mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-08-24T18:00:16.998584+00:00
This commit is contained in:
parent
e7ef3a4ccf
commit
21cb360b98
152
CVE-2024/CVE-2024-81xx/CVE-2024-8129.json
Normal file
152
CVE-2024/CVE-2024-81xx/CVE-2024-8129.json
Normal file
@ -0,0 +1,152 @@
|
||||
{
|
||||
"id": "CVE-2024-8129",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-08-24T16:15:04.057",
|
||||
"lastModified": "2024-08-24T16:15:04.057",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [
|
||||
{
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"unsupported-when-assigned"
|
||||
]
|
||||
}
|
||||
],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability, which was classified as critical, was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. Affected is the function cgi_s3_modify of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_job_name leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"vulnerableSystemConfidentiality": "LOW",
|
||||
"vulnerableSystemIntegrity": "LOW",
|
||||
"vulnerableSystemAvailability": "LOW",
|
||||
"subsequentSystemConfidentiality": "NONE",
|
||||
"subsequentSystemIntegrity": "NONE",
|
||||
"subsequentSystemAvailability": "NONE",
|
||||
"exploitMaturity": "NOT_DEFINED",
|
||||
"confidentialityRequirements": "NOT_DEFINED",
|
||||
"integrityRequirements": "NOT_DEFINED",
|
||||
"availabilityRequirements": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
|
||||
"safety": "NOT_DEFINED",
|
||||
"automatable": "NOT_DEFINED",
|
||||
"recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "SINGLE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 6.5
|
||||
},
|
||||
"baseSeverity": "MEDIUM",
|
||||
"exploitabilityScore": 8.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_s3_modify.md",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.275700",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.275700",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.396290",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.dlink.com/",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
152
CVE-2024/CVE-2024-81xx/CVE-2024-8130.json
Normal file
152
CVE-2024/CVE-2024-81xx/CVE-2024-8130.json
Normal file
@ -0,0 +1,152 @@
|
||||
{
|
||||
"id": "CVE-2024-8130",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-08-24T17:15:03.290",
|
||||
"lastModified": "2024-08-24T17:15:03.290",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [
|
||||
{
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"tags": [
|
||||
"unsupported-when-assigned"
|
||||
]
|
||||
}
|
||||
],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this vulnerability is the function cgi_s3 of the file /cgi-bin/s3.cgi of the component HTTP POST Request Handler. The manipulation of the argument f_a_key leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV40": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "4.0",
|
||||
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"attackRequirements": "NONE",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"vulnerableSystemConfidentiality": "LOW",
|
||||
"vulnerableSystemIntegrity": "LOW",
|
||||
"vulnerableSystemAvailability": "LOW",
|
||||
"subsequentSystemConfidentiality": "NONE",
|
||||
"subsequentSystemIntegrity": "NONE",
|
||||
"subsequentSystemAvailability": "NONE",
|
||||
"exploitMaturity": "NOT_DEFINED",
|
||||
"confidentialityRequirements": "NOT_DEFINED",
|
||||
"integrityRequirements": "NOT_DEFINED",
|
||||
"availabilityRequirements": "NOT_DEFINED",
|
||||
"modifiedAttackVector": "NOT_DEFINED",
|
||||
"modifiedAttackComplexity": "NOT_DEFINED",
|
||||
"modifiedAttackRequirements": "NOT_DEFINED",
|
||||
"modifiedPrivilegesRequired": "NOT_DEFINED",
|
||||
"modifiedUserInteraction": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
|
||||
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
|
||||
"safety": "NOT_DEFINED",
|
||||
"automatable": "NOT_DEFINED",
|
||||
"recovery": "NOT_DEFINED",
|
||||
"valueDensity": "NOT_DEFINED",
|
||||
"vulnerabilityResponseEffort": "NOT_DEFINED",
|
||||
"providerUrgency": "NOT_DEFINED",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
}
|
||||
}
|
||||
],
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "SINGLE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 6.5
|
||||
},
|
||||
"baseSeverity": "MEDIUM",
|
||||
