admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-24T17:02:02.021537+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-24 17:05:12 +00:00
parent f0c2f709a2
commit 20ece5fea2
12 changed files with 243 additions and 131 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CVE-2021/CVE-2021-227xx/CVE-2021-22763.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2021-22763",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2021-06-11T16:15:10.320",
"lastModified": "2023-11-07T03:30:24.917",
"lastModified": "2024-11-24T15:15:04.450",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +31,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
@ -45,13 +44,13 @@
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"baseScore": 10.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
@ -67,7 +66,7 @@
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -219,8 +218,12 @@
],
"references": [
{
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf",
"source": "cybersecurity@se.com"
},
{
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

21
CVE-2021/CVE-2021-227xx/CVE-2021-22764.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2021-22764",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2021-06-11T16:15:10.390",
"lastModified": "2023-11-07T03:30:25.010",
"lastModified": "2024-11-24T15:15:04.637",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +31,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
@ -45,13 +44,13 @@
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
@ -67,7 +66,7 @@
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -192,8 +191,12 @@
],
"references": [
{
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03",
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2021-159-02.pdf",
"source": "cybersecurity@se.com"
},
{
"url": "http://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-02%2Chttp://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2021-159-03",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

59
CVE-2023/CVE-2023-37xx/CVE-2023-3758.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2023-3758",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-04-18T19:15:08.597",
"lastModified": "2024-09-16T19:16:05.550",
"lastModified": "2024-11-24T16:15:03.767",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -30,9 +31,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
@ -46,7 +45,7 @@
"description": [
{
"lang": "en",
"value": "CWE-285"
"value": "CWE-362"
}
]
}
@ -87,6 +86,54 @@
{
"url": "https://github.com/SSSD/sssd/pull/7302",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1919",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1920",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1921",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1922",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2571",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3270",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-3758",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223762",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://github.com/SSSD/sssd/pull/7302",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

37
CVE-2024/CVE-2024-00xx/CVE-2024-0012.json
View File

@ -2,13 +2,8 @@
"id": "CVE-2024-0012",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-11-18T16:15:11.683",
"lastModified": "2024-11-19T17:17:29.723",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2024-11-18",
"cisaActionDue": "2024-12-09",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.",
"cisaVulnerabilityName": "Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability",
"lastModified": "2024-11-24T15:15:05.860",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -27,6 +22,8 @@
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
@ -58,9 +55,7 @@
"recovery": "USER",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "HIGH",
"providerUrgency": "RED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
"providerUrgency": "RED"
}
}
],
@ -71,6 +66,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -78,19 +75,21 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"cisaExploitAdd": "2024-11-18",
"cisaActionDue": "2024-12-09",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet.",
"cisaVulnerabilityName": "Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability",
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -99,8 +98,8 @@
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
@ -181,6 +180,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

75
CVE-2024/CVE-2024-109xx/CVE-2024-10914.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-10914",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-06T14:15:05.310",
"lastModified": "2024-11-08T19:53:04.793",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-11-24T15:15:06.090",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
@ -54,39 +55,19 @@
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL"
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -94,12 +75,30 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -109,13 +108,13 @@
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"baseScore": 7.6,
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6
"availabilityImpact": "COMPLETE"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 4.9,
@ -131,12 +130,8 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-707"
},
{
"lang": "en",
"value": "CWE-74"
@ -144,6 +139,10 @@
{
"lang": "en",
"value": "CWE-78"
},
{
"lang": "en",
"value": "CWE-707"
}
]
}
@ -295,6 +294,10 @@
"tags": [
"Product"
]
},
{
"url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

18
CVE-2024/CVE-2024-110xx/CVE-2024-11066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11066",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-11-11T08:15:07.730",
"lastModified": "2024-11-15T18:22:45.323",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-24T15:15:06.387",
"vulnStatus": "Modified",
"cveTags": [
{
"sourceIdentifier": "twcert@cert.org.tw",
@ -26,10 +26,12 @@
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
@ -37,9 +39,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
@ -49,7 +49,7 @@
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -101,6 +101,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

18
CVE-2024/CVE-2024-110xx/CVE-2024-11067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11067",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-11-11T08:15:08.263",
"lastModified": "2024-11-15T18:23:32.557",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-24T15:15:06.567",
"vulnStatus": "Modified",
"cveTags": [
{
"sourceIdentifier": "twcert@cert.org.tw",
@ -26,10 +26,12 @@
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -37,9 +39,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
@ -49,7 +49,7 @@
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -101,6 +101,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

