@ "metrics": { "cvssMetricV31": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "security-advisories@github.com", + "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,19 +32,19 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "LOW" }, "exploitabilityScore": 3.9, - "impactScore": 3.6 + "impactScore": 1.4 }, { - "source": "security-advisories@github.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -50,19 +52,17 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "LOW", - "baseScore": 5.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, - "impactScore": 1.4 + "impactScore": 3.6 } ] }, "weaknesses": [ { - "source": "nvd@nist.gov", - "type": "Primary", + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -71,8 +71,8 @@ ] }, { - "source": "security-advisories@github.com", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "description": [ { "lang": "en", @@ -127,6 +127,10 @@ "tags": [ "Vendor Advisory" ] + }, + { + "url": "https://security.netapp.com/advisory/ntap-20250117-0007/", + "source": "af854a3a-2127-422b-91ae-364da2661108" } ] } \ No newline at end of file diff --git a/2024/CVE-2024-47906.json b/2024/CVE-2024-47906.json index 0375372401..6ce248d3a6 100644 --- a/2024/CVE-2024-47906.json +++ b/2024/CVE-2024-47906.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47906", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:22.670", - "lastModified": "2024-11-22T17:15:08.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:27:14.100", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -53,12 +73,127 @@ "value": "CWE-426" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-426" + }, + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "3281AC31-EAEC-4C8D-A0AA-3CDD1092D3EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionStartExcluding": "9.1", + "versionEndExcluding": "22.7", + "matchCriteriaId": "C8B38BEE-671B-4B29-A230-C92ACEE60C74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "368E8A56-50E4-4400-8C18-B7426B112FFC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionStartExcluding": "9.1", + "versionEndExcluding": "22.7", + "matchCriteriaId": "0905A2B5-F9DF-48C9-9DA4-2D4C1C7BC0F5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-52870.json b/2024/CVE-2024-52870.json new file mode 100644 index 0000000000..ba1b3a735c --- /dev/null +++ b/2024/CVE-2024-52870.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-52870", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-17T20:15:28.527", + "lastModified": "2025-01-17T20:15:28.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a client user accessing arbitrary remote websites." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://chrismanson.com/CVE/cve-2024-52870.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.teradata.com/trust-security-center/data-security", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-57030.json b/2024/CVE-2024-57030.json new file mode 100644 index 0000000000..f50c576e8a --- /dev/null +++ b/2024/CVE-2024-57030.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57030", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-17T20:15:28.667", + "lastModified": "2025-01-17T20:15:28.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57030", + "source": "cve@mitre.org" + }, + { + "url": "https://www.wegia.org/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-57031.json b/2024/CVE-2024-57031.json new file mode 100644 index 0000000000..6a891b070a --- /dev/null +++ b/2024/CVE-2024-57031.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57031", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-17T20:15:28.790", + "lastModified": "2025-01-17T20:15:28.790", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57031", + "source": "cve@mitre.org" + }, + { + "url": "https://www.wegia.org/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-57032.json b/2024/CVE-2024-57032.json new file mode 100644 index 0000000000..efcfda83a6 --- /dev/null +++ b/2024/CVE-2024-57032.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57032", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-17T20:15:28.910", + "lastModified": "2025-01-17T20:15:28.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/nmmorette/vulnerability-research/blob/main/CVE-2024-57032", + "source": "cve@mitre.org" + }, + { + "url": "https://www.wegia.org/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-57034.json b/2024/CVE-2024-57034.json new file mode 100644 index 0000000000..5037178210 --- /dev/null +++ b/2024/CVE-2024-57034.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-57034", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-17T20:15:29.020", + "lastModified": "2025-01-17T20:15:29.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/nmmorette/vulnerability-research/tree/main/CVE-2024-57034", + "source": "cve@mitre.org" + }, + { + "url": "https://www.wegia.org", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-57369.json b/2024/CVE-2024-57369.json new file mode 100644 index 0000000000..c6ec708dd4 --- /dev/null +++ b/2024/CVE-2024-57369.