admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-21T19:00:24.884194+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-21 19:00:28 +00:00
parent 9b82ef3c70
commit 428fe30e1a
28 changed files with 1262 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

67
CVE-2024/CVE-2024-12xx/CVE-2024-1212.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-1212",
"sourceIdentifier": "security@progress.com",
"published": "2024-02-21T18:15:50.417",
"lastModified": "2024-02-21T18:15:50.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@progress.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@progress.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://freeloadbalancer.com/",
"source": "security@progress.com"
},
{
"url": "https://kemptechnologies.com/",
"source": "security@progress.com"
},
{
"url": "https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212",
"source": "security@progress.com"
},
{
"url": "https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212",
"source": "security@progress.com"
}
]
}

22
CVE-2024/CVE-2024-14xx/CVE-2024-1485.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1485",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-14T00:15:46.783",
"lastModified": "2024-02-15T05:15:09.823",
"lastModified": "2024-02-21T17:15:08.377",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into opening a specially modified .tar archive, leading to the cleanup process following relative paths to overwrite or delete files outside the intended scope."
"value": "A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en la funci\u00f3n de descompresi\u00f3n del soporte de registro. Este problema puede ser desencadenado por un atacante remoto no autenticado al enga\u00f1ar a un usuario para que abra un archivo .tar especialmente modificado, lo que lleva al proceso de limpieza a seguir rutas relativas para sobrescribir o eliminar archivos fuera del alcance previsto."
}
],
"metrics": {
@ -17,20 +21,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
"exploitabilityScore": 2.8,
"impactScore": 5.8
}
]
},

88
CVE-2024/CVE-2024-17xx/CVE-2024-1702.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1702",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T17:15:08.583",
"lastModified": "2024-02-21T17:15:08.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/omarexala/PHP-MYSQL-User-Login-System---SQL-Injection",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.254390",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.254390",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-17xx/CVE-2024-1703.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1703",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T17:15:08.793",
"lastModified": "2024-02-21T17:15:08.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:N/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 5.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-36"
}
]
}
],
"references": [
{
"url": "https://github.com/Echosssy/-CRMEB-Mall-commercial-version-of-any-file-read-vulnerability/blob/main/README.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.254391",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.254391",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-17xx/CVE-2024-1704.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1704",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T18:15:50.613",
"lastModified": "2024-02-21T18:15:50.613",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/Echosssy/CVE/blob/main/%E4%BC%97%E9%82%A6%E7%A7%91%E6%8A%80CRMEB%20Mall%20business%20edition%20overrides%20any%20file.docx",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.254392",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.254392",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-17xx/CVE-2024-1705.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1705",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T18:15:50.823",
"lastModified": "2024-02-21T18:15:50.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/QHdXavkw5eDm",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.254393",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.254393",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-17xx/CVE-2024-1706.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1706",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-21T18:15:51.057",
"lastModified": "2024-02-21T18:15:51.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input <marquee>hi leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254396. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.254396",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.254396",
"source": "cna@vuldb.com"
}
]
}

34
CVE-2024/CVE-2024-17xx/CVE-2024-1709.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1709",
"sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725",
"published": "2024-02-21T16:15:50.420",
"lastModified": "2024-02-21T16:15:50.420",
"lastModified": "2024-02-21T18:15:51.300",
"vulnStatus": "Received",
"descriptions": [
{
@ -47,9 +47,41 @@
}
],
"references": [
{
"url": "https://github.com/rapid7/metasploit-framework/pull/18870",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
},
{
"url": "https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/",
"source": "9119a7d8-5eab-497f-8521-727c672e3725"
}
]
}

15
CVE-2024/CVE-2024-17xx/CVE-2024-1714.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-1714",
"sourceIdentifier": "psirt@sailpoint.com",
"published": "2024-02-21T17:15:09.003",
"lastModified": "2024-02-21T18:15:51.377",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": []
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20325.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20325",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-02-21T17:15:09.180",
"lastModified": "2024-02-21T17:15:09.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device.\r\n\r This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-access-control-jJsZQMjj",
"source": "ykramarz@cisco.com"
}
]
}

63
CVE-2024/CVE-2024-233xx/CVE-2024-23346.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-23346",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-21T17:15:09.377",
"lastModified": "2024-02-21T17:15:09.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/materialsproject/pymatgen/blob/master/pymatgen/symmetry/settings.py#L97C1-L111C108",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f",
"source": "security-advisories@github.com"
}
]
}

