mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-03-23T00:55:29.430984+00:00
This commit is contained in:
cad-safe-bot
parent
f12f03603e
commit
05d919ac00
@ -2,12 +2,12 @@
|
||||
"id": "CVE-2024-20677",
|
||||
"sourceIdentifier": "secure@microsoft.com",
|
||||
"published": "2024-01-09T18:15:50.887",
|
||||
"lastModified": "2024-01-26T01:15:09.533",
|
||||
"lastModified": "2024-03-23T00:15:08.517",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.\n3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.\nThis change is effective as of the January 9, 2024 security update.\n"
|
||||
"value": "A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer.\n3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.\nThis change is effective as of the January 9, 2024 security update.\n"
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
|
||||
43
CVE-2024/CVE-2024-290xx/CVE-2024-29059.json
Normal file
43
CVE-2024/CVE-2024-290xx/CVE-2024-29059.json
Normal file
@ -0,0 +1,43 @@
|
||||
{
|
||||
"id": "CVE-2024-29059",
|
||||
"sourceIdentifier": "secure@microsoft.com",
|
||||
"published": "2024-03-23T00:15:09.150",
|
||||
"lastModified": "2024-03-23T00:15:09.150",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": ".NET Framework Information Disclosure Vulnerability"
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "secure@microsoft.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059",
|
||||
"source": "secure@microsoft.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
63
CVE-2024/CVE-2024-291xx/CVE-2024-29190.json
Normal file
63
CVE-2024/CVE-2024-291xx/CVE-2024-29190.json
Normal file
@ -0,0 +1,63 @@
|
||||
{
|
||||
"id": "CVE-2024-29190",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-03-22T23:15:07.123",
|
||||
"lastModified": "2024-03-22T23:15:07.123",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue.\n"
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-918"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://drive.google.com/file/d/1nbKMd2sKosbJef5Mh4DxjcHcQ8Hw0BNR/view?usp=share_link",
|
||||
"source": "security-advisories@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/5a8eeee73c5f504a6c3abdf2a139a13804efdb77",
|
||||
"source": "security-advisories@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3",
|
||||
"source": "security-advisories@github.com"
|
||||
}
|
||||
]
|
||||
}
|
||||
13
README.md
13
README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-03-22T23:00:39.925530+00:00
|
||||
2024-03-23T00:55:29.430984+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-03-22T22:15:50.450000+00:00
|
||||
2024-03-23T00:15:09.150000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -29,21 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
242475
|
||||
242477
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `2`
|
||||
|
||||
* [CVE-2024-26247](CVE-2024/CVE-2024-262xx/CVE-2024-26247.json) (`2024-03-22T22:15:50.247`)
|
||||
* [CVE-2024-29057](CVE-2024/CVE-2024-290xx/CVE-2024-29057.json) (`2024-03-22T22:15:50.450`)
|
||||
* [CVE-2024-29059](CVE-2024/CVE-2024-290xx/CVE-2024-29059.json) (`2024-03-23T00:15:09.150`)
|
||||
* [CVE-2024-29190](CVE-2024/CVE-2024-291xx/CVE-2024-29190.json) (`2024-03-22T23:15:07.123`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `0`
|
||||
Recently modified CVEs: `1`
|
||||
|
||||
* [CVE-2024-20677](CVE-2024/CVE-2024-206xx/CVE-2024-20677.json) (`2024-03-23T00:15:08.517`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
||||
@ -239261,7 +239261,7 @@ CVE-2024-20673,0,0,54b4e9f241ee8ab47844805a07750d3fdabb10465652b2260f0e87e7bebbe
|
||||
CVE-2024-20674,0,0,f83fbf3dc1e32d0c5b9ec55d499109531471159cb602690a46d0c915a76f76a9,2024-01-14T22:37:10.873000
|
||||
CVE-2024-20675,0,0,098a1c1051e51e54708ad491ffc1da84402b5013489ba95a88b69b71214102c2,2024-01-18T19:14:08.637000
|
||||
