admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 10:10:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-05-02T22:00:31.103483+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-05-02 22:03:21 +00:00
parent 331362ede9
commit 2f3af6e450
10 changed files with 672 additions and 233 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2024/CVE-2024-250xx/CVE-2024-25047.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-25047",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-05-02T21:16:11.330",
"lastModified": "2024-05-02T21:16:11.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.2 is vulnerable to injection attacks in application logging by not sanitizing user provided data. This could lead to further attacks against the system. IBM X-Force ID: 282956."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-117"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/282956",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7149874",
"source": "psirt@us.ibm.com"
}
]
}

55
CVE-2024/CVE-2024-303xx/CVE-2024-30301.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30301",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-05-02T21:16:11.537",
"lastModified": "2024-05-02T21:16:11.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-303xx/CVE-2024-30302.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30302",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-05-02T21:16:11.747",
"lastModified": "2024-05-02T21:16:11.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-303xx/CVE-2024-30303.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30303",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-05-02T21:16:11.943",
"lastModified": "2024-05-02T21:16:11.943",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-303xx/CVE-2024-30304.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30304",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-05-02T21:16:12.130",
"lastModified": "2024-05-02T21:16:12.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-303xx/CVE-2024-30305.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30305",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-05-02T21:16:12.327",
"lastModified": "2024-05-02T21:16:12.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-303xx/CVE-2024-30306.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-30306",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-05-02T21:16:12.523",
"lastModified": "2024-05-02T21:16:12.523",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com"
}
]
}

67
CVE-2024/CVE-2024-41xx/CVE-2024-4140.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-4140",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-05-02T20:15:07.333",
"lastModified": "2024-05-02T20:15:07.333",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An excessive memory use issue (CWE-770) exists in Email-MIME, before version 1.954, which can cause denial of service when parsing multipart MIME messages. The patch set (from 2020 and 2024) limits excessive depth and the total number of parts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@ubuntu.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://bugs.debian.org/960062",
"source": "security@ubuntu.com"
},
{
"url": "https://github.com/rjbs/Email-MIME/issues/66",
"source": "security@ubuntu.com"
},
{
"url": "https://github.com/rjbs/Email-MIME/pull/80",
"source": "security@ubuntu.com"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-4140",
"source": "security@ubuntu.com"
}
]
}

49
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-05-02T20:00:38.530679+00:00
2024-05-02T22:00:31.103483+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-05-02T19:15:06.630000+00:00
2024-05-02T21:16:12.523000+00:00
```
### Last Data Feed Release
@ -33,52 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
247731
247739
```
### CVEs added in the last Commit
Recently added CVEs: `8`
- [CVE-2024-33394](CVE-2024/CVE-2024-333xx/CVE-2024-33394.json) (`2024-05-02T18:15:07.523`)
- [CVE-2024-33396](CVE-2024/CVE-2024-333xx/CVE-2024-33396.json) (`2024-05-02T19:15:06.117`)
- [CVE-2024-34391](CVE-2024/CVE-2024-343xx/CVE-2024-34391.json) (`2024-05-02T19:15:06.177`)
- [CVE-2024-34392](CVE-2024/CVE-2024-343xx/CVE-2024-34392.json) (`2024-05-02T19:15:06.333`)
- [CVE-2024-34393](CVE-2024/CVE-2024-343xx/CVE-2024-34393.json) (`2024-05-02T19:15:06.480`)
- [CVE-2024-34394](CVE-2024/CVE-2024-343xx/CVE-2024-34394.json) (`2024-05-02T19:15:06.630`)
- [CVE-2024-4215](CVE-2024/CVE-2024-42xx/CVE-2024-4215.json) (`2024-05-02T18:15:07.593`)
- [CVE-2024-4216](CVE-2024/CVE-2024-42xx/CVE-2024-4216.json) (`2024-05-02T18:15:07.757`)
- [CVE-2024-25047](CVE-2024/CVE-2024-250xx/CVE-2024-25047.json) (`2024-05-02T21:16:11.330`)
- [CVE-2024-30301](CVE-2024/CVE-2024-303xx/CVE-2024-30301.json) (`2024-05-02T21:16:11.537`)
- [CVE-2024-30302](CVE-2024/CVE-2024-303xx/CVE-2024-30302.json) (`2024-05-02T21:16:11.747`)
- [CVE-2024-30303](CVE-2024/CVE-2024-303xx/CVE-2024-30303.json) (`2024-05-02T21:16:11.943`)
- [CVE-2024-30304](CVE-2024/CVE-2024-303xx/CVE-2024-30304.json) (`2024-05-02T21:16:12.130`)
- [CVE-2024-30305](CVE-2024/CVE-2024-303xx/CVE-2024-30305.json) (`2024-05-02T21:16:12.327`)
- [CVE-2024-30306](CVE-2024/CVE-2024-303xx/CVE-2024-30306.json) (`2024-05-02T21:16:12.523`)
- [CVE-2024-4140](CVE-2024/CVE-2024-41xx/CVE-2024-4140.json) (`2024-05-02T20:15:07.333`)
### CVEs modified in the last Commit
Recently modified CVEs: `188`
Recently modified CVEs: `0`
- [CVE-2024-3942](CVE-2024/CVE-2024-39xx/CVE-2024-3942.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-3957](CVE-2024/CVE-2024-39xx/CVE-2024-3957.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-3985](CVE-2024/CVE-2024-39xx/CVE-2024-3985.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-3991](CVE-2024/CVE-2024-39xx/CVE-2024-3991.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4000](CVE-2024/CVE-2024-40xx/CVE-2024-4000.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4003](CVE-2024/CVE-2024-40xx/CVE-2024-4003.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4029](CVE-2024/CVE-2024-40xx/CVE-2024-4029.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4033](CVE-2024/CVE-2024-40xx/CVE-2024-4033.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4034](CVE-2024/CVE-2024-40xx/CVE-2024-4034.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4036](CVE-2024/CVE-2024-40xx/CVE-2024-4036.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4083](CVE-2024/CVE-2024-40xx/CVE-2024-4083.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4085](CVE-2024/CVE-2024-40xx/CVE-2024-4085.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4086](CVE-2024/CVE-2024-40xx/CVE-2024-4086.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4092](CVE-2024/CVE-2024-40xx/CVE-2024-4092.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4097](CVE-2024/CVE-2024-40xx/CVE-2024-4097.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4128](CVE-2024/CVE-2024-41xx/CVE-2024-4128.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4133](CVE-2024/CVE-2024-41xx/CVE-2024-4133.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4156](CVE-2024/CVE-2024-41xx/CVE-2024-4156.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4203](CVE-2024/CVE-2024-42xx/CVE-2024-4203.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4265](CVE-2024/CVE-2024-42xx/CVE-2024-4265.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4324](CVE-2024/CVE-2024-43xx/CVE-2024-4324.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4334](CVE-2024/CVE-2024-43xx/CVE-2024-4334.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4405](CVE-2024/CVE-2024-44xx/CVE-2024-4405.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4406](CVE-2024/CVE-2024-44xx/CVE-2024-4406.json) (`2024-05-02T18:00:37.360`)
- [CVE-2024-4433](CVE-2024/CVE-2024-44xx/CVE-2024-4433.json) (`2024-05-02T18:00:37.360`)
## Download and Usage

400
_state.csv
View File

File diff suppressed because it is too large Load Diff