diff --git a/2022/CVE-2022-45876.json b/2022/CVE-2022-45876.json index ed6f6bdcf0..c46b5ba33f 100644 --- a/2022/CVE-2022-45876.json +++ b/2022/CVE-2022-45876.json @@ -2,7 +2,7 @@ "id": "CVE-2022-45876", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-26T22:15:08.737", - "lastModified": "2024-11-21T07:29:53.063", + "lastModified": "2025-01-17T18:15:18.117", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, diff --git a/2023/CVE-2023-0432.json b/2023/CVE-2023-0432.json index 6e5c68f5ff..357934ede2 100644 --- a/2023/CVE-2023-0432.json +++ b/2023/CVE-2023-0432.json @@ -2,7 +2,7 @@ "id": "CVE-2023-0432", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-03-31T16:15:07.390", - "lastModified": "2024-11-21T07:37:10.143", + "lastModified": "2025-01-17T18:15:19.433", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 6.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 } ] }, diff --git a/2023/CVE-2023-22300.json b/2023/CVE-2023-22300.json index a95942f4c3..07d68011e2 100644 --- a/2023/CVE-2023-22300.json +++ b/2023/CVE-2023-22300.json @@ -2,7 +2,7 @@ "id": "CVE-2023-22300", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-03-27T20:15:09.343", - "lastModified": "2024-11-21T07:44:29.050", + "lastModified": "2025-01-17T18:15:19.947", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, diff --git a/2023/CVE-2023-25911.json b/2023/CVE-2023-25911.json index 9837c53dcc..ea41186d75 100644 --- a/2023/CVE-2023-25911.json +++ b/2023/CVE-2023-25911.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25911", "sourceIdentifier": "csirt@divd.nl", "published": "2023-06-11T14:15:09.923", - "lastModified": "2024-11-21T07:50:24.840", - "vulnStatus": "Modified", + "lastModified": "2025-01-17T17:55:14.593", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -38,19 +38,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.8, "impactScore": 5.9 } ] @@ -110,19 +110,31 @@ "references": [ { "url": "https://csirt.divd.nl/CVE-2023-25911/", - "source": "csirt@divd.nl" + "source": "csirt@divd.nl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://csirt.divd.nl/DIVD-2023-00021/", - "source": "csirt@divd.nl" + "source": "csirt@divd.nl", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://csirt.divd.nl/DIVD-2023-00021", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://divd.nl/cves/CVE-2023-25911", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-25914.json b/2023/CVE-2023-25914.json index 02dd65e085..aa7823e990 100644 --- a/2023/CVE-2023-25914.json +++ b/2023/CVE-2023-25914.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25914", "sourceIdentifier": "csirt@divd.nl", "published": "2023-08-21T21:15:08.970", - "lastModified": "2024-11-21T07:50:25.230", - "vulnStatus": "Modified", + "lastModified": "2025-01-17T17:54:40.107", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,20 +42,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", - "baseScore": 7.5, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", - "integrityImpact": "NONE", - "availabilityImpact": "NONE" + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" }, - "exploitabilityScore": 3.9, - "impactScore": 3.6 + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/2023/CVE-2023-25915.json b/2023/CVE-2023-25915.json index 40a696e70b..be143d85f6 100644 --- a/2023/CVE-2023-25915.json +++ b/2023/CVE-2023-25915.json @@ -2,8 +2,8 @@ "id": "CVE-2023-25915", "sourceIdentifier": "csirt@divd.nl", "published": "2023-08-21T21:15:09.170", - "lastModified": "2024-11-21T07:50:25.357", - "vulnStatus": "Modified", + "lastModified": "2025-01-17T17:54:52.697", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -42,19 +42,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "baseScore": 9.8, - "baseSeverity": "CRITICAL", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.8, "impactScore": 5.9 } ] diff --git a/2023/CVE-2023-27304.json b/2023/CVE-2023-27304.json index 123dac70c3..3e4f279c25 100644 --- a/2023/CVE-2023-27304.json +++ b/2023/CVE-2023-27304.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27304", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-05-23T02:15:09.397", - "lastModified": "2024-11-21T07:52:36.693", + "lastModified": "2025-01-17T18:15:20.303", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -45,6 +45,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-27384.json b/2023/CVE-2023-27384.json index 2d116251cb..80e38f65f4 100644 --- a/2023/CVE-2023-27384.json +++ b/2023/CVE-2023-27384.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27384", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-05-23T02:15:09.437", - "lastModified": "2024-11-21T07:52:47.937", + "lastModified": "2025-01-17T18:15:20.547", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -45,6 +45,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-27927.json b/2023/CVE-2023-27927.json index 17d02b9ea3..cb21c71c74 100644 --- a/2023/CVE-2023-27927.json +++ b/2023/CVE-2023-27927.json @@ -2,7 +2,7 @@ "id": "CVE-2023-27927", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-03-27T20:15:09.577", - "lastModified": "2024-11-21T07:53:42.827", + "lastModified": "2025-01-17T18:15:21.080", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, diff --git a/2023/CVE-2023-28384.json b/2023/CVE-2023-28384.json index f329ff19b5..41872bf235 100644 --- a/2023/CVE-2023-28384.json +++ b/2023/CVE-2023-28384.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28384", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:14.867", - "lastModified": "2024-11-21T07:54:57.990", + "lastModified": "2025-01-17T17:15:07.697", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/2023/CVE-2023-28400.json b/2023/CVE-2023-28400.json index 11883a3f56..0713dc4aae 100644 --- a/2023/CVE-2023-28400.json +++ b/2023/CVE-2023-28400.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28400", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:14.917", - "lastModified": "2024-11-21T07:54:59.713", + "lastModified": "2025-01-17T17:15:08.363", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/2023/CVE-2023-28650.json b/2023/CVE-2023-28650.json index dbf09904a2..da70012006 100644 --- a/2023/CVE-2023-28650.json +++ b/2023/CVE-2023-28650.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28650", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-03-27T20:15:09.633", - "lastModified": "2024-11-21T07:55:44.473", + "lastModified": "2025-01-17T18:15:21.340", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ] }, diff --git a/2023/CVE-2023-28652.json b/2023/CVE-2023-28652.json index 72064f6e57..8fff3b0236 100644 --- a/2023/CVE-2023-28652.json +++ b/2023/CVE-2023-28652.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28652", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-03-27T20:15:09.693", - "lastModified": "2024-11-21T07:55:44.680", + "lastModified": "2025-01-17T18:15:21.607", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 } ] }, diff --git a/2023/CVE-2023-28655.json b/2023/CVE-2023-28655.json index 43209af172..30cce92897 100644 --- a/2023/CVE-2023-28655.json +++ b/2023/CVE-2023-28655.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28655", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-03-27T20:15:09.757", - "lastModified": "2024-11-21T07:55:45.003", + "lastModified": "2025-01-17T18:15:21.850", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, diff --git a/2023/CVE-2023-28716.json b/2023/CVE-2023-28716.json index b65f9ea2da..9c6a85a896 100644 --- a/2023/CVE-2023-28716.json +++ b/2023/CVE-2023-28716.json @@ -2,7 +2,7 @@ "id": "CVE-2023-28716", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:14.963", - "lastModified": "2024-11-21T07:55:51.953", + "lastModified": "2025-01-17T17:15:08.537", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/2023/CVE-2023-29150.json b/2023/CVE-2023-29150.json index 4dc7476b31..9c12d0f3a4 100644 --- a/2023/CVE-2023-29150.json +++ b/2023/CVE-2023-29150.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29150", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:15.007", - "lastModified": "2024-11-21T07:56:37.140", + "lastModified": "2025-01-17T18:15:22.093", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/2023/CVE-2023-29169.json b/2023/CVE-2023-29169.json index 491422ea7a..90ab82bb45 100644 --- a/2023/CVE-2023-29169.json +++ b/2023/CVE-2023-29169.json @@ -2,7 +2,7 @@ "id": "CVE-2023-29169", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2023-04-27T23:15:15.050", - "lastModified": "2024-11-21T07:56:39.137", + "lastModified": "2025-01-17T18:15:22.337", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, diff --git a/2023/CVE-2023-31763.json b/2023/CVE-2023-31763.json index 5bdb0c087d..c9919a542c 100644 --- a/2023/CVE-2023-31763.json +++ b/2023/CVE-2023-31763.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31763", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-24T00:15:09.583", - "lastModified": "2024-11-21T08:02:15.463", + "lastModified": "2025-01-17T18:15:22.763", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.6, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-294" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-294" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-31814.json b/2023/CVE-2023-31814.json index 64ba68ee76..30490a3645 100644 --- a/2023/CVE-2023-31814.json +++ b/2023/CVE-2023-31814.