admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-04T22:00:37.697721+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-04 22:03:31 +00:00
parent 1164777e61
commit 21f14726b7
20 changed files with 1292 additions and 513 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2017/CVE-2017-111xx/CVE-2017-11191.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2017-11191",
"sourceIdentifier": "cve@mitre.org",
"published": "2017-09-28T01:29:01.123",
"lastModified": "2024-05-17T01:13:20.180",
"lastModified": "2024-06-04T20:15:09.637",
"vulnStatus": "Modified",
"descriptions": [
{

55
CVE-2024/CVE-2024-233xx/CVE-2024-23326.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23326",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T21:15:33.440",
"lastModified": "2024-06-04T21:15:33.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. A theoretical request smuggling vulnerability exists through Envoy if a server can be tricked into adding an upgrade header into a response. Per RFC https://www.rfc-editor.org/rfc/rfc7230#section-6.7 a server sends 101 when switching protocols. Envoy incorrectly accepts a 200 response from a server when requesting a protocol upgrade, but 200 does not indicate protocol switch. This opens up the possibility of request smuggling through Envoy if the server can be tricked into adding the upgrade header to the response.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-391"
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-vcf8-7238-v74c",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-281xx/CVE-2024-28103.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-28103",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T20:15:10.237",
"lastModified": "2024-06-04T20:15:10.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Action Pack is a framework for handling and responding to web requests. Since 6.1.0, the application configurable Permissions-Policy is only served on responses with an HTML related Content-Type. This vulnerability is fixed in 6.1.7.8, 7.0.8.2, and 7.1.3.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/rails/rails/commit/35858f1d9d57f6c4050a8d9ab754bd5d088b4523",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rails/rails/security/advisories/GHSA-fwhr-88qx-h9g7",
"source": "security-advisories@github.com"
}
]
}

2
CVE-2024/CVE-2024-299xx/CVE-2024-29972.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29972",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-06-04T02:15:47.960",
"lastModified": "2024-06-04T16:57:41.053",
"lastModified": "2024-06-04T20:15:10.463",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-299xx/CVE-2024-29973.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29973",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-06-04T02:15:48.290",
"lastModified": "2024-06-04T16:57:41.053",
"lastModified": "2024-06-04T20:15:10.567",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-299xx/CVE-2024-29976.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29976",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-06-04T02:15:49.050",
"lastModified": "2024-06-04T16:57:41.053",
"lastModified": "2024-06-04T20:15:10.677",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

55
CVE-2024/CVE-2024-305xx/CVE-2024-30525.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30525",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T20:15:10.780",
"lastModified": "2024-06-04T20:15:10.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in moveaddons Move Addons for Elementor.This issue affects Move Addons for Elementor: from n/a through 1.2.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/move-addons/wordpress-move-addons-for-elementor-plugin-1-2-9-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-305xx/CVE-2024-30528.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30528",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T20:15:11.010",
"lastModified": "2024-06-04T20:15:11.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Spiffy Plugins Spiffy Calendar.This issue affects Spiffy Calendar: from n/a through 4.9.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/spiffy-calendar/wordpress-spiffy-calendar-plugin-4-9-10-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