28
CVE-2024/CVE-2024-244xx/CVE-2024-24478.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-24478",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T17:15:09.567",
"lastModified": "2024-02-21T17:15:09.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Wireshark team Wireshark before v.4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/1047524396/e82c55147cd3cb62ef20cbdb0ec83694",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/wireshark/wireshark/commit/80a4dc55f4d2fa33c2b36a99406500726d3faaef",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.com/wireshark/wireshark/-/issues/19347",
"source": "cve@mitre.org"
}
]
}

67
CVE-2024/CVE-2024-251xx/CVE-2024-25117.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-25117",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-21T17:15:09.617",
"lastModified": "2024-02-21T17:15:09.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
},
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273",
"source": "security-advisories@github.com"
}
]
}

24
CVE-2024/CVE-2024-252xx/CVE-2024-25288.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25288",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T17:15:09.817",
"lastModified": "2024-02-21T17:15:09.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-pop_scope_vocabolary.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/slims/slims9_bulian/issues/229",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25891.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25891",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T18:15:51.493",
"lastModified": "2024-02-21T18:15:51.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ChurchCRM/CRM/issues/6856",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25892.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25892",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T18:15:51.540",
"lastModified": "2024-02-21T18:15:51.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ChurchCRM/CRM/issues/6858",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25893.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25893",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T18:15:51.580",
"lastModified": "2024-02-21T18:15:51.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ChurchCRM/CRM/issues/6856",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25894.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25894",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T18:15:51.623",
"lastModified": "2024-02-21T18:15:51.623",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ChurchCRM/CRM/issues/6849",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25895.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25895",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T18:15:51.680",
"lastModified": "2024-02-21T18:15:51.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ChurchCRM/CRM/issues/6853",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25896.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25896",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T18:15:51.727",
"lastModified": "2024-02-21T18:15:51.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ChurchCRM/CRM/issues/6854",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25897.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25897",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T18:15:51.777",
"lastModified": "2024-02-21T18:15:51.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ChurchCRM/CRM/issues/6856",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25898.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25898",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T18:15:51.820",
"lastModified": "2024-02-21T18:15:51.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ChurchCRM/CRM/issues/6851",
"source": "cve@mitre.org"
}
]
}

63
CVE-2024/CVE-2024-261xx/CVE-2024-26130.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-26130",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-21T17:15:09.863",
"lastModified": "2024-02-21T17:15:09.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pyca/cryptography/pull/10423",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4",
"source": "security-advisories@github.com"
}
]
}

75
CVE-2024/CVE-2024-261xx/CVE-2024-26133.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2024-26133",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-21T17:15:10.060",
"lastModified": "2024-02-21T17:15:10.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-256"
}
]
}
],
"references": [
{
"url": "https://developers.eventstore.com/cloud/ops/#upgrading-eventstoredb-version",
"source": "security-advisories@github.com"
},
{
"url": "https://developers.eventstore.com/server/v22.10/upgrade-guide.html#upgrade-guide-for-eventstoredb-22-10",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/EventStore/EventStore/commit/6d4edee18c7fe886abffe58fa1f97d72681b24bf",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/EventStore/EventStore/security/advisories/GHSA-6r53-v8hj-x684",
"source": "security-advisories@github.com"
},
{
"url": "https://www.eventstore.com/blog/eventstoredb-security-release-23.10-22.10-21.10-and-20.10-for-cve-2024-26133",
"source": "security-advisories@github.com"
},
{
"url": "https://www.eventstore.com/blog/new-version-strategy",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-261xx/CVE-2024-26138.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-26138",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-21T17:15:10.257",
"lastModified": "2024-02-21T17:15:10.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email of the license owner. This is a leak of information that isn't supposed to be public. The instance id allows associating data on the active installs data with the concrete XWiki instance. Active installs assures that \"there's no way to find who's having a given UUID\" (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated, depending on the configuration. This has been fixed in Application Licensing 1.24.2. There are no known workarounds besides upgrading."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Active%20Installs%202%20API",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwikisas/application-licensing/commit/d168fb88fc0d121bf95e769ea21c55c00bebe5a6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwikisas/application-licensing/security/advisories/GHSA-4hfp-m9gv-m753",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-261xx/CVE-2024-26145.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-26145",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-21T18:15:51.870",
"lastModified": "2024-02-21T18:15:51.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a workaround, one may use post visibility to limit access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/discourse/discourse-calendar/commit/dfc4fa15f340189f177a1d1ab2cc94ffed3c1190",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/discourse/discourse-calendar/security/advisories/GHSA-4hh7-6m34-p2jp",
"source": "security-advisories@github.com"
}
]
}

