admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-05T09:00:24.815968+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-05 09:00:28 +00:00
parent 814491bf26
commit 01a9140806
24 changed files with 992 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2023/CVE-2023-246xx/CVE-2023-24676.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-24676",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-24T21:15:08.327",
"lastModified": "2024-01-30T21:26:16.803",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-05T08:15:43.367",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue found in Processwire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module."
"value": "An issue found in ProcessWire 3.0.210 allows attackers to execute arbitrary code and install a reverse shell via the download_zip_url parameter when installing a new module. NOTE: this is disputed because exploitation requires that the attacker is able to enter requests as an admin; however, a ProcessWire admin is intentionally allowed to install any module that contains any arbitrary code."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-270xx/CVE-2023-27043.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27043",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-04-19T00:15:07.973",
"lastModified": "2024-01-11T03:15:09.307",
"lastModified": "2024-02-05T07:15:07.720",
"vulnStatus": "Modified",
"descriptions": [
{
@ -96,6 +96,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ARI7VDSNTQVXRQFM6IK5GSSLEIYV4VZH/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXYVPEZUA3465AEFX5JVFVP7KIFZMF3N/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N6M5I6OQHJABNEYY555HUMMKX3Y4P25Z/",
"source": "cve@mitre.org"

8
CVE-2023/CVE-2023-470xx/CVE-2023-47038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47038",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T14:15:08.933",
"lastModified": "2023-12-29T22:46:48.817",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-05T07:15:08.413",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -136,6 +136,10 @@
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2023/CVE-2023-476xx/CVE-2023-47627.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47627",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-14T21:15:12.820",
"lastModified": "2023-12-07T03:15:07.040",
"lastModified": "2024-02-05T07:15:08.850",
"vulnStatus": "Modified",
"descriptions": [
{
@ -104,6 +104,10 @@
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUSJVQ7OQ55RWL4XAX2F5EZ73N4ZSH6U/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VDKQ6HM3KNDU4OQI476ZWT4O7DMSIT35/",
"source": "security-advisories@github.com"

10
CVE-2023/CVE-2023-61xx/CVE-2023-6111.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6111",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2023-11-14T14:15:29.063",
"lastModified": "2023-12-04T03:15:07.253",
"lastModified": "2024-02-05T07:15:09.190",
"vulnStatus": "Modified",
"descriptions": [
{
@ -114,6 +114,14 @@
"Patch"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3OXWBKK7RTQOGGDLQGCZFS753VLGS2GD/",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3S55P23EYAWDHXZPJEVTGIRZZRICYI3Z/",
"source": "cve-coordination@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IG6IF3FUY7LVZJMFRPANAU4L4PSJ3ESQ/",
"source": "cve-coordination@google.com"

32
CVE-2023/CVE-2023-70xx/CVE-2023-7077.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-7077",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2024-02-05T07:15:09.690",
"lastModified": "2024-02-05T07:15:09.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sharp NEC Displays (P403, P463, P553, P703, P801, X554UN, X464UN, X554UNS, X464UNV, X474HB, X464UNS, X554UNV, X555UNS, X555UNV, X754HB, X554HB, E705, E805, E905, UN551S, UN551VS, X551UHD, X651UHD, X841UHD, X981UHD, MD551C8) allows an attacker execute remote code by sending unintended parameters in http request.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "psirt-info@cyber.jp.nec.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.sharp-nec-displays.com/global/support/info/A4_vulnerability.html",
"source": "psirt-info@cyber.jp.nec.com"
}
]
}

55
CVE-2024/CVE-2024-223xx/CVE-2024-22386.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22386",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:43.830",
"lastModified": "2024-02-05T08:15:43.830",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's drm/exynos device driver in\u00a0exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8147",
"source": "security@openanolis.org"
}
]
}

24
CVE-2024/CVE-2024-226xx/CVE-2024-22667.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-22667",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T08:15:44.110",
"lastModified": "2024-02-05T08:15:44.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47",
"source": "cve@mitre.org"
}
]
}

