admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-04-27T10:00:37.302593+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-04-27 10:03:27 +00:00
parent 309075e866
commit 38d75d4f42
6 changed files with 344 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
CVE-2023/CVE-2023-10xx/CVE-2023-1000.json Normal file
View File

@ -0,0 +1,96 @@
{
"id": "CVE-2023-1000",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-27T09:15:08.740",
"lastModified": "2024-04-27T09:15:08.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/cyanomiko/dcnnt-py/commit/b4021d784a97e25151a5353aa763a741e9a148f5",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/cyanomiko/dcnnt-py/pull/23",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/cyanomiko/dcnnt-py/releases/tag/0.9.1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.262230",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.262230",
"source": "cna@vuldb.com"
}
]
}

47
CVE-2024/CVE-2024-33xx/CVE-2024-3342.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-3342",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-27T09:15:09.093",
"lastModified": "2024-04-27T09:15:09.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3077596/mp-timetable/trunk/classes/models/class-events.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9670bd32-34ce-48b1-82d9-62ab8869a89b?source=cve",
"source": "security@wordfence.com"
}
]
}

92
CVE-2024/CVE-2024-42xx/CVE-2024-4245.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4245",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-27T08:15:06.277",
"lastModified": "2024-04-27T08:15:06.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda i21 1.0.0.14(4656). Affected by this issue is the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The identifier of this vulnerability is VDB-262136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formQosManageDouble_auto.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.262136",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.262136",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.319830",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-42xx/CVE-2024-4246.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4246",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-27T09:15:09.307",
"lastModified": "2024-04-27T09:15:09.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tenda i21 1.0.0.14(4656). This affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The identifier VDB-262137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formQosManageDouble_user.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.262137",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.262137",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.319831",
"source": "cna@vuldb.com"
}
]
}

18
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-04-27T06:00:37.958605+00:00
2024-04-27T10:00:37.302593+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-04-27T05:15:48.623000+00:00
2024-04-27T09:15:09.307000+00:00
```
### Last Data Feed Release
@ -33,23 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
246948
246952
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `4`
- [CVE-2024-2258](CVE-2024/CVE-2024-22xx/CVE-2024-2258.json) (`2024-04-27T04:15:08.543`)
- [CVE-2024-2838](CVE-2024/CVE-2024-28xx/CVE-2024-2838.json) (`2024-04-27T04:15:09.040`)
- [CVE-2024-3034](CVE-2024/CVE-2024-30xx/CVE-2024-3034.json) (`2024-04-27T05:15:48.623`)
