admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-05-29T12:00:37.771589+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-05-29 12:03:29 +00:00
parent b698470238
commit 27d7778c6e
5 changed files with 161 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
CVE-2023/CVE-2023-528xx/CVE-2023-52881.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2023-52881",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-29T11:16:02.110",
"lastModified": "2024-05-29T11:16:02.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: do not accept ACK of bytes we never sent\n\nThis patch is based on a detailed report and ideas from Yepeng Pan\nand Christian Rossow.\n\nACK seq validation is currently following RFC 5961 5.2 guidelines:\n\n The ACK value is considered acceptable only if\n it is in the range of ((SND.UNA - MAX.SND.WND) <= SEG.ACK <=\n SND.NXT). All incoming segments whose ACK value doesn't satisfy the\n above condition MUST be discarded and an ACK sent back. It needs to\n be noted that RFC 793 on page 72 (fifth check) says: \"If the ACK is a\n duplicate (SEG.ACK < SND.UNA), it can be ignored. If the ACK\n acknowledges something not yet sent (SEG.ACK > SND.NXT) then send an\n ACK, drop the segment, and return\". The \"ignored\" above implies that\n the processing of the incoming data segment continues, which means\n the ACK value is treated as acceptable. This mitigation makes the\n ACK check more stringent since any ACK < SND.UNA wouldn't be\n accepted, instead only ACKs that are in the range ((SND.UNA -\n MAX.SND.WND) <= SEG.ACK <= SND.NXT) get through.\n\nThis can be refined for new (and possibly spoofed) flows,\nby not accepting ACK for bytes that were never sent.\n\nThis greatly improves TCP security at a little cost.\n\nI added a Fixes: tag to make sure this patch will reach stable trees,\neven if the 'blamed' patch was adhering to the RFC.\n\ntp->bytes_acked was added in linux-4.2\n\nFollowing packetdrill test (courtesy of Yepeng Pan) shows\nthe issue at hand:\n\n0 socket(..., SOCK_STREAM, IPPROTO_TCP) = 3\n+0 setsockopt(3, SOL_SOCKET, SO_REUSEADDR, [1], 4) = 0\n+0 bind(3, ..., ...) = 0\n+0 listen(3, 1024) = 0\n\n// ---------------- Handshake ------------------- //\n\n// when window scale is set to 14 the window size can be extended to\n// 65535 * (2^14) = 1073725440. Linux would accept an ACK packet\n// with ack number in (Server_ISN+1-1073725440. Server_ISN+1)\n// ,though this ack number acknowledges some data never\n// sent by the server.\n\n+0 < S 0:0(0) win 65535 <mss 1400,nop,wscale 14>\n+0 > S. 0:0(0) ack 1 <...>\n+0 < . 1:1(0) ack 1 win 65535\n+0 accept(3, ..., ...) = 4\n\n// For the established connection, we send an ACK packet,\n// the ack packet uses ack number 1 - 1073725300 + 2^32,\n// where 2^32 is used to wrap around.\n// Note: we used 1073725300 instead of 1073725440 to avoid possible\n// edge cases.\n// 1 - 1073725300 + 2^32 = 3221241997\n\n// Oops, old kernels happily accept this packet.\n+0 < . 1:1001(1000) ack 3221241997 win 65535\n\n// After the kernel fix the following will be replaced by a challenge ACK,\n// and prior malicious frame would be dropped.\n+0 > . 