admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-02T03:00:24.405581+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-02 03:00:28 +00:00
parent 2f9f59a9a5
commit 0513ab47de
5 changed files with 192 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2023/CVE-2023-403xx/CVE-2023-40303.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-40303",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-14T05:15:10.233",
"lastModified": "2023-12-31T00:15:44.133",
"lastModified": "2024-01-02T01:15:07.857",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process."
"value": "GNU inetutils before 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process."
}
],
"metrics": {

6
CVE-2023/CVE-2023-517xx/CVE-2023-51766.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-51766",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T06:15:07.673",
"lastModified": "2024-01-01T21:15:24.403",
"lastModified": "2024-01-02T01:15:07.963",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -36,6 +36,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/01/01/2",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/01/3",
"source": "cve@mitre.org"
},
{
"url": "https://bugs.exim.org/show_bug.cgi?id=3063",
"source": "cve@mitre.org"

88
CVE-2024/CVE-2024-01xx/CVE-2024-0185.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0185",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T01:15:08.020",
"lastModified": "2024-01-02T01:15:08.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/PBd13AoR#G3fYWB82wGCa7sD22JP3_twtbw3B0qSJ-4eMMrYR5cE",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249443",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249443",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-01xx/CVE-2024-0186.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0186",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-02T01:15:08.273",
"lastModified": "2024-01-02T01:15:08.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 2.6
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/WwPWWizD2Spk",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249444",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249444",
"source": "cna@vuldb.com"
}
]
}

17
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-02T00:55:26.719830+00:00
2024-01-02T03:00:24.405581+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-02T00:15:08.243000+00:00
2024-01-02T01:15:08.273000+00:00
```
### Last Data Feed Release
@ -23,28 +23,29 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-01-01T01:00:28.241800+00:00
2024-01-02T01:00:28.239068+00:00
```
### Total Number of included CVEs
```plain
234624
234626
```
### CVEs added in the last Commit
Recently added CVEs: `2`
* [CVE-2024-0183](CVE-2024/CVE-2024-01xx/CVE-2024-0183.json) (`2024-01-01T23:15:08.930`)
* [CVE-2024-0184](CVE-2024/CVE-2024-01xx/CVE-2024-0184.json) (`2024-01-02T00:15:08.243`)
* [CVE-2024-0185](CVE-2024/CVE-2024-01xx/CVE-2024-0185.json) (`2024-01-02T01:15:08.020`)
* [CVE-2024-0186](CVE-2024/CVE-2024-01xx/CVE-2024-0186.json) (`2024-01-02T01:15:08.273`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `2`
* [CVE-2023-4380](CVE-2023/CVE-2023-43xx/CVE-2023-4380.json) (`2024-01-01T23:15:08.460`)
* [CVE-2023-40303](CVE-2023/CVE-2023-403xx/CVE-2023-40303.json) (`2024-01-02T01:15:07.857`)
* [CVE-2023-51766](CVE-2023/CVE-2023-517xx/CVE-2023-51766.json) (`2024-01-02T01:15:07.963`)
## Download and Usage