admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-06T23:00:24.337319+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-06 23:00:28 +00:00
parent acd534a240
commit 4aa7aab887
28 changed files with 1493 additions and 68 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2023/CVE-2023-202xx/CVE-2023-20246.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-20246",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-11-01T18:15:09.583",
"lastModified": "2024-02-05T19:06:25.580",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-06T21:15:08.530",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system."
"value": "Multiple Cisco products are affected by a vulnerability in Snort access control policies that could allow an unauthenticated, remote attacker to bypass the configured policies on an affected system. \r\n\r This vulnerability is due to a logic error that occurs when the access control policies are being populated. An attacker could exploit this vulnerability by establishing a connection to an affected device. A successful exploit could allow the attacker to bypass configured access control rules on the affected system."
},
{
"lang": "es",

72
CVE-2023/CVE-2023-309xx/CVE-2023-30999.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-30999",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-03T01:15:07.850",
"lastModified": "2024-02-05T02:09:43.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T21:31:55.033",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 through 10.0.6.1 and IBM Security Verify Access Docker 10.0.0.0 through 10.0.6.1) could allow an attacker to cause a denial of service due to uncontrolled resource consumption. IBM X-Force ID: 254651."
},
{
"lang": "es",
"value": "IBM Security Access Manager Container (IBM Security Verify Access Appliance 10.0.0.0 a 10.0.6.1 e IBM Security Verify Access Docker 10.0.0.0 a 10.0.6.1) podr\u00eda permitir que un atacante provoque una denegaci\u00f3n de servicio debido al consumo incontrolado de recursos. ID de IBM X-Force: 254651."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -46,14 +70,48 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254651",
"source": "psirt@us.ibm.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_verify_access:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0.0",
"versionEndIncluding": "10.0.6.1",
"matchCriteriaId": "A9EE363F-9A8F-4B2C-9769-6D5CB216CA2E"
},
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"source": "psirt@us.ibm.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:security_verify_access_docker:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0.0",
"versionEndIncluding": "10.0.6.1",
"matchCriteriaId": "269E635A-02F3-402A-A5E0-2058658BE5A5"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254651",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7106586",
"source": "psirt@us.ibm.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

55
CVE-2023/CVE-2023-385xx/CVE-2023-38579.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-38579",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-06T22:16:12.910",
"lastModified": "2024-02-06T22:16:12.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\nThe cross-site request forgery token in the request may be predictable or easily guessable allowing attackers to craft a malicious request, which could be triggered by a victim unknowingly. In a successful CSRF attack, the attacker could lead the victim user to carry out an action unintentionally.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-401xx/CVE-2023-40143.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40143",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-06T22:16:13.113",
"lastModified": "2024-02-06T22:16:13.113",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAn attacker with access to the Westermo Lynx web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the \"forward.0.domain\" parameter.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-405xx/CVE-2023-40544.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40544",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-06T22:16:13.337",
"lastModified": "2024-02-06T22:16:13.337",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\nAn attacker with access to the network where the affected devices are located could maliciously actions to obtain, via a sniffer, sensitive information exchanged via TCP communications.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-427xx/CVE-2023-42765.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-42765",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-06T22:16:13.523",
"lastModified": "2024-02-06T22:16:13.523",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\nAn attacker with access to the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the \"username\" parameter in the SNMP configuration.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-452xx/CVE-2023-45213.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45213",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-06T22:16:13.697",
"lastModified": "2024-02-06T22:16:13.697",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\nA potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-942"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-452xx/CVE-2023-45222.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45222",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-06T22:16:13.873",
"lastModified": "2024-02-06T22:16:13.873",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nAn attacker with access to the web application that has the vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the \"autorefresh\" parameter.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-452xx/CVE-2023-45227.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45227",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-06T22:16:14.050",
"lastModified": "2024-02-06T22:16:14.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\n\n\n\n\nAn attacker with access to the web application with vulnerable software could introduce arbitrary JavaScript by injecting a cross-site scripting payload into the \"dns.0.server\" parameter.\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

55
CVE-2023/CVE-2023-457xx/CVE-2023-45735.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-45735",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-06T22:16:14.240",
"lastModified": "2024-02-06T22:16:14.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nA potential attacker with access to the Westermo Lynx device may be able to execute malicious code that could affect the correct functioning of the device.\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-023-04",
"source": "ics-cert@hq.dhs.gov"
}
]
}

74
CVE-2024/CVE-2024-11xx/CVE-2024-1197.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1197",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T23:15:08.420",
"lastModified": "2024-02-03T00:07:57.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T21:26:02.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Testimonial Page Manager 1.0 y clasificada como cr\u00edtica. Este problema afecta un procesamiento desconocido del archivo delete-testimonial.php del componente HTTP GET Request Handler. La manipulaci\u00f3n del testimonio del argumento conduce