18
CVE-2024/CVE-2024-110xx/CVE-2024-11068.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11068",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-11-11T08:15:08.850",
"lastModified": "2024-11-15T18:24:25.127",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-24T15:15:06.707",
"vulnStatus": "Modified",
"cveTags": [
{
"sourceIdentifier": "twcert@cert.org.tw",
@ -26,10 +26,12 @@
"cvssMetricV31": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -37,9 +39,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
@ -49,7 +49,7 @@
"weaknesses": [
{
"source": "twcert@cert.org.tw",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -101,6 +101,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

28
CVE-2024/CVE-2024-538xx/CVE-2024-53899.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-53899",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-24T16:15:06.647",
"lastModified": "2024-11-24T16:15:06.647",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/pypa/virtualenv/issues/2768",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pypa/virtualenv/pull/2771",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pypa/virtualenv/releases/tag/20.26.6",
"source": "cve@mitre.org"
}
]
}

37
CVE-2024/CVE-2024-94xx/CVE-2024-9474.json
View File

@ -2,13 +2,8 @@
"id": "CVE-2024-9474",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-11-18T16:15:29.780",
"lastModified": "2024-11-19T17:16:40.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2024-11-18",
"cisaActionDue": "2024-12-09",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.",
"cisaVulnerabilityName": "Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability",
"lastModified": "2024-11-24T15:15:08.457",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -27,6 +22,8 @@
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
@ -58,9 +55,7 @@
"recovery": "USER",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "HIGH",
"providerUrgency": "RED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
"providerUrgency": "RED"
}
}
],
@ -71,6 +66,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
@ -78,19 +75,21 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"cisaExploitAdd": "2024-11-18",
"cisaActionDue": "2024-12-09",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet.",
"cisaVulnerabilityName": "Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability",
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -99,8 +98,8 @@
]
},
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
@ -203,6 +202,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://unit42.paloaltonetworks.com/cve-2024-0012-cve-2024-9474/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

