admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-20T05:00:24.601044+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-20 05:00:28 +00:00
parent 4fcb990eb8
commit 0ee3e14507
10 changed files with 194 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2023/CVE-2023-63xx/CVE-2023-6398.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6398",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-02-20T02:15:49.110",
"lastModified": "2024-02-20T02:15:49.110",
"lastModified": "2024-02-20T03:15:07.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware version 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
"value": "A post-authentication command injection vulnerability in the file upload binary in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1, NWA50AX firmware versions through 6.29(ABYW.3), WAC500 firmware versions through 6.65(ABVS.1), WAX300H firmware versions through 6.60(ACHF.1), and WBE660S firmware versions through 6.65(ACGG.1) could allow an authenticated attacker with administrator privileges to execute some operating system (OS) commands on an affected device via FTP."
}
],
"metrics": {

6
CVE-2023/CVE-2023-66xx/CVE-2023-6693.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6693",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-02T10:15:08.930",
"lastModified": "2024-02-08T10:15:11.967",
"lastModified": "2024-02-20T03:15:07.750",
"vulnStatus": "Modified",
"descriptions": [
{
@ -138,6 +138,10 @@
"Patch"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYGUN5HVOXESW7MSNM44E4AE2VNXQB6Y/",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0004/",
"source": "secalert@redhat.com"

55
CVE-2023/CVE-2023-67xx/CVE-2023-6764.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6764",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-02-20T03:15:07.870",
"lastModified": "2024-02-20T03:15:07.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\n\nA format string vulnerability in a function of the IPSec VPN feature in Zyxel ATP series firmware versions from 4.32 through 5.37 Patch 1, USG FLEX series firmware versions from 4.50 through 5.37 Patch 1, USG FLEX 50(W) series firmware versions from 4.16 through 5.37 Patch 1, and USG20(W)-VPN series firmware versions from 4.16 through 5.37 Patch 1 could allow an attacker to achieve unauthorized remote code execution by sending a sequence of specially crafted payloads containing an invalid pointer; however, such an attack would require detailed knowledge of an affected device\u2019s memory layout and configuration.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-vulnerabilities-in-firewalls-and-aps-02-20-2024",
"source": "security@zyxel.com.tw"
}
]
}

51
CVE-2024/CVE-2024-15xx/CVE-2024-1510.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-1510",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-20T03:15:08.077",
"lastModified": "2024-02-20T03:15:08.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Shortcodes Plugin \u2014 Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/tags/7.0.2/includes/shortcodes/tooltip.php",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3037436/shortcodes-ultimate/trunk/includes/shortcodes/tooltip.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ee03d780-076b-4501-a353-376198a4bd7b?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2024/CVE-2024-15xx/CVE-2024-1559.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-1559",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-20T04:15:07.330",
"lastModified": "2024-02-20T04:15:07.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037265%40link-library&new=3037265%40link-library&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/407a5c69-cce0-4868-aef0-ffc88981e256?source=cve",
"source": "security@wordfence.com"
}
]
}

6
CVE-2024/CVE-2024-242xx/CVE-2024-24258.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24258",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T18:15:52.083",
"lastModified": "2024-02-12T17:15:08.140",
"lastModified": "2024-02-20T03:15:08.257",
"vulnStatus": "Modified",
"descriptions": [
{
@ -79,6 +79,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2024/CVE-2024-242xx/CVE-2024-24259.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24259",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T18:15:52.133",
"lastModified": "2024-02-12T17:15:08.220",
"lastModified": "2024-02-20T03:15:08.330",
"vulnStatus": "Modified",
"descriptions": [
{
@ -79,6 +79,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2024/CVE-2024-245xx/CVE-2024-24575.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24575",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-06T22:16:15.057",
"lastModified": "2024-02-17T02:15:52.507",
"lastModified": "2024-02-20T03:15:08.397",
"vulnStatus": "Modified",
"descriptions": [
{
@ -146,6 +146,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2024/CVE-2024-245xx/CVE-2024-24577.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24577",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-06T22:16:15.270",
"lastModified": "2024-02-17T02:15:52.607",
"lastModified": "2024-02-20T03:15:08.520",
"vulnStatus": "Modified",
"descriptions": [
{
@ -138,6 +138,10 @@
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/",
"source": "security-advisories@github.com"
}
]
}

