admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-20T11:08:23.981471+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-20 11:08:27 +00:00
parent ecec29dcc9
commit 2ae538144e
13 changed files with 551 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2023/CVE-2023-491xx/CVE-2023-49109.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-49109",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-20T10:15:07.927",
"lastModified": "2024-02-20T10:15:07.927",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Remote Code Execution in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. "
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/dolphinscheduler/pull/14991",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/5b6yq2gov0fsy9x5dkvo8ws4rr45vkn8",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/6kgsl93vtqlbdk6otttl0d8wmlspk0m5",
"source": "security@apache.org"
}
]
}

36
CVE-2023/CVE-2023-492xx/CVE-2023-49250.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2023-49250",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-20T10:15:08.040",
"lastModified": "2024-02-20T10:15:08.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.\n\nThis issue affects Apache DolphinScheduler: before 3.2.0.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/dolphinscheduler/pull/15288",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/wgs2jvhbmq8xnd6rmg0ymz73nyj7b3qn",
"source": "security@apache.org"
}
]
}

40
CVE-2023/CVE-2023-502xx/CVE-2023-50270.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-50270",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-20T10:15:08.140",
"lastModified": "2024-02-20T10:15:08.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes this issue."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/dolphinscheduler/pull/15219",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/94prw8hyk60vvw7s6cs3tr708qzqlwl6",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/lmnf21obyos920dnvbfpwq29c1sd2r9r",
"source": "security@apache.org"
}
]
}

40
CVE-2023/CVE-2023-517xx/CVE-2023-51770.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-51770",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-20T10:15:08.243",
"lastModified": "2024-02-20T10:15:08.243",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary File Read Vulnerability in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue."
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/dolphinscheduler/pull/15433",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/4t8bdjqnfhldh73gy9p0whlgvnnbtn7g",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/gpks573kn00ofxn7n9gkg6o47d03p5rw",
"source": "security@apache.org"
}
]
}

6
CVE-2024/CVE-2024-06xx/CVE-2024-0646.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0646",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-17T16:15:47.190",
"lastModified": "2024-02-15T21:15:09.070",
"lastModified": "2024-02-20T09:15:08.593",
"vulnStatus": "Modified",
"descriptions": [
{
@ -149,6 +149,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0851",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0876",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0646",
"source": "secalert@redhat.com",

43
CVE-2024/CVE-2024-16xx/CVE-2024-1608.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-1608",
"sourceIdentifier": "security@oppo.com",
"published": "2024-02-20T09:15:08.877",
"lastModified": "2024-02-20T09:15:08.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@oppo.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832",
"source": "security@oppo.com"
}
]
}

55
CVE-2024/CVE-2024-256xx/CVE-2024-25604.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25604",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T09:15:09.057",
"lastModified": "2024-02-20T09:15:09.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-256xx/CVE-2024-25605.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25605",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T09:15:09.323",
"lastModified": "2024-02-20T09:15:09.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-256xx/CVE-2024-25606.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25606",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T09:15:09.533",
"lastModified": "2024-02-20T09:15:09.533",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-256xx/CVE-2024-25607.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25607",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T10:15:08.333",
"lastModified": "2024-02-20T10:15:08.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-916"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-256xx/CVE-2024-25608.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25608",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T10:15:08.530",
"lastModified": "2024-02-20T10:15:08.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-256xx/CVE-2024-25609.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25609",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T10:15:08.707",
"lastModified": "2024-02-20T10:15:08.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609",
"source": "security@liferay.com"
}
]
}

28
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-20T09:00:29.547030+00:00
2024-02-20T11:08:23.981471+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-20T08:15:07.823000+00:00
2024-02-20T10:15:08.707000+00:00
```
### Last Data Feed Release
@ -29,25 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238927
238938
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `11`
* [CVE-2023-44308](CVE-2023/CVE-2023-443xx/CVE-2023-44308.json) (`2024-02-20T07:15:08.033`)
* [CVE-2024-22234](CVE-2024/CVE-2024-222xx/CVE-2024-22234.json) (`2024-02-20T07:15:09.967`)
* [CVE-2024-25149](CVE-2024/CVE-2024-251xx/CVE-2024-25149.json) (`2024-02-20T07:15:10.557`)
* [CVE-2024-25150](CVE-2024/CVE-2024-251xx/CVE-2024-25150.json) (`2024-02-20T08:15:07.290`)
* [CVE-2024-25973](CVE-2024/CVE-2024-259xx/CVE-2024-25973.json) (`2024-02-20T08:15:07.717`)
* [CVE-2024-25974](CVE-2024/CVE-2024-259xx/CVE-2024-25974.json) (`2024-02-20T08:15:07.823`)
* [CVE-2023-49109](CVE-2023/CVE-2023-491xx/CVE-2023-49109.json) (`2024-02-20T10:15:07.927`)
* [CVE-2023-49250](CVE-2023/CVE-2023-492xx/CVE-2023-49250.json) (`2024-02-20T10:15:08.040`)
* [CVE-2023-50270](CVE-2023/CVE-2023-502xx/CVE-2023-50270.json) (`2024-02-20T10:15:08.140`)
* [CVE-2023-51770](CVE-2023/CVE-2023-517xx/CVE-2023-51770.json) (`2024-02-20T10:15:08.243`)
* [CVE-2024-1608](CVE-2024/CVE-2024-16xx/CVE-2024-1608.json) (`2024-02-20T09:15:08.877`)
* [CVE-2024-25604](CVE-2024/CVE-2024-256xx/CVE-2024-25604.json) (`2024-02-20T09:15:09.057`)
* [CVE-2024-25605](CVE-2024/CVE-2024-256xx/CVE-2024-25605.json) (`2024-02-20T09:15:09.323`)
* [CVE-2024-25606](CVE-2024/CVE-2024-256xx/CVE-2024-25606.json) (`2024-02-20T09:15:09.533`)
* [CVE-2024-25607](CVE-2024/CVE-2024-256xx/CVE-2024-25607.json) (`2024-02-20T10:15:08.333`)
* [CVE-2024-25608](CVE-2024/CVE-2024-256xx/CVE-2024-25608.json) (`2024-02-20T10:15:08.530`)
* [CVE-2024-25609](CVE-2024/CVE-2024-256xx/CVE-2024-25609.json) (`2024-02-20T10:15:08.707`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
* [CVE-2024-0646](CVE-2024/CVE-2024-06xx/CVE-2024-0646.json) (`2024-02-20T09:15:08.593`)
## Download and Usage