63
CVE-2024/CVE-2024-324xx/CVE-2024-32464.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-32464",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T20:15:11.247",
"lastModified": "2024-06-04T20:15:11.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Action Text brings rich text content and editing to Rails. Instances of ActionText::Attachable::ContentAttachment included within a rich_text_area tag could potentially contain unsanitized HTML. This vulnerability is fixed in 7.1.3.4 and 7.2.0.beta2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://github.com/rails/rails/commit/e215bf3360e6dfe1497c1503a495e384ed6b0995",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rails/rails/security/advisories/GHSA-prjp-h48f-jgf6",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-329xx/CVE-2024-32974.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-32974",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T21:15:33.773",
"lastModified": "2024-06-04T21:15:33.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free. \n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-mgxp-7hhp-8299",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-329xx/CVE-2024-32975.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-32975",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T21:15:33.987",
"lastModified": "2024-06-04T21:15:33.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. There is a crash at `QuicheDataReader::PeekVarInt62Length()`. It is caused by integer underflow in the `QuicStreamSequencerBuffer::PeekRegion()` implementation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g9mq-6v96-cpqc",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-329xx/CVE-2024-32976.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-32976",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T21:15:34.220",
"lastModified": "2024-06-04T21:15:34.220",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an endless loop during decompression of Brotli data with extra input."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-7wp5-c2vq-4f8m",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-343xx/CVE-2024-34362.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-34362",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T21:15:34.530",
"lastModified": "2024-06-04T21:15:34.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-hww5-43gv-35jv",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-343xx/CVE-2024-34363.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-34363",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T21:15:34.743",
"lastModified": "2024-06-04T21:15:34.743",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Due to how Envoy invoked the nlohmann JSON library, the library could throw an uncaught exception from downstream data if incomplete UTF-8 strings were serialized. The uncaught exception would cause Envoy to crash."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-248"
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-g979-ph9j-5gg4",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-343xx/CVE-2024-34364.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-34364",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-04T21:15:34.977",
"lastModified": "2024-06-04T21:15:34.977",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Envoy is a cloud-native, open source edge and service proxy. Envoy exposed an out-of-memory (OOM) vector from the mirror response, since async HTTP client will buffer the response with an unbounded buffer."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/envoyproxy/envoy/security/advisories/GHSA-xcj3-h7vf-fw26",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-42xx/CVE-2024-4219.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4219",
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
"published": "2024-06-04T21:15:35.277",
"lastModified": "2024-06-04T21:15:35.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Prior to 23.2, it is possible to perform arbitrary Server-Side requests via HTTP-based connectors within BeyondInsight, resulting in a server-side request forgery vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/BT24-05",
"source": "13061848-ea10-403d-bd75-c83a022c2891"
}
]
}

55
CVE-2024/CVE-2024-42xx/CVE-2024-4220.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4220",
"sourceIdentifier": "13061848-ea10-403d-bd75-c83a022c2891",
"published": "2024-06-04T21:15:35.530",
"lastModified": "2024-06-04T21:15:35.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate usernames."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "13061848-ea10-403d-bd75-c83a022c2891",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://www.beyondtrust.com/trust-center/security-advisories/BT24-06",
"source": "13061848-ea10-403d-bd75-c83a022c2891"
}
]
}

55
CVE-2024/CVE-2024-45xx/CVE-2024-4520.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4520",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-04T20:15:11.690",
"lastModified": "2024-06-04T20:15:11.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper access control vulnerability exists in the gaizhenbiao/chuanhuchatgpt application, specifically in version 20240410. This vulnerability allows any user on the server to access the chat history of any other user without requiring any form of interaction between the users. Exploitation of this vulnerability could lead to data breaches, including the exposure of sensitive personal details, financial data, or confidential conversations. Additionally, it could facilitate identity theft and manipulation or fraud through the unauthorized access to users' chat histories. This issue is due to insufficient access control mechanisms in the application's handling of chat history data."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/0dd2da9f-998d-45aa-a646-97391f524000",
"source": "security@huntr.dev"
}
]
}