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31814", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-23T01:15:10.087", - "lastModified": "2024-11-21T08:02:17.297", + "lastModified": "2025-01-17T18:15:23.030", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-706" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-31826.json b/2023/CVE-2023-31826.json index dd5c12ab66..3ea3341c9d 100644 --- a/2023/CVE-2023-31826.json +++ b/2023/CVE-2023-31826.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31826", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-23T01:15:10.127", - "lastModified": "2024-11-21T08:02:18.720", + "lastModified": "2025-01-17T18:15:24.380", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-862" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-31860.json b/2023/CVE-2023-31860.json index 62e45ab24a..bd6bc09861 100644 --- a/2023/CVE-2023-31860.json +++ b/2023/CVE-2023-31860.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31860", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-23T20:15:10.040", - "lastModified": "2024-11-21T08:02:20.550", + "lastModified": "2025-01-17T17:15:08.863", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ @@ -80,6 +110,14 @@ "Exploit", "Issue Tracking" ] + }, + { + "url": "https://github.com/wuzhicms/b2b/issues/3", + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-31994.json b/2023/CVE-2023-31994.json index 1c4b502bfa..abd33d0292 100644 --- a/2023/CVE-2023-31994.json +++ b/2023/CVE-2023-31994.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31994", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-23T01:15:10.170", - "lastModified": "2024-11-21T08:02:28.753", + "lastModified": "2025-01-17T17:15:09.097", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, diff --git a/2023/CVE-2023-31995.json b/2023/CVE-2023-31995.json index b74feb0deb..b767c1f5da 100644 --- a/2023/CVE-2023-31995.json +++ b/2023/CVE-2023-31995.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31995", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-23T01:15:10.207", - "lastModified": "2024-11-21T08:02:29.403", + "lastModified": "2025-01-17T17:15:09.840", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-31996.json b/2023/CVE-2023-31996.json index 38c7640f74..88cf9d7b19 100644 --- a/2023/CVE-2023-31996.json +++ b/2023/CVE-2023-31996.json @@ -2,7 +2,7 @@ "id": "CVE-2023-31996", "sourceIdentifier": "cve@mitre.org", "published": "2023-05-23T01:15:10.247", - "lastModified": "2024-11-21T08:02:29.653", + "lastModified": "2025-01-17T17:15:10.213", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -45,6 +65,16 @@ "value": "CWE-77" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] } ], "configurations": [ diff --git a/2023/CVE-2023-45590.json b/2023/CVE-2023-45590.json index 0f5690d005..b6bb7d246e 100644 --- a/2023/CVE-2023-45590.json +++ b/2023/CVE-2023-45590.json @@ -2,8 +2,8 @@ "id": "CVE-2023-45590", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-04-09T15:15:27.627", - "lastModified": "2024-11-21T08:27:01.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T17:08:31.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 6.0 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,54 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "7.0.6", + "versionEndExcluding": "7.0.11", + "matchCriteriaId": "0A39CBD1-AAF7-4423-AA29-840CF0DBFD6E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:7.0.3:*:*:*:*:linux:*:*", + "matchCriteriaId": "14320E4A-2445-4930-A8D1-B768B7294B36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:7.0.4:*:*:*:*:linux:*:*", + "matchCriteriaId": "56EE5E2F-CB22-4294-9AA9-DDB344494D9B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*", + "matchCriteriaId": "88271718-0DD4-4717-B403-1B44E2E56C91" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-087", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://fortiguard.com/psirt/FG-IR-23-087", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-47542.json b/2023/CVE-2023-47542.json index 958764c97a..026da301a4 100644 --- a/2023/CVE-2023-47542.json +++ b/2023/CVE-2023-47542.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47542", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-04-09T15:15:28.207", - "lastModified": "2024-11-21T08:30:25.520", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T17:11:28.947", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 } ] }, @@ -49,16 +69,65 @@ "value": "CWE-1336" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.11", + "matchCriteriaId": "5B1EF673-5967-401E-98E3-B7A2B1BEF037" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndExcluding": "7.2.5", + "matchCriteriaId": "4763E504-6974-42C5-B912-3E62A9CC312A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.4.0", + "versionEndExcluding": "7.4.2", + "matchCriteriaId": "83316FAF-C5DE-4603-B3B2-6796E2FAF1A8" + } + ] + } + ] } ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-419", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://fortiguard.com/psirt/FG-IR-23-419", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-48784.json b/2023/CVE-2023-48784.json index dcd1f7a980..1b84a69755 100644 --- a/2023/CVE-2023-48784.json +++ b/2023/CVE-2023-48784.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48784", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-04-09T15:15:28.617", - "lastModified": "2024-11-21T08:32:26.347", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T17:19:51.033", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 0.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 } ] }, @@ -51,14 +71,53 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.4.0", + "versionEndExcluding": "7.0.16", + "matchCriteriaId": "FA0532A5-31F2-4A92-BF31-6003E28AC948" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndExcluding": "7.2.8", + "matchCriteriaId": "A6D2A14F-3916-45A0-AD4D-27C60E00AEC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.4.0", + "versionEndExcluding": "7.4.2", + "matchCriteriaId": "4316C2EA-3D6E-4A0C-B81D-ADCE040E03E0" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-23-413", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://fortiguard.com/psirt/FG-IR-23-413", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-52547.json b/2023/CVE-2023-52547.json index 9c7ab1f20c..1ca0ec80aa 100644 --- a/2023/CVE-2023-52547.json +++ b/2023/CVE-2023-52547.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52547", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-28T07:15:08.930", - "lastModified": "2024-11-21T08:40:01.370", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:32:12.300", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,16 +69,61 @@ "value": "CWE-130" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:curiem-wfg9b_firmware:ota-curiem-bios-2.29:*:*:*:*:*:*:*", + "matchCriteriaId": "2D0C60E9-E69E-4692-92FC-BDF8BD28346B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:huawei:curiem-wfg9b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53861342-BCF5-49E5-A4C5-C1D1C472C8FF" + } + ] + } + ] } ], "references": [ { "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iholpiiahpp-0ab7d6db-en", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-52548.json b/2023/CVE-2023-52548.json index 99983a6dc3..f65a6d0fd5 100644 --- a/2023/CVE-2023-52548.json +++ b/2023/CVE-2023-52548.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52548", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-28T07:15:09.753", - "lastModified": "2024-11-21T08:40:01.510", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:31:57.740", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,24 +69,75 @@ "value": "CWE-119" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:curiem-wfg9b_firmware:ota-curiem-b-bios-2.28:*:*:*:*:*:*:*", + "matchCriteriaId": "0949F6A8-3DCE-4217-B3AE-6B36E9735C95" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:huawei:curiem-wfg9b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53861342-BCF5-49E5-A4C5-C1D1C472C8FF" + } + ] + } + ] } ], "references": [ { "url": "https://www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-hppvtiroowtboamb-bb3261bd-cn", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-hppvtiroowtboamb-bb3261bd-en", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.huawei.com/cn/psirt/security-advisories/2024/huawei-sa-hppvtiroowtboamb-bb3261bd-cn", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-hppvtiroowtboamb-bb3261bd-en", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-52710.json b/2023/CVE-2023-52710.json index c4c21eccf6..8939ad906a 100644 --- a/2023/CVE-2023-52710.json +++ b/2023/CVE-2023-52710.