1:1(0) ack 1001"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/008b807fe487e0b15a3a6c39add4eb477f73e440",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/0d4e0afdd6658cd21dd5be61880411a2553fd1fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2087d53a66e97a5eb5d1bf558d5bef9e5f891757",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3d501dd326fb1c73f1b8206d4c6e1d7b15c07e27",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/458f07ffeccd17f99942311e09ef574ddf4a414a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/69eae75ca5255e876628ac5cee9eaab31f644b57",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ffff0cc929fdfc62a74b384c4903d6496c910f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b17a886ed29f3b70b78ccf632dad03e0c69e3c1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

43
CVE-2024/CVE-2024-273xx/CVE-2024-27313.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-27313",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-05-29T11:16:02.230",
"lastModified": "2024-05-29T11:16:02.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Zoho ManageEngine PAM360 is vulnerable to Stored XSS vulnerability. This vulnerability is applicable only in the version 6610."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://www.manageengine.com/privileged-access-management/advisory/cve-2024-27313.html",
"source": "0fc0942c-577d-436f-ae8e-945763c79b02"
}
]
}

55
CVE-2024/CVE-2024-288xx/CVE-2024-28826.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-28826",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-05-29T10:15:09.010",
"lastModified": "2024-05-29T10:15:09.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@checkmk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://checkmk.com/werk/15200",
"source": "security@checkmk.com"
}
]
}

16
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-05-29T10:00:29.760428+00:00
2024-05-29T12:00:37.771589+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-05-29T09:15:09.103000+00:00
2024-05-29T11:16:02.230000+00:00
```
### Last Data Feed Release
@ -33,24 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
252033
252036
```
### CVEs added in the last Commit
Recently added CVEs: `3`
- [CVE-2024-3412](CVE-2024/CVE-2024-34xx/CVE-2024-3412.json) (`2024-05-29T09:15:09.103`)
- [CVE-2024-36015](CVE-2024/CVE-2024-360xx/CVE-2024-36015.json) (`2024-05-29T08:15:33.880`)
- [CVE-2024-5086](CVE-2024/CVE-2024-50xx/CVE-2024-5086.json) (`2024-05-29T08:15:34.060`)
- [CVE-2023-52881](CVE-2023/CVE-2023-528xx/CVE-2023-52881.json) (`2024-05-29T11:16:02.110`)
- [CVE-2024-27313](CVE-2024/CVE-2024-273xx/CVE-2024-27313.json) (`2024-05-29T11:16:02.230`)
- [CVE-2024-28826](CVE-2024/CVE-2024-288xx/CVE-2024-28826.json) (`2024-05-29T10:15:09.010`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `0`
- [CVE-2024-24856](CVE-2024/CVE-2024-248xx/CVE-2024-24856.json) (`2024-05-29T08:15:33.740`)
- [CVE-2024-4810](CVE-2024/CVE-2024-48xx/CVE-2024-4810.json) (`2024-05-29T08:15:33.960`)
## Download and Usage

13
_state.csv
View File

@ -238434,6 +238434,7 @@ CVE-2023-52878,0,0,8fd06867d4b0d4d358616ea8174a83b0183f646764163b3e2e9ca433e2d9e
CVE-2023-52879,0,0,f4b453572f24e47ccd23af7ac2862d33ce87a7b0f20c77813d33e70536043136,2024-05-21T16:53:56.550000
CVE-2023-5288,0,0,0738994bddf6db9f0b825ffb89279f9130371f293c5b8f6550deac482c5ff789,2023-10-02T19:40:35.707000
CVE-2023-52880,0,0,8735c100e1d87342d27aad8de3aef6b1e0acf756defcc130746060b72dfabe89,2024-05-24T18:09:20.027000
CVE-2023-52881,1,1,a9a8509c254c20f7627c9a45e938704de1a151004d2db0c236a23b2120ec2999,2024-05-29T11:16:02.110000
CVE-2023-5289,0,0,e99a2312fffac7e548d9067401ea1735cab5340b5825bd2426e3171dd9b0909d,2023-10-02T18:13:04.227000
CVE-2023-5290,0,0,755547461c1ffe140ccfa395ab853f280b1d991be6ac36b66243260a063192cc,2023-11-07T04:23:48.727000
