admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-28T02:00:17.125001+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-28 02:03:13 +00:00
parent 2f3fddff0b
commit 311850253a
8 changed files with 603 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2024/CVE-2024-388xx/CVE-2024-38856.json
View File

@ -2,9 +2,13 @@
"id": "CVE-2024-38856",
"sourceIdentifier": "security@apache.org",
"published": "2024-08-05T09:15:56.780",
"lastModified": "2024-08-06T13:35:01.497",
"lastModified": "2024-08-28T01:00:00.950",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"cisaExploitAdd": "2024-08-27",
"cisaActionDue": "2024-09-17",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Apache OFBiz Incorrect Authorization Vulnerability",
"descriptions": [
{
"lang": "en",

14
CVE-2024/CVE-2024-40xx/CVE-2024-4067.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-4067",
"sourceIdentifier": "596c5446-0ce5-4ba2-aa66-48b3b757a647",
"published": "2024-05-14T15:42:47.947",
"lastModified": "2024-05-22T12:15:10.767",
"lastModified": "2024-08-28T00:15:04.130",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The NPM package `micromatch` is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching."
"value": "The NPM package `micromatch` prior to 4.0.8 is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. By passing a malicious payload, the pattern matching will keep backtracking to the input while it doesn't find the closing bracket. As the input size increases, the consumption time will also increase until it causes the application to hang or slow down. There was a merged fix but further testing shows the issue persists. This issue should be mitigated by using a safe pattern that won't start backtracking the regular expression due to greedy matching. This issue was fixed in version 4.0.8."
},
{
"lang": "es",
@ -52,20 +52,24 @@
}
],
"references": [
{
"url": "https://advisory.checkmarx.net/advisory/CVE-2024-4067/",
"source": "596c5446-0ce5-4ba2-aa66-48b3b757a647"
},
{
"url": "https://devhub.checkmarx.com/cve-details/CVE-2024-4067/",
"source": "596c5446-0ce5-4ba2-aa66-48b3b757a647"
},
{
"url": "https://github.com/micromatch/micromatch/blob/2c56a8604b68c1099e7bc0f807ce0865a339747a/index.js#L448",
"url": "https://github.com/micromatch/micromatch/commit/03aa8052171e878897eee5d7bb2ae0ae83ec2ade",
"source": "596c5446-0ce5-4ba2-aa66-48b3b757a647"
},
{
"url": "https://github.com/micromatch/micromatch/issues/243",
"url": "https://github.com/micromatch/micromatch/pull/266",
"source": "596c5446-0ce5-4ba2-aa66-48b3b757a647"
},
{
"url": "https://github.com/micromatch/micromatch/pull/247",
"url": "https://github.com/micromatch/micromatch/releases/tag/4.0.8",
"source": "596c5446-0ce5-4ba2-aa66-48b3b757a647"
}
]

141
CVE-2024/CVE-2024-82xx/CVE-2024-8226.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-8226",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-28T00:15:04.287",
"lastModified": "2024-08-28T00:15:04.287",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O1V1.1/formSetCfm.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275935",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275935",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.394009",
"source": "cna@vuldb.com"
},
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-82xx/CVE-2024-8227.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-8227",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-28T00:15:04.550",
"lastModified": "2024-08-28T00:15:04.550",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda O1 1.0.0.7(10648) and classified as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSer. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O1V1.1/fromDhcpSetSer.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275936",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275936",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.394022",
"source": "cna@vuldb.com"
},