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-57369", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-17T20:15:29.140", + "lastModified": "2025-01-17T20:15:29.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Clickjacking vulnerability in typecho v1.2.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/typecho/typecho", + "source": "cve@mitre.org" + }, + { + "url": "https://royblume.github.io/CVE-2024-57369/", + "source": "cve@mitre.org" + }, + { + "url": "https://typecho.org/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-57370.json b/2024/CVE-2024-57370.json new file mode 100644 index 0000000000..1916fbfbb5 --- /dev/null +++ b/2024/CVE-2024-57370.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-57370", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-17T20:15:29.303", + "lastModified": "2025-01-17T20:15:29.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in sunnygkp10 Online Exam System master version allows a remote attacker to obtain sensitive information via the w parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://sunnygkp10.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/sunnygkp10/Online-Exam-System", + "source": "cve@mitre.org" + }, + { + "url": "https://royblume.github.io/CVE-2024-57370/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-57372.json b/2024/CVE-2024-57372.json new file mode 100644 index 0000000000..e3174a7379 --- /dev/null +++ b/2024/CVE-2024-57372.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-57372", + "sourceIdentifier": "cve@mitre.org", + "published": "2025-01-17T20:15:29.447", + "lastModified": "2025-01-17T20:15:29.447", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in InformationPush master version allows a remote attacker to obtain sensitive information via the title, time and msg parameters" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/kaixin1995", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/kaixin1995/InformationPush", + "source": "cve@mitre.org" + }, + { + "url": "https://royblume.github.io/CVE-2024-57372/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-7571.json b/2024/CVE-2024-7571.json index 92b769d205..65cfd9506a 100644 --- a/2024/CVE-2024-7571.json +++ b/2024/CVE-2024-7571.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7571", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T17:15:10.973", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:45:37.847", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.8, - "baseSeverity": "HIGH" + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -49,12 +69,80 @@ "value": "CWE-267" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "2347060E-FEC7-41EF-A0C0-5ED61B157223" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "C419EC4C-AB98-4D73-82B2-00A0A1F5A435" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "F78C1CDE-FB11-4033-AEBA-D04D937EDD67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "12DF0E17-F261-48D1-B2B8-50E9AEAFEC27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "E881D4BF-3222-4EF9-8A9B-0948973CCC89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r3:*:*:*:*:*:*", + "matchCriteriaId": "D93F7D15-B61D-4EE7-9280-FC0B7C45C940" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-8495.json b/2024/CVE-2024-8495.json index 67bb739eff..be818dec2e 100644 --- a/2024/CVE-2024-8495.json +++ b/2024/CVE-2024-8495.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8495", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:26.560", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:04:56.517", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, - "baseSeverity": "HIGH" + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -49,12 +69,99 @@ "value": "CWE-476" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-8539.json b/2024/CVE-2024-8539.json index 7b439315d9..9ac1c97777 100644 --- a/2024/CVE-2024-8539.json +++ b/2024/CVE-2024-8539.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8539", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T17:15:11.357", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:02:50.283", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,27 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", "baseScore": 7.1, - "baseSeverity": "HIGH" + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.2 @@ -49,12 +69,85 @@ "value": "CWE-267" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "2347060E-FEC7-41EF-A0C0-5ED61B157223" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "C419EC4C-AB98-4D73-82B2-00A0A1F5A435" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "F78C1CDE-FB11-4033-AEBA-D04D937EDD67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "12DF0E17-F261-48D1-B2B8-50E9AEAFEC27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "E881D4BF-3222-4EF9-8A9B-0948973CCC89" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-9420.json b/2024/CVE-2024-9420.json index 05306b82d3..d483ebfc24 100644 --- a/2024/CVE-2024-9420.json +++ b/2024/CVE-2024-9420.