mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-02-20T05:00:24.601044+00:00
This commit is contained in:
parent
4fcb990eb8
commit
0ee3e14507
@ -2,12 +2,12 @@
|
||||
"id": "CVE-2023-6398",
|
||||
"sourceIdentifier": "security@zyxel.com.tw",
|
||||
"published": "2024-02-20T02:15:49.110",
|
||||
"lastModified": "2024-02-20T02:15:49.110",
|
||||
"lastModified": "2024-02-20T03:15:07.650",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
|
||||
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2023-6693",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-01-02T10:15:08.930",
|
||||
"lastModified": "2024-02-08T10:15:11.967",
|
||||
"lastModified": "2024-02-20T03:15:07.750",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -138,6 +138,10 @@
|
||||
"Patch"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://security.netapp.com/advisory/ntap-20240208-0004/",
|
||||
"source": "secalert@redhat.com"
|
||||
|
55
CVE-2023/CVE-2023-67xx/CVE-2023-6764.json
Normal file
55
CVE-2023/CVE-2023-67xx/CVE-2023-6764.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2023-6764",
|
||||
"sourceIdentifier": "security@zyxel.com.tw",
|
||||
"published": "2024-02-20T03:15:07.870",
|
||||
"lastModified": "2024-02-20T03:15:07.870",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@zyxel.com.tw",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.1,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.2,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@zyxel.com.tw",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-134"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024",
|
||||
"source": "security@zyxel.com.tw"
|
||||
}
|
||||
]
|
||||
}
|
51
CVE-2024/CVE-2024-15xx/CVE-2024-1510.json
Normal file
51
CVE-2024/CVE-2024-15xx/CVE-2024-1510.json
Normal file
@ -0,0 +1,51 @@
|
||||
{
|
||||
"id": "CVE-2024-1510",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-02-20T03:15:08.077",
|
||||
"lastModified": "2024-02-20T03:15:08.077",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.1,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/tags/7.0.2/includes/shortcodes/tooltip.php",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset/3037436/shortcodes-ultimate/trunk/includes/shortcodes/tooltip.php",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee03d780-076b-4501-a353-376198a4bd7b?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
47
CVE-2024/CVE-2024-15xx/CVE-2024-1559.json
Normal file
47
CVE-2024/CVE-2024-15xx/CVE-2024-1559.json
Normal file
@ -0,0 +1,47 @@
|
||||
{
|
||||
"id": "CVE-2024-1559",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-02-20T04:15:07.330",
|
||||
"lastModified": "2024-02-20T04:15:07.330",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 2.5
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037265%40link-library&new=3037265%40link-library&sfp_email=&sfph_mail=",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/407a5c69-cce0-4868-aef0-ffc88981e256?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-24258",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-05T18:15:52.083",
|
||||
"lastModified": "2024-02-12T17:15:08.140",
|
||||
"lastModified": "2024-02-20T03:15:08.257",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -79,6 +79,10 @@
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-24259",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-02-05T18:15:52.133",
|
||||
"lastModified": "2024-02-12T17:15:08.220",
|
||||
"lastModified": "2024-02-20T03:15:08.330",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -79,6 +79,10 @@
|
||||
"Exploit",
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-24575",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-02-06T22:16:15.057",
|
||||
"lastModified": "2024-02-17T02:15:52.507",
|
||||
"lastModified": "2024-02-20T03:15:08.397",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -146,6 +146,10 @@