55
CVE-2024/CVE-2024-231xx/CVE-2024-23196.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23196",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:44.167",
"lastModified": "2024-02-05T08:15:44.167",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8148",
"source": "security@openanolis.org"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24838.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24838",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:10.237",
"lastModified": "2024-02-05T07:15:10.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/good-reviews-wp/wordpress-five-star-restaurant-reviews-plugin-2-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24839.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24839",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:10.850",
"lastModified": "2024-02-05T07:15:10.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon B\u00f6hme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/structured-content/wordpress-structured-content-json-ld-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24841.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24841",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:11.437",
"lastModified": "2024-02-05T07:15:11.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan's Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/add-customer-for-woocommerce/wordpress-add-customer-for-woocommerce-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24846.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24846",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:12.257",
"lastModified": "2024-02-05T07:15:12.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mighty-addons/wordpress-mighty-addons-for-elementor-plugin-1-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24847.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24847",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:13.387",
"lastModified": "2024-02-05T07:15:13.387",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/calculatorpro-calculators/wordpress-calculatorpro-calculators-plugin-1-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24848.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24848",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:13.970",
"lastModified": "2024-02-05T07:15:13.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups \u2013 Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ptoffice-sign-ups/wordpress-pt-sign-ups-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24855.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24855",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:44.353",
"lastModified": "2024-02-05T08:15:44.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8149",
"source": "security@openanolis.org"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24857.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24857",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:44.533",
"lastModified": "2024-02-05T08:15:44.533",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8155",
"source": "security@openanolis.org"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24858.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24858",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:44.713",
"lastModified": "2024-02-05T08:15:44.713",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8154",
"source": "security@openanolis.org"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24859.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24859",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:44.897",
"lastModified": "2024-02-05T08:15:44.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8153",
"source": "security@openanolis.org"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24860.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24860",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:45.077",
"lastModified": "2024-02-05T08:15:45.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.4,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8151",
"source": "security@openanolis.org"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24861.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24861",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:45.253",
"lastModified": "2024-02-05T08:15:45.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8150",
"source": "security@openanolis.org"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24864.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24864",
"sourceIdentifier": "security@openanolis.org",
"published": "2024-02-05T08:15:45.433",
"lastModified": "2024-02-05T08:15:45.433",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write()\u00a0function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security@openanolis.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://bugzilla.openanolis.cn/show_bug.cgi?id=8178",
"source": "security@openanolis.org"
}
]
}

55
CVE-2024/CVE-2024-248xx/CVE-2024-24865.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24865",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-05T07:15:14.510",
"lastModified": "2024-02-05T07:15:14.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/dreamgrow-scroll-triggered-box/wordpress-scroll-triggered-box-plugin-2-3-cross-site-scripting-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