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9420", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:26.760", - "lastModified": "2024-11-27T21:15:08.357", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:29:36.007", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,7 +15,30 @@ "value": "Use-after-free en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.3 y en Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.2 permite que un atacante remoto autenticado logre la ejecuci\u00f3n remota de c\u00f3digo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", @@ -26,12 +49,401 @@ "value": "CWE-416" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "9.1", + "matchCriteriaId": "3281AC31-EAEC-4C8D-A0AA-3CDD1092D3EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionStartIncluding": "21.9", + "versionEndExcluding": "22.7", + "matchCriteriaId": "C616EB87-8CE7-44E1-92A7-E5ED6E8C414A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:-:*:*:*:*:*:*", + "matchCriteriaId": "4F450898-0B06-4073-9B76-BF22F68BD14F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1:*:*:*:*:*:*", + "matchCriteriaId": "4B21C181-DC49-4EBD-9932-DBB337151FF7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r1.0:*:*:*:*:*:*", + "matchCriteriaId": "130C8955-BDA4-4518-8EBA-740EB08FC3E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10:*:*:*:*:*:*", + "matchCriteriaId": "5A3A93FE-41BF-43F2-9EFC-89656182329F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.0:*:*:*:*:*:*", + "matchCriteriaId": "5AA4B39F-2FB9-4752-B1F1-18812B0990B4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r10.2:*:*:*:*:*:*", + "matchCriteriaId": "232BAB6C-D318-4F80-8F49-4E700C21F535" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11:*:*:*:*:*:*", + "matchCriteriaId": "8D5F47BA-DE6D-443D-95C3-A45F80EDC71E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.0:*:*:*:*:*:*", + "matchCriteriaId": "ABD840BF-944E-4F4C-96DC-0256286338F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.1:*:*:*:*:*:*", + "matchCriteriaId": "A1995F34-AE75-47C4-9A9D-DBB1D3E130E5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.3:*:*:*:*:*:*", + "matchCriteriaId": "366EF5B8-0233-49B8-806A-E54F60410ADE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.4:*:*:*:*:*:*", + "matchCriteriaId": "6F2A7F5C-1D78-4D19-B8ED-5822FDF5DA63" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r11.5:*:*:*:*:*:*", + "matchCriteriaId": "2DDDA231-2A5E-4C70-8620-535C7F9027A4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12:*:*:*:*:*:*", + "matchCriteriaId": "32E0B425-A9BA-4D00-84A9-46268072D696" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.1:*:*:*:*:*:*", + "matchCriteriaId": "BBC724E8-195B-4CB4-AC2A-63E184AED4F6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r12.2:*:*:*:*:*:*", + "matchCriteriaId": "7162C24D-D181-49CC-B8C2-9EE3E0CDF846" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13:*:*:*:*:*:*", + "matchCriteriaId": "65435A96-EF7A-439A-AA6C-CB7EAEF0A963" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r13.1:*:*:*:*:*:*", + "matchCriteriaId": "3027A9CE-849E-4CAE-A1C4-170DEAF4FE86" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14:*:*:*:*:*:*", + "matchCriteriaId": "C132BA26-BCA0-43E6-9511-34ACFFA136A9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r14.4:*:*:*:*:*:*", + "matchCriteriaId": "06520C75-9326-4C21-8AD6-6DE1ED031959" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15:*:*:*:*:*:*", + "matchCriteriaId": "CE228FBD-5AD1-4BC6-AF63-5248E671B04F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r15.2:*:*:*:*:*:*", + "matchCriteriaId": "D7DBCD6B-B7AA-4AB0-852F-563A2EC85DB4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16:*:*:*:*:*:*", + "matchCriteriaId": "44C26423-8621-4F6D-A45B-0A6B6E873AB6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r16.1:*:*:*:*:*:*", + "matchCriteriaId": "BC391EB5-C457-459C-8EAA-EA0043487C0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17:*:*:*:*:*:*", + "matchCriteriaId": "DB6CEA16-F422-48F1-9473-3931B1BFA63F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.1:*:*:*:*:*:*", + "matchCriteriaId": "E238AB9F-99C1-4F0D-B442-D390065D35D1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r17.2:*:*:*:*:*:*", + "matchCriteriaId": "8971445A-D65F-4C0E-906F-7AC4953C5689" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18:*:*:*:*:*:*", + "matchCriteriaId": "28FDE909-711C-41EC-8BA6-AC4DE05EA27E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.1:*:*:*:*:*:*", + "matchCriteriaId": "080CD832-3324-4158-A4CD-3A2E49B7BC74" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.2:*:*:*:*:*:*", + "matchCriteriaId": "DB2B8165-E9D4-4549-B16E-A62810BDAF8D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.3:*:*:*:*:*:*", + "matchCriteriaId": "014C7627-F211-48B1-80FA-3A7F608B4F23" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.7:*:*:*:*:*:*", + "matchCriteriaId": "A5592C84-538C-47AB-8042-09B42D89BB0B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r18.8:*:*:*:*:*:*", + "matchCriteriaId": "7DC6A046-F81C-4CBA-B06E-081AA550C91C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2:*:*:*:*:*:*", + "matchCriteriaId": "4FEFC4B1-7350-46F9-80C1-42F5AE06142F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r2.0:*:*:*:*:*:*", + "matchCriteriaId": "4E2D041D-9BDD-416D-B658-1C517C854104" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3:*:*:*:*:*:*", + "matchCriteriaId": "DB7A6D62-6576-4713-9BF4-11068A72E8B7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r3.0:*:*:*:*:*:*", + "matchCriteriaId": "7155EB34-E8E0-49AF-BDA2-FB4BFA44662E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4:*:*:*:*:*:*", + "matchCriteriaId": "843BC1B9-50CC-4F8F-A454-A0CEC6E92290" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.0:*:*:*:*:*:*", + "matchCriteriaId": "25EE614A-5F32-4CA9-998A-4FAF16DC100C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.1:*:*:*:*:*:*", + "matchCriteriaId": "D5355372-03EA-46D7-9104-A2785C29B664" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.2:*:*:*:*:*:*", + "matchCriteriaId": "3DE32A0C-8944-4F51-A286-266055CA4B2F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r4.3:*:*:*:*:*:*", + "matchCriteriaId": "0349A0CC-A372-4E51-899E-D7BA67876F4B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5:*:*:*:*:*:*", + "matchCriteriaId": "93D1A098-BD77-4A7B-9070-A764FB435981" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r5.0:*:*:*:*:*:*", + "matchCriteriaId": "F49EE829-A2CD-491E-BFC3-7888491D7C58" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6:*:*:*:*:*:*", + "matchCriteriaId": "3CCC2D7B-F835-45EC-A316-2F0C5F2CF565" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r6.0:*:*:*:*:*:*", + "matchCriteriaId": "2254DDF1-7FF3-49E1-8826-91F49A6794F8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7:*:*:*:*:*:*", + "matchCriteriaId": "AD812596-C77C-4129-982F-C22A25B52126" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r7.0:*:*:*:*:*:*", + "matchCriteriaId": "B8EA4DA8-CD09-41AC-ADCB-27CF771C016B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8:*:*:*:*:*:*", + "matchCriteriaId": "9FA0B20D-3FA1-42AE-BDC5-93D8A182927C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.0:*:*:*:*:*:*", + "matchCriteriaId": "4D6CECCB-18BA-4219-95A2-2525A2BDCE36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.1:*:*:*:*:*:*", + "matchCriteriaId": "BFFA0B02-7F6D-4434-B1E7-EB8520FD68A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.2:*:*:*:*:*:*", + "matchCriteriaId": "DFE8FA87-9622-4D5B-99C7-D8EE230C0AA9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r8.4:*:*:*:*:*:*", + "matchCriteriaId": "07AB853D-5A3F-4142-8417-1C9FB729A89E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9:*:*:*:*:*:*", + "matchCriteriaId": "16DAA769-8F0D-4C54-A8D9-9902995605B0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.0:*:*:*:*:*:*", + "matchCriteriaId": "B7006C07-0E3F-4890-A1B3-533E10924D49" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.1:*:*:*:*:*:*", + "matchCriteriaId": "B2C10C89-1DBC-4E91-BD28-D5097B589CA9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:9.1:r9.2:*:*:*:*:*:*", + "matchCriteriaId": "F54753D0-6275-4F82-B874-55438D2983B3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-9842.json b/2024/CVE-2024-9842.json index 57d7e09b5f..90c263ec01 100644 --- a/2024/CVE-2024-9842.json +++ b/2024/CVE-2024-9842.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9842", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T17:15:11.580", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:55:48.957", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:H", + "baseScore": 7.3, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,12 +32,30 @@ "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "HIGH", - "baseScore": 7.3, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.0, "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 3.3, + "baseSeverity": "LOW", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 } ] }, @@ -53,12 +73,84 @@ "value": "CWE-732" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + }, + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "2347060E-FEC7-41EF-A0C0-5ED61B157223" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "C419EC4C-AB98-4D73-82B2-00A0A1F5A435" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "F78C1CDE-FB11-4033-AEBA-D04D937EDD67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "12DF0E17-F261-48D1-B2B8-50E9AEAFEC27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "E881D4BF-3222-4EF9-8A9B-0948973CCC89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r3:*:*:*:*:*:*", + "matchCriteriaId": "D93F7D15-B61D-4EE7-9280-FC0B7C45C940" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-9843.json b/2024/CVE-2024-9843.json index 506e629ab6..5e5923ffb1 100644 --- a/2024/CVE-2024-9843.json +++ b/2024/CVE-2024-9843.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9843", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T17:15:11.793", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:00:21.