admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-05T13:08:44.618458+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-05 13:08:48 +00:00
parent b1a017a055
commit 488ddae222
17 changed files with 771 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
CVE-2022/CVE-2022-486xx/CVE-2022-48629.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2022-48629",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-05T12:15:45.707",
"lastModified": "2024-03-05T12:15:45.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qcom-rng - ensure buffer for generate is completely filled\n\nThe generate function in struct rng_alg expects that the destination\nbuffer is completely filled if the function returns 0. qcom_rng_read()\ncan run into a situation where the buffer is partially filled with\nrandomness and the remaining part of the buffer is zeroed since\nqcom_rng_generate() doesn't check the return value. This issue can\nbe reproduced by running the following from libkcapi:\n\n kcapi-rng -b 9000000 > OUTFILE\n\nThe generated OUTFILE will have three huge sections that contain all\nzeros, and this is caused by the code where the test\n'val & PRNG_STATUS_DATA_AVAIL' fails.\n\nLet's fix this issue by ensuring that qcom_rng_read() always returns\nwith a full buffer if the function returns success. Let's also have\nqcom_rng_generate() return the correct value.\n\nHere's some statistics from the ent project\n(https://www.fourmilab.ch/random/) that shows information about the\nquality of the generated numbers:\n\n $ ent -c qcom-random-before\n Value Char Occurrences Fraction\n 0 606748 0.067416\n 1 33104 0.003678\n 2 33001 0.003667\n ...\n 253 \ufffd 32883 0.003654\n 254 \ufffd 33035 0.003671\n 255 \ufffd 33239 0.003693\n\n Total: 9000000 1.000000\n\n Entropy = 7.811590 bits per byte.\n\n Optimum compression would reduce the size\n of this 9000000 byte file by 2 percent.\n\n Chi square distribution for 9000000 samples is 9329962.81, and\n randomly would exceed this value less than 0.01 percent of the\n times.\n\n Arithmetic mean value of data bytes is 119.3731 (127.5 = random).\n Monte Carlo value for Pi is 3.197293333 (error 1.77 percent).\n Serial correlation coefficient is 0.159130 (totally uncorrelated =\n 0.0).\n\nWithout this patch, the results of the chi-square test is 0.01%, and\nthe numbers are certainly not random according to ent's project page.\nThe results improve with this patch:\n\n $ ent -c qcom-random-after\n Value Char Occurrences Fraction\n 0 35432 0.003937\n 1 35127 0.003903\n 2 35424 0.003936\n ...\n 253 \ufffd 35201 0.003911\n 254 \ufffd 34835 0.003871\n 255 \ufffd 35368 0.003930\n\n Total: 9000000 1.000000\n\n Entropy = 7.999979 bits per byte.\n\n Optimum compression would reduce the size\n of this 9000000 byte file by 0 percent.\n\n Chi square distribution for 9000000 samples is 258.77, and randomly\n would exceed this value 42.24 percent of the times.\n\n Arithmetic mean value of data bytes is 127.5006 (127.5 = random).\n Monte Carlo value for Pi is 3.141277333 (error 0.01 percent).\n Serial correlation coefficient is 0.000468 (totally uncorrelated =\n 0.0).\n\nThis change was tested on a Nexus 5 phone (msm8974 SoC)."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f9b7b8df17525e464294c916acc8194ce38446b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/184f7bd08ce56f003530fc19f160d54e75bf5c9d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/485995cbc98a4f77cfd4f8ed4dd7ff8ab262964d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a680b1832ced3b5fa7c93484248fd221ea0d614b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a8e32bbb96c25b7ab29b1894dcd45e0b3b08fd9d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ab9337c7cb6f875b6286440b1adfbeeef2b2b2bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2022/CVE-2022-486xx/CVE-2022-48630.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2022-48630",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-05T12:15:45.780",
"lastModified": "2024-03-05T12:15:45.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qcom-rng - fix infinite loop on requests not multiple of WORD_SZ\n\nThe commit referenced in the Fixes tag removed the 'break' from the else\nbranch in qcom_rng_read(), causing an infinite loop whenever 'max' is\nnot a multiple of WORD_SZ. This can be reproduced e.g. by running:\n\n kcapi-rng -b 67 >/dev/null\n\nThere are many ways to fix this without adding back the 'break', but\nthey all seem more awkward than simply adding it back, so do just that.\n\nTested on a machine with Qualcomm Amberwing processor."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/05d4d17475d8d094c519bb51658bc47899c175e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/16287397ec5c08aa58db6acf7dbc55470d78087d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/233a3cc60e7a8fe0be8cf9934ae7b67ba25a866c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/71a89789552b7faf3ef27969b9bc783fa0df3550",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a06f25f5941c145773204f2f7abef95b4ffb8ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8be06f62b426801dba43ddf8893952a0e62ab6ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

55