52
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-05T07:00:24.888388+00:00
2024-02-05T09:00:24.815968+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-05T06:15:47.870000+00:00
2024-02-05T08:15:45.433000+00:00
```
### Last Data Feed Release
@ -29,38 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237540
237558
```
### CVEs added in the last Commit
Recently added CVEs: `19`
Recently added CVEs: `18`
* [CVE-2023-47170](CVE-2023/CVE-2023-471xx/CVE-2023-47170.json) (`2024-02-05T05:15:07.730`)
* [CVE-2023-51504](CVE-2023/CVE-2023-515xx/CVE-2023-51504.json) (`2024-02-05T06:15:46.400`)
* [CVE-2023-5677](CVE-2023/CVE-2023-56xx/CVE-2023-5677.json) (`2024-02-05T06:15:46.690`)
* [CVE-2023-5800](CVE-2023/CVE-2023-58xx/CVE-2023-5800.json) (`2024-02-05T06:15:46.863`)
* [CVE-2024-20001](CVE-2024/CVE-2024-200xx/CVE-2024-20001.json) (`2024-02-05T06:15:47.027`)
* [CVE-2024-20002](CVE-2024/CVE-2024-200xx/CVE-2024-20002.json) (`2024-02-05T06:15:47.083`)
* [CVE-2024-20003](CVE-2024/CVE-2024-200xx/CVE-2024-20003.json) (`2024-02-05T06:15:47.130`)
* [CVE-2024-20004](CVE-2024/CVE-2024-200xx/CVE-2024-20004.json) (`2024-02-05T06:15:47.190`)
* [CVE-2024-20006](CVE-2024/CVE-2024-200xx/CVE-2024-20006.json) (`2024-02-05T06:15:47.233`)
* [CVE-2024-20007](CVE-2024/CVE-2024-200xx/CVE-2024-20007.json) (`2024-02-05T06:15:47.283`)
* [CVE-2024-20009](CVE-2024/CVE-2024-200xx/CVE-2024-20009.json) (`2024-02-05T06:15:47.330`)
* [CVE-2024-20010](CVE-2024/CVE-2024-200xx/CVE-2024-20010.json) (`2024-02-05T06:15:47.387`)
* [CVE-2024-20011](CVE-2024/CVE-2024-200xx/CVE-2024-20011.json) (`2024-02-05T06:15:47.447`)
* [CVE-2024-20012](CVE-2024/CVE-2024-200xx/CVE-2024-20012.json) (`2024-02-05T06:15:47.490`)
* [CVE-2024-20013](CVE-2024/CVE-2024-200xx/CVE-2024-20013.json) (`2024-02-05T06:15:47.530`)
* [CVE-2024-20015](CVE-2024/CVE-2024-200xx/CVE-2024-20015.json) (`2024-02-05T06:15:47.580`)
* [CVE-2024-20016](CVE-2024/CVE-2024-200xx/CVE-2024-20016.json) (`2024-02-05T06:15:47.627`)
* [CVE-2024-24866](CVE-2024/CVE-2024-248xx/CVE-2024-24866.json) (`2024-02-05T06:15:47.677`)
* [CVE-2024-24870](CVE-2024/CVE-2024-248xx/CVE-2024-24870.json) (`2024-02-05T06:15:47.870`)
* [CVE-2023-7077](CVE-2023/CVE-2023-70xx/CVE-2023-7077.json) (`2024-02-05T07:15:09.690`)
* [CVE-2024-24838](CVE-2024/CVE-2024-248xx/CVE-2024-24838.json) (`2024-02-05T07:15:10.237`)
* [CVE-2024-24839](CVE-2024/CVE-2024-248xx/CVE-2024-24839.json) (`2024-02-05T07:15:10.850`)
* [CVE-2024-24841](CVE-2024/CVE-2024-248xx/CVE-2024-24841.json) (`2024-02-05T07:15:11.437`)
* [CVE-2024-24846](CVE-2024/CVE-2024-248xx/CVE-2024-24846.json) (`2024-02-05T07:15:12.257`)
* [CVE-2024-24847](CVE-2024/CVE-2024-248xx/CVE-2024-24847.json) (`2024-02-05T07:15:13.387`)
* [CVE-2024-24848](CVE-2024/CVE-2024-248xx/CVE-2024-24848.json) (`2024-02-05T07:15:13.970`)
* [CVE-2024-24865](CVE-2024/CVE-2024-248xx/CVE-2024-24865.json) (`2024-02-05T07:15:14.510`)
* [CVE-2024-22386](CVE-2024/CVE-2024-223xx/CVE-2024-22386.json) (`2024-02-05T08:15:43.830`)
* [CVE-2024-22667](CVE-2024/CVE-2024-226xx/CVE-2024-22667.json) (`2024-02-05T08:15:44.110`)
* [CVE-2024-23196](CVE-2024/CVE-2024-231xx/CVE-2024-23196.json) (`2024-02-05T08:15:44.167`)
* [CVE-2024-24855](CVE-2024/CVE-2024-248xx/CVE-2024-24855.json) (`2024-02-05T08:15:44.353`)
* [CVE-2024-24857](CVE-2024/CVE-2024-248xx/CVE-2024-24857.json) (`2024-02-05T08:15:44.533`)
* [CVE-2024-24858](CVE-2024/CVE-2024-248xx/CVE-2024-24858.json) (`2024-02-05T08:15:44.713`)
* [CVE-2024-24859](CVE-2024/CVE-2024-248xx/CVE-2024-24859.json) (`2024-02-05T08:15:44.897`)
* [CVE-2024-24860](CVE-2024/CVE-2024-248xx/CVE-2024-24860.json) (`2024-02-05T08:15:45.077`)
* [CVE-2024-24861](CVE-2024/CVE-2024-248xx/CVE-2024-24861.json) (`2024-02-05T08:15:45.253`)
* [CVE-2024-24864](CVE-2024/CVE-2024-248xx/CVE-2024-24864.json) (`2024-02-05T08:15:45.433`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `5`
* [CVE-2023-27043](CVE-2023/CVE-2023-270xx/CVE-2023-27043.json) (`2024-02-05T07:15:07.720`)
* [CVE-2023-47038](CVE-2023/CVE-2023-470xx/CVE-2023-47038.json) (`2024-02-05T07:15:08.413`)
* [CVE-2023-47627](CVE-2023/CVE-2023-476xx/CVE-2023-47627.json) (`2024-02-05T07:15:08.850`)
* [CVE-2023-6111](CVE-2023/CVE-2023-61xx/CVE-2023-6111.json) (`2024-02-05T07:15:09.190`)
* [CVE-2023-24676](CVE-2023/CVE-2023-246xx/CVE-2023-24676.json) (`2024-02-05T08:15:43.367`)
## Download and Usage