admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-31T23:00:24.362575+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-31 23:00:28 +00:00
parent b75fef153f
commit 45f8ea9865
17 changed files with 940 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2019/CVE-2019-57xx/CVE-2019-5736.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-5736",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-02-11T19:29:00.297",
"lastModified": "2023-11-07T03:11:54.880",
"lastModified": "2024-01-31T21:15:08.063",
"vulnStatus": "Modified",
"descriptions": [
{
@ -585,6 +585,10 @@
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/31/6",
"source": "cve@mitre.org"
},
{
"url": "http://www.securityfocus.com/bid/106976",
"source": "cve@mitre.org",

20
CVE-2022/CVE-2022-470xx/CVE-2022-47072.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2022-47072",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-31T21:15:08.440",
"lastModified": "2024-01-31T21:15:08.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Enterprise Architect 16.0.1605 32-bit allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box.."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/DojoSecurity/Enterprise-Architect-SQL-Injection",
"source": "cve@mitre.org"
}
]
}

65
CVE-2023/CVE-2023-337xx/CVE-2023-33759.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33759",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T08:15:08.637",
"lastModified": "2024-01-25T13:38:33.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T21:04:13.810",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "SpliceCom Maximiser Soft PBX v1.5 y anteriores no restringe los intentos de autenticaci\u00f3n excesivos, lo que permite a los atacantes eludir la autenticaci\u00f3n mediante un ataque de fuerza bruta."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splicecom:maximiser_soft_pbx:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5",
"matchCriteriaId": "94656EDD-537D-487B-BA78-713C34D9E4A1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/twignet/splicecom",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-337xx/CVE-2023-33760.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-33760",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T08:15:08.707",
"lastModified": "2024-01-25T13:38:33.693",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T21:05:53.297",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,68 @@
"value": "Se descubri\u00f3 que SpliceCom Maximiser Soft PBX v1.5 y anteriores utiliza un certificado SSL predeterminado. Este problema puede permitir a los atacantes espiar las comunicaciones mediante un ataque de man-in-the-middle."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splicecom:maximiser_soft_pbx:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.5",
"matchCriteriaId": "94656EDD-537D-487B-BA78-713C34D9E4A1"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/twignet/splicecom",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-11xx/CVE-2024-1117.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1117",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-31T21:15:08.500",
"lastModified": "2024-01-31T21:15:08.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/Liu1nbjddxu4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252475",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252475",
"source": "cna@vuldb.com"
}
]
}

44
CVE-2024/CVE-2024-213xx/CVE-2024-21336.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-21336",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T18:15:12.040",
"lastModified": "2024-01-26T18:29:26.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T21:08:30.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de suplantaci\u00f3n de identidad en Microsoft Edge (basado en Chromium)"
}
],
"metrics": {
@ -34,10 +38,44 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "121.0.2277.83",