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-82xx/CVE-2024-8228.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-8228",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-28T00:15:04.807",
"lastModified": "2024-08-28T00:15:04.807",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda O5 1.0.0.8(5017). It has been classified as critical. This affects the function fromSafeSetMacFilter of the file /goform/setMacFilterList. The manipulation of the argument remark/type/time leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O5V1.0/fromSafeSetMacFilter.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275937",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275937",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.394029",
"source": "cna@vuldb.com"
},
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-82xx/CVE-2024-8229.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-8229",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-28T01:15:03.353",
"lastModified": "2024-08-28T01:15:03.353",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda O6 1.0.0.7(2054). It has been declared as critical. This vulnerability affects the function frommacFilterModify of the file /goform/operateMacFilter. The manipulation of the argument mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/AHU-IoT-vulnerable/blob/main/Tenda/web-bridge/O6V3.0/fromMacFilterModify.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275938",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275938",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.394030",
"source": "cna@vuldb.com"
},
{
"url": "https://www.tenda.com.cn/",
"source": "cna@vuldb.com"
}
]
}

25
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-08-27T23:55:17.221301+00:00
2024-08-28T02:00:17.125001+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-08-27T23:15:04.207000+00:00
2024-08-28T01:15:03.353000+00:00
```
### Last Data Feed Release
@ -27,32 +27,31 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-08-27T00:00:08.653711+00:00
2024-08-28T00:00:08.672392+00:00
```
### Total Number of included CVEs
```plain
261334
261338
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `4`
- [CVE-2024-8219](CVE-2024/CVE-2024-82xx/CVE-2024-8219.json) (`2024-08-27T22:15:05.340`)
- [CVE-2024-8220](CVE-2024/CVE-2024-82xx/CVE-2024-8220.json) (`2024-08-27T22:15:05.630`)
- [CVE-2024-8221](CVE-2024/CVE-2024-82xx/CVE-2024-8221.json) (`2024-08-27T22:15:05.877`)
- [CVE-2024-8222](CVE-2024/CVE-2024-82xx/CVE-2024-8222.json) (`2024-08-27T23:15:03.360`)
- [CVE-2024-8223](CVE-2024/CVE-2024-82xx/CVE-2024-8223.json) (`2024-08-27T23:15:03.650`)
- [CVE-2024-8224](CVE-2024/CVE-2024-82xx/CVE-2024-8224.json) (`2024-08-27T23:15:03.920`)
- [CVE-2024-8225](CVE-2024/CVE-2024-82xx/CVE-2024-8225.json) (`2024-08-27T23:15:04.207`)
- [CVE-2024-8226](CVE-2024/CVE-2024-82xx/CVE-2024-8226.json) (`2024-08-28T00:15:04.287`)
- [CVE-2024-8227](CVE-2024/CVE-2024-82xx/CVE-2024-8227.json) (`2024-08-28T00:15:04.550`)
- [CVE-2024-8228](CVE-2024/CVE-2024-82xx/CVE-2024-8228.json) (`2024-08-28T00:15:04.807`)
- [CVE-2024-8229](CVE-2024/CVE-2024-82xx/CVE-2024-8229.json) (`2024-08-28T01:15:03.353`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `2`
- [CVE-2024-38856](CVE-2024/CVE-2024-388xx/CVE-2024-38856.json) (`2024-08-28T01:00:00.950`)
- [CVE-2024-4067](CVE-2024/CVE-2024-40xx/CVE-2024-4067.json) (`2024-08-28T00:15:04.130`)
## Download and Usage

22
_state.csv
View File

@ -255863,7 +255863,7 @@ CVE-2024-38810,0,0,a8d05ba61ad79ab8e573251f3391c7e33071f14ecb67883defa939520cad5
CVE-2024-3882,0,0,8cf286ca42c3a62eccb821d9ac0678dabad594eee248c127390ddaf169987d46,2024-05-17T02:40:10.457000
CVE-2024-3883,0,0,e6bda202b9fd54c10f25f29dd8ae0cebb83b1538aee636944c2fd66bf4045fff,2024-05-02T13:27:25.103000
CVE-2024-3885,0,0,9b28a2ee85edfe77753e71858fb1438bd68a9b6ee299843f3a5752cca4753d01,2024-05-02T18:00:37.360000
CVE-2024-38856,0,0,5bdac33e3c1769f797760792fc523b4e832fcce7196ab622177b90376f5d9d69,2024-08-06T13:35:01.497000