CVE-2023/CVE-2023-455xx/CVE-2023-45591.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45591",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:45.833",
"lastModified": "2024-03-05T12:15:45.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-122 \u201cHeap-based Buffer Overflow\u201d vulnerability in the \u201clogger_generic\u201d function of the \u201cAx_rtu\u201d binary allows a remote authenticated attacker to trigger a memory corruption in the context of the binary. This may result in a Denial-of-Service (DoS) condition, possibly in the execution of arbitrary code with the same privileges of the process (root), or have other unspecified impacts on the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45591",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-455xx/CVE-2023-45592.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45592",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:46.037",
"lastModified": "2024-03-05T12:15:46.037",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-250 \u201cExecution with Unnecessary Privileges\u201d vulnerability in the embedded Chromium browser (due to the binary being executed with the \u201c--no-sandbox\u201d option and with root privileges) exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-250"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45592",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-455xx/CVE-2023-45593.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45593",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:46.213",
"lastModified": "2024-03-05T12:15:46.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-693 \u201cProtection Mechanism Failure\u201d vulnerability in the embedded Chromium browser (concerning the handling of alternative URLs, other than \u201c http://localhost\u201d http://localhost\u201d ) allows a physical attacker to read arbitrary files on the file system, alter the configuration of the embedded browser, and have other unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45593",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-455xx/CVE-2023-45594.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45594",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:46.493",
"lastModified": "2024-03-05T12:15:46.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-552 \u201cFiles or Directories Accessible to External Parties\u201d vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45594",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-455xx/CVE-2023-45595.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45595",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:46.717",
"lastModified": "2024-03-05T12:15:46.717",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-434 \u201cUnrestricted Upload of File with Dangerous Type\u201d vulnerability in the \u201cfile_configuration\u201d functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45595",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-455xx/CVE-2023-45596.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45596",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:46.913",
"lastModified": "2024-03-05T12:15:46.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-862 \u201cMissing Authorization\u201d vulnerability in the \u201cfile_configuration\u201d functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45596",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-455xx/CVE-2023-45597.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45597",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:47.107",
"lastModified": "2024-03-05T12:15:47.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-1236 \u201cImproper Neutralization of Formula Elements in a CSV File\u201d vulnerability in the \u201cfile_configuration\u201d functionality of the web application (concerning the function \u201cexport_file\u201d) allows a remote authenticated attacker to inject arbitrary formulas inside generated CSV files. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1236"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45597",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-455xx/CVE-2023-45598.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45598",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:47.277",
"lastModified": "2024-03-05T12:15:47.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-862 \u201cMissing Authorization\u201d vulnerability in the \u201cmeasure\u201d functionality of the web application allows a remote unauthenticated attacker to access confidential measure information. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45598",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-455xx/CVE-2023-45599.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45599",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:47.433",
"lastModified": "2024-03-05T12:15:47.433",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-646 \u201cReliance on File Name or Extension of Externally-Supplied File\u201d vulnerability in the \u201ciec61850\u201d functionality of the web application allows a remote authenticated attacker to upload any arbitrary type of file into the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-646"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45599",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-456xx/CVE-2023-45600.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45600",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:47.613",