- [CVE-2023-1000](CVE-2023/CVE-2023-10xx/CVE-2023-1000.json) (`2024-04-27T09:15:08.740`)
- [CVE-2024-3342](CVE-2024/CVE-2024-33xx/CVE-2024-3342.json) (`2024-04-27T09:15:09.093`)
- [CVE-2024-4245](CVE-2024/CVE-2024-42xx/CVE-2024-4245.json) (`2024-04-27T08:15:06.277`)
- [CVE-2024-4246](CVE-2024/CVE-2024-42xx/CVE-2024-4246.json) (`2024-04-27T09:15:09.307`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `0`
- [CVE-2024-32405](CVE-2024/CVE-2024-324xx/CVE-2024-32405.json) (`2024-04-27T05:15:48.447`)
## Download and Usage

12
_state.csv
View File

@ -212547,6 +212547,7 @@ CVE-2023-0996,0,0,ea2ea8ebb5c1cd78aca800ad05ee80a2b50041328f7c13f31f10b011d7f95e
CVE-2023-0997,0,0,b92f10de3b8d5dbadb7e85f9e2ed6e41fdc735ddd0a4fdad96a12786fb2ad363,2024-04-11T01:17:54.333000
CVE-2023-0998,0,0,147a1db5eee0b0ca2131347532aed64b0bda1e8e5a2666596472879643ba7aa7,2024-04-11T01:17:54.420000
CVE-2023-0999,0,0,4ae03500d564add5a96c5d669f7d213867ccc2725e600d2b911b6b8d742dedf1,2024-04-11T01:17:54.527000
CVE-2023-1000,1,1,19222c76f196c431a461a8d296249d26972a0e6f294b5f8bdcd5ac942fd3da3c,2024-04-27T09:15:08.740000
CVE-2023-1002,0,0,19838af22e5b3f4dd3d22eecd5f1512bcb54f4d378f382215cd6670e529e967a,2024-04-11T01:17:54.620000
CVE-2023-1003,0,0,ce12de167f204f84777d61b67f565833040e60875a326ea12f06e1f932714b0c,2024-04-11T01:17:54.700000
CVE-2023-1004,0,0,91c5023d8a0c3f7d7fdd2cd85d8fa9acad218b9c2b3ae757eddd8571dfc44abf,2024-04-11T01:17:54.793000
@ -241337,7 +241338,7 @@ CVE-2024-22567,0,0,37499b14fc95be5de51f415505f023a34c878497b34bd94665d0d5d9fc0f3
CVE-2024-22568,0,0,b7d805911224b1ae0c1c8858ee61b49b9c11cc28a75ce32a84caadcf77d4e108,2024-01-20T18:49:52.490000
CVE-2024-22569,0,0,bee3ca02120bb4729d62660d17afd0816ef9535b004ff125be13883d678f5fb9,2024-02-06T18:07:39.733000
CVE-2024-22570,0,0,c41ee5b58f7f6a9dd8b89c3af365a9d60dc2b413d2b344b295ffdf6e10d67e91,2024-02-02T23:32:46.897000
CVE-2024-2258,1,1,ac35c2d4854a76b4c5778fc510e1c7d2c7c227c825e96bacea585778cc1cc57c,2024-04-27T04:15:08.543000
CVE-2024-2258,0,0,ac35c2d4854a76b4c5778fc510e1c7d2c7c227c825e96bacea585778cc1cc57c,2024-04-27T04:15:08.543000
CVE-2024-22591,0,0,f5c348c7153b233a9d90322c9527755bd871e66df7cc43f695b58dbe543197c9,2024-01-20T18:49:47.907000
CVE-2024-22592,0,0,f50afa29eb1912ea2c3e321f184317ab81adfed74c362dc96640e9870bb57ed4,2024-01-20T18:49:41.750000
CVE-2024-22593,0,0,993941354f61719e720764f4475d3b2e7a78eded6442ffaa6fe56e23dc421b8f,2024-01-20T18:49:24.957000
@ -244402,7 +244403,7 @@ CVE-2024-28353,0,0,f5d0b12a1e8a931f5519e51563d18b142745d332ff192847a7afb495f17e2
CVE-2024-28354,0,0,b6680336ce24c3665bbea7456a49c23f2010021d3a256de9fa063452e0cf7d3a,2024-03-15T12:53:06.423000
CVE-2024-2836,0,0,9acd34fc60cb65ba9cd271e5ec35a02f0cd82360d653d80e871f78f2c63ee537,2024-04-15T13:15:31.997000
CVE-2024-2837,0,0,ede30a076db0490f182649eaa516f525e72ce3474678f75311de4b8e697fa1bd,2024-04-26T12:58:17.720000
CVE-2024-2838,1,1,8667d1c4020236689cce3b944a3ff8c7e80b101677a1e94cba0b1cd1616556e0,2024-04-27T04:15:09.040000
CVE-2024-2838,0,0,8667d1c4020236689cce3b944a3ff8c7e80b101677a1e94cba0b1cd1616556e0,2024-04-27T04:15:09.040000
CVE-2024-28383,0,0,4ebb5b688ac785b11132be45898bb9d7934c49dcd0ae78bf745a27cbe4cf3c09,2024-03-14T14:21:20.217000
CVE-2024-28386,0,0,babe8ca097e0c09213bc5c6af798d9ab75b1906fe65d8568532f7dfbcdf59f5c,2024-03-25T16:43:06.137000
CVE-2024-28387,0,0,50317bd50b8bed7df4714df1431ccc5e21589c7d6b48de3eead147adffba9438,2024-03-25T16:43:06.137000
@ -245301,7 +245302,7 @@ CVE-2024-30336,0,0,e5351987b8d729d3503d921fe2dc9880c350f59f5a953427a6b814948ca4d
