admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 18:21:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-03T00:55:24.028162+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-03 00:55:27 +00:00
parent 42b385924c
commit 4996486278
4 changed files with 113 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CVE-2023/CVE-2023-422xx/CVE-2023-42282.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-42282",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T17:15:10.840",
"lastModified": "2024-02-15T03:27:05.997",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-03T00:15:43.820",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue in NPM IP Package v.1.1.8 and before allows an attacker to execute arbitrary code and obtain sensitive information via the isPublic() function."
"value": "The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic."
},
{
"lang": "es",
@ -76,6 +76,14 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/indutny/node-ip/commit/6a3ada9b471b09d5f0f5be264911ab564bf67894",
"source": "cve@mitre.org"
},
{
"url": "https://huntr.com/bounties/bfc3b23f-ddc0-4ee7-afab-223b07115ed3/",
"source": "cve@mitre.org"
}
]
}

88
CVE-2024/CVE-2024-21xx/CVE-2024-2133.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2133",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-03T00:15:44.137",
"lastModified": "2024-03-03T00:15:44.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manage_invoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255495."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1cTdMIRngxo1ujqNXwj6nU4zyeeV_sfXD/view?usp=drivesdk",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255495",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255495",
"source": "cna@vuldb.com"
}
]
}

8
CVE-2024/CVE-2024-237xx/CVE-2024-23743.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-23743",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-28T02:15:08.773",
"lastModified": "2024-02-16T16:15:58.113",
"lastModified": "2024-03-03T00:15:44.043",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue in Notion for macOS version 3.1.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments components."
"value": "Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states \"the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment.\""
},
{
"lang": "es",
@ -88,6 +88,10 @@
"Exploit"
]
},
{
"url": "https://github.com/r3ggi/electroniz3r",
"source": "cve@mitre.org"
},
{
"url": "https://www.electronjs.org/blog/statement-run-as-node-cves",
"source": "cve@mitre.org"

38
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-02T23:00:24.275384+00:00
2024-03-03T00:55:24.028162+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-02T22:15:50.340000+00:00
2024-03-03T00:15:44.137000+00:00
```
### Last Data Feed Release
@ -29,44 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240356
240357
```
### CVEs added in the last Commit
Recently added CVEs: `64`
Recently added CVEs: `1`
* [CVE-2023-52562](CVE-2023/CVE-2023-525xx/CVE-2023-52562.json) (`2024-03-02T22:15:48.843`)
* [CVE-2023-52563](CVE-2023/CVE-2023-525xx/CVE-2023-52563.json) (`2024-03-02T22:15:48.890`)
* [CVE-2023-52564](CVE-2023/CVE-2023-525xx/CVE-2023-52564.json) (`2024-03-02T22:15:48.933`)
* [CVE-2023-52565](CVE-2023/CVE-2023-525xx/CVE-2023-52565.json) (`2024-03-02T22:15:48.980`)
* [CVE-2023-52566](CVE-2023/CVE-2023-525xx/CVE-2023-52566.json) (`2024-03-02T22:15:49.023`)
* [CVE-2023-52567](CVE-2023/CVE-2023-525xx/CVE-2023-52567.json) (`2024-03-02T22:15:49.073`)
* [CVE-2023-52568](CVE-2023/CVE-2023-525xx/CVE-2023-52568.json) (`2024-03-02T22:15:49.120`)
* [CVE-2023-52569](CVE-2023/CVE-2023-525xx/CVE-2023-52569.json) (`2024-03-02T22:15:49.163`)
* [CVE-2023-52570](CVE-2023/CVE-2023-525xx/CVE-2023-52570.json) (`2024-03-02T22:15:49.210`)
* [CVE-2023-52571](CVE-2023/CVE-2023-525xx/CVE-2023-52571.json) (`2024-03-02T22:15:49.257`)
* [CVE-2023-52572](CVE-2023/CVE-2023-525xx/CVE-2023-52572.json) (`2024-03-02T22:15:49.300`)
* [CVE-2023-52573](CVE-2023/CVE-2023-525xx/CVE-2023-52573.json) (`2024-03-02T22:15:49.350`)
* [CVE-2023-52574](CVE-2023/CVE-2023-525xx/CVE-2023-52574.json) (`2024-03-02T22:15:49.393`)
* [CVE-2023-52575](CVE-2023/CVE-2023-525xx/CVE-2023-52575.json) (`2024-03-02T22:15:49.450`)
* [CVE-2023-52576](CVE-2023/CVE-2023-525xx/CVE-2023-52576.json) (`2024-03-02T22:15:49.490`)
* [CVE-2023-52577](CVE-2023/CVE-2023-525xx/CVE-2023-52577.json) (`2024-03-02T22:15:49.537`)
* [CVE-2023-52578](CVE-2023/CVE-2023-525xx/CVE-2023-52578.json) (`2024-03-02T22:15:49.583`)
* [CVE-2023-52579](CVE-2023/CVE-2023-525xx/CVE-2023-52579.json) (`2024-03-02T22:15:49.630`)
* [CVE-2023-52580](CVE-2023/CVE-2023-525xx/CVE-2023-52580.json) (`2024-03-02T22:15:49.677`)
* [CVE-2023-52581](CVE-2023/CVE-2023-525xx/CVE-2023-52581.json) (`2024-03-02T22:15:49.727`)
* [CVE-2023-52582](CVE-2023/CVE-2023-525xx/CVE-2023-52582.json) (`2024-03-02T22:15:49.770`)
* [CVE-2024-0795](CVE-2024/CVE-2024-07xx/CVE-2024-0795.json) (`2024-03-02T22:15:49.813`)
* [CVE-2024-0968](CVE-2024/CVE-2024-09xx/CVE-2024-0968.json) (`2024-03-02T22:15:50.123`)
* [CVE-2024-25865](CVE-2024/CVE-2024-258xx/CVE-2024-25865.json) (`2024-03-02T22:15:50.293`)
* [CVE-2024-26621](CVE-2024/CVE-2024-266xx/CVE-2024-26621.json) (`2024-03-02T22:15:50.340`)
* [CVE-2024-2133](CVE-2024/CVE-2024-21xx/CVE-2024-2133.json) (`2024-03-03T00:15:44.137`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `2`
* [CVE-2023-42282](CVE-2023/CVE-2023-422xx/CVE-2023-42282.json) (`2024-03-03T00:15:43.820`)
* [CVE-2024-23743](CVE-2024/CVE-2024-237xx/CVE-2024-23743.json) (`2024-03-03T00:15:44.043`)
## Download and Usage