CVE-2023-5291,0,0,883b747bfd1d6788133af6b41df2a1418b2cdede81e8f6778f889cd9ac7f0a65,2023-11-07T04:23:48.757000
@ -244552,7 +244553,7 @@ CVE-2024-2485,0,0,53bdabc7d27333b3979a26e76631f61bb2a78db011bf366104f4cb0ce5f9b7
CVE-2024-24850,0,0,652490ba0ed83980506bcf4c7e3a9ad65010ac8cd59cdee6424f69f7b08c43da,2024-04-11T12:47:44.137000
CVE-2024-24851,0,0,89b0ce0e1b89498319283526ccf647e886e1b93dad7360d46d143c4ded486c13,2024-05-28T17:11:55.903000
CVE-2024-24855,0,0,53926eea6176e5ec7dac755182b92f74698401115acbca0c88724948db080e51,2024-02-10T04:06:40.840000
CVE-2024-24856,0,1,897c9d51329abb27267fec6558272306b15cef7c8a7ba7af0923ea3fa5117d63,2024-05-29T08:15:33.740000
CVE-2024-24856,0,0,897c9d51329abb27267fec6558272306b15cef7c8a7ba7af0923ea3fa5117d63,2024-05-29T08:15:33.740000
CVE-2024-24857,0,0,bd0a671ef627655a534b97d40879c56dc0a8ee5f900294aaa10a2d6428455f4e,2024-02-10T04:06:50.263000
CVE-2024-24858,0,0,249d6bf347d8c64c978bec670161d1545cd8d4294041793438e8d2c55804ba1b,2024-02-10T04:06:20.077000
CVE-2024-24859,0,0,e679ba08f49ce2259e6fae9f7247bb624101b65d866a2698d5f41c0ab1e599e7,2024-02-10T04:06:05.623000
@ -246311,6 +246312,7 @@ CVE-2024-27309,0,0,4ff276f1fa3a42e9cba86006da159d603e23baa66b2db98c085aa5a6c3ada
CVE-2024-2731,0,0,7242593ba3e5c5b48a25383d38b7647a4613c0186c7dc999e27ef7b770a540e3,2024-04-10T19:49:51.183000
CVE-2024-27310,0,0,79d1d0c49ef808c7c2c7acd66e6a81dc21e768a3629985168cfa9b8adc74b0f6,2024-05-28T12:39:28.377000
CVE-2024-27312,0,0,03b9c1d615c7eea419258607ab4327a45a73e24a5e571b82ecc5b8d0b7dc264a,2024-05-20T15:17:54.513000
CVE-2024-27313,1,1,6a890879ae28cbf4a445fa4d22dac695133e7550ddaa6534db351ab7398509e8,2024-05-29T11:16:02.230000
CVE-2024-27314,0,0,3232e01935b0c20d15f6c848e09b9a2eb6945c0f8c0429e6c4a1887e0664e3db,2024-05-28T12:39:28.377000
CVE-2024-27315,0,0,1b06bd54abb4ee7969c3aca53e6bed402762ed42c4492d0ee8674e3fa0b42312,2024-02-28T15:15:09.670000
CVE-2024-27316,0,0,42d27b12e519cd2645cf692e286d8fde89efcbae83d79644c67975e4ec7fea81,2024-05-01T18:15:16.023000
@ -247108,6 +247110,7 @@ CVE-2024-28816,0,0,4b9f923b99f4095b32672af0003c81bae1f3b3136774827600fae7accfedc
CVE-2024-28823,0,0,d5aa89b5cdac6c3847ac374cba2a65b191e57c43dc618aabb1da571ab5b5e9dc,2024-03-11T12:47:42.653000
CVE-2024-28824,0,0,5a9476ae0fdb0520e3a986c832f5f9e27a50da5cb3aa11e06910544296f0e530,2024-03-22T12:45:36.130000
CVE-2024-28825,0,0,9e6f2228e06896e59bb560ffc81c60a9a09c25eeaded2122eaaaf9d670949d13,2024-04-24T13:39:42.883000
CVE-2024-28826,1,1,da2f792045730f9ccd888980e1a4a9e6dd3f12f3c3f9135b62b0afd5f6b91c73,2024-05-29T10:15:09.010000
CVE-2024-2883,0,0,e66be81816608580e2e81ffcb02cca4ae9a2aa5cbea60907cc2e1d80cffbaf4a,2024-03-29T04:15:08.743000
CVE-2024-28834,0,0,f1164ae55a22a20606ed637fe19ba62574feb7486eb620ef30a13c9c57d3819e,2024-05-16T23:15:47.753000
CVE-2024-28835,0,0,7ffb3867ffb469cae5c61eed57191c292b3344e17f215833454f077170fed24a,2024-05-16T23:15:47.883000
@ -250096,7 +250099,7 @@ CVE-2024-34099,0,0,a5986ac74e6b192dfee0f6656002b6da38300bc4846a845af7e18d0e591fa
CVE-2024-34100,0,0,d3c0a25a5afbb7abe23e48a0ccffbfabed32f430bdde6425683076da7ff2f5a6,2024-05-15T16:40:19.330000
CVE-2024-34101,0,0,d4650521d311c5f5db989961cb59afe8f4d3fccf28beebc265bb44f9beb6fac8,2024-05-15T16:40:19.330000
CVE-2024-3411,0,0,1527ccef7805d20e12db1e61173246b27470986be341d9b24d7b20f806f94433,2024-04-30T19:35:36.960000
CVE-2024-3412,1,1,808c3608237160ea0ad09dfb9cc4bede529eac08fd30764882ec95ecfc6f5c36,2024-05-29T09:15:09.103000