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52710", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-28T07:15:10.100", - "lastModified": "2024-11-21T08:40:24.760", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:32:39.963", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,16 +69,61 @@ "value": "CWE-754" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:curiem-wfg9b_firmware:ota-curiem-bios-2.29:*:*:*:*:*:*:*", + "matchCriteriaId": "2D0C60E9-E69E-4692-92FC-BDF8BD28346B" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:huawei:curiem-wfg9b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53861342-BCF5-49E5-A4C5-C1D1C472C8FF" + } + ] + } + ] } ], "references": [ { "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-hppvticfuoec-8ffde288-en", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-hppvticfuoec-8ffde288-en", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-52711.json b/2023/CVE-2023-52711.json index 1111a2d578..1b70427a0b 100644 --- a/2023/CVE-2023-52711.json +++ b/2023/CVE-2023-52711.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52711", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-28T07:15:10.490", - "lastModified": "2024-11-21T08:40:24.883", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:29:39.560", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,16 +69,61 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:curiem-wfg9b_firmware:curiem-wfg9b_bios_2.28:*:*:*:*:*:*:*", + "matchCriteriaId": "8EEA4852-6B9E-4FC0-A789-763EC2FCE6D4" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:huawei:curiem-wfg9b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53861342-BCF5-49E5-A4C5-C1D1C472C8FF" + } + ] + } + ] } ], "references": [ { "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-voiiaciahpp-6376e0c7-en", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-voiiaciahpp-6376e0c7-en", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2023/CVE-2023-52712.json b/2023/CVE-2023-52712.json index 8eee8a04c5..01193e69f0 100644 --- a/2023/CVE-2023-52712.json +++ b/2023/CVE-2023-52712.json @@ -2,8 +2,8 @@ "id": "CVE-2023-52712", "sourceIdentifier": "psirt@huawei.com", "published": "2024-05-28T07:15:10.810", - "lastModified": "2024-11-21T08:40:24.993", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:29:32.770", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, @@ -49,16 +69,61 @@ "value": "CWE-284" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:curiem-wfg9b_firmware:ota-curiem-b-bios-2.28:*:*:*:*:*:*:*", + "matchCriteriaId": "0949F6A8-3DCE-4217-B3AE-6B36E9735C95" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:huawei:curiem-wfg9b:-:*:*:*:*:*:*:*", + "matchCriteriaId": "53861342-BCF5-49E5-A4C5-C1D1C472C8FF" + } + ] + } + ] } ], "references": [ { "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iiacviahpp-71ce77ee-en", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://www.huawei.com/en/psirt/security-advisories/2024/huawei-sa-iiacviahpp-71ce77ee-en", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-0837.json b/2024/CVE-2024-0837.json index 38902ce17b..afe9a967be 100644 --- a/2024/CVE-2024-0837.json +++ b/2024/CVE-2024-0837.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0837", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-06T08:15:07.570", - "lastModified": "2024-11-21T08:47:28.917", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T17:47:27.833", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,25 +36,87 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bdthemes:element_pack:*:*:*:*:pro:wordpress:*:*", + "versionEndExcluding": "5.3.3", + "matchCriteriaId": "4227C0A1-E9E8-4E69-8347-C5E20CB8F44A" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3045497/bdthemes-element-pack-lite/trunk/modules/custom-gallery/widgets/custom-gallery.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a54c2a89-4297-48f5-bbff-e5c20c26a632?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3045497/bdthemes-element-pack-lite/trunk/modules/custom-gallery/widgets/custom-gallery.php", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a54c2a89-4297-48f5-bbff-e5c20c26a632?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-12022.json b/2024/CVE-2024-12022.json index 2f8b951e8b..ee8c44db94 100644 --- a/2024/CVE-2024-12022.json +++ b/2024/CVE-2024-12022.json @@ -2,59 +2,15 @@ "id": "CVE-2024-12022", "sourceIdentifier": "security@wordfence.com", "published": "2025-01-07T04:15:07.677", - "lastModified": "2025-01-07T04:15:07.677", - "vulnStatus": "Received", + "lastModified": "2025-01-17T17:15:10.533", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to delete images from menus." + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-52485. Reason: This candidate is a reservation duplicate of CVE-2024-52485. Notes: All CVE users should reference CVE-2024-52485 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "security@wordfence.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", - "baseScore": 5.3, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "availabilityImpact": "NONE" - }, - "exploitabilityScore": 3.9, - "impactScore": 1.4 - } - ] - }, - "weaknesses": [ - { - "source": "security@wordfence.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-862" - } - ] - } - ], - "references": [ - { - "url": "https://plugins.trac.wordpress.org/browser/wp-menu-image/trunk/init/wmi-functions.php#L126", - "source": "security@wordfence.com" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e96193c0-ddde-463b-a68e-672ab6f812c7?source=cve", - "source": "security@wordfence.com" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/2024/CVE-2024-12124.json b/2024/CVE-2024-12124.json index ab91c587fa..b0a142853a 100644 --- a/2024/CVE-2024-12124.json +++ b/2024/CVE-2024-12124.json @@ -2,59 +2,15 @@ "id": "CVE-2024-12124", "sourceIdentifier": "security@wordfence.com", "published": "2025-01-07T05:15:14.340", - "lastModified": "2025-01-07T05:15:14.340", - "vulnStatus": "Received", + "lastModified": "2025-01-17T17:15:10.653", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018user_id\u2019 parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54290. Reason: This candidate is a reservation duplicate of CVE-2024-54290. Notes: All CVE users should reference CVE-2024-54290 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "security@wordfence.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "NONE" - }, - "exploitabilityScore": 2.8, - "impactScore": 2.7 - } - ] - }, - "weaknesses": [ - { - "source": "security@wordfence.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-79" - } - ] - } - ], - "references": [ - { - "url": "https://wordpress.org/plugins/role-includer/#developers", - "source": "security@wordfence.com" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97b3399b-cda2-4ab1-8919-b1e4ba4a5dcf?source=cve", - "source": "security@wordfence.com" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/2024/CVE-2024-12208.json b/2024/CVE-2024-12208.json index 3e5410f6a8..fc61723d85 100644 --- a/2024/CVE-2024-12208.json +++ b/2024/CVE-2024-12208.json @@ -2,59 +2,15 @@ "id": "CVE-2024-12208", "sourceIdentifier": "security@wordfence.com", "published": "2025-01-07T05:15:16.270", - "lastModified": "2025-01-07T05:15:16.270", - "vulnStatus": "Received", + "lastModified": "2025-01-17T17:15:10.740", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "The Backup and Restore WordPress \u2013 Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link." + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43269. Reason: This candidate is a reservation duplicate of CVE-2024-43269. Notes: All CVE users should reference CVE-2024-43269 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "security@wordfence.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", - "baseScore": 4.3, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "LOW", - "availabilityImpact": "NONE" - }, - "exploitabilityScore": 2.8, - "impactScore": 1.4 - } - ] - }, - "weaknesses": [ - { - "source": "security@wordfence.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-352" - } - ] - } - ], - "references": [ - { - "url": "https://wordpress.org/plugins/wp-backitup/", - "source": "security@wordfence.com" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e461a04b-6456-4930-b3e7-0f808825aa6b?source=cve", - "source": "security@wordfence.com" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/2024/CVE-2024-1239.json b/2024/CVE-2024-1239.json index a4b92c9202..b558d10129 100644 --- a/2024/CVE-2024-1239.json +++ b/2024/CVE-2024-1239.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1239", "sourceIdentifier": "security@wordfence.com", "published": "2024-03-16T03:15:06.900", - "lastModified": "2024-11-21T08:50:08.180", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:34:30.327", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,25 +36,87 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpmet:elements_kit_elementor_addons:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.0.5", + "matchCriteriaId": "C55F4AA4-9021-48D1-81C5-8D5CD6E11DCD" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042291%40elementskit-lite&new=3042291%40elementskit-lite&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1822fd58-0dba-4b15-9702-32e3aa4405b3?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042291%40elementskit-lite&new=3042291%40elementskit-lite&sfp_email=&sfph_mail=", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1822fd58-0dba-4b15-9702-32e3aa4405b3?