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/",
|
||||
"source": "security-advisories@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/",
|
||||
"source": "security-advisories@github.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-24577",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-02-06T22:16:15.270",
|
||||
"lastModified": "2024-02-17T02:15:52.607",
|
||||
"lastModified": "2024-02-20T03:15:08.520",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
@ -138,6 +138,10 @@
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/",
|
||||
"source": "security-advisories@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/",
|
||||
"source": "security-advisories@github.com"
|
||||
}
|
||||
]
|
||||
}
|
35
README.md
35
README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-02-20T03:00:23.866707+00:00
|
||||
2024-02-20T05:00:24.601044+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-02-20T02:15:51.470000+00:00
|
||||
2024-02-20T04:15:07.330000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -29,35 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
238916
|
||||
238919
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `11`
|
||||
Recently added CVEs: `3`
|
||||
|
||||
* [CVE-2023-6397](CVE-2023/CVE-2023-63xx/CVE-2023-6397.json) (`2024-02-20T02:15:48.793`)
|
||||
* [CVE-2023-6398](CVE-2023/CVE-2023-63xx/CVE-2023-6398.json) (`2024-02-20T02:15:49.110`)
|
||||
* [CVE-2023-6399](CVE-2023/CVE-2023-63xx/CVE-2023-6399.json) (`2024-02-20T02:15:49.407`)
|
||||
* [CVE-2024-1647](CVE-2024/CVE-2024-16xx/CVE-2024-1647.json) (`2024-02-20T01:15:07.717`)
|
||||
* [CVE-2024-1648](CVE-2024/CVE-2024-16xx/CVE-2024-1648.json) (`2024-02-20T01:15:07.943`)
|
||||
* [CVE-2024-0715](CVE-2024/CVE-2024-07xx/CVE-2024-0715.json) (`2024-02-20T02:15:49.720`)
|
||||
* [CVE-2024-21890](CVE-2024/CVE-2024-218xx/CVE-2024-21890.json) (`2024-02-20T02:15:50.120`)
|
||||
* [CVE-2024-21891](CVE-2024/CVE-2024-218xx/CVE-2024-21891.json) (`2024-02-20T02:15:50.347`)
|
||||
* [CVE-2024-21892](CVE-2024/CVE-2024-218xx/CVE-2024-21892.json) (`2024-02-20T02:15:50.567`)
|
||||
* [CVE-2024-21896](CVE-2024/CVE-2024-218xx/CVE-2024-21896.json) (`2024-02-20T02:15:50.770`)
|
||||
* [CVE-2024-22019](CVE-2024/CVE-2024-220xx/CVE-2024-22019.json) (`2024-02-20T02:15:50.983`)
|
||||
* [CVE-2023-6764](CVE-2023/CVE-2023-67xx/CVE-2023-6764.json) (`2024-02-20T03:15:07.870`)
|
||||
* [CVE-2024-1510](CVE-2024/CVE-2024-15xx/CVE-2024-1510.json) (`2024-02-20T03:15:08.077`)
|
||||
* [CVE-2024-1559](CVE-2024/CVE-2024-15xx/CVE-2024-1559.json) (`2024-02-20T04:15:07.330`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `5`
|
||||
Recently modified CVEs: `6`
|
||||
|
||||
* [CVE-2024-1019](CVE-2024/CVE-2024-10xx/CVE-2024-1019.json) (`2024-02-20T02:15:49.973`)
|
||||
* [CVE-2024-25442](CVE-2024/CVE-2024-254xx/CVE-2024-25442.json) (`2024-02-20T02:15:51.217`)
|
||||
* [CVE-2024-25443](CVE-2024/CVE-2024-254xx/CVE-2024-25443.json) (`2024-02-20T02:15:51.313`)
|
||||
* [CVE-2024-25445](CVE-2024/CVE-2024-254xx/CVE-2024-25445.json) (`2024-02-20T02:15:51.397`)
|
||||
* [CVE-2024-25446](CVE-2024/CVE-2024-254xx/CVE-2024-25446.json) (`2024-02-20T02:15:51.470`)
|
||||
* [CVE-2023-6398](CVE-2023/CVE-2023-63xx/CVE-2023-6398.json) (`2024-02-20T03:15:07.650`)
|
||||
* [CVE-2023-6693](CVE-2023/CVE-2023-66xx/CVE-2023-6693.json) (`2024-02-20T03:15:07.750`)
|
||||
* [CVE-2024-24258](CVE-2024/CVE-2024-242xx/CVE-2024-24258.json) (`2024-02-20T03:15:08.257`)
|
||||
* [CVE-2024-24259](CVE-2024/CVE-2024-242xx/CVE-2024-24259.json) (`2024-02-20T03:15:08.330`)
|
||||
* [CVE-2024-24575](CVE-2024/CVE-2024-245xx/CVE-2024-24575.json) (`2024-02-20T03:15:08.397`)
|
||||
* [CVE-2024-24577](CVE-2024/CVE-2024-245xx/CVE-2024-24577.json) (`2024-02-20T03:15:08.520`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
Loading…
x
Reference in New Issue
Block a user