58
CVE-2024/CVE-2024-272xx/CVE-2024-27215.json
View File

@ -2,62 +2,14 @@
"id": "CVE-2024-27215",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T16:15:50.657",
"lastModified": "2024-02-21T16:15:50.657",
"vulnStatus": "Received",
"lastModified": "2024-02-21T18:15:52.060",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "ConnectWise ScreenConnnect before 23.9.8 allows authentication bypass via an alternate path or channel."
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1709. Reason: This candidate is a duplicate of CVE-2024-1709. Notes: All CVE users should reference CVE-2024-1709 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://github.com/rapid7/metasploit-framework/pull/18870",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc",
"source": "cve@mitre.org"
},
{
"url": "https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/",
"source": "cve@mitre.org"
},
{
"url": "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8",
"source": "cve@mitre.org"
},
{
"url": "https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2",
"source": "cve@mitre.org"
},
{
"url": "https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8",
"source": "cve@mitre.org"
}
]
"metrics": {},
"references": []
}

58
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-21T17:02:19.391259+00:00
2024-02-21T19:00:24.884194+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-21T16:15:50.657000+00:00
2024-02-21T18:15:52.060000+00:00
```
### Last Data Feed Release
@ -29,40 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
239107
239131
```
### CVEs added in the last Commit
Recently added CVEs: `19`
Recently added CVEs: `24`
* [CVE-2022-45169](CVE-2022/CVE-2022-451xx/CVE-2022-45169.json) (`2024-02-21T16:15:49.060`)
* [CVE-2022-45177](CVE-2022/CVE-2022-451xx/CVE-2022-45177.json) (`2024-02-21T16:15:49.127`)
* [CVE-2022-45179](CVE-2022/CVE-2022-451xx/CVE-2022-45179.json) (`2024-02-21T16:15:49.173`)
* [CVE-2023-33843](CVE-2023/CVE-2023-338xx/CVE-2023-33843.json) (`2024-02-21T15:15:08.537`)
* [CVE-2023-50955](CVE-2023/CVE-2023-509xx/CVE-2023-50955.json) (`2024-02-21T15:15:08.760`)
* [CVE-2023-46241](CVE-2023/CVE-2023-462xx/CVE-2023-46241.json) (`2024-02-21T16:15:49.240`)
* [CVE-2023-49100](CVE-2023/CVE-2023-491xx/CVE-2023-49100.json) (`2024-02-21T16:15:49.457`)
* [CVE-2024-22778](CVE-2024/CVE-2024-227xx/CVE-2024-22778.json) (`2024-02-21T15:15:09.270`)
* [CVE-2024-26582](CVE-2024/CVE-2024-265xx/CVE-2024-26582.json) (`2024-02-21T15:15:09.327`)
* [CVE-2024-26583](CVE-2024/CVE-2024-265xx/CVE-2024-26583.json) (`2024-02-21T15:15:09.373`)
* [CVE-2024-26584](CVE-2024/CVE-2024-265xx/CVE-2024-26584.json) (`2024-02-21T15:15:09.420`)
* [CVE-2024-26585](CVE-2024/CVE-2024-265xx/CVE-2024-26585.json) (`2024-02-21T15:15:09.467`)
* [CVE-2024-1474](CVE-2024/CVE-2024-14xx/CVE-2024-1474.json) (`2024-02-21T16:15:49.520`)
* [CVE-2024-1700](CVE-2024/CVE-2024-17xx/CVE-2024-1700.json) (`2024-02-21T16:15:49.707`)
* [CVE-2024-1701](CVE-2024/CVE-2024-17xx/CVE-2024-1701.json) (`2024-02-21T16:15:50.013`)