"matchCriteriaId": "00804700-C068-4562-9F64-4D348E1B76F5"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21336",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-216xx/CVE-2024-21626.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-21626",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T22:15:53.780",
"lastModified": "2024-01-31T22:15:53.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (\"attack 2\"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (\"attack 1\"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (\"attack 3a\" and \"attack 3b\"). runc 1.1.12 includes patches for this issue. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-403"
},
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"references": [
{
"url": "https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/opencontainers/runc/releases/tag/v1.1.12",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv",
"source": "security-advisories@github.com"
}
]
}

68
CVE-2024/CVE-2024-236xx/CVE-2024-23618.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23618",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:09.263",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T21:05:01.817",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -75,10 +105,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:commscope:arris_surfboard_sbg6950ac2_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "705A2647-E324-45F4-9159-3899B7A8F3A7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:commscope:arris_surfboard_sbg6950ac2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C886BE42-DD25-41A9-AEB9-64C123E09967"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-236xx/CVE-2024-23624.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23624",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:10.397",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T21:02:32.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -75,10 +105,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dap-1650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "655C33AE-0586-438E-8D67-3C61D1D932CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dap-1650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D740DCDC-6FE9-44CC-80BF-B00EF94EC2BC"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-236xx/CVE-2024-23625.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23625",
"sourceIdentifier": "disclosures@exodusintel.com",
"published": "2024-01-26T00:15:10.620",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T21:06:08.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{
"source": "disclosures@exodusintel.com",
"type": "Secondary",
@ -75,10 +105,42 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dap-1650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "655C33AE-0586-438E-8D67-3C61D1D932CA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dap-1650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D740DCDC-6FE9-44CC-80BF-B00EF94EC2BC"
}
]
}
]
}
],
"references": [
{
"url": "https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-subscribe-callback-command-injection-vulnerability/",
"source": "disclosures@exodusintel.com"
"source": "disclosures@exodusintel.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-236xx/CVE-2024-23646.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23646",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-24T20:15:53.877",
"lastModified": "2024-01-25T01:59:45.643",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-31T21:10:54.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue.\n"
},
{
"lang": "es",
"value": "El paquete Admin Classic de Pimcore proporciona una interfaz de usuario backend para Pimcore. La aplicaci\u00f3n permite a los usuarios crear archivos zip a partir de archivos disponibles en el sitio. En la rama 1.x anterior a la versi\u00f3n 1.3.2, el par\u00e1metro `selectedIds` es susceptible a la inyecci\u00f3n SQL. Cualquier usuario de backend con permisos muy b\u00e1sicos puede ejecutar declaraciones SQL arbitrarias y as\u00ed alterar cualquier dato o escalar sus privilegios al menos al nivel de administrador. La versi\u00f3n 1.3.2 contiene una soluci\u00f3n para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,26 +70,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.3.2",
