-
Notifications
You must be signed in to change notification settings - Fork 16
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Auto-Update: 2024-11-18T23:00:20.055685+00:00
- Loading branch information
1 parent
93a968c
commit 1a256e9
Showing
74 changed files
with
5,669 additions
and
286 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,8 +2,8 @@ | |
| "id": "CVE-2023-4134", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-14T11:15:03.730", | ||
| "lastModified": "2024-11-15T13:58:08.913", | ||
| "vulnStatus": "Undergoing Analysis", | ||
| "lastModified": "2024-11-18T22:08:54.803", | ||
| "vulnStatus": "Analyzed", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
|
|
@@ -17,6 +17,26 @@ | |
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", | ||
| "attackVector": "LOCAL", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "LOW", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "NONE", | ||
| "integrityImpact": "NONE", | ||
| "availabilityImpact": "HIGH", | ||
| "baseScore": 5.5, | ||
| "baseSeverity": "MEDIUM" | ||
| }, | ||
| "exploitabilityScore": 1.8, | ||
| "impactScore": 3.6 | ||
| }, | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
|
|
@@ -40,6 +60,16 @@ | |
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-416" | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Secondary", | ||
|
|
@@ -51,14 +81,55 @@ | |
| ] | ||
| } | ||
| ], | ||
| "configurations": [ | ||
| { | ||
| "nodes": [ | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", | ||
| "versionEndExcluding": "6.5", | ||
| "matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "nodes": [ | ||
| { | ||
| "operator": "OR", | ||
| "negate": false, | ||
| "cpeMatch": [ | ||
| { | ||
| "vulnerable": true, | ||
| "criteria": "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*", | ||
| "matchCriteriaId": "CC559B26-5DFC-4B7A-A27C-B77DE755DFF9" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://access.redhat.com/security/cve/CVE-2023-4134", | ||
| "source": "[email protected]" | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "Third Party Advisory" | ||
| ] | ||
| }, | ||
| { | ||
| "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221700", | ||
| "source": "[email protected]" | ||
| "source": "[email protected]", | ||
| "tags": [ | ||
| "Issue Tracking", | ||
| "Patch", | ||
| "Third Party Advisory" | ||
| ] | ||
| } | ||
| ] | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,7 +2,7 @@ | |
| "id": "CVE-2023-43843", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-05-28T19:15:09.273", | ||
| "lastModified": "2024-05-29T13:02:09.280", | ||
| "lastModified": "2024-11-18T22:35:01.377", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
|
|
@@ -15,7 +15,42 @@ | |
| "value": "El control de acceso incorrecto en la funci\u00f3n de administraci\u00f3n de cuentas de la interfaz web en Aten PE6208 2.3.228 y 2.4.232 permite a los usuarios autenticados remotamente leer las contrase\u00f1as de las cuentas de usuario y administrador a trav\u00e9s de una solicitud HTTP GET." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "LOW", | ||
| "integrityImpact": "LOW", | ||
| "availabilityImpact": "LOW", | ||
| "baseScore": 7.3, | ||
| "baseSeverity": "HIGH" | ||
| }, | ||
| "exploitabilityScore": 3.9, | ||
| "impactScore": 3.4 | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", | ||
| "type": "Secondary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-125" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://github.com/setersora/pe6208", | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,13 +2,13 @@ | |
| "id": "CVE-2024-10315", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-11T20:15:17.223", | ||
| "lastModified": "2024-11-12T15:15:06.147", | ||
| "lastModified": "2024-11-18T22:15:05.550", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Ather Iqbal." | ||
| "value": "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6. Reported by Alpha Inferno PVT LTD." | ||
| }, | ||
| { | ||
| "lang": "es", | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,60 @@ | ||
| { | ||
| "id": "CVE-2024-10486", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T22:15:05.657", | ||