* [CVE-2024-1708](CVE-2024/CVE-2024-17xx/CVE-2024-1708.json) (`2024-02-21T16:15:50.233`)
* [CVE-2024-1709](CVE-2024/CVE-2024-17xx/CVE-2024-1709.json) (`2024-02-21T16:15:50.420`)
* [CVE-2024-22220](CVE-2024/CVE-2024-222xx/CVE-2024-22220.json) (`2024-02-21T16:15:50.600`)
* [CVE-2024-27215](CVE-2024/CVE-2024-272xx/CVE-2024-27215.json) (`2024-02-21T16:15:50.657`)
* [CVE-2024-1702](CVE-2024/CVE-2024-17xx/CVE-2024-1702.json) (`2024-02-21T17:15:08.583`)
* [CVE-2024-1703](CVE-2024/CVE-2024-17xx/CVE-2024-1703.json) (`2024-02-21T17:15:08.793`)
* [CVE-2024-20325](CVE-2024/CVE-2024-203xx/CVE-2024-20325.json) (`2024-02-21T17:15:09.180`)
* [CVE-2024-23346](CVE-2024/CVE-2024-233xx/CVE-2024-23346.json) (`2024-02-21T17:15:09.377`)
* [CVE-2024-24478](CVE-2024/CVE-2024-244xx/CVE-2024-24478.json) (`2024-02-21T17:15:09.567`)
* [CVE-2024-25117](CVE-2024/CVE-2024-251xx/CVE-2024-25117.json) (`2024-02-21T17:15:09.617`)
* [CVE-2024-25288](CVE-2024/CVE-2024-252xx/CVE-2024-25288.json) (`2024-02-21T17:15:09.817`)
* [CVE-2024-26130](CVE-2024/CVE-2024-261xx/CVE-2024-26130.json) (`2024-02-21T17:15:09.863`)
* [CVE-2024-26133](CVE-2024/CVE-2024-261xx/CVE-2024-26133.json) (`2024-02-21T17:15:10.060`)
* [CVE-2024-26138](CVE-2024/CVE-2024-261xx/CVE-2024-26138.json) (`2024-02-21T17:15:10.257`)
* [CVE-2024-1212](CVE-2024/CVE-2024-12xx/CVE-2024-1212.json) (`2024-02-21T18:15:50.417`)
* [CVE-2024-1704](CVE-2024/CVE-2024-17xx/CVE-2024-1704.json) (`2024-02-21T18:15:50.613`)
* [CVE-2024-1705](CVE-2024/CVE-2024-17xx/CVE-2024-1705.json) (`2024-02-21T18:15:50.823`)
* [CVE-2024-1706](CVE-2024/CVE-2024-17xx/CVE-2024-1706.json) (`2024-02-21T18:15:51.057`)
* [CVE-2024-1714](CVE-2024/CVE-2024-17xx/CVE-2024-1714.json) (`2024-02-21T17:15:09.003`)
* [CVE-2024-25891](CVE-2024/CVE-2024-258xx/CVE-2024-25891.json) (`2024-02-21T18:15:51.493`)
* [CVE-2024-25892](CVE-2024/CVE-2024-258xx/CVE-2024-25892.json) (`2024-02-21T18:15:51.540`)
* [CVE-2024-25893](CVE-2024/CVE-2024-258xx/CVE-2024-25893.json) (`2024-02-21T18:15:51.580`)
* [CVE-2024-25894](CVE-2024/CVE-2024-258xx/CVE-2024-25894.json) (`2024-02-21T18:15:51.623`)
* [CVE-2024-25895](CVE-2024/CVE-2024-258xx/CVE-2024-25895.json) (`2024-02-21T18:15:51.680`)
* [CVE-2024-25896](CVE-2024/CVE-2024-258xx/CVE-2024-25896.json) (`2024-02-21T18:15:51.727`)
* [CVE-2024-25897](CVE-2024/CVE-2024-258xx/CVE-2024-25897.json) (`2024-02-21T18:15:51.777`)
* [CVE-2024-25898](CVE-2024/CVE-2024-258xx/CVE-2024-25898.json) (`2024-02-21T18:15:51.820`)
* [CVE-2024-26145](CVE-2024/CVE-2024-261xx/CVE-2024-26145.json) (`2024-02-21T18:15:51.870`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `3`
* [CVE-2023-6259](CVE-2023/CVE-2023-62xx/CVE-2023-6259.json) (`2024-02-21T15:15:08.987`)
* [CVE-2023-6260](CVE-2023/CVE-2023-62xx/CVE-2023-6260.json) (`2024-02-21T15:15:09.187`)
* [CVE-2024-1485](CVE-2024/CVE-2024-14xx/CVE-2024-1485.json) (`2024-02-21T17:15:08.377`)
* [CVE-2024-1709](CVE-2024/CVE-2024-17xx/CVE-2024-1709.json) (`2024-02-21T18:15:51.300`)
* [CVE-2024-27215](CVE-2024/CVE-2024-272xx/CVE-2024-27215.json) (`2024-02-21T18:15:52.060`)
## Download and Usage