CVE-2024-38856,0,1,b96edffa3c5d3c056b0b683b5901b7d1b42d5c04f23c921a537c2a85ba0d9c15,2024-08-28T01:00:00.950000
CVE-2024-38857,0,0,857bbf4d5ee889c68ec1450930f0cf323232ab2d5a162824c8153ee668a7e638,2024-07-02T12:09:16.907000
CVE-2024-38859,0,0,593edb58800c759df69d81e4c4902db80ed6954e27fabcb131a77e637ddeaf57,2024-08-26T15:15:23.727000
CVE-2024-38867,0,0,0587553b0e73bb3d7fb83caa644dbd7ff748ca26af84fce237e8ae38fe20168b,2024-08-13T08:15:10.817000
@ -256713,7 +256713,7 @@ CVE-2024-40647,0,0,20e5e587d0777d0bcce77df9be17d322be6b8b310278f85b131c82750480c
CVE-2024-40648,0,0,e2349aa5f69c8421d1802e501ed70a5d9670cb28532fa26d74d83879e98ba750,2024-07-19T13:01:44.567000
CVE-2024-4065,0,0,e9243298c32ccba8ab1ac6d427150517ee98217790d2dec0b1b5ec685d8cbc83,2024-06-04T19:20:29.227000
CVE-2024-4066,0,0,5674d1317b0a03adb324e31f70d35a87031f26ca2ea2869349483359d081bdf7,2024-06-04T19:20:29.323000
CVE-2024-4067,0,0,9e7f1211bf79e7110903241dcc25ab8bd46e04dab02a9e051766a97ad7f670bf,2024-05-22T12:15:10.767000
CVE-2024-4067,0,1,cb2492818fe81f39be6108b3726f1fbc34af211b5be3405ee7a17904cdbd58f2,2024-08-28T00:15:04.130000
CVE-2024-4068,0,0,bb45b0f3c24ec800e9c86d4119a908807b555886bbc03073bf2175c668679f63,2024-07-03T02:07:03.943000
CVE-2024-40689,0,0,b737e3a1f88271d05934916a1e9611bb299eb972b578fcd1907e65284f8f8a13,2024-07-29T14:12:08.783000
CVE-2024-4069,0,0,fc5a2986d6746eec6d2dc8871a19fd31bd3dae122b27ac5ac325372fce08edbe,2024-06-04T19:20:29.457000
@ -261326,10 +261326,14 @@ CVE-2024-8214,0,0,4dcb7a15d1cc670379c05fdff2368f173d7ee90b98293405187577c84be9ea
CVE-2024-8216,0,0,ea0a96f241a82a6bacd9dc0a45665c2b7cf613b02d047fabb667e4dac6f4047d,2024-08-27T21:15:07.830000
CVE-2024-8217,0,0,83dbfc4fd39640675ea565d305d5258f4dc6ee330612479a4471b08e5f24e751,2024-08-27T21:15:08.093000
CVE-2024-8218,0,0,275286facfab355dcab0ffc6ade0f42bc2448af93fe871d1f2d5b5f4323a3a55,2024-08-27T21:15:08.350000
CVE-2024-8219,1,1,f8ee496087bbe42bb625176d48dec98fe3e35ae622a0495aa6294d22ad10f956,2024-08-27T22:15:05.340000
CVE-2024-8220,1,1,46dfae50e6d4bb08b354ff635eaed92e5e796757e31385ca85fda28818597d8d,2024-08-27T22:15:05.630000
CVE-2024-8221,1,1,0a7d8161c0d4de2f776fc856b85a320cd0c3f55d8cf461808a145d7852c90043,2024-08-27T22:15:05.877000
CVE-2024-8222,1,1,44c5b2cbec3822d2efcf28c5048900bb2633b04acc07eb5f974f81f8787fd8a8,2024-08-27T23:15:03.360000
CVE-2024-8223,1,1,318a18f1fc7a248ee76fa735a5f5699330afe72edfaed1652605f6eb432340c6,2024-08-27T23:15:03.650000
CVE-2024-8224,1,1,eb7cb01b938be3eaac784d7e44c25b862e816031a4c497d52444444152036dd6,2024-08-27T23:15:03.920000
CVE-2024-8225,1,1,ca0de8328fcbb42cd7e0ff1df0545bdf503ea6a3a0f00b3aceb9d787ed4f5703,2024-08-27T23:15:04.207000
CVE-2024-8219,0,0,f8ee496087bbe42bb625176d48dec98fe3e35ae622a0495aa6294d22ad10f956,2024-08-27T22:15:05.340000
CVE-2024-8220,0,0,46dfae50e6d4bb08b354ff635eaed92e5e796757e31385ca85fda28818597d8d,2024-08-27T22:15:05.630000
CVE-2024-8221,0,0,0a7d8161c0d4de2f776fc856b85a320cd0c3f55d8cf461808a145d7852c90043,2024-08-27T22:15:05.877000
CVE-2024-8222,0,0,44c5b2cbec3822d2efcf28c5048900bb2633b04acc07eb5f974f81f8787fd8a8,2024-08-27T23:15:03.360000
CVE-2024-8223,0,0,318a18f1fc7a248ee76fa735a5f5699330afe72edfaed1652605f6eb432340c6,2024-08-27T23:15:03.650000
CVE-2024-8224,0,0,eb7cb01b938be3eaac784d7e44c25b862e816031a4c497d52444444152036dd6,2024-08-27T23:15:03.920000
CVE-2024-8225,0,0,ca0de8328fcbb42cd7e0ff1df0545bdf503ea6a3a0f00b3aceb9d787ed4f5703,2024-08-27T23:15:04.207000
CVE-2024-8226,1,1,cbf3e6b4ecb22d791af519216cb74fcbbc4675f6578fc71e665cf18ff769fb0e,2024-08-28T00:15:04.287000
CVE-2024-8227,1,1,a036a7f97a355b868f01141cc25f285783295937f6676075846a401b1d9db578,2024-08-28T00:15:04.550000
CVE-2024-8228,1,1,5719f117108fdb054512e608abc92c258925393788847819dabc02b4916c814c,2024-08-28T00:15:04.807000
CVE-2024-8229,1,1,28ccc44a317b55190aff96c74708939b911208b845cddaf380e938baf9975c94,2024-08-28T01:15:03.353000

Can't render this file because it is too large.