CVE-2024-20676,0,0,579775666c740fd791eda792a7e52a24b6b8e9d0d14bd0023a90dc5677447d47,2024-01-14T22:38:08.740000
|
||||
CVE-2024-20677,0,0,506f58073690f522003f5076792ea8cd6920cfe3f53ea74fe7f3a6deacfa89f2,2024-01-26T01:15:09.533000
|
||||
CVE-2024-20677,0,1,b9486dd78242be24c7ff296f75ca8770194c3200204379fdd7a794d452563c6b,2024-03-23T00:15:08.517000
|
||||
CVE-2024-20679,0,0,1624b017f22f1cf58bc970d748c42b03846353e42c36ff6e40dcee02d8d7545e,2024-02-26T22:07:54.517000
|
||||
CVE-2024-2068,0,0,3b967167d283286e695c714101ce01e382c0bd68babba1652284fa3fabb893fe,2024-03-21T02:52:28.280000
|
||||
CVE-2024-20680,0,0,35b6f00c12f15f8755046cf5bffe1b26ae6f70d9c4c72c3072477aa5d126c0dc,2024-01-14T22:39:00.147000
|
||||
@ -241666,7 +241666,7 @@ CVE-2024-26204,0,0,413dd43bdbc47045478482b7d3349e3e66b0c3197ca627e0b5f71ae7053c6
|
||||
CVE-2024-2621,0,0,7e41b36936c33cfc41db3522fc8de0b052a15cd7fbe7c55c1cc1626b2ecd274d,2024-03-21T02:52:40.120000
|
||||
CVE-2024-2622,0,0,2faba3761f6560c88eea9c3b0fa6fc4529a548f032a256e1b05f67335e6c1170,2024-03-21T02:52:40.207000
|
||||
CVE-2024-26246,0,0,6c174a39b8e16966075834fa377a33ef3e5c5829eb1a43647414103e1222a0e5,2024-03-19T17:05:45.193000
|
||||
CVE-2024-26247,1,1,9e9af276759bbcb3764da6bd12450b177e01fc0b214eeb2d173f276a450efd13,2024-03-22T22:15:50.247000
|
||||
CVE-2024-26247,0,0,9e9af276759bbcb3764da6bd12450b177e01fc0b214eeb2d173f276a450efd13,2024-03-22T22:15:50.247000
|
||||
CVE-2024-2625,0,0,7f0c7bbe1bef3bb7d2fc9570ff293fdbd11362e4b40280372d99755e8fa5fb3a,2024-03-22T02:15:09.180000
|
||||
CVE-2024-2626,0,0,15a5ab39f3ba2305b99653902dbe610d82517f948afcea3fa4496e355e18e8cc,2024-03-22T02:15:09.243000
|
||||
CVE-2024-26260,0,0,e265a50d624e832bed578eaaf671225475ee52a0a641253d8d3fa4cc960d0968,2024-02-15T06:23:39.303000
|
||||
@ -242377,7 +242377,8 @@ CVE-2024-29033,0,0,3da47380cd3a71a38fcec215b864d4658478d80ec3a2925a5a05224fec9ea
|
||||
CVE-2024-29036,0,0,9e006ee4d248b12879916fd5a38e3fbf7a89f45ed6265666710ccd15d4bd0aa4,2024-03-21T12:58:51.093000
|
||||
CVE-2024-29037,0,0,522cff780a141ed0cb980da4de92689da8f883cb35906d0c7290ad955ce6a80b,2024-03-21T12:58:51.093000
|
||||
CVE-2024-29042,0,0,94be04c88512f8801f1a0b7e8a0fe44bc1e2661493f643835e5309c09e2ba389,2024-03-22T19:02:10.300000
|
||||
CVE-2024-29057,1,1,cdc1a145aba361380d18c2b35911a094ab57273bb744736ef7267676336ae250,2024-03-22T22:15:50.450000
|
||||
CVE-2024-29057,0,0,cdc1a145aba361380d18c2b35911a094ab57273bb744736ef7267676336ae250,2024-03-22T22:15:50.450000
|
||||
CVE-2024-29059,1,1,b707a4fa5a91288265f21e2d035c3e428763b4ab7ed04a8c4453f22922a2c39c,2024-03-23T00:15:09.150000
|
||||
CVE-2024-29089,0,0,e5fbae925c9da8d587d9573cbc1c34db123c4510c1c1616d472538493a08c59e,2024-03-20T13:00:16.367000
|
||||
CVE-2024-29091,0,0,b1cb764a2082d02939e32c22f722543dd831cf608e6c39b51eb933f990788962,2024-03-20T13:00:16.367000
|
||||
CVE-2024-29092,0,0,beafae19b6703c9fc1f01dec7ad304174a985adb5a44a4613a96bd5d1cef6a8d,2024-03-20T13:00:16.367000
|
||||
@ -242435,6 +242436,7 @@ CVE-2024-29180,0,0,e32bebc90fbd05fe3a3edfae9506df906c8ca56e295fcb3cc3f3f384d1252
|
||||
CVE-2024-29184,0,0,f7b8833969ca9d0c0710d9e673438a664414c13b1764f6ae8189b2b9b95caa65,2024-03-22T19:02:10.300000
|
||||
CVE-2024-29185,0,0,87ad89bc08b625b0d76de9def6a9a3830774fb10e68a03b7a7a4beff2b51d9e3,2024-03-22T19:02:10.300000
|
||||
CVE-2024-29186,0,0,4d22f13bcc9a989b4457971fb422d0f63596eb5c598cc015a08c44b1e3975e55,2024-03-22T19:02:10.300000
|
||||
CVE-2024-29190,1,1,4d7a2612081971332e8caf786004f0b15e412bf1a77fc6c71f244026d2d902dc,2024-03-22T23:15:07.123000
|
||||
CVE-2024-29243,0,0,80b3eab65af2d9fbeb7b6048e074697688a19de63e1138c377d0b826523dd7db,2024-03-21T15:24:35.093000
|
||||
CVE-2024-29244,0,0,ab4dadc4ff7b45a2c285edb922de956bae0828f007627c62339f15145e95a7b7,2024-03-21T15:24:35.093000
|
||||
CVE-2024-29271,0,0,86d82853285296d2653b2954b1f865b89755729787a00c9a08bf8b4da2a10347,2024-03-22T12:45:36.130000
|
||||
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user