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-12540.json b/2024/CVE-2024-12540.json index d63d70697e..05041c0dc0 100644 --- a/2024/CVE-2024-12540.json +++ b/2024/CVE-2024-12540.json @@ -2,63 +2,15 @@ "id": "CVE-2024-12540", "sourceIdentifier": "security@wordfence.com", "published": "2025-01-07T04:15:08.917", - "lastModified": "2025-01-07T04:15:08.917", - "vulnStatus": "Received", + "lastModified": "2025-01-17T17:15:10.807", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-54288. Reason: This candidate is a reservation duplicate of CVE-2024-54288. Notes: All CVE users should reference CVE-2024-54288 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "security@wordfence.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", - "baseScore": 6.1, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "REQUIRED", - "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "NONE" - }, - "exploitabilityScore": 2.8, - "impactScore": 2.7 - } - ] - }, - "weaknesses": [ - { - "source": "security@wordfence.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-79" - } - ] - } - ], - "references": [ - { - "url": "https://plugins.trac.wordpress.org/browser/ldd-directory-lite/trunk/templates/frontend/edit-submit.php#L10", - "source": "security@wordfence.com" - }, - { - "url": "https://wordpress.org/plugins/ldd-directory-lite/#developers", - "source": "security@wordfence.com" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f7675e1c-7194-4cfe-81fb-a78d75e0bb1e?source=cve", - "source": "security@wordfence.com" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/2024/CVE-2024-12757.json b/2024/CVE-2024-12757.json new file mode 100644 index 0000000000..fffbfe21b1 --- /dev/null +++ b/2024/CVE-2024-12757.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-12757", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-01-17T18:15:24.690", + "lastModified": "2025-01-17T18:15:24.690", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Nedap Librix Ecoreader \n is missing authentication for critical functions that could allow an \nunauthenticated attacker to potentially execute malicious code." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "baseScore": 8.6, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-007-02", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-1315.json b/2024/CVE-2024-1315.json index f83320928c..5fbca6cd9f 100644 --- a/2024/CVE-2024-1315.json +++ b/2024/CVE-2024-1315.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1315", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:16.340", - "lastModified": "2024-11-21T08:50:18.373", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T17:30:38.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -39,30 +39,78 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:radiustheme:classified_listing:*:*:*:*:-:wordpress:*:*", + "versionEndExcluding": "3.0.5", + "matchCriteriaId": "F971EA1A-7D1C-46B7-AB06-128BA87960B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.0.1/app/Controllers/Ajax/PublicUser.php#L445", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.0.5/app/Controllers/Ajax/PublicUser.php#L445", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5439651e-5557-4b13-813a-4fc0ad876104?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.0.1/app/Controllers/Ajax/PublicUser.php#L445", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/classified-listing/tags/3.0.5/app/Controllers/Ajax/PublicUser.php#L445", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5439651e-5557-4b13-813a-4fc0ad876104?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1352.json b/2024/CVE-2024-1352.json index 2b6413763a..76423de16f 100644 --- a/2024/CVE-2024-1352.json +++ b/2024/CVE-2024-1352.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1352", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:16.517", - "lastModified": "2024-11-21T08:50:23.583", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T17:23:55.973", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 3.9, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:radiustheme:classified_listing:*:*:*:*:-:wordpress:*:*", + "versionEndExcluding": "3.0.5", + "matchCriteriaId": "F971EA1A-7D1C-46B7-AB06-128BA87960B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/classified-listing/trunk/app/Controllers/Ajax/Import.php?rev=2824166", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/classified-listing/trunk/app/Controllers/Ajax/Import.php?rev=3061893", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5da4cdd-15c7-41a6-be2f-e31bd407ae05?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/classified-listing/trunk/app/Controllers/Ajax/Import.php?rev=2824166", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/classified-listing/trunk/app/Controllers/Ajax/Import.php?rev=3061893", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f5da4cdd-15c7-41a6-be2f-e31bd407ae05?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1428.json b/2024/CVE-2024-1428.json index a9c9c88085..0441ebc791 100644 --- a/2024/CVE-2024-1428.json +++ b/2024/CVE-2024-1428.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1428", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-06T08:15:07.767", - "lastModified": "2024-11-21T08:50:33.803", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T17:48:58.150", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bdthemes:element_pack:*:*:*:*:lite:wordpress:*:*", + "versionEndExcluding": "5.5.4", + "matchCriteriaId": "CEA2F449-CCE8-405D-BA65-FB96CEB9AC61" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/5.4.14/modules/trailer-box/widgets/trailer-box.php#L2063", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3047402/bdthemes-element-pack-lite/trunk/modules/wrapper-link/module.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/543c4d52-0e47-4bbb-b53e-dbe3f104734f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/bdthemes-element-pack-lite/tags/5.4.14/modules/trailer-box/widgets/trailer-box.php#L2063", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3047402/bdthemes-element-pack-lite/trunk/modules/wrapper-link/module.php", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/543c4d52-0e47-4bbb-b53e-dbe3f104734f?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1458.json b/2024/CVE-2024-1458.json index e6dd20e9c8..c377189dc4 100644 --- a/2024/CVE-2024-1458.json +++ b/2024/CVE-2024-1458.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1458", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:17.203", - "lastModified": "2024-11-21T08:50:37.560", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:25:27.900", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,25 +36,87 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:livemeshelementor:addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.3.5", + "matchCriteriaId": "1E0B9DB5-8A1F-40AB-9802-9BC81B846E3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3048237/addons-for-elementor", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e28b78c3-c370-4076-836e-9f61acba064c?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3048237/addons-for-elementor", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e28b78c3-c370-4076-836e-9f61acba064c?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1461.json b/2024/CVE-2024-1461.json index 4523b79120..3243210094 100644 --- a/2024/CVE-2024-1461.json +++ b/2024/CVE-2024-1461.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1461", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:17.377", - "lastModified": "2024-11-21T08:50:38.083", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:24:39.060", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,25 +36,87 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:livemeshelementor:addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.3.5", + "matchCriteriaId": "1E0B9DB5-8A1F-40AB-9802-9BC81B846E3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3048237/addons-for-elementor", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9d37248-d024-4465-a1e6-d8f2d3a2e02f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3048237/addons-for-elementor", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d9d37248-d024-4465-a1e6-d8f2d3a2e02f?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1464.json b/2024/CVE-2024-1464.json index a006e250a7..37ad7f820c 100644 --- a/2024/CVE-2024-1464.json +++ b/2024/CVE-2024-1464.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1464", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:17.703", - "lastModified": "2024-11-21T08:50:38.453", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:23:39.073", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,25 +36,87 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:livemeshelementor:addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.3.5", + "matchCriteriaId": "1E0B9DB5-8A1F-40AB-9802-9BC81B846E3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3048237/addons-for-elementor", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ce6e40e-b090-447a-9bf9-6337d30e7da3?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3048237/addons-for-elementor", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7ce6e40e-b090-447a-9bf9-6337d30e7da3?