35
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-20T03:00:23.866707+00:00
2024-02-20T05:00:24.601044+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-20T02:15:51.470000+00:00
2024-02-20T04:15:07.330000+00:00
```
### Last Data Feed Release
@ -29,35 +29,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238916
238919
```
### CVEs added in the last Commit
Recently added CVEs: `11`
Recently added CVEs: `3`
* [CVE-2023-6397](CVE-2023/CVE-2023-63xx/CVE-2023-6397.json) (`2024-02-20T02:15:48.793`)
* [CVE-2023-6398](CVE-2023/CVE-2023-63xx/CVE-2023-6398.json) (`2024-02-20T02:15:49.110`)
* [CVE-2023-6399](CVE-2023/CVE-2023-63xx/CVE-2023-6399.json) (`2024-02-20T02:15:49.407`)
* [CVE-2024-1647](CVE-2024/CVE-2024-16xx/CVE-2024-1647.json) (`2024-02-20T01:15:07.717`)
* [CVE-2024-1648](CVE-2024/CVE-2024-16xx/CVE-2024-1648.json) (`2024-02-20T01:15:07.943`)
* [CVE-2024-0715](CVE-2024/CVE-2024-07xx/CVE-2024-0715.json) (`2024-02-20T02:15:49.720`)
* [CVE-2024-21890](CVE-2024/CVE-2024-218xx/CVE-2024-21890.json) (`2024-02-20T02:15:50.120`)
* [CVE-2024-21891](CVE-2024/CVE-2024-218xx/CVE-2024-21891.json) (`2024-02-20T02:15:50.347`)
* [CVE-2024-21892](CVE-2024/CVE-2024-218xx/CVE-2024-21892.json) (`2024-02-20T02:15:50.567`)
* [CVE-2024-21896](CVE-2024/CVE-2024-218xx/CVE-2024-21896.json) (`2024-02-20T02:15:50.770`)
* [CVE-2024-22019](CVE-2024/CVE-2024-220xx/CVE-2024-22019.json) (`2024-02-20T02:15:50.983`)
* [CVE-2023-6764](CVE-2023/CVE-2023-67xx/CVE-2023-6764.json) (`2024-02-20T03:15:07.870`)
* [CVE-2024-1510](CVE-2024/CVE-2024-15xx/CVE-2024-1510.json) (`2024-02-20T03:15:08.077`)
* [CVE-2024-1559](CVE-2024/CVE-2024-15xx/CVE-2024-1559.json) (`2024-02-20T04:15:07.330`)
### CVEs modified in the last Commit
Recently modified CVEs: `5`
Recently modified CVEs: `6`
* [CVE-2024-1019](CVE-2024/CVE-2024-10xx/CVE-2024-1019.json) (`2024-02-20T02:15:49.973`)
* [CVE-2024-25442](CVE-2024/CVE-2024-254xx/CVE-2024-25442.json) (`2024-02-20T02:15:51.217`)
* [CVE-2024-25443](CVE-2024/CVE-2024-254xx/CVE-2024-25443.json) (`2024-02-20T02:15:51.313`)
* [CVE-2024-25445](CVE-2024/CVE-2024-254xx/CVE-2024-25445.json) (`2024-02-20T02:15:51.397`)
* [CVE-2024-25446](CVE-2024/CVE-2024-254xx/CVE-2024-25446.json) (`2024-02-20T02:15:51.470`)
* [CVE-2023-6398](CVE-2023/CVE-2023-63xx/CVE-2023-6398.json) (`2024-02-20T03:15:07.650`)
* [CVE-2023-6693](CVE-2023/CVE-2023-66xx/CVE-2023-6693.json) (`2024-02-20T03:15:07.750`)
* [CVE-2024-24258](CVE-2024/CVE-2024-242xx/CVE-2024-24258.json) (`2024-02-20T03:15:08.257`)
* [CVE-2024-24259](CVE-2024/CVE-2024-242xx/CVE-2024-24259.json) (`2024-02-20T03:15:08.330`)
* [CVE-2024-24575](CVE-2024/CVE-2024-245xx/CVE-2024-24575.json) (`2024-02-20T03:15:08.397`)
* [CVE-2024-24577](CVE-2024/CVE-2024-245xx/CVE-2024-24577.json) (`2024-02-20T03:15:08.520`)
## Download and Usage