From 3fdb65d1d916066a1bdb6b89fc8b1b20b165a04a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 22 Feb 2024 11:02:03 +0000 Subject: [PATCH] Auto-Update: 2024-02-22T11:01:59.352954+00:00 --- CVE-2023/CVE-2023-291xx/CVE-2023-29179.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-291xx/CVE-2023-29180.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-291xx/CVE-2023-29181.json | 55 +++++++++++++++++++++ CVE-2023/CVE-2023-65xx/CVE-2023-6546.json | 6 ++- CVE-2024/CVE-2024-223xx/CVE-2024-22393.json | 32 ++++++++++++ CVE-2024/CVE-2024-233xx/CVE-2024-23349.json | 32 ++++++++++++ CVE-2024/CVE-2024-265xx/CVE-2024-26578.json | 32 ++++++++++++ README.md | 32 +++++------- 8 files changed, 278 insertions(+), 21 deletions(-) create mode 100644 CVE-2023/CVE-2023-291xx/CVE-2023-29179.json create mode 100644 CVE-2023/CVE-2023-291xx/CVE-2023-29180.json create mode 100644 CVE-2023/CVE-2023-291xx/CVE-2023-29181.json create mode 100644 CVE-2024/CVE-2024-223xx/CVE-2024-22393.json create mode 100644 CVE-2024/CVE-2024-233xx/CVE-2024-23349.json create mode 100644 CVE-2024/CVE-2024-265xx/CVE-2024-26578.json diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29179.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29179.json new file mode 100644 index 00000000000..aa2e6d73bab --- /dev/null +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29179.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29179", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-02-22T10:15:07.693", + "lastModified": "2024-02-22T10:15:07.693", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via specially crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-125", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29180.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29180.json new file mode 100644 index 00000000000..fece04b73f5 --- /dev/null +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29180.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29180", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-02-22T10:15:07.947", + "lastModified": "2024-02-22T10:15:07.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-111", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29181.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29181.json new file mode 100644 index 00000000000..22d0ded909f --- /dev/null +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29181.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-29181", + "sourceIdentifier": "psirt@fortinet.com", + "published": "2024-02-22T10:15:08.140", + "lastModified": "2024-02-22T10:15:08.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@fortinet.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@fortinet.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-134" + } + ] + } + ], + "references": [ + { + "url": "https://fortiguard.com/psirt/FG-IR-23-119", + "source": "psirt@fortinet.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json index 12536bbcebc..b6bc0ddd9f9 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6546.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6546", "sourceIdentifier": "secalert@redhat.com", "published": "2023-12-21T20:15:08.260", - "lastModified": "2024-02-21T04:15:07.553", + "lastModified": "2024-02-22T09:15:38.053", "vulnStatus": "Modified", "descriptions": [ { @@ -168,6 +168,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:0930", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:0937", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2023-6546", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22393.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22393.json new file mode 100644 index 00000000000..d3bc1fb116d --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22393.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-22393", + "sourceIdentifier": "security@apache.org", + "published": "2024-02-22T10:15:08.340", + "lastModified": "2024-02-22T10:15:08.