63
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-06-04T20:00:42.035420+00:00
2024-06-04T22:00:37.697721+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-06-04T19:21:10.267000+00:00
2024-06-04T21:15:35.530000+00:00
```
### Last Data Feed Release
@ -33,54 +33,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
252647
252661
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `14`
- [CVE-2024-25095](CVE-2024/CVE-2024-250xx/CVE-2024-25095.json) (`2024-06-04T19:18:45.170`)
- [CVE-2024-29152](CVE-2024/CVE-2024-291xx/CVE-2024-29152.json) (`2024-06-04T19:19:07.620`)
- [CVE-2024-30484](CVE-2024/CVE-2024-304xx/CVE-2024-30484.json) (`2024-06-04T19:19:24.800`)
- [CVE-2024-34759](CVE-2024/CVE-2024-347xx/CVE-2024-34759.json) (`2024-06-04T19:20:03.167`)
- [CVE-2024-35670](CVE-2024/CVE-2024-356xx/CVE-2024-35670.json) (`2024-06-04T19:20:08.777`)
- [CVE-2024-35672](CVE-2024/CVE-2024-356xx/CVE-2024-35672.json) (`2024-06-04T19:20:08.967`)
- [CVE-2024-36604](CVE-2024/CVE-2024-366xx/CVE-2024-36604.json) (`2024-06-04T19:20:13.927`)
- [CVE-2024-36857](CVE-2024/CVE-2024-368xx/CVE-2024-36857.json) (`2024-06-04T19:20:14.060`)
- [CVE-2024-36858](CVE-2024/CVE-2024-368xx/CVE-2024-36858.json) (`2024-06-04T19:20:14.150`)
- [CVE-2024-37273](CVE-2024/CVE-2024-372xx/CVE-2024-37273.json) (`2024-06-04T19:20:15.363`)
- [CVE-2024-23326](CVE-2024/CVE-2024-233xx/CVE-2024-23326.json) (`2024-06-04T21:15:33.440`)
- [CVE-2024-28103](CVE-2024/CVE-2024-281xx/CVE-2024-28103.json) (`2024-06-04T20:15:10.237`)
- [CVE-2024-30525](CVE-2024/CVE-2024-305xx/CVE-2024-30525.json) (`2024-06-04T20:15:10.780`)
- [CVE-2024-30528](CVE-2024/CVE-2024-305xx/CVE-2024-30528.json) (`2024-06-04T20:15:11.010`)
- [CVE-2024-32464](CVE-2024/CVE-2024-324xx/CVE-2024-32464.json) (`2024-06-04T20:15:11.247`)
- [CVE-2024-32974](CVE-2024/CVE-2024-329xx/CVE-2024-32974.json) (`2024-06-04T21:15:33.773`)
- [CVE-2024-32975](CVE-2024/CVE-2024-329xx/CVE-2024-32975.json) (`2024-06-04T21:15:33.987`)
- [CVE-2024-32976](CVE-2024/CVE-2024-329xx/CVE-2024-32976.json) (`2024-06-04T21:15:34.220`)
- [CVE-2024-34362](CVE-2024/CVE-2024-343xx/CVE-2024-34362.json) (`2024-06-04T21:15:34.530`)
- [CVE-2024-34363](CVE-2024/CVE-2024-343xx/CVE-2024-34363.json) (`2024-06-04T21:15:34.743`)
- [CVE-2024-34364](CVE-2024/CVE-2024-343xx/CVE-2024-34364.json) (`2024-06-04T21:15:34.977`)
- [CVE-2024-4219](CVE-2024/CVE-2024-42xx/CVE-2024-4219.json) (`2024-06-04T21:15:35.277`)
- [CVE-2024-4220](CVE-2024/CVE-2024-42xx/CVE-2024-4220.json) (`2024-06-04T21:15:35.530`)
- [CVE-2024-4520](CVE-2024/CVE-2024-45xx/CVE-2024-4520.json) (`2024-06-04T20:15:11.690`)
### CVEs modified in the last Commit
Recently modified CVEs: `455`
Recently modified CVEs: `4`