"lastModified": "2024-03-05T12:15:47.613",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-613 \u201cInsufficient Session Expiration\u201d vulnerability in the web application, due to the session cookie \u201csessionid\u201d lasting two weeks, facilitates session hijacking attacks against victims. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-45600",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-54xx/CVE-2023-5456.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5456",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T11:15:07.657",
"lastModified": "2024-03-05T11:15:07.657",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-798 \u201cUse of Hard-coded Credentials\u201d vulnerability in the MariaDB database of the web application allows a remote unauthenticated attacker to access the database service and all included data with the same privileges of the web application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5456",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2023/CVE-2023-54xx/CVE-2023-5457.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5457",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-03-05T12:15:47.793",
"lastModified": "2024-03-05T12:15:47.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A CWE-1269 \u201cProduct Released in Non-Release Configuration\u201d vulnerability in the Django web framework used by the web application (due to the \u201cdebug\u201d configuration parameter set to \u201cTrue\u201d) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1269"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-5457",
"source": "prodsec@nozominetworks.com"
}
]
}

6
CVE-2024/CVE-2024-05xx/CVE-2024-0553.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0553",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-16T12:15:45.557",
"lastModified": "2024-02-26T16:27:51.353",
"lastModified": "2024-03-05T11:15:08.367",
"vulnStatus": "Modified",
"descriptions": [
{
@ -154,6 +154,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0796",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1082",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0553",
"source": "secalert@redhat.com",

6
CVE-2024/CVE-2024-05xx/CVE-2024-0567.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0567",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-16T14:15:48.527",
"lastModified": "2024-02-09T03:15:09.447",
"lastModified": "2024-03-05T11:15:08.783",
"vulnStatus": "Modified",
"descriptions": [
{
@ -111,6 +111,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:0533",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1082",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-0567",
"source": "secalert@redhat.com",

30
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-05T11:01:57.518601+00:00
2024-03-05T13:08:44.618458+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-05T09:15:45.190000+00:00
2024-03-05T12:15:47.793000+00:00
```
### Last Data Feed Release
@ -29,23 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240544
240558
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `14`
* [CVE-2024-26334](CVE-2024/CVE-2024-263xx/CVE-2024-26334.json) (`2024-03-05T09:15:45.040`)
* [CVE-2024-26335](CVE-2024/CVE-2024-263xx/CVE-2024-26335.json) (`2024-03-05T09:15:45.100`)
* [CVE-2024-26337](CVE-2024/CVE-2024-263xx/CVE-2024-26337.json) (`2024-03-05T09:15:45.143`)
* [CVE-2024-26339](CVE-2024/CVE-2024-263xx/CVE-2024-26339.json) (`2024-03-05T09:15:45.190`)
* [CVE-2022-48629](CVE-2022/CVE-2022-486xx/CVE-2022-48629.json) (`2024-03-05T12:15:45.707`)
* [CVE-2022-48630](CVE-2022/CVE-2022-486xx/CVE-2022-48630.json) (`2024-03-05T12:15:45.780`)
* [CVE-2023-5456](CVE-2023/CVE-2023-54xx/CVE-2023-5456.json) (`2024-03-05T11:15:07.657`)
* [CVE-2023-45591](CVE-2023/CVE-2023-455xx/CVE-2023-45591.json) (`2024-03-05T12:15:45.833`)
* [CVE-2023-45592](CVE-2023/CVE-2023-455xx/CVE-2023-45592.json) (`2024-03-05T12:15:46.037`)
* [CVE-2023-45593](CVE-2023/CVE-2023-455xx/CVE-2023-45593.json) (`2024-03-05T12:15:46.213`)
* [CVE-2023-45594](CVE-2023/CVE-2023-455xx/CVE-2023-45594.json) (`2024-03-05T12:15:46.493`)
* [CVE-2023-45595](CVE-2023/CVE-2023-455xx/CVE-2023-45595.json) (`2024-03-05T12:15:46.717`)
* [CVE-2023-45596](CVE-2023/CVE-2023-455xx/CVE-2023-45596.json) (`2024-03-05T12:15:46.913`)
* [CVE-2023-45597](CVE-2023/CVE-2023-455xx/CVE-2023-45597.json) (`2024-03-05T12:15:47.107`)
* [CVE-2023-45598](CVE-2023/CVE-2023-455xx/CVE-2023-45598.json) (`2024-03-05T12:15:47.277`)
* [CVE-2023-45599](CVE-2023/CVE-2023-455xx/CVE-2023-45599.json) (`2024-03-05T12:15:47.433`)
* [CVE-2023-45600](CVE-2023/CVE-2023-456xx/CVE-2023-45600.json) (`2024-03-05T12:15:47.613`)
* [CVE-2023-5457](CVE-2023/CVE-2023-54xx/CVE-2023-5457.json) (`2024-03-05T12:15:47.793`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `2`
* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-03-05T11:15:08.367`)
* [CVE-2024-0567](CVE-2024/CVE-2024-05xx/CVE-2024-0567.json) (`2024-03-05T11:15:08.783`)
## Download and Usage