admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-01T19:00:25.508423+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-01 19:00:29 +00:00
parent d1334caf63
commit 2a4846623a
5 changed files with 159 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2023/CVE-2023-500xx/CVE-2023-50094.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-50094",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-01T18:15:09.130",
"lastModified": "2024-01-01T18:15:09.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "reNgine through 2.0.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/waf_detector/?url= string. The commands are executed as root via subprocess.check_output."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yogeshojha/rengine/blob/5e120bd5f9dfbd1da82a193e8c9702e483d38d22/web/api/views.py#L195",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/yogeshojha/rengine/releases",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/yogeshojha/rengine/security",
"source": "cve@mitre.org"
},
{
"url": "https://www.mattz.io/posts/cve-2023-50094/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-500xx/CVE-2023-50096.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-50096",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-01T18:15:09.197",
"lastModified": "2024-01-01T18:15:09.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "STMicroelectronics STSAFE-A1xx middleware before 3.3.7 allows MCU code execution if an adversary has the ability to read from and write to the I2C bus. This is caused by an StSafeA_ReceiveBytes buffer overflow in the X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications (1.2.0), and thus can affect user-written code that was derived from a published sample application."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/elttam/publications/blob/master/writeups/CVE-2023-50096.md",
"source": "cve@mitre.org"
}
]
}

12
CVE-2023/CVE-2023-517xx/CVE-2023-51766.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-51766", "id": "CVE-2023-51766",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-24T06:15:07.673", "published": "2023-12-24T06:15:07.673",
"lastModified": "2023-12-29T15:15:11.040", "lastModified": "2024-01-01T18:15:09.243",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Exim through 4.97 allows SMTP smuggling in certain configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not." "value": "Exim before 4.97.1 allows SMTP smuggling in certain PIPELINING/CHUNKING configurations. Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address, allowing bypass of an SPF protection mechanism. This occurs because Exim supports <LF>.<CR><LF> but some other popular e-mail servers do not."
}, },
{ {
"lang": "es", "lang": "es",
@ -28,6 +28,10 @@
"url": "http://www.openwall.com/lists/oss-security/2023/12/29/2", "url": "http://www.openwall.com/lists/oss-security/2023/12/29/2",
"source": "cve@mitre.org" "source": "cve@mitre.org"
}, },
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/01/1",
"source": "cve@mitre.org"
},
{ {
"url": "https://bugs.exim.org/show_bug.cgi?id=3063", "url": "https://bugs.exim.org/show_bug.cgi?id=3063",
"source": "cve@mitre.org" "source": "cve@mitre.org"
@ -52,6 +56,10 @@
"url": "https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5", "url": "https://git.exim.org/exim.git/commit/cf1376206284f2a4f11e32d931d4aade34c206c5",
"source": "cve@mitre.org" "source": "cve@mitre.org"
}, },
{
"url": "https://github.com/Exim/exim/blob/master/doc/doc-txt/cve-2023-51766",
"source": "cve@mitre.org"
},
{ {
"url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/", "url": "https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/",
"source": "cve@mitre.org" "source": "cve@mitre.org"

88
CVE-2024/CVE-2024-01xx/CVE-2024-0181.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0181",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-01T17:15:08.543",
"lastModified": "2024-01-01T17:15:08.543",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/3Yc2iRzY#Uv7ECzLwUvff__JXEcyPG9oxJ0A1fsBIFGVaS35pvtA",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.249433",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.249433",
"source": "cna@vuldb.com"
}
]
}

22
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-01-01T17:00:24.575509+00:00 2024-01-01T19:00:25.508423+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-01-01T15:15:43.393000+00:00 2024-01-01T18:15:09.243000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,27 +29,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
234618 234621
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `8` Recently added CVEs: `3`
* [CVE-2023-5877](CVE-2023/CVE-2023-58xx/CVE-2023-5877.json) (`2024-01-01T15:15:42.727`) * [CVE-2023-50094](CVE-2023/CVE-2023-500xx/CVE-2023-50094.json) (`2024-01-01T18:15:09.130`)
* [CVE-2023-6000](CVE-2023/CVE-2023-60xx/CVE-2023-6000.json) (`2024-01-01T15:15:43.100`) * [CVE-2023-50096](CVE-2023/CVE-2023-500xx/CVE-2023-50096.json) (`2024-01-01T18:15:09.197`)
* [CVE-2023-6037](CVE-2023/CVE-2023-60xx/CVE-2023-6037.json) (`2024-01-01T15:15:43.147`) * [CVE-2024-0181](CVE-2024/CVE-2024-01xx/CVE-2024-0181.json) (`2024-01-01T17:15:08.543`)
* [CVE-2023-6064](CVE-2023/CVE-2023-60xx/CVE-2023-6064.json) (`2024-01-01T15:15:43.197`)
* [CVE-2023-6113](CVE-2023/CVE-2023-61xx/CVE-2023-6113.json) (`2024-01-01T15:15:43.243`)
* [CVE-2023-6271](CVE-2023/CVE-2023-62xx/CVE-2023-6271.json) (`2024-01-01T15:15:43.293`)
* [CVE-2023-6421](CVE-2023/CVE-2023-64xx/CVE-2023-6421.json) (`2024-01-01T15:15:43.347`)
* [CVE-2023-6485](CVE-2023/CVE-2023-64xx/CVE-2023-6485.json) (`2024-01-01T15:15:43.393`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `0` Recently modified CVEs: `1`
* [CVE-2023-51766](CVE-2023/CVE-2023-517xx/CVE-2023-51766.json) (`2024-01-01T18:15:09.243`)
## Download and Usage ## Download and Usage