21
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-11-24T15:00:50.643147+00:00
2024-11-24T17:02:02.021537+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-11-24T14:15:04.850000+00:00
2024-11-24T16:15:06.647000+00:00
```
### Last Data Feed Release
@ -33,20 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
271197
271198
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `1`
- [CVE-2024-53899](CVE-2024/CVE-2024-538xx/CVE-2024-53899.json) (`2024-11-24T16:15:06.647`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `9`
- [CVE-2024-1753](CVE-2024/CVE-2024-17xx/CVE-2024-1753.json) (`2024-11-24T14:15:04.850`)
- [CVE-2021-22763](CVE-2021/CVE-2021-227xx/CVE-2021-22763.json) (`2024-11-24T15:15:04.450`)
- [CVE-2021-22764](CVE-2021/CVE-2021-227xx/CVE-2021-22764.json) (`2024-11-24T15:15:04.637`)
- [CVE-2023-3758](CVE-2023/CVE-2023-37xx/CVE-2023-3758.json) (`2024-11-24T16:15:03.767`)
- [CVE-2024-0012](CVE-2024/CVE-2024-00xx/CVE-2024-0012.json) (`2024-11-24T15:15:05.860`)
- [CVE-2024-10914](CVE-2024/CVE-2024-109xx/CVE-2024-10914.json) (`2024-11-24T15:15:06.090`)
- [CVE-2024-11066](CVE-2024/CVE-2024-110xx/CVE-2024-11066.json) (`2024-11-24T15:15:06.387`)
- [CVE-2024-11067](CVE-2024/CVE-2024-110xx/CVE-2024-11067.json) (`2024-11-24T15:15:06.567`)
- [CVE-2024-11068](CVE-2024/CVE-2024-110xx/CVE-2024-11068.json) (`2024-11-24T15:15:06.707`)
- [CVE-2024-9474](CVE-2024/CVE-2024-94xx/CVE-2024-9474.json) (`2024-11-24T15:15:08.457`)
## Download and Usage

21
_state.csv
View File

@ -169090,8 +169090,8 @@ CVE-2021-2276,0,0,b5dae63cf39bc17db33d4e293b32b17614540e5a0409c0fe2eac092f495973
CVE-2021-22760,0,0,b29711f35512f6cce26b485013501672e80fea0e135a3d322599bd897d7e92fb,2021-06-15T19:12:35.493000
CVE-2021-22761,0,0,9e6cb14c6689375fe1509ddd0e9b8627b5d88801ed42d79ee336f03fecc1ab84,2021-06-15T19:15:09.343000
CVE-2021-22762,0,0,2e0ce445fae3a9758a1de38793a8ef207fe838a7d2c09e0ec875502c68a987db,2021-06-15T19:15:49.320000
CVE-2021-22763,0,0,44f96c4fd8185dc38ffb7908a057c75bb0b57c4a2b56b0476f20f8b9293a2499,2023-11-07T03:30:24.917000
CVE-2021-22764,0,0,9cc1607fac0cc0ac231a3ba5687cea43d83f3ca3b983322aff2cac846b2391ae,2023-11-07T03:30:25.010000
CVE-2021-22763,0,1,a4cc75c063bad05ec3e779428767eaf223978dad8c1da900e1f47cdb264e0d6b,2024-11-24T15:15:04.450000
CVE-2021-22764,0,1,1b6552a824c5bc87d7edb6ccd3b8668991bd905413cc57021104f97cb0ff64bb,2024-11-24T15:15:04.637000
CVE-2021-22765,0,0,2945810356a8ce07a452d343212ec346293056bc0f079dd95a11ea1461a3d4e4,2024-08-03T19:15:36.717000
CVE-2021-22766,0,0,dca50b4700ed62e6f8130a3ce0048b263acd8da492199a8d7fce9f74f0a3f799,2024-08-03T19:15:36.837000
CVE-2021-22767,0,0,13da2f53546b87232a1dcb5085025bb468bb8503eb2c38bb145258a9fc5303ae,2024-08-03T19:15:36.920000
@ -228697,7 +228697,7 @@ CVE-2023-37576,0,0,4a409ec25780249cc0ff6f23d32922308c9f3c2b2689d74d87cb8d1aeaec0
CVE-2023-37577,0,0,a293b5eb89e08f69573f2ec2c78f4feb2107da3c4f4cd3b13788154956d92cf7,2024-04-09T21:15:12.807000
CVE-2023-37578,0,0,5863500d4e6f44cfaec0e44ca8823a8ae6381bb626af944090671981a260740c,2024-04-09T21:15:12.900000
CVE-2023-37579,0,0,a63fb411059bff24e213440071988a2fa34bfcab1ad38988a1b4395e6f50415a,2023-07-20T17:37:20.790000
CVE-2023-3758,0,0,5e7c51c95b06afb5f93dc396881d2d7e840eae0205e8aa2365b463fcb422d6ad,2024-09-16T19:16:05.550000
CVE-2023-3758,0,1,cc607726e8bfc6077701ee5b75676d356684272a193d08c8b957f1b078031661,2024-11-24T16:15:03.767000