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H", + "baseScore": 5.0, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,12 +32,30 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 5.0, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.3, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,12 +69,80 @@ "value": "CWE-126" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "2347060E-FEC7-41EF-A0C0-5ED61B157223" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "C419EC4C-AB98-4D73-82B2-00A0A1F5A435" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "F78C1CDE-FB11-4033-AEBA-D04D937EDD67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "12DF0E17-F261-48D1-B2B8-50E9AEAFEC27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "E881D4BF-3222-4EF9-8A9B-0948973CCC89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r3:*:*:*:*:*:*", + "matchCriteriaId": "D93F7D15-B61D-4EE7-9280-FC0B7C45C940" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-9844.json b/2024/CVE-2024-9844.json index 7854a7feee..9746b57277 100644 --- a/2024/CVE-2024-9844.json +++ b/2024/CVE-2024-9844.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9844", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-12-10T19:15:31.607", - "lastModified": "2024-12-10T19:15:31.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T19:37:13.830", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 4.2 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -49,12 +69,98 @@ "value": "CWE-602" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.3:*:*:*:*:*:*", + "matchCriteriaId": "3447428E-DBCD-4553-B51D-AC08ECAFD881" + } + ] + } + ] } ], "references": [ { "url": "https://forums.ivanti.com/s/article/December-2024-Security-Advisory-Ivanti-Connect-Secure-ICS-and-Ivanti-Policy-Secure-IPS-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2025/CVE-2025-0534.json b/2025/CVE-2025-0534.json new file mode 100644 index 0000000000..4a8021febb --- /dev/null +++ b/2025/CVE-2025-0534.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-0534", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-17T19:15:28.777", + "lastModified": "2025-01-17T19:15:28.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://1000projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/onupset/CVE/issues/3", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.292418", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.292418", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.479128", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/2025/CVE-2025-0535.json b/2025/CVE-2025-0535.json new file mode 100644 index 0000000000..32fee65169 --- /dev/null +++ b/2025/CVE-2025-0535.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-0535", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-17T19:15:28.990", + "lastModified": "2025-01-17T19:15:28.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/lan041221/cve/blob/main/SQL_Injection_in_Gym_Management_System.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.292419", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.292419", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.479159", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/2025/CVE-2025-0536.json b/2025/CVE-2025-0536.json new file mode 100644 index 0000000000..0c443e2223 --- /dev/null +++ b/2025/CVE-2025-0536.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-0536", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-17T20:15:29.583", + "lastModified": "2025-01-17T20:15:29.583", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulation of the argument attendance_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://1000projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/lan041221/cve/blob/main/Attendance_Tracking_Management_System_SQL_Injection.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.292420", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.292420", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.479251", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/2025/CVE-2025-0537.json b/2025/CVE-2025-0537.json new file mode 100644 index 0000000000..dea9137d4c --- /dev/null +++ b/2025/CVE-2025-0537.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-0537", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-17T20:15:29.767", + "lastModified": "2025-01-17T20:15:29.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php. The manipulation of the argument pgdetails leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/aaryan-11-x/My-CVEs/blob/main/Stored%20XSS%20-%20Code-Projects%20Online%20Car%20Rental%20System%201.0.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.292421", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.292421", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.479864", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/2025/CVE-2025-21128.json b/2025/CVE-2025-21128.json index 13698a6906..2963409e7d 100644 --- a/2025/CVE-2025-21128.json +++ b/2025/CVE-2025-21128.