"matchCriteriaId": "24A89A76-A47D-4D85-8E64-01F3B4EE170E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-236xx/CVE-2024-23650.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-23650",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T22:15:53.990",
"lastModified": "2024-01-31T22:15:53.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://github.com/moby/buildkit/pull/4601",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-236xx/CVE-2024-23651.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-23651",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T22:15:54.183",
"lastModified": "2024-01-31T22:15:54.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://github.com/moby/buildkit/pull/4604",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-236xx/CVE-2024-23652.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-23652",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T22:15:54.377",
"lastModified": "2024-01-31T22:15:54.377",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/moby/buildkit/pull/4603",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-236xx/CVE-2024-23653.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-23653",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T22:15:54.600",
"lastModified": "2024-01-31T22:15:54.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. \n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/moby/buildkit/pull/4602",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-247xx/CVE-2024-24747.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24747",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-31T22:15:54.813",
"lastModified": "2024-01-31T22:15:54.813",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://github.com/minio/minio/commit/0ae4915a9391ef4b3ec80f5fcdcf24ee6884e776",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/minio/minio/releases/tag/RELEASE.2024-01-31T20-20-33Z",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/minio/minio/security/advisories/GHSA-xx8w-mq23-29g4",
"source": "security-advisories@github.com"
}
]
}

64
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-31T21:00:25.887100+00:00
2024-01-31T23:00:24.362575+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-31T20:40:45.133000+00:00
2024-01-31T22:15:54.813000+00:00
```
### Last Data Feed Release
@ -29,57 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237245
237253
```
### CVEs added in the last Commit
Recently added CVEs: `13`
Recently added CVEs: `8`
* [CVE-2023-28807](CVE-2023/CVE-2023-288xx/CVE-2023-28807.json) (`2024-01-31T20:15:44.903`)
* [CVE-2024-1111](CVE-2024/CVE-2024-11xx/CVE-2024-1111.json) (`2024-01-31T19:15:08.187`)
* [CVE-2024-21916](CVE-2024/CVE-2024-219xx/CVE-2024-21916.json) (`2024-01-31T19:15:08.427`)
* [CVE-2024-21917](CVE-2024/CVE-2024-219xx/CVE-2024-21917.json) (`2024-01-31T19:15:08.633`)
* [CVE-2024-22146](CVE-2024/CVE-2024-221xx/CVE-2024-22146.json) (`2024-01-31T19:15:08.820`)
* [CVE-2024-22150](CVE-2024/CVE-2024-221xx/CVE-2024-22150.json) (`2024-01-31T19:15:09.013`)
* [CVE-2024-22153](CVE-2024/CVE-2024-221xx/CVE-2024-22153.json) (`2024-01-31T19:15:09.270`)
* [CVE-2024-22158](CVE-2024/CVE-2024-221xx/CVE-2024-22158.json) (`2024-01-31T19:15:09.470`)
* [CVE-2024-22159](CVE-2024/CVE-2024-221xx/CVE-2024-22159.json) (`2024-01-31T19:15:09.650`)
* [CVE-2024-1113](CVE-2024/CVE-2024-11xx/CVE-2024-1113.json) (`2024-01-31T20:15:45.140`)
* [CVE-2024-1114](CVE-2024/CVE-2024-11xx/CVE-2024-1114.json) (`2024-01-31T20:15:45.367`)
* [CVE-2024-1115](CVE-2024/CVE-2024-11xx/CVE-2024-1115.json) (`2024-01-31T20:15:45.590`)
