Auto-Update: 2024-02-22T11:01:59.352954+00:00

CVE-2023/CVE-2023-291xx/CVE-2023-29179.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-29179",
+  "sourceIdentifier": "psirt@fortinet.com",
+  "published": "2024-02-22T10:15:07.693",
+  "lastModified": "2024-02-22T10:15:07.693",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, Fortiproxy version 7.2.0 through 7.2.4, 7.0.0 through 7.0.10 allows attacker to denial of service via  specially crafted HTTP requests."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@fortinet.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@fortinet.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fortiguard.com/psirt/FG-IR-23-125",
+      "source": "psirt@fortinet.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-291xx/CVE-2023-29180.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-29180",
+  "sourceIdentifier": "psirt@fortinet.com",
+  "published": "2024-02-22T10:15:07.947",
+  "lastModified": "2024-02-22T10:15:07.947",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A null pointer dereference in Fortinet FortiOS version 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.3, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to denial of service via specially crafted HTTP requests."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@fortinet.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@fortinet.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-476"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fortiguard.com/psirt/FG-IR-23-111",
+      "source": "psirt@fortinet.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-291xx/CVE-2023-29181.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-29181",
+  "sourceIdentifier": "psirt@fortinet.com",
+  "published": "2024-02-22T10:15:08.140",
+  "lastModified": "2024-02-22T10:15:08.140",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A use of externally-controlled format string in Fortinet FortiOS 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.12, 6.2.0 through 6.2.14, 6.0.0 through 6.0.16, FortiProxy 7.2.0 through 7.2.4, 7.0.0 through 7.0.10, 2.0.0 through 2.0.12, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiPAM 1.0.0 through 1.0.3 allows attacker to execute unauthorized code or commands via specially crafted command."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@fortinet.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@fortinet.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-134"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fortiguard.com/psirt/FG-IR-23-119",
+      "source": "psirt@fortinet.com"
+    }
+  ]
+}

CVE-2023/CVE-2023-65xx/CVE-2023-6546.json

@@ -2,7 +2,7 @@
   "id": "CVE-2023-6546",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2023-12-21T20:15:08.260",
-  "lastModified": "2024-02-21T04:15:07.553",
+  "lastModified": "2024-02-22T09:15:38.053",
   "vulnStatus": "Modified",
   "descriptions": [
     {
@@ -168,6 +168,10 @@
       "url": "https://access.redhat.com/errata/RHSA-2024:0930",
       "source": "secalert@redhat.com"
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0937",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2023-6546",
       "source": "secalert@redhat.com",

CVE-2024/CVE-2024-223xx/CVE-2024-22393.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2024-22393",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-02-22T10:15:08.340",
+  "lastModified": "2024-02-22T10:15:08.340",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nPixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user\u00a0can cause such an attack by uploading an image when posting content.\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv",
+      "source": "security@apache.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-233xx/CVE-2024-23349.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2024-23349",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-02-22T10:15:08.427",
+  "lastModified": "2024-02-22T10:15:08.427",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nXSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack.\n\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg",
+      "source": "security@apache.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-265xx/CVE-2024-26578.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2024-26578",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-02-22T10:15:08.503",
+  "lastModified": "2024-02-22T10:15:08.503",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1.\n\nRepeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name.\nUsers are recommended to upgrade to version [1.2.5], which fixes the issue.\n\n"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-362"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb",
+      "source": "security@apache.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-02-22T07:00:24.633604+00:00
+2024-02-22T11:01:59.352954+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-02-22T06:15:57.973000+00:00
+2024-02-22T10:15:08.503000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,34 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-239197
+239203
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `15`
+Recently added CVEs: `6`
 
-* [CVE-2024-23134](CVE-2024/CVE-2024-231xx/CVE-2024-23134.json) (`2024-02-22T05:15:09.187`)
-* [CVE-2024-23135](CVE-2024/CVE-2024-231xx/CVE-2024-23135.json) (`2024-02-22T05:15:09.357`)
-* [CVE-2024-23136](CVE-2024/CVE-2024-231xx/CVE-2024-23136.json) (`2024-02-22T05:15:09.527`)
-* [CVE-2024-23137](CVE-2024/CVE-2024-231xx/CVE-2024-23137.json) (`2024-02-22T05:15:09.640`)
-* [CVE-2024-25801](CVE-2024/CVE-2024-258xx/CVE-2024-25801.json) (`2024-02-22T05:15:09.807`)
-* [CVE-2024-26481](CVE-2024/CVE-2024-264xx/CVE-2024-26481.json) (`2024-02-22T05:15:09.867`)
-* [CVE-2024-26482](CVE-2024/CVE-2024-264xx/CVE-2024-26482.json) (`2024-02-22T05:15:09.917`)
-* [CVE-2024-26483](CVE-2024/CVE-2024-264xx/CVE-2024-26483.json) (`2024-02-22T05:15:09.973`)
-* [CVE-2024-26484](CVE-2024/CVE-2024-264xx/CVE-2024-26484.json) (`2024-02-22T05:15:10.037`)
-* [CVE-2024-27283](CVE-2024/CVE-2024-272xx/CVE-2024-27283.json) (`2024-02-22T05:15:10.087`)
-* [CVE-2024-0903](CVE-2024/CVE-2024-09xx/CVE-2024-0903.json) (`2024-02-22T06:15:57.453`)
-* [CVE-2024-1053](CVE-2024/CVE-2024-10xx/CVE-2024-1053.json) (`2024-02-22T06:15:57.703`)
-* [CVE-2024-26489](CVE-2024/CVE-2024-264xx/CVE-2024-26489.json) (`2024-02-22T06:15:57.870`)
-* [CVE-2024-26490](CVE-2024/CVE-2024-264xx/CVE-2024-26490.json) (`2024-02-22T06:15:57.923`)
-* [CVE-2024-26491](CVE-2024/CVE-2024-264xx/CVE-2024-26491.json) (`2024-02-22T06:15:57.973`)
+* [CVE-2023-29179](CVE-2023/CVE-2023-291xx/CVE-2023-29179.json) (`2024-02-22T10:15:07.693`)
+* [CVE-2023-29180](CVE-2023/CVE-2023-291xx/CVE-2023-29180.json) (`2024-02-22T10:15:07.947`)
+* [CVE-2023-29181](CVE-2023/CVE-2023-291xx/CVE-2023-29181.json) (`2024-02-22T10:15:08.140`)
+* [CVE-2024-22393](CVE-2024/CVE-2024-223xx/CVE-2024-22393.json) (`2024-02-22T10:15:08.340`)
+* [CVE-2024-23349](CVE-2024/CVE-2024-233xx/CVE-2024-23349.json) (`2024-02-22T10:15:08.427`)
+* [CVE-2024-26578](CVE-2024/CVE-2024-265xx/CVE-2024-26578.json) (`2024-02-22T10:15:08.503`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+* [CVE-2023-6546](CVE-2023/CVE-2023-65xx/CVE-2023-6546.json) (`2024-02-22T09:15:38.053`)
 
 
 ## Download and Usage