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21128", "sourceIdentifier": "psirt@adobe.com", "published": "2025-01-14T19:15:33.387", - "lastModified": "2025-01-14T19:15:33.387", - "vulnStatus": "Received", + "lastModified": "2025-01-17T20:37:35.437", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 3.0.4 y anteriores de Substance3D - Stager se ven afectadas por una vulnerabilidad de desbordamiento de b\u00fafer basada en pila que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { @@ -38,19 +42,67 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-121" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.1.0", + "matchCriteriaId": "E286D1E5-DBA6-4F1D-96E9-E8FA62DD9DF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], "references": [ { "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb25-03.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2025/CVE-2025-21129.json b/2025/CVE-2025-21129.json index 5ff44c2524..d4ca2d31db 100644 --- a/2025/CVE-2025-21129.json +++ b/2025/CVE-2025-21129.json @@ -2,19 +2,43 @@ "id": "CVE-2025-21129", "sourceIdentifier": "psirt@adobe.com", "published": "2025-01-14T19:15:33.550", - "lastModified": "2025-01-14T19:15:33.550", - "vulnStatus": "Received", + "lastModified": "2025-01-17T20:37:33.603", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 3.0.4 y anteriores de Substance3D - Stager se ven afectadas por una vulnerabilidad de desbordamiento de b\u00fafer basado en el mont\u00f3n que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { "cvssMetricV31": [ { "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", @@ -38,19 +62,67 @@ "weaknesses": [ { "source": "psirt@adobe.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-122" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.1.0", + "matchCriteriaId": "E286D1E5-DBA6-4F1D-96E9-E8FA62DD9DF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] } ], "references": [ { "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb25-03.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2025/CVE-2025-21130.json b/2025/CVE-2025-21130.json index 1c6fd75d35..c8760ac7c5 100644 --- a/2025/CVE-2025-21130.json +++ b/2025/CVE-2025-21130.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21130", "sourceIdentifier": "psirt@adobe.com", "published": "2025-01-14T19:15:33.723", - "lastModified": "2025-01-14T19:15:33.723", - "vulnStatus": "Received", + "lastModified": "2025-01-17T20:37:32.137", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 3.0.4 y anteriores de Substance3D - Stager se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { @@ -47,10 +51,48 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.1.0", + "matchCriteriaId": "E286D1E5-DBA6-4F1D-96E9-E8FA62DD9DF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb25-03.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2025/CVE-2025-21131.json b/2025/CVE-2025-21131.json index 5bed303192..0cbd1a1303 100644 --- a/2025/CVE-2025-21131.json +++ b/2025/CVE-2025-21131.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21131", "sourceIdentifier": "psirt@adobe.com", "published": "2025-01-14T19:15:33.897", - "lastModified": "2025-01-14T19:15:33.897", - "vulnStatus": "Received", + "lastModified": "2025-01-17T20:37:30.750", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 3.0.4 y anteriores de Substance3D - Stager se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { @@ -47,10 +51,48 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.1.0", + "matchCriteriaId": "E286D1E5-DBA6-4F1D-96E9-E8FA62DD9DF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb25-03.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2025/CVE-2025-21132.json b/2025/CVE-2025-21132.json index 9e9325242c..a20609eec4 100644 --- a/2025/CVE-2025-21132.json +++ b/2025/CVE-2025-21132.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21132", "sourceIdentifier": "psirt@adobe.com", "published": "2025-01-14T19:15:34.047", - "lastModified": "2025-01-14T19:15:34.047", - "vulnStatus": "Received", + "lastModified": "2025-01-17T20:37:29.347", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": "Las versiones 3.0.4 y anteriores de Substance3D - Stager se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { @@ -47,10 +51,48 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:substance_3d_stager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.1.0", + "matchCriteriaId": "E286D1E5-DBA6-4F1D-96E9-E8FA62DD9DF2" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/substance3d_stager/apsb25-03.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2025/CVE-2025-21185.json b/2025/CVE-2025-21185.json new file mode 100644 index 0000000000..7cf8a2db80 --- /dev/null +++ b/2025/CVE-2025-21185.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2025-21185", + "sourceIdentifier": "secure@microsoft.com", + "published": "2025-01-17T20:15:30.227", + "lastModified": "2025-01-17T20:15:30.