CVE-2024-3412,0,0,808c3608237160ea0ad09dfb9cc4bede529eac08fd30764882ec95ecfc6f5c36,2024-05-29T09:15:09.103000
CVE-2024-3413,0,0,8bf7e231eaef8a1fb270998ee982f12463c5a7d17ff17eb8735dbc8fc584bd57,2024-05-17T02:39:54.073000
CVE-2024-3414,0,0,69231815197d8c759df4a79a39950c8d4f6258471ea32f1c29be1a7038b6ec47,2024-05-17T02:39:54.160000
CVE-2024-34144,0,0,161e418bd2efea8731bcf0c84ef4939748aabfddbc9f310a20f204f2b5cb4158,2024-05-02T18:00:37.360000
@ -250913,7 +250916,7 @@ CVE-2024-36011,0,0,abd5638cc1cfdef36e14f7c96bf2fc845d42601d602cfe73690b22754ed47
CVE-2024-36012,0,0,99a87dfc7b0fc5371c51d11442e2aebe0c642c881f6f8e57147716a4b47febdf,2024-05-24T01:15:30.977000
CVE-2024-36013,0,0,1251c8e9d1d9ec0619ca01193822062d3235b343811763ddc34f761263e594d9,2024-05-25T15:15:09.070000
CVE-2024-36014,0,0,3db48460f39cbfe864f0cd3d4eec25a191e3786109e567e9a2f29b0bd37dcb87,2024-05-29T07:15:10.177000
CVE-2024-36015,1,1,4952b5d2980b7546732c91617b2923f556e4e452adb6aaf39757cf3c2e89ba5f,2024-05-29T08:15:33.880000
CVE-2024-36015,0,0,4952b5d2980b7546732c91617b2923f556e4e452adb6aaf39757cf3c2e89ba5f,2024-05-29T08:15:33.880000
CVE-2024-36036,0,0,399529c38d111e737eeb859298f0b12af936846a2a63555a4e1fd24103a1ae63,2024-05-28T12:39:28.377000
CVE-2024-36037,0,0,0f6f02ecbfa932c634fa472570a56c7201914f9b8fefa1f5fa9e003f7709a6de,2024-05-28T12:39:28.377000
CVE-2024-36039,0,0,a8363180f0299206d54e6558901cb5cddfc68c9874309661faf6b2f8a76377e4,2024-05-21T16:53:56.550000
@ -251737,7 +251740,7 @@ CVE-2024-4806,0,0,4e56c9b468f84644ee0c3a9a9256fa476661f20e49725816cd22e89dc4f764
CVE-2024-4807,0,0,74f269c7d4930b1f3eee7b1fb82118d4f176724bf215c5880f6d1ab89e9e8d80,2024-05-17T02:40:38.770000
CVE-2024-4808,0,0,31aace84eb5cf8ae7b33b4f67a8927defaac7e795c19b6dbc527982928e508d3,2024-05-17T02:40:38.870000
CVE-2024-4809,0,0,7d320268a192d6a7e649c019bd6d23f956e23a8f483ed33433feed7e66ef6c5b,2024-05-17T02:40:38.980000
CVE-2024-4810,0,1,c71ec4cc1ddb906248abb5b717b1e9cae79dac31d38b7ef77deffef387924854,2024-05-29T08:15:33.960000
CVE-2024-4810,0,0,c71ec4cc1ddb906248abb5b717b1e9cae79dac31d38b7ef77deffef387924854,2024-05-29T08:15:33.960000
CVE-2024-4813,0,0,84e805e8542cdd6b2e1d55ac1682e91ebda69e1619200c06c67c6116bd5311de,2024-05-17T02:40:39.120000
CVE-2024-4814,0,0,330d0ef424c4ec1d706471f27d8befcd6dd2c156d29d4da8bd7fc8e35812f0c3,2024-05-17T02:40:39.217000
CVE-2024-4815,0,0,9ecee40ac47d938a93e4403bd52dbf0a6aee8b0bb4e3465c2a0b732376379b40,2024-05-17T02:40:39.313000
@ -251864,7 +251867,7 @@ CVE-2024-5069,0,0,ba08e8e8bcbfda52deadb370fc7ea1815ec75d330a1a6cac8b3535eedbca52
CVE-2024-5072,0,0,eed82a97a0ee00f59db20864a50c358c267684d10361dc2c7c81171fccc96a9c,2024-05-17T18:35:35.070000
CVE-2024-5084,0,0,92d8976ac3f9e8cdb8733c073caf2586c8f5a42e4f2b053a805034733b1a3630,2024-05-24T01:15:30.977000
CVE-2024-5085,0,0,e4f2e80bdbf4fc55d46c60837ef7c898ce9ad88d4ef317ea9d17542cafaf4d9d,2024-05-24T01:15:30.977000
CVE-2024-5086,1,1,fa76696464e3153e3a730d5a0f8ed154d35a1cd780c99bcc10b42598f97b6968,2024-05-29T08:15:34.060000
CVE-2024-5086,0,0,fa76696464e3153e3a730d5a0f8ed154d35a1cd780c99bcc10b42598f97b6968,2024-05-29T08:15:34.060000
CVE-2024-5088,0,0,670ed03c49211ecb2fb7d707640c3762718821887df98f6c48b414573abc37eb,2024-05-20T13:00:34.807000
CVE-2024-5092,0,0,42d960073f235db3a1d896466f3bea026be5b117dc5effbb8a82da60874fb373,2024-05-22T12:46:53.887000
CVE-2024-5093,0,0,43583e5d5599318ca8361e11df2b1426cf64062056b890908733810061229db5,2024-05-20T13:00:34.807000

Can't render this file because it is too large.