CVE-2023-37580,0,0,d3cfc7b4ec72ffd9baf1a5b22c0bdbdda2d0ea14fe3b55cfed5838ffc96ddfbf,2023-12-22T15:16:27.810000
CVE-2023-37581,0,0,1c75a6cf8f939f7c4339d9b8f28fdeb814489847df1a596417daedd7dc8b0938,2023-11-07T04:17:00.163000
CVE-2023-37582,0,0,6dfe2fccb93b11bec98905f8f33254af75b92e55efe584ad73a13ffb87cc6ed4,2023-07-20T02:11:34.330000
@ -241723,7 +241723,7 @@ CVE-2024-0008,0,0,899bae3dea0b6932a6d046356f47764b32f025595d0eef60d8e0e433b2b040
CVE-2024-0009,0,0,31a37345511ab8f9e782cdcb9d09dfe3dad4751b5c25ab7a9b1c5c74d0c64c05,2024-02-15T06:23:39.303000
CVE-2024-0010,0,0,0619a8beffc460e406861d5436887a98d4820a4ca409aea20f604a00879fcec0,2024-02-15T06:23:39.303000
CVE-2024-0011,0,0,871bd2790e1644ed9a3dece6c89b7131ea036c72c23f82726bf2a5f6003f50ac,2024-02-15T06:23:39.303000
CVE-2024-0012,0,0,ef6b6a85e60b444c75bd6e36f09d9f6606b5fae6d330768e6b835d3fd04fb999,2024-11-19T17:17:29.723000
CVE-2024-0012,0,1,a829f0a1b8deec54ca601ead0c28902fa355408a33946fb830573636d19968e5,2024-11-24T15:15:05.860000
CVE-2024-0014,0,0,57b1d977bcf36a4089ab5ef9c9905bf2b69a9e66b00e8c3e91bd20eccc0f8b75,2024-08-26T18:35:03.770000
CVE-2024-0015,0,0,00e8b369d8c884be684dc161c3d8d59320e06337f56989191711b768cfe02c9b,2024-08-28T17:35:03.353000
CVE-2024-0016,0,0,07b99aa38f7f021ca30f24587ae8679400297ca98f5e8da8ccc928cbae430ba9,2024-10-31T15:35:18.640000
@ -243241,7 +243241,7 @@ CVE-2024-1090,0,0,2d0b80c82d6d153c4e0b5412c3fcf892da86ac73a72da4cbf84bfbb064bdcb
CVE-2024-10900,0,0,f0a1068a03da92137242d5778d1db0773cba2fb63def13779ff35e3410d8f989,2024-11-20T07:15:08.690000
CVE-2024-1091,0,0,54ee7e9ca708166212a73aaa10e4715176fe17b55fbce1ee0ea8f95d289d46a5,2024-02-29T13:49:29.390000
CVE-2024-10913,0,0,4e9b29333972ed20a30c4eccde2c9645761370bd1f3d0211dcdd27a3f9c3d9cf,2024-11-20T14:15:17.253000
CVE-2024-10914,0,0,a19349a4797c04ddb77f70975a0145b559e2c17ff8d6db53557df6669e0449a1,2024-11-08T19:53:04.793000
CVE-2024-10914,0,1,0e11c1731905763ffc173784369687971adc0677422c26a81c4aa2918d85e560,2024-11-24T15:15:06.090000
CVE-2024-10915,0,0,b06bfc4427bf3f30a98b7ce390941759d780f67755e284354baa2af5087ffe27,2024-11-08T20:11:10.973000
CVE-2024-10916,0,0,bc544f9bd284df1d2cb2c93c5b72a85d457acf8720f73da6b50b8a164264f036,2024-11-08T20:11:37.567000
CVE-2024-10917,0,0,1eea699579f5dcb0f1ea716ba091b6b657cbea6b54620c9aa27bd72862f79a0d,2024-11-12T13:55:21.227000
@ -243339,9 +243339,9 @@ CVE-2024-11062,0,0,382398a254813285a8ce00b946267d17abf1e43f0a04fb87d058a641703cc
CVE-2024-11063,0,0,c82d798dd5590a078b5d7d26840dc30b4d0e6afdb1c08ee601fbc34cd61d9b36,2024-11-15T18:21:55.407000
CVE-2024-11064,0,0,7bc630a0bda7c8d299c9c3d34681318b70b580b6ee835e3a35824920be4cbd1c,2024-11-15T18:22:07.027000
CVE-2024-11065,0,0,07ecc20a5dd82ce3ecccd8bd16ce6c9c834a7ee14450b7b733f59e01e4d5af6b,2024-11-15T18:22:28.430000
CVE-2024-11066,0,0,e16818aa9ce80078f2734ac486cf4eb542ac5bd17e4c391662d4998111e3a483,2024-11-15T18:22:45.323000
CVE-2024-11067,0,0,56467501c947edd55cd4613fd2ef381247159c27f7d35a83af06c94b6a86acf3,2024-11-15T18:23:32.557000
CVE-2024-11068,0,0,f7e9062074774d089c911b3e1747ffd8f63444b7d0cb3b7ce8ded4e6fed69b57,2024-11-15T18:24:25.127000
CVE-2024-11066,0,1,f4d151e860fcc30f331de0b3259e95fc93fee25887e290628c9592c7621bf101,2024-11-24T15:15:06.387000
CVE-2024-11067,0,1,4a05e809a23a9c2fd51ee2a338a74c410821f5f8b3eb662012c0500c1f8e7025,2024-11-24T15:15:06.567000