"exploitabilityScore": 8.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-77"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_s3.md",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.275701",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.275701",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.396291",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.dlink.com/",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
13
README.md
13
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-08-24T14:00:17.337053+00:00
|
||||
2024-08-24T18:00:16.998584+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-08-24T12:15:04.557000+00:00
|
||||
2024-08-24T17:15:03.290000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
261083
|
||||
261085
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `3`
|
||||
Recently added CVEs: `2`
|
||||
|
||||
- [CVE-2022-43915](CVE-2022/CVE-2022-439xx/CVE-2022-43915.json) (`2024-08-24T12:15:04.080`)
|
||||
- [CVE-2024-7656](CVE-2024/CVE-2024-76xx/CVE-2024-7656.json) (`2024-08-24T12:15:04.330`)
|
||||
- [CVE-2024-8128](CVE-2024/CVE-2024-81xx/CVE-2024-8128.json) (`2024-08-24T12:15:04.557`)
|
||||
- [CVE-2024-8129](CVE-2024/CVE-2024-81xx/CVE-2024-8129.json) (`2024-08-24T16:15:04.057`)
|
||||
- [CVE-2024-8130](CVE-2024/CVE-2024-81xx/CVE-2024-8130.json) (`2024-08-24T17:15:03.290`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
@ -209015,7 +209015,7 @@ CVE-2022-43909,0,0,fb5ee18fcc4a7c8f963a93a6115537cf0182728f4dba8a3bd049fa37f66ac
|
||||
CVE-2022-4391,0,0,55ba1ee53ba287fa9a331eec36653bf0e64371d30780a415458f598732c5d396,2023-11-07T03:57:43.970000
|
||||
CVE-2022-43910,0,0,7268ce6dc82f1278149e45c0b95732486f595712c6fa46116abdc68639690719,2023-07-27T23:43:13.553000
|
||||
CVE-2022-43914,0,0,6c5d00c75cae4288b9b3f94ea7847750a80fcdaddd67481674372df2bd89e663,2023-11-07T03:54:07.493000
|
||||
CVE-2022-43915,1,1,2d1c28ce172236b063d6a1fb5ffdb0f74219a8ce71539ccfcc96f8c151ed9ed5,2024-08-24T12:15:04.080000
|
||||
CVE-2022-43915,0,0,2d1c28ce172236b063d6a1fb5ffdb0f74219a8ce71539ccfcc96f8c151ed9ed5,2024-08-24T12:15:04.080000
|
||||
CVE-2022-43917,0,0,38b0633885bd70099b602418a9f6cf51c4440b53dd83d61edf447fd9b1fdb596,2023-11-07T03:54:07.590000
|
||||
CVE-2022-43919,0,0,3aa92fee108b80de2c2a30af75bd50fa8417c3cffedb4ff0feec49c8f960e3aa,2023-05-11T14:37:10.943000
|
||||
CVE-2022-4392,0,0,8486468fc2864376f0d7d2d2c7f6ecbf29ceed955d0af959f0ef5ea5913b1984,2023-11-07T03:57:44.170000
|
||||
@ -260875,7 +260875,7 @@ CVE-2024-7647,0,0,c2417bbd838d2a2a494407e7a47e50a82d7e6b69bb49e726beca72fa9570b1
|
||||
CVE-2024-7648,0,0,2049ae7cbf0cab301bb3d8a4c000a0971cbb2a1bb7b1a04dd9face1c419d935f,2024-08-12T13:41:36.517000
|
||||
CVE-2024-7649,0,0,3d0b3905ac20943345a47479273aed49759614ef3fae3b2688335294d499ed3d,2024-08-12T13:41:36.517000
|
||||
CVE-2024-7651,0,0,5a46da6be71e23b2a70e27947f885b8fb16b12b8154bc4dda4808e71839c3b2b,2024-08-21T12:30:33.697000
|
||||
CVE-2024-7656,1,1,36ca719cfd1b469ef1a4c7dec2c47c2577ad2dab738b22cacff0ed1612a27bdf,2024-08-24T12:15:04.330000
|
||||
CVE-2024-7656,0,0,36ca719cfd1b469ef1a4c7dec2c47c2577ad2dab738b22cacff0ed1612a27bdf,2024-08-24T12:15:04.330000
|
||||
CVE-2024-7657,0,0,b71ee6cae903ac873f30f4d097ac987c873f0095983bc9620eda1ffab659d5b8,2024-08-15T17:48:20.920000
|
||||
CVE-2024-7658,0,0,832a65f53a452b2fa1561cdaae82b94e5ac7d59bc491a09b3cdc773f704d8588,2024-08-13T17:00:19.800000
|
||||
CVE-2024-7659,0,0,3cb22096bf2f6ca2aa4f8495c729121ab87c6bf294191fb47bc11d37c76e5c86,2024-08-15T17:49:42.667000
|
||||
@ -261081,4 +261081,6 @@ CVE-2024-8112,0,0,53bc9e4fb84bb028363b46c3cb18428063770b5e5c085f93ec85e24d18222c
|
||||
CVE-2024-8113,0,0,663828d204cb9ecb17f530ae295b4541dee23e7a4b7b9d658530d5cb44ff87e3,2024-08-23T16:18:28.547000
|
||||
CVE-2024-8120,0,0,b588d9e16e67a2e06fbd40a6289508e4549b2d995767d4ddf7a7de8f5dc1fd92,2024-08-24T03:15:04.543000
|
||||
CVE-2024-8127,0,0,d1141915719639d4a45272a624f00fc8374c50578320b4ac97a3acb867c6e2c9,2024-08-24T10:15:04.370000
|
||||
CVE-2024-8128,1,1,13eae5ac3df77f7df87f497775100615293e856e3153dd861775b97d8be6ad97,2024-08-24T12:15:04.557000
|
||||
CVE-2024-8128,0,0,13eae5ac3df77f7df87f497775100615293e856e3153dd861775b97d8be6ad97,2024-08-24T12:15:04.557000
|
||||
CVE-2024-8129,1,1,a525d83bff2d07888612cdee3b31302c25c7465e185e8d7adf0935fbb9fcceaa,2024-08-24T16:15:04.057000
|
||||
CVE-2024-8130,1,1,9b7e1f9329e9e382cf628f98432202d425007974b54e0718aec7ddedc99bcb51,2024-08-24T17:15:03.290000
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user