CVE-2024-30337,0,0,36921abe92d25dec06f55554c591b6452ef07a36520db16afe8e41399ddedc0c,2024-04-02T20:31:58.463000
CVE-2024-30338,0,0,c70de79f61093bb957f2452c373197e0191e40923b05e55db920f5bac9b991ca,2024-04-02T20:31:58.463000
CVE-2024-30339,0,0,9fda1b1602dad3d189cf802a0ab881501bdc4001860ed5f68e3145a81fadd784,2024-04-02T20:31:58.463000
CVE-2024-3034,1,1,b9e9e114df333016b641afbc9902aaab9b6979408bbd2c131cfe9a7e0f7a4b28,2024-04-27T05:15:48.623000
CVE-2024-3034,0,0,b9e9e114df333016b641afbc9902aaab9b6979408bbd2c131cfe9a7e0f7a4b28,2024-04-27T05:15:48.623000
CVE-2024-30340,0,0,5122c03a233ded794ffad2a42ab54afbcfb7148c93cbc30383d855256d7ceee1,2024-04-02T20:31:58.463000
CVE-2024-30341,0,0,7cf4c251ace5c9cd1be08a073be5af7df10d126360e176784dcd480d86f09182,2024-04-02T20:31:58.463000
CVE-2024-30342,0,0,eb0e78b29270ab38683d7813c5fcac0ed5b167a2c3abb1485e0a4f5084b7a554,2024-04-02T20:31:58.463000
@ -246238,7 +246239,7 @@ CVE-2024-32392,0,0,e9dc77721f231608117a79f151c9f1e6be5cd7530989658bd3dd67ce41889
CVE-2024-32394,0,0,5f3cc70e4b86c8028147d2489cef40fa6c9285878a28bdb0855878990e97443a,2024-04-23T12:52:26.253000
CVE-2024-32399,0,0,881ee2dd975bc6f828957c741f38d2e9a20065eb3fba67ea84e4e0b7e3e06627,2024-04-23T12:52:30.940000
CVE-2024-32404,0,0,79a6c7942a9f3dcde43616bd36ba873d8478b9d821d7bf155e9c801f8f350e7c,2024-04-26T12:58:17.720000
CVE-2024-32405,0,1,3ef8baadce3828c002829cc143866c02c5413778e0871cfcfbcacdfae3d8303e,2024-04-27T05:15:48.447000
CVE-2024-32405,0,0,3ef8baadce3828c002829cc143866c02c5413778e0871cfcfbcacdfae3d8303e,2024-04-27T05:15:48.447000
CVE-2024-32406,0,0,8e6d36b8dcd241dcce7d220afafae7996fb58ae46bc5ab008c1d0443a9fffaf0,2024-04-26T12:58:17.720000
CVE-2024-32407,0,0,04bdb1c21d2d45016e5f7565a6490533ba649bcc5c4dc99b7e34c030532cab3a,2024-04-22T19:24:06.727000
CVE-2024-32409,0,0,2cc0bf26ecd8938fd89992a98bae2541af2d19072f0bc8cdc919759b6ea980aa,2024-04-19T16:19:49.043000
@ -246563,6 +246564,7 @@ CVE-2024-3333,0,0,8caee5b26018a8a7a4f06ec5d64d35dd731cf8d2f43a25885f4e67db044a1b
CVE-2024-33342,0,0,4ff11c7e369d836ce7a1244b0b48afc72b8090af879823bb663cc593e2824dbc,2024-04-26T19:59:19.793000
CVE-2024-33343,0,0,17e1971be9c2ae8ba52a2cc25de4ae4286a5a8f05a2fb81a46885d3dfd33cb1b,2024-04-26T19:59:19.793000
CVE-2024-33344,0,0,f74e33f11e6670462bc5b65f54260ae5e05e3409e05b053682376a20da3d6d34,2024-04-26T19:59:19.793000
CVE-2024-3342,1,1,6415337906c67a62a8f3214edefcbf1e1f114e9521d2d6da6937097ffc30871d,2024-04-27T09:15:09.093000
CVE-2024-3343,0,0,c7ada54a8973c3f80fc415b1484b0c0d7aeb75e458012c05cd3c69dcc6f0e33f,2024-04-11T12:47:44.137000
CVE-2024-3344,0,0,9f0d30bf7471aa86a4cb4a703805df84e7338e4a65408c3f6ac2fd777c6250e1,2024-04-11T12:47:44.137000
CVE-2024-3346,0,0,e1501efbca46250b1b984725e11942bb9306686e2cffb2edd3d8dd5b4c4ccc5c,2024-04-11T01:25:58.637000
@ -246947,3 +246949,5 @@ CVE-2024-4241,0,0,264f84de7f82f667ea602f912ab0c91f08c69cd3bac4488fa7a0558ca22ce9
CVE-2024-4242,0,0,7c2c0351cc2274639c0aac327cc3b8d379b23f811f63689c6939401bba640a19,2024-04-26T21:15:50.727000
CVE-2024-4243,0,0,06f57d13c6577e082919baf02007629a412b6f97f628566ad77e1dce9d52b4b9,2024-04-26T22:15:08.640000
CVE-2024-4244,0,0,f8fdbf36befd6856b8ec4b41749ee8c0ad841b9c473492c05800c93e3ac814d8,2024-04-26T22:15:08.867000
CVE-2024-4245,1,1,a58bcafe50a11707fd6722bf4d9ade7a08a4043c6956281df8ce202e884f61e9,2024-04-27T08:15:06.277000
CVE-2024-4246,1,1,4beda2b7e903ea592966095d5bc9a339f6323a8e49138b419198977f6b45ee00,2024-04-27T09:15:09.307000

Can't render this file because it is too large.