CVE-2024-11068,0,1,50b063d7b829f002a85ab8473e50676a97f317c1df5a32b45c3ec0d0a11d73d9,2024-11-24T15:15:06.707000
CVE-2024-11069,0,0,7bbe444b414130d646e6e97abbee4066ed9cb9bd98d21c276eb448b361350d82,2024-11-19T21:57:32.967000
CVE-2024-1107,0,0,7fae6df9cdce298be180c2cb6d3dacceb0e976e847fc87cce19a7d73f37dfe2b,2024-09-16T19:08:27.840000
CVE-2024-11070,0,0,d26f54343d51f320ddc8212a815842d989a89842dd5b089d23a372fee3847ed9,2024-11-23T01:31:09.333000
@ -244181,7 +244181,7 @@ CVE-2024-1749,0,0,f620be6c4367805be5c83719352e695698d105470ce084642dece004f1c7c3
CVE-2024-1750,0,0,7f9ce3864064263c9a72249a090e6a4b7033b154fc6d744d107ff4cdf65d126b,2024-05-17T02:35:35.177000
CVE-2024-1751,0,0,154c401fe290eec38fd9c24bb6a8378784a8ac703cfa36934de32237c4b2fc0e,2024-03-13T18:15:58.530000
CVE-2024-1752,0,0,ebd28678960fb125918a034bc6797117b5ad867c71cd1502baeff6b2a6777f59,2024-10-27T23:35:02.790000
CVE-2024-1753,0,1,f8a25262c3f86133c866f1e07d45759b1904f223f4c08dde686d2805e8b195d9,2024-11-24T14:15:04.850000
CVE-2024-1753,0,0,f8a25262c3f86133c866f1e07d45759b1904f223f4c08dde686d2805e8b195d9,2024-11-24T14:15:04.850000
CVE-2024-1754,0,0,6d02707455f72bdff06cdba8f236495298ba067f3e3a9d1cc5b84a96ef4c9f88,2024-04-15T13:15:31.997000
CVE-2024-1755,0,0,3d3eb53461864a2d0b6846883348dbee673cb6d9a59185cf31292954d770d20b,2024-07-08T14:17:11.257000
CVE-2024-1756,0,0,3e84813a966b3d138c76e22bdd3fcd8ab2964d96bf9c77ed86651d769e5bb5a7,2024-04-24T13:39:42.883000
@ -267409,6 +267409,7 @@ CVE-2024-5385,0,0,5113296fe5b95e2ca5ffa573f35631b642d4f934e6e56cfebf21d51c8e50ce
CVE-2024-5387,0,0,d7455745fd4e2043656d894120ace9fd562ab2b459405f5c80fb87774616ea6e,2024-06-03T19:15:09.500000
CVE-2024-5388,0,0,88068f2d18329bc2e1ad4660154ccfa55826fed94a4e1660b5757c6715c273a8,2024-06-03T19:15:09.557000
CVE-2024-5389,0,0,f6aaaf23dff2a1d7f90a7950cdbb76e8322ef8c0ff1bf8f6173fe4634d169b69,2024-07-09T19:15:13.853000
CVE-2024-53899,1,1,8776b881d1b526af943acee6a5cbe80910701b0a63f07ded2f56c709b69dc1d7,2024-11-24T16:15:06.647000
CVE-2024-5390,0,0,577e03013c579fd5ea5c07b95a092cd4d32be3fa4130d25da9e61ffe468007ab,2024-06-04T19:21:08.020000
CVE-2024-5391,0,0,a7c29f93c1b76aed47351138468a6c5b251b9f9a4ad39cf688118719a36ed1c7,2024-06-07T20:15:12.687000
CVE-2024-5392,0,0,b24872fec717fdd1d01c0a9d16cd8dae85d0db85954b236e74ba95a5e5c8352c,2024-06-04T19:21:08.117000
@ -270803,7 +270804,7 @@ CVE-2024-9470,0,0,13c3a583553fbf2e90723a5a0ed6f2354808c5a1753993b658aba04d0ed9b2
CVE-2024-9471,0,0,2517c360d1e41d9c7ea79e15df7f34465e8f98b985f9011876ffa34a1656df21,2024-10-15T16:55:45.090000
CVE-2024-9472,0,0,6dc75bb8c902376e1f062a26c7a99982f272de37330a03e0fbfe9796bed76fac,2024-11-15T13:58:08.913000
CVE-2024-9473,0,0,2610a860a1ec132e11b499793a273ee08374ba46887944874ff47b7b5fdd4588,2024-10-17T06:15:04.983000
CVE-2024-9474,0,0,3fef1f3c76f5f634d1a88c922559de94af3e45f4090a5ae04eeaeea76b5e73d0,2024-11-19T17:16:40.513000
CVE-2024-9474,0,1,0dc6a815c47b3272133aac475d6df665490f19d640f5fad98ce6cd8890e5d35b,2024-11-24T15:15:08.457000
CVE-2024-9475,0,0,273622ecfea8dd0cb8d3a034084a5946e50b2bee83443e844bae24857067e968,2024-10-28T13:58:09.230000
CVE-2024-9476,0,0,e9d7dbd43229ebc9ea9972271d753666a58d144ea232688064d92b4b52fc9277,2024-11-15T14:00:09.720000
CVE-2024-9477,0,0,cf43e95350fa7037b016e95ffdd76723a0091878a7d1f39dfbb116076ef07df2,2024-11-15T22:54:21.233000

Can't render this file because it is too large.