| "lastModified": "2024-11-18T22:15:05.657", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "LOW", | ||
| "integrityImpact": "NONE", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 5.3, | ||
| "baseSeverity": "MEDIUM" | ||
| }, | ||
| "exploitabilityScore": 3.9, | ||
| "impactScore": 1.4 | ||
| } | ||
| ] | ||
| }, | ||
| "weaknesses": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "description": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "CWE-862" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "url": "https://plugins.trac.wordpress.org/browser/google-listings-and-ads/tags/2.8.6/vendor/googleads/google-ads-php/scripts/print_php_information.php", | ||
| "source": "[email protected]" | ||
| }, | ||
| { | ||
| "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/64bc7d47-6b63-4fd9-85d4-82126f86308a?source=cve", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,7 +2,7 @@ | |
| "id": "CVE-2024-1682", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-14T18:15:18.193", | ||
| "lastModified": "2024-11-15T13:58:08.913", | ||
| "lastModified": "2024-11-18T21:35:03.980", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
|
|
@@ -16,6 +16,28 @@ | |
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "REQUIRED", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "LOW", | ||
| "integrityImpact": "NONE", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 4.3, | ||
| "baseSeverity": "MEDIUM" | ||
| }, | ||
| "exploitabilityScore": 2.8, | ||
| "impactScore": 1.4 | ||
| } | ||
| ], | ||
| "cvssMetricV30": [ | ||
| { | ||
| "source": "[email protected]", | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,44 @@ | ||
| { | ||
| "id": "CVE-2024-21287", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-11-18T22:15:05.897", | ||
| "lastModified": "2024-11-18T22:15:05.897", | ||
| "vulnStatus": "Received", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
| { | ||
| "lang": "en", | ||
| "value": "Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." | ||
| } | ||
| ], | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "[email protected]", | ||
| "type": "Primary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", | ||
| "attackVector": "NETWORK", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "HIGH", | ||
| "integrityImpact": "NONE", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 7.5, | ||
| "baseSeverity": "HIGH" | ||
| }, | ||
| "exploitabilityScore": 3.9, | ||
| "impactScore": 3.6 | ||
| } | ||
| ] | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "https://www.oracle.com/security-alerts/alert-cve-2024-21287.html", | ||
| "source": "[email protected]" | ||
| } | ||
| ] | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,7 +2,7 @@ | |
| "id": "CVE-2024-23220", | ||
| "sourceIdentifier": "[email protected]", | ||
| "published": "2024-03-08T02:15:47.500", | ||
| "lastModified": "2024-03-13T23:15:46.087", | ||
| "lastModified": "2024-11-18T21:35:04.300", | ||
| "vulnStatus": "Awaiting Analysis", | ||
| "cveTags": [], | ||
| "descriptions": [ | ||
|
|
@@ -15,7 +15,30 @@ | |
| "value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en visionOS 1.1, iOS 17.4 y iPadOS 17.4. Es posible que una aplicaci\u00f3n pueda tomar las huellas digitales del usuario." | ||
| } | ||
| ], | ||
| "metrics": {}, | ||
| "metrics": { | ||
| "cvssMetricV31": [ | ||
| { | ||
| "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", | ||
| "type": "Secondary", | ||
| "cvssData": { | ||
| "version": "3.1", | ||
| "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", | ||
| "attackVector": "LOCAL", | ||
| "attackComplexity": "LOW", | ||
| "privilegesRequired": "NONE", | ||
| "userInteraction": "NONE", | ||
| "scope": "UNCHANGED", | ||
| "confidentialityImpact": "NONE", | ||
| "integrityImpact": "LOW", | ||
| "availabilityImpact": "NONE", | ||
| "baseScore": 4.0, | ||
| "baseSeverity": "MEDIUM" | ||
| }, | ||
| "exploitabilityScore": 2.5, | ||
| "impactScore": 1.4 | ||
| } | ||
| ] | ||
| }, | ||
| "references": [ | ||
| { | ||
| "url": "http://seclists.org/fulldisclosure/2024/Mar/26", | ||
|
|
||
Oops, something went wrong.