- [CVE-2024-5366](CVE-2024/CVE-2024-53xx/CVE-2024-5366.json) (`2024-06-04T19:21:06.690`)
- [CVE-2024-5367](CVE-2024/CVE-2024-53xx/CVE-2024-5367.json) (`2024-06-04T19:21:06.783`)
- [CVE-2024-5368](CVE-2024/CVE-2024-53xx/CVE-2024-5368.json) (`2024-06-04T19:21:06.887`)
- [CVE-2024-5370](CVE-2024/CVE-2024-53xx/CVE-2024-5370.json) (`2024-06-04T19:21:06.980`)
- [CVE-2024-5371](CVE-2024/CVE-2024-53xx/CVE-2024-5371.json) (`2024-06-04T19:21:07.077`)
- [CVE-2024-5373](CVE-2024/CVE-2024-53xx/CVE-2024-5373.json) (`2024-06-04T19:21:07.183`)
- [CVE-2024-5375](CVE-2024/CVE-2024-53xx/CVE-2024-5375.json) (`2024-06-04T19:21:07.297`)
- [CVE-2024-5376](CVE-2024/CVE-2024-53xx/CVE-2024-5376.json) (`2024-06-04T19:21:07.390`)
- [CVE-2024-5377](CVE-2024/CVE-2024-53xx/CVE-2024-5377.json) (`2024-06-04T19:21:07.497`)
- [CVE-2024-5379](CVE-2024/CVE-2024-53xx/CVE-2024-5379.json) (`2024-06-04T19:21:07.600`)
- [CVE-2024-5380](CVE-2024/CVE-2024-53xx/CVE-2024-5380.json) (`2024-06-04T19:21:07.720`)
- [CVE-2024-5381](CVE-2024/CVE-2024-53xx/CVE-2024-5381.json) (`2024-06-04T19:21:07.820`)
- [CVE-2024-5384](CVE-2024/CVE-2024-53xx/CVE-2024-5384.json) (`2024-06-04T19:21:07.913`)
- [CVE-2024-5390](CVE-2024/CVE-2024-53xx/CVE-2024-5390.json) (`2024-06-04T19:21:08.020`)
- [CVE-2024-5392](CVE-2024/CVE-2024-53xx/CVE-2024-5392.json) (`2024-06-04T19:21:08.117`)
- [CVE-2024-5393](CVE-2024/CVE-2024-53xx/CVE-2024-5393.json) (`2024-06-04T19:21:08.420`)
- [CVE-2024-5394](CVE-2024/CVE-2024-53xx/CVE-2024-5394.json) (`2024-06-04T19:21:08.527`)
- [CVE-2024-5396](CVE-2024/CVE-2024-53xx/CVE-2024-5396.json) (`2024-06-04T19:21:08.627`)
- [CVE-2024-5397](CVE-2024/CVE-2024-53xx/CVE-2024-5397.json) (`2024-06-04T19:21:08.733`)
- [CVE-2024-5437](CVE-2024/CVE-2024-54xx/CVE-2024-5437.json) (`2024-06-04T19:21:09.363`)
- [CVE-2024-5515](CVE-2024/CVE-2024-55xx/CVE-2024-5515.json) (`2024-06-04T19:21:09.717`)
- [CVE-2024-5516](CVE-2024/CVE-2024-55xx/CVE-2024-5516.json) (`2024-06-04T19:21:09.817`)
- [CVE-2024-5518](CVE-2024/CVE-2024-55xx/CVE-2024-5518.json) (`2024-06-04T19:21:09.940`)
- [CVE-2024-5519](CVE-2024/CVE-2024-55xx/CVE-2024-5519.json) (`2024-06-04T19:21:10.043`)
- [CVE-2024-5588](CVE-2024/CVE-2024-55xx/CVE-2024-5588.json) (`2024-06-04T19:21:10.267`)
- [CVE-2017-11191](CVE-2017/CVE-2017-111xx/CVE-2017-11191.json) (`2024-06-04T20:15:09.637`)
- [CVE-2024-29972](CVE-2024/CVE-2024-299xx/CVE-2024-29972.json) (`2024-06-04T20:15:10.463`)
- [CVE-2024-29973](CVE-2024/CVE-2024-299xx/CVE-2024-29973.json) (`2024-06-04T20:15:10.567`)
- [CVE-2024-29976](CVE-2024/CVE-2024-299xx/CVE-2024-29976.json) (`2024-06-04T20:15:10.677`)
## Download and Usage

952
_state.csv
View File

File diff suppressed because it is too large Load Diff