* [CVE-2024-1116](CVE-2024/CVE-2024-11xx/CVE-2024-1116.json) (`2024-01-31T20:15:45.807`)
* [CVE-2022-47072](CVE-2022/CVE-2022-470xx/CVE-2022-47072.json) (`2024-01-31T21:15:08.440`)
* [CVE-2024-1117](CVE-2024/CVE-2024-11xx/CVE-2024-1117.json) (`2024-01-31T21:15:08.500`)
* [CVE-2024-21626](CVE-2024/CVE-2024-216xx/CVE-2024-21626.json) (`2024-01-31T22:15:53.780`)
* [CVE-2024-23650](CVE-2024/CVE-2024-236xx/CVE-2024-23650.json) (`2024-01-31T22:15:53.990`)
* [CVE-2024-23651](CVE-2024/CVE-2024-236xx/CVE-2024-23651.json) (`2024-01-31T22:15:54.183`)
* [CVE-2024-23652](CVE-2024/CVE-2024-236xx/CVE-2024-23652.json) (`2024-01-31T22:15:54.377`)
* [CVE-2024-23653](CVE-2024/CVE-2024-236xx/CVE-2024-23653.json) (`2024-01-31T22:15:54.600`)
* [CVE-2024-24747](CVE-2024/CVE-2024-247xx/CVE-2024-24747.json) (`2024-01-31T22:15:54.813`)
### CVEs modified in the last Commit
Recently modified CVEs: `70`
Recently modified CVEs: `8`
* [CVE-2024-23508](CVE-2024/CVE-2024-235xx/CVE-2024-23508.json) (`2024-01-31T19:54:51.757`)
* [CVE-2024-22302](CVE-2024/CVE-2024-223xx/CVE-2024-22302.json) (`2024-01-31T19:54:51.757`)
* [CVE-2024-22306](CVE-2024/CVE-2024-223xx/CVE-2024-22306.json) (`2024-01-31T19:54:51.757`)
* [CVE-2024-22307](CVE-2024/CVE-2024-223xx/CVE-2024-22307.json) (`2024-01-31T19:54:51.757`)
* [CVE-2024-22310](CVE-2024/CVE-2024-223xx/CVE-2024-22310.json) (`2024-01-31T19:54:51.757`)
* [CVE-2024-24566](CVE-2024/CVE-2024-245xx/CVE-2024-24566.json) (`2024-01-31T19:54:51.757`)
* [CVE-2024-24579](CVE-2024/CVE-2024-245xx/CVE-2024-24579.json) (`2024-01-31T19:54:51.757`)
* [CVE-2024-21387](CVE-2024/CVE-2024-213xx/CVE-2024-21387.json) (`2024-01-31T20:08:28.943`)
* [CVE-2024-21385](CVE-2024/CVE-2024-213xx/CVE-2024-21385.json) (`2024-01-31T20:09:14.593`)
* [CVE-2024-21383](CVE-2024/CVE-2024-213xx/CVE-2024-21383.json) (`2024-01-31T20:09:22.623`)
* [CVE-2024-21382](CVE-2024/CVE-2024-213xx/CVE-2024-21382.json) (`2024-01-31T20:10:16.277`)
* [CVE-2024-21326](CVE-2024/CVE-2024-213xx/CVE-2024-21326.json) (`2024-01-31T20:10:24.203`)
* [CVE-2024-0456](CVE-2024/CVE-2024-04xx/CVE-2024-0456.json) (`2024-01-31T20:12:00.077`)
* [CVE-2024-0736](CVE-2024/CVE-2024-07xx/CVE-2024-0736.json) (`2024-01-31T20:19:04.667`)
* [CVE-2024-0695](CVE-2024/CVE-2024-06xx/CVE-2024-0695.json) (`2024-01-31T20:20:20.147`)
* [CVE-2024-0693](CVE-2024/CVE-2024-06xx/CVE-2024-0693.json) (`2024-01-31T20:20:32.517`)
* [CVE-2024-22154](CVE-2024/CVE-2024-221xx/CVE-2024-22154.json) (`2024-01-31T20:20:56.647`)
* [CVE-2024-23616](CVE-2024/CVE-2024-236xx/CVE-2024-23616.json) (`2024-01-31T20:28:48.513`)
* [CVE-2024-23617](CVE-2024/CVE-2024-236xx/CVE-2024-23617.json) (`2024-01-31T20:29:19.920`)
* [CVE-2024-23619](CVE-2024/CVE-2024-236xx/CVE-2024-23619.json) (`2024-01-31T20:29:34.730`)
* [CVE-2024-23620](CVE-2024/CVE-2024-236xx/CVE-2024-23620.json) (`2024-01-31T20:29:50.697`)
* [CVE-2024-23621](CVE-2024/CVE-2024-236xx/CVE-2024-23621.json) (`2024-01-31T20:30:17.927`)
* [CVE-2024-23622](CVE-2024/CVE-2024-236xx/CVE-2024-23622.json) (`2024-01-31T20:30:40.207`)
* [CVE-2024-22099](CVE-2024/CVE-2024-220xx/CVE-2024-22099.json) (`2024-01-31T20:32:02.720`)
* [CVE-2024-23307](CVE-2024/CVE-2024-233xx/CVE-2024-23307.json) (`2024-01-31T20:38:12.743`)
* [CVE-2019-5736](CVE-2019/CVE-2019-57xx/CVE-2019-5736.json) (`2024-01-31T21:15:08.063`)
* [CVE-2023-33759](CVE-2023/CVE-2023-337xx/CVE-2023-33759.json) (`2024-01-31T21:04:13.810`)
* [CVE-2023-33760](CVE-2023/CVE-2023-337xx/CVE-2023-33760.json) (`2024-01-31T21:05:53.297`)
* [CVE-2024-23624](CVE-2024/CVE-2024-236xx/CVE-2024-23624.json) (`2024-01-31T21:02:32.867`)
* [CVE-2024-23618](CVE-2024/CVE-2024-236xx/CVE-2024-23618.json) (`2024-01-31T21:05:01.817`)
* [CVE-2024-23625](CVE-2024/CVE-2024-236xx/CVE-2024-23625.json) (`2024-01-31T21:06:08.260`)
* [CVE-2024-21336](CVE-2024/CVE-2024-213xx/CVE-2024-21336.json) (`2024-01-31T21:08:30.463`)
* [CVE-2024-23646](CVE-2024/CVE-2024-236xx/CVE-2024-23646.json) (`2024-01-31T21:10:54.027`)
## Download and Usage