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21185", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/2025/CVE-2025-21360.json b/2025/CVE-2025-21360.json index ba0270130d..e96f7cbc8e 100644 --- a/2025/CVE-2025-21360.json +++ b/2025/CVE-2025-21360.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21360", "sourceIdentifier": "secure@microsoft.com", "published": "2025-01-14T18:16:01.470", - "lastModified": "2025-01-14T18:16:01.470", - "vulnStatus": "Received", + "lastModified": "2025-01-17T20:40:22.527", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de elevaci\u00f3n de privilegios en Microsoft AutoUpdate (MAU)" } ], "metrics": { @@ -38,19 +42,51 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-269" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:autoupdate:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "4.76", + "matchCriteriaId": "70D51276-3200-4FAA-A6BD-EFE0D12C63BF" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21360", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2025/CVE-2025-21361.json b/2025/CVE-2025-21361.json index ea988fb3c2..ff0ced2aa7 100644 --- a/2025/CVE-2025-21361.json +++ b/2025/CVE-2025-21361.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21361", "sourceIdentifier": "secure@microsoft.com", "published": "2025-01-14T18:16:01.637", - "lastModified": "2025-01-14T18:16:01.637", - "vulnStatus": "Received", + "lastModified": "2025-01-17T20:39:49.017", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Outlook Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Outlook" } ], "metrics": { @@ -38,19 +42,61 @@ "weaknesses": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", "value": "CWE-641" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:macos:*:*", + "matchCriteriaId": "0DF36AFA-B48C-4423-AD1C-78EEFF85EF2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:macos:*:*", + "matchCriteriaId": "873BD998-9D5A-4C09-A3B3-4DB12ABB6F72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:outlook:*:*:*:*:*:macos:*:*", + "versionEndExcluding": "16.93", + "matchCriteriaId": "CA396764-8253-45AA-BFDF-AE9F32C924C7" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21361", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2025/CVE-2025-21362.json b/2025/CVE-2025-21362.json index 779734ac01..3266f61ec8 100644 --- a/2025/CVE-2025-21362.json +++ b/2025/CVE-2025-21362.json @@ -2,13 +2,17 @@ "id": "CVE-2025-21362", "sourceIdentifier": "secure@microsoft.com", "published": "2025-01-14T18:16:01.820", - "lastModified": "2025-01-15T00:15:43.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T20:38:30.560", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Microsoft Excel Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Microsoft Excel" } ], "metrics": { @@ -45,12 +49,104 @@ "value": "CWE-416" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x64:*", + "matchCriteriaId": "3259EBFE-AE2D-48B8-BE9A-E22BBDB31378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:365_apps:-:*:*:*:enterprise:*:x86:*", + "matchCriteriaId": "CD25F492-9272-4836-832C-8439EBE64CCF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x64:*", + "matchCriteriaId": "CD88F667-6773-4DB7-B6C3-9C7B769C0808" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:excel:2016:*:*:*:*:*:x86:*", + "matchCriteriaId": "B342EF98-B414-44D0-BAFB-FCA24294EECE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x64:*", + "matchCriteriaId": "68F37A38-9BC3-43FD-8E71-4EED079156D4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2019:*:*:*:*:-:x86:*", + "matchCriteriaId": "AFFA09D5-9992-462F-B52E-A1DDE2462064" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x64:*", + "matchCriteriaId": "1AC0C23F-FC55-4DA1-8527-EB4432038FB0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:*:x86:*", + "matchCriteriaId": "A719B461-7869-46D0-9300-D0A348DC26A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2021:*:*:*:ltsc:macos:*:*", + "matchCriteriaId": "0DF36AFA-B48C-4423-AD1C-78EEFF85EF2C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:*:x64:*", + "matchCriteriaId": "19F65776-446D-404C-A830-990D4232791A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:*:x86:*", + "matchCriteriaId": "017875F7-5396-4069-9F9F-0BDA05143A25" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office:2024:*:*:*:ltsc:macos:*:*", + "matchCriteriaId": "873BD998-9D5A-4C09-A3B3-4DB12ABB6F72" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:office_online_server:*:*:*:*:*:*:*:*", + "versionEndExcluding": "16.0.10416.20047", + "matchCriteriaId": "AD3DBDB8-3DE3-47EC-9ACA-BC22CADFFFC9" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21362", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2025/CVE-2025-21399.json b/2025/CVE-2025-21399.json new file mode 100644 index 0000000000..0b610b176d --- /dev/null +++ b/2025/CVE-2025-21399.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2025-21399", + "sourceIdentifier": "secure@microsoft.com", + "published": "2025-01-17T20:15:46.117", + "lastModified": "2025-01-17T20:15:46.117", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21399", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file