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nPixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user\u00a0can cause such an attack by uploading an image when posting content.\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-233xx/CVE-2024-23349.json b/CVE-2024/CVE-2024-233xx/CVE-2024-23349.json new file mode 100644 index 00000000000..106ec7174bb --- /dev/null +++ b/CVE-2024/CVE-2024-233xx/CVE-2024-23349.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-23349", + "sourceIdentifier": "security@apache.org", + "published": "2024-02-22T10:15:08.427", + "lastModified": "2024-02-22T10:15:08.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nXSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.\n\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-265xx/CVE-2024-26578.json b/CVE-2024/CVE-2024-265xx/CVE-2024-26578.json new file mode 100644 index 00000000000..1d77eb63191 --- /dev/null +++ b/CVE-2024/CVE-2024-265xx/CVE-2024-26578.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-26578", + "sourceIdentifier": "security@apache.org", + "published": "2024-02-22T10:15:08.503", + "lastModified": "2024-02-22T10:15:08.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nRepeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a471a4510b0..7464785f1bb 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-22T07:00:24.633604+00:00 +2024-02-22T11:01:59.352954+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-22T06:15:57.973000+00:00 +2024-02-22T10:15:08.503000+00:00 ``` ### Last Data Feed Release @@ -29,34 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -239197 +239203 ``` ### CVEs added in the last Commit -Recently added CVEs: `15` +Recently added CVEs: `6` -* [CVE-2024-23134](CVE-2024/CVE-2024-231xx/CVE-2024-23134.json) (`2024-02-22T05:15:09.187`) -* [CVE-2024-23135](CVE-2024/CVE-2024-231xx/CVE-2024-23135.json) (`2024-02-22T05:15:09.357`) -* [CVE-2024-23136](CVE-2024/CVE-2024-231xx/CVE-2024-23136.json) (`2024-02-22T05:15:09.527`) -* [CVE-2024-23137](CVE-2024/CVE-2024-231xx/CVE-2024-23137.json) (`2024-02-22T05:15:09.640`) -* [CVE-2024-25801](CVE-2024/CVE-2024-258xx/CVE-2024-25801.json) (`2024-02-22T05:15:09.807`) -* [CVE-2024-26481](CVE-2024/CVE-2024-264xx/CVE-2024-26481.json) (`2024-02-22T05:15:09.867`) -* [CVE-2024-26482](CVE-2024/CVE-2024-264xx/CVE-2024-26482.json) (`2024-02-22T05:15:09.917`) -* [CVE-2024-26483](CVE-2024/CVE-2024-264xx/CVE-2024-26483.json) (`2024-02-22T05:15:09.973`) -* [CVE-2024-26484](CVE-2024/CVE-2024-264xx/CVE-2024-26484.json) (`2024-02-22T05:15:10.037`) -* [CVE-2024-27283](CVE-2024/CVE-2024-272xx/CVE-2024-27283.json) (`2024-02-22T05:15:10.087`) -* [CVE-2024-0903](CVE-2024/CVE-2024-09xx/CVE-2024-0903.json) (`2024-02-22T06:15:57.453`) -* [CVE-2024-1053](CVE-2024/CVE-2024-10xx/CVE-2024-1053.json) (`2024-02-22T06:15:57.703`) -* [CVE-2024-26489](CVE-2024/CVE-2024-264xx/CVE-2024-26489.json) (`2024-02-22T06:15:57.870`) -* [CVE-2024-26490](CVE-2024/CVE-2024-264xx/CVE-2024-26490.json) (`2024-02-22T06:15:57.923`) -* [CVE-2024-26491](CVE-2024/CVE-2024-264xx/CVE-2024-26491.json) (`2024-02-22T06:15:57.973`) +* [CVE-2023-29179](CVE-2023/CVE-2023-291xx/CVE-2023-29179.json) (`2024-02-22T10:15:07.693`) +* [CVE-2023-29180](CVE-2023/CVE-2023-291xx/CVE-2023-29180.json) (`2024-02-22T10:15:07.947`) +* [CVE-2023-29181](CVE-2023/CVE-2023-291xx/CVE-2023-29181.json) (`2024-02-22T10:15:08.140`) +* [CVE-2024-22393](CVE-2024/CVE-2024-223xx/CVE-2024-22393.json) (`2024-02-22T10:15:08.340`) +* [CVE-2024-23349](CVE-2024/CVE-2024-233xx/CVE-2024-23349.json) (`2024-02-22T10:15:08.427`) +* [CVE-2024-26578](CVE-2024/CVE-2024-265xx/CVE-2024-26578.json) (`2024-02-22T10:15:08.503`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2023-6546](CVE-2023/CVE-2023-65xx/CVE-2023-6546.json) (`2024-02-22T09:15:38.053`) ## Download and Usage