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1465.json b/2024/CVE-2024-1465.json index ba88e7e214..cc727e091c 100644 --- a/2024/CVE-2024-1465.json +++ b/2024/CVE-2024-1465.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1465", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:17.890", - "lastModified": "2024-11-21T08:50:38.583", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:20:39.593", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,25 +36,87 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:livemeshelementor:addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.3.5", + "matchCriteriaId": "1E0B9DB5-8A1F-40AB-9802-9BC81B846E3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3048237/addons-for-elementor", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96bdd465-e4ca-4a32-b38a-a2a51598a3a9?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3048237/addons-for-elementor", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/96bdd465-e4ca-4a32-b38a-a2a51598a3a9?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-1466.json b/2024/CVE-2024-1466.json index f5990a08cd..2dbc07c517 100644 --- a/2024/CVE-2024-1466.json +++ b/2024/CVE-2024-1466.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1466", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-09T19:15:18.073", - "lastModified": "2024-11-21T08:50:38.723", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:18:00.443", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,25 +36,87 @@ }, "exploitabilityScore": 3.1, "impactScore": 2.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:livemeshelementor:addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "8.3.5", + "matchCriteriaId": "1E0B9DB5-8A1F-40AB-9802-9BC81B846E3E" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3048237/addons-for-elementor", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/604975b9-fe2f-4d8f-af13-995f08d72e8f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3048237/addons-for-elementor", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/604975b9-fe2f-4d8f-af13-995f08d72e8f?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-2091.json b/2024/CVE-2024-2091.json index 079699c191..f4ef553770 100644 --- a/2024/CVE-2024-2091.json +++ b/2024/CVE-2024-2091.json @@ -2,8 +2,8 @@ "id": "CVE-2024-2091", "sourceIdentifier": "security@wordfence.com", "published": "2024-03-28T03:15:07.887", - "lastModified": "2024-11-21T09:09:01.480", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:35:09.950", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,33 +36,101 @@ }, "exploitabilityScore": 2.8, "impactScore": 2.5 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "baseScore": 4.6, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.13.3", + "matchCriteriaId": "550B7CCC-BC3D-4B33-9643-E16C71BABE67" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/comparison-table/widgets/comparison-table.php#L2076", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055134%40addon-elements-for-elementor-page-builder&new=3055134%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18e2e0e5-495f-4f55-b7d8-94193fc2ad12?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/comparison-table/widgets/comparison-table.php#L2076", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055134%40addon-elements-for-elementor-page-builder&new=3055134%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail=", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/18e2e0e5-495f-4f55-b7d8-94193fc2ad12?source=cve", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-23124.json b/2024/CVE-2024-23124.json index e22dd4d6c1..7a12cca45a 100644 --- a/2024/CVE-2024-23124.json +++ b/2024/CVE-2024-23124.json @@ -2,13 +2,13 @@ "id": "CVE-2024-23124", "sourceIdentifier": "psirt@autodesk.com", "published": "2024-02-22T03:15:08.027", - "lastModified": "2024-11-21T08:56:59.373", + "lastModified": "2025-01-17T18:15:25.030", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A maliciously crafted STP file in ASMIMPORT228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process.\n" + "value": "A maliciously crafted STP file when parsed in ASMIMPORT228A.dll through Autodesk applications can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process." }, { "lang": "es", @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "psirt@autodesk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", diff --git a/2024/CVE-2024-26153.json b/2024/CVE-2024-26153.json new file mode 100644 index 0000000000..95fd40336f --- /dev/null +++ b/2024/CVE-2024-26153.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-26153", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-01-17T17:15:10.927", + "lastModified": "2025-01-17T17:15:10.927", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 \nare vulnerable to cross-site request forgery (CSRF). An external \nattacker with no access to the device can force the end user into \nsubmitting a \"setconf\" method request, not requiring any CSRF token, \nwhich can lead into denial of service on the device." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H", + "baseScore": 7.4, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-26154.json b/2024/CVE-2024-26154.json new file mode 100644 index 0000000000..8b977ee1d4 --- /dev/null +++ b/2024/CVE-2024-26154.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-26154", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-01-17T17:15:11.147", + "lastModified": "2025-01-17T17:15:11.147", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 \nare vulnerable to reflected cross site scripting in the appliance site \nname. The ETIC RAS web server saves the site name and then presents it \nto the administrators in a few different pages." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-26155.json b/2024/CVE-2024-26155.json new file mode 100644 index 0000000000..d22308c4a4 --- /dev/null +++ b/2024/CVE-2024-26155.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-26155", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-01-17T17:15:11.327", + "lastModified": "2025-01-17T17:15:11.327", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 \nexpose clear text credentials in the web portal. An attacker can access \nthe ETIC RAS web portal and view the HTML code, which is configured to \nbe hidden, thus allowing a connection to the ETIC RAS ssh server, which \ncould enable an attacker to perform actions on the device." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-26156.json b/2024/CVE-2024-26156.json new file mode 100644 index 0000000000..e6c6b96e5c --- /dev/null +++ b/2024/CVE-2024-26156.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-26156", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-01-17T17:15:11.533", + "lastModified": "2025-01-17T17:15:11.533", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 \nare vulnerable to reflected cross site scripting (XSS) attacks in the \nmethod parameter. The ETIC RAS web server uses dynamic pages that gets \ntheir input from the client side and reflects the input in its response \nto the client." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-26157.json b/2024/CVE-2024-26157.json new file mode 100644 index 0000000000..ed3a97599f --- /dev/null +++ b/2024/CVE-2024-26157.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-26157", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-01-17T17:15:11.697", + "lastModified": "2025-01-17T17:15:11.697", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 \nare vulnerable to reflected cross site scripting (XSS) attacks in get \nview method under view parameter. The ETIC RAS web server uses dynamic \npages that get their input from the client side and reflect the input in\n their response to the client." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-22-307-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-3315.json b/2024/CVE-2024-3315.json index fb85563a7c..ac1fd77abc 100644 --- a/2024/CVE-2024-3315.json +++ b/2024/CVE-2024-3315.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3315", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-04T21:15:17.430", - "lastModified": "2024-11-21T09:29:22.670", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:13:08.297", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -76,38 +96,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:computer_laboratory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5A1D4E41-0B2D-4D1E-9AA9-CB4366C91AC4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/adminininin/blob/blob/main/README.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.259386", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259386", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.309575", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/adminininin/blob/blob/main/README.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.259386", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259386", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.309575", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-3316.json b/2024/CVE-2024-3316.json index 0c9f1131fa..1beecaff28 100644 --- a/2024/CVE-2024-3316.json +++ b/2024/CVE-2024-3316.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3316", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-04T22:15:09.420", - "lastModified": "2024-11-21T09:29:22.837", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:05:50.107", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -76,38 +96,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:computer_laboratory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5A1D4E41-0B2D-4D1E-9AA9-CB4366C91AC4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/adminininin/blob/blob/main/2.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.259387", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259387", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?submit.309584", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/adminininin/blob/blob/main/2.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.259387", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259387", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?submit.309584", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-3376.json b/2024/CVE-2024-3376.json index 82efb5ffd9..52c3912b6c 100644 --- a/2024/CVE-2024-3376.json +++ b/2024/CVE-2024-3376.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3376", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-06T12:15:08.603", - "lastModified": "2024-11-21T09:29:29.570", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T17:41:21.647", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ], "cvssMetricV2": [ @@ -74,40 +94,93 @@ "value": "CWE-698" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-670" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:computer_laboratory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5A1D4E41-0B2D-4D1E-9AA9-CB4366C91AC4" + } + ] + } + ] } ], "references": [ { "url": "https://github.com/Sospiro014/zday1/blob/main/Execution_After_Redirect.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.259497", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259497", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.311154", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/Sospiro014/zday1/blob/main/Execution_After_Redirect.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.259497", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259497", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.311154", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-3377.json b/2024/CVE-2024-3377.json index 1902b6e802..d8d77896a4 100644 --- a/2024/CVE-2024-3377.json +++ b/2024/CVE-2024-3377.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3377", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-06T12:15:08.857", - "lastModified": "2024-11-21T09:29:29.710", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T17:35:40.243", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -76,38 +96,79 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:computer_laboratory_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "5A1D4E41-0B2D-4D1E-9AA9-CB4366C91AC4" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Sospiro014/zday1/blob/main/ear_stord_xss.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.259498", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259498", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.311155", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://github.com/Sospiro014/zday1/blob/main/ear_stord_xss.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.259498", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259498", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.311155", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-3426.json b/2024/CVE-2024-3426.json index 9de0c80837..836cb25ee2 100644 --- a/2024/CVE-2024-3426.json +++ b/2024/CVE-2024-3426.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3426", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-07T17:15:09.393", - "lastModified": "2024-11-21T09:29:34.797", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T16:56:52.770", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -76,38 +96,83 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:argie:online_courseware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A5C774C8-8C38-4E34-B5D3-74872B5F672A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-11.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.259598", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259598", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?submit.311605", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-11.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.259598", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259598", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?submit.311605", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-3427.json b/2024/CVE-2024-3427.json index 3ad5bbabf7..a9154006ae 100644 --- a/2024/CVE-2024-3427.json +++ b/2024/CVE-2024-3427.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3427", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-07T17:15:09.630", - "lastModified": "2024-11-21T09:29:34.933", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T17:02:59.153", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.1, "impactScore": 1.4 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ], "cvssMetricV2": [ @@ -76,38 +96,85 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:argie:online_courseware:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A5C774C8-8C38-4E34-B5D3-74872B5F672A" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-12.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.259599", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259599", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.311606", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-12.md", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.259599", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.259599", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.311606", - "source": "af854a3a-2127-422b-91ae-364da2661108" + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-45832.json b/2024/CVE-2024-45832.json new file mode 100644 index 0000000000..b2128e6e4c --- /dev/null +++ b/2024/CVE-2024-45832.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-45832", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-01-17T17:15:11.870", + "lastModified": "2025-01-17T17:15:11.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Hard-coded credentials were included as part of the application binary. \nThese credentials served as part of the application authentication flow \nand communication with the mobile application. An attacker could access \nunauthorized information." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.0, + "baseSeverity": "LOW", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-354-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-48125.json b/2024/CVE-2024-48125.json index aec18395a0..55849aee9d 100644 --- a/2024/CVE-2024-48125.json +++ b/2024/CVE-2024-48125.json @@ -2,16 +2,55 @@ "id": "CVE-2024-48125", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-15T21:15:13.477", - "lastModified": "2025-01-15T21:15:13.477", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:25.547", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests." + }, + { + "lang": "es", + "value": "Un problema en el servicio AsDB de HI-SCAN 6040i Hitrax HX-03-19-I permite a los atacantes enumerar las credenciales de los usuarios a trav\u00e9s de solicitudes de protocolo GIOP manipuladas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf", diff --git a/2024/CVE-2024-48126.json b/2024/CVE-2024-48126.json index 86a73a3936..c10659c3b2 100644 --- a/2024/CVE-2024-48126.json +++ b/2024/CVE-2024-48126.json @@ -2,16 +2,55 @@ "id": "CVE-2024-48126", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-15T21:15:13.613", - "lastModified": "2025-01-15T21:15:13.613", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:25.800", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que HI-SCAN 6040i Hitrax HX-03-19-I conten\u00eda credenciales codificadas para acceder al soporte del proveedor y al servicio." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://kth.diva-portal.org/smash/get/diva2:1876534/FULLTEXT01.pdf", diff --git a/2024/CVE-2024-50633.json b/2024/CVE-2024-50633.json index a11644a197..a1a14c9f21 100644 --- a/2024/CVE-2024-50633.json +++ b/2024/CVE-2024-50633.json @@ -2,16 +2,55 @@ "id": "CVE-2024-50633", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T18:15:24.337", - "lastModified": "2025-01-16T18:15:24.337", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:26.043", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals." + }, + { + "lang": "es", + "value": " Una vulnerabilidad de autorizaci\u00f3n a nivel de objeto roto (BOLA) en Indico v3.2.9 permite a los atacantes acceder a informaci\u00f3n confidencial mediante el env\u00edo de una solicitud POST manipulada al componente /api/principals." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/cetinpy/CVE-2024-50633", diff --git a/2024/CVE-2024-50954.json b/2024/CVE-2024-50954.json index b4ba3e4847..a5d8cb19a7 100644 --- a/2024/CVE-2024-50954.json +++ b/2024/CVE-2024-50954.json @@ -2,16 +2,55 @@ "id": "CVE-2024-50954", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-15T17:15:16.517", - "lastModified": "2025-01-15T17:15:16.517", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:26.310", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a specific Modbus message to the controller can cause the PLC to crash, interrupting the normal operation of the programs running in the PLC. This results in the ERR indicator light turning on and the RUN indicator light turning off." + }, + { + "lang": "es", + "value": "Los controladores l\u00f3gicos programables XINJE XL5E-16T y XD5E-24R-E V3.5.3b-V3.7.2a tienen una vulnerabilidad en el manejo de mensajes Modbus. Cuando se establece una conexi\u00f3n TCP con la serie de controladores antes mencionada dentro de una red de \u00e1rea local (LAN), el env\u00edo de un mensaje Modbus espec\u00edfico al controlador puede provocar que el PLC se bloquee, interrumpiendo el funcionamiento normal de los programas que se ejecutan en el PLC. Esto hace que la luz indicadora ERR se encienda y la luz indicadora RUN se apague." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/Curator-Kim/Vulnerability-mining/blob/master/XINJE%20XL5E-16T%20XD5E-24R%20Modbus/XINJE%20XL5E-16T%20XD5E-24R%20Modbus.md", diff --git a/2024/CVE-2024-53683.json b/2024/CVE-2024-53683.json new file mode 100644 index 0000000000..a4db8aa36b --- /dev/null +++ b/2024/CVE-2024-53683.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-53683", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-01-17T17:15:12.053", + "lastModified": "2025-01-17T17:15:12.053", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A valid set of credentials in a .js file and a static token for \ncommunication were obtained from the decompiled IPA. An attacker could \nuse the information to disrupt normal use of the application by changing\n the translation files and thus weaken the integrity of normal use." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.6, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 4.4, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-354-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-54101.json b/2024/CVE-2024-54101.json index f4db48acd1..568efd4699 100644 --- a/2024/CVE-2024-54101.json +++ b/2024/CVE-2024-54101.json @@ -2,8 +2,8 @@ "id": "CVE-2024-54101", "sourceIdentifier": "psirt@huawei.com", "published": "2024-12-12T12:15:23.763", - "lastModified": "2024-12-12T12:15:23.763", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2025-01-17T18:09:53.447", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.5, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 } ] }, @@ -49,12 +69,82 @@ "value": "CWE-20" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:12.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "A974CA73-84E8-480B-BB4C-4A81D0C985B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:13.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "353AEAF2-AF46-4835-93E1-4F942D5E2810" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:emui:14.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "32FBF39A-164F-4F98-AB49-28C50A430C36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "20112231-B840-44D3-A061-B9B9F80EE378" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:2.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C01447F1-7F58-4AE3-B403-C01B2575D898" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "CB3751C1-7729-41D3-AE50-80B5AF601135" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:3.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4D81C4EF-7CAF-4E60-91A4-8CF7B95B2B54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.0.0:*:*:*:*:*:*:*", + "matchCriteriaId": "8198CDB2-4BC5-411A-8736-615A531FC545" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:huawei:harmonyos:4.2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "2401DE15-9DBF-4645-A261-8C24D57C6342" + } + ] + } + ] } ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/12/", - "source": "psirt@huawei.com" + "source": "psirt@huawei.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/2024/CVE-2024-54535.json b/2024/CVE-2024-54535.json index 8638434ddb..6573007f0f 100644 --- a/2024/CVE-2024-54535.json +++ b/2024/CVE-2024-54535.json @@ -2,8 +2,8 @@ "id": "CVE-2024-54535", "sourceIdentifier": "product-security@apple.com", "published": "2025-01-15T20:15:28.610", - "lastModified": "2025-01-16T20:36:12.483", - "vulnStatus": "Analyzed", + "lastModified": "2025-01-17T18:15:26.610", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 1.4 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.0, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 } ] }, diff --git a/2024/CVE-2024-54681.json b/2024/CVE-2024-54681.json new file mode 100644 index 0000000000..54b3af0d8b --- /dev/null +++ b/2024/CVE-2024-54681.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-54681", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-01-17T17:15:12.227", + "lastModified": "2025-01-17T17:15:12.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Multiple bash files were present in the application's private directory.\n Bash files can be used on their own, by an attacker that has already \nfull access to the mobile platform to compromise the translations for \nthe application." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.0, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-354-01", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/2024/CVE-2024-57162.json b/2024/CVE-2024-57162.json index 05be4f0e3f..a37099c2a8 100644 --- a/2024/CVE-2024-57162.json +++ b/2024/CVE-2024-57162.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57162", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T16:15:33.063", - "lastModified": "2025-01-16T16:15:33.063", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:27.240", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php." + }, + { + "lang": "es", + "value": "Campcodes Cybercafe Management System v1.0 es vulnerable a una inyecci\u00f3n SQL en /ccms/view-user-detail.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.2, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/h1-wh0areu/bug_report/blob/main/cybercafe-management-system/SQLi-1.md", diff --git a/2024/CVE-2024-57577.json b/2024/CVE-2024-57577.json index 7fc62564c6..09a94740dd 100644 --- a/2024/CVE-2024-57577.json +++ b/2024/CVE-2024-57577.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57577", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:16.740", - "lastModified": "2025-01-16T21:15:16.740", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:27.893", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro speed_dir en la funci\u00f3n formSetSpeedWan." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/qijiale/Tenda/blob/main/4/Readme.md", diff --git a/2024/CVE-2024-57578.json b/2024/CVE-2024-57578.json index bdb6eb258a..d9cb6f244c 100644 --- a/2024/CVE-2024-57578.json +++ b/2024/CVE-2024-57578.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57578", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:16.893", - "lastModified": "2025-01-16T21:15:16.893", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:28.430", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro funcpara1 en la funci\u00f3n formSetCfm." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/qijiale/Tenda/blob/main/5/Readme.md", diff --git a/2024/CVE-2024-57579.json b/2024/CVE-2024-57579.json index c90d866de6..c313bedd10 100644 --- a/2024/CVE-2024-57579.json +++ b/2024/CVE-2024-57579.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57579", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:17.057", - "lastModified": "2025-01-16T21:15:17.057", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:28.983", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro limitSpeedUp en la funci\u00f3n formSetClientState." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/qijiale/Tenda/tree/main/6", diff --git a/2024/CVE-2024-57580.json b/2024/CVE-2024-57580.json index f9b598255d..dfa17fd0e0 100644 --- a/2024/CVE-2024-57580.json +++ b/2024/CVE-2024-57580.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57580", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:17.223", - "lastModified": "2025-01-16T21:15:17.223", - "vulnStatus": "Received", + "lastModified": "2025-01-17T17:15:12.410", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro devName en la funci\u00f3n formSetDeviceName." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/qijiale/Tenda/tree/main/7", diff --git a/2024/CVE-2024-57581.json b/2024/CVE-2024-57581.json index aa2b83962b..a47b271038 100644 --- a/2024/CVE-2024-57581.json +++ b/2024/CVE-2024-57581.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57581", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:17.437", - "lastModified": "2025-01-16T21:15:17.437", - "vulnStatus": "Received", + "lastModified": "2025-01-17T17:15:12.597", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro firewallEn en la funci\u00f3n formSetFirewallCfg." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/qijiale/Tenda/tree/main/8", diff --git a/2024/CVE-2024-57582.json b/2024/CVE-2024-57582.json index a80f677f88..fde598e99d 100644 --- a/2024/CVE-2024-57582.json +++ b/2024/CVE-2024-57582.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57582", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T21:15:17.627", - "lastModified": "2025-01-16T21:15:17.627", - "vulnStatus": "Received", + "lastModified": "2025-01-17T17:15:12.797", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que Tenda AC18 V15.03.05.19 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro startIP en la funci\u00f3n formSetPPTPServer." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/qijiale/Tenda/tree/main/9", diff --git a/2024/CVE-2024-57615.json b/2024/CVE-2024-57615.json index d0b011de4c..ba67f7adb6 100644 --- a/2024/CVE-2024-57615.json +++ b/2024/CVE-2024-57615.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57615", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-14T01:15:09.833", - "lastModified": "2025-01-14T01:15:09.833", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:29.320", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the BATcalcbetween_intern component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + }, + { + "lang": "es", + "value": " Un problema en el componente BATcalcbetween_intern de MonetDB Server v11.47.11 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de declaraciones SQL manipuladas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/MonetDB/MonetDB/issues/7413", diff --git a/2024/CVE-2024-57616.json b/2024/CVE-2024-57616.json index fb9abcde32..88e3881f9b 100644 --- a/2024/CVE-2024-57616.json +++ b/2024/CVE-2024-57616.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57616", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-14T01:15:09.947", - "lastModified": "2025-01-14T01:15:09.947", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:29.573", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the vscanf component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + }, + { + "lang": "es", + "value": " Un problema en el componente vscanf de MonetDB Server v11.47.11 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de declaraciones SQL manipuladas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/MonetDB/MonetDB/issues/7412", diff --git a/2024/CVE-2024-57617.json b/2024/CVE-2024-57617.json index d7f2b7b029..e24f39182c 100644 --- a/2024/CVE-2024-57617.json +++ b/2024/CVE-2024-57617.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57617", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-14T01:15:10.060", - "lastModified": "2025-01-14T01:15:10.060", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:29.803", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the dameraulevenshtein component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + }, + { + "lang": "es", + "value": " Un problema en el componente dameraulevenshtein de MonetDB Server v11.49.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de declaraciones SQL manipuladas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/MonetDB/MonetDB/issues/7432", diff --git a/2024/CVE-2024-57642.json b/2024/CVE-2024-57642.json index 78df712ae7..88d202abca 100644 --- a/2024/CVE-2024-57642.json +++ b/2024/CVE-2024-57642.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57642", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-14T01:15:12.873", - "lastModified": "2025-01-14T01:15:12.873", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:30.030", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the dfe_inx_op_col_def_table component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements." + }, + { + "lang": "es", + "value": " Un problema en el componente dfe_inx_op_col_def_table de openlink virtuoso-opensource v7.2.11 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de declaraciones SQL manipuladas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/openlink/virtuoso-opensource/issues/1191", diff --git a/2024/CVE-2024-57768.json b/2024/CVE-2024-57768.json index 780e2ee490..ee6fa6fe7b 100644 --- a/2024/CVE-2024-57768.json +++ b/2024/CVE-2024-57768.json @@ -2,16 +2,55 @@ "id": "CVE-2024-57768", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T18:15:26.003", - "lastModified": "2025-01-16T18:15:26.003", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:30.633", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que JFinalOA anterior a v2025.01.01 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del componente validRoleKey?sysRole.key." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gitee.com/r1bbit/JFinalOA/issues/IBHUMT", diff --git a/2024/CVE-2024-9673.json b/2024/CVE-2024-9673.json index b44865f0b5..7c0da48af1 100644 --- a/2024/CVE-2024-9673.json +++ b/2024/CVE-2024-9673.json @@ -2,67 +2,15 @@ "id": "CVE-2024-9673", "sourceIdentifier": "security@wordfence.com", "published": "2025-01-08T07:15:27.980", - "lastModified": "2025-01-08T07:15:27.980", - "vulnStatus": "Received", + "lastModified": "2025-01-17T17:15:12.997", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Heading widget in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-22333. Reason: This candidate is a reservation duplicate of CVE-2025-22333. Notes: All CVE users should reference CVE-2025-22333 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "security@wordfence.com", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", - "baseScore": 6.4, - "baseSeverity": "MEDIUM", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "CHANGED", - "confidentialityImpact": "LOW", - "integrityImpact": "LOW", - "availabilityImpact": "NONE" - }, - "exploitabilityScore": 3.1, - "impactScore": 2.7 - } - ] - }, - "weaknesses": [ - { - "source": "security@wordfence.com", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-79" - } - ] - } - ], - "references": [ - { - "url": "https://plugins.trac.wordpress.org/browser/piotnet-addons-for-elementor/trunk/assets/js/extension-pafe-tooltip.js", - "source": "security@wordfence.com" - }, - { - "url": "https://plugins.trac.wordpress.org/changeset/3217875/", - "source": "security@wordfence.com" - }, - { - "url": "https://wordpress.org/plugins/piotnet-addons-for-elementor/#developers", - "source": "security@wordfence.com" - }, - { - "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/317a0e93-fcd7-41a0-a83e-98c50bfc6be2?source=cve", - "source": "security@wordfence.com" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/2025/CVE-2025-0430.json b/2025/CVE-2025-0430.json new file mode 100644 index 0000000000..fefe003939 --- /dev/null +++ b/2025/CVE-2025-0430.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2025-0430", + "sourceIdentifier": "ics-cert@hq.dhs.gov", + "published": "2025-01-17T18:15:30.920", + "lastModified": "2025-01-17T18:15:30.920", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Belledonne Communications Linphone-Desktop \n is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 8.7, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ics-cert@hq.dhs.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-014-04", + "source": "ics-cert@hq.dhs.gov" + } + ] +} \ No newline at end of file diff --git a/2025/CVE-2025-0532.json b/2025/CVE-2025-0532.json new file mode 100644 index 0000000000..db0f97453b --- /dev/null +++ b/2025/CVE-2025-0532.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2025-0532", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-17T18:15:31.237", + "lastModified": "2025-01-17T18:15:31.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/TIANN0/CVE/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.292416", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.292416", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.479100", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/2025/CVE-2025-0533.json b/2025/CVE-2025-0533.json new file mode 100644 index 0000000000..9e6cc29465 --- /dev/null +++ b/2025/CVE-2025-0533.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2025-0533", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-17T18:15:31.577", + "lastModified": "2025-01-17T18:15:31.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://1000projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/onupset/CVE/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.292417", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.292417", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.479119", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/2025/CVE-2025-22904.json b/2025/CVE-2025-22904.json index ff61d730d8..956df1898a 100644 --- a/2025/CVE-2025-22904.json +++ b/2025/CVE-2025-22904.json @@ -2,8 +2,8 @@ "id": "CVE-2025-22904", "sourceIdentifier": "cve@mitre.org", "published": "2025-01-16T03:15:06.313", - "lastModified": "2025-01-16T03:15:06.313", - "vulnStatus": "Received", + "lastModified": "2025-01-17T18:15:31.870", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -15,7 +15,42 @@ "value": " Se descubri\u00f3 que RE11S v1.11 contiene un desbordamiento de pila a trav\u00e9s del par\u00e1metro pptpUserName en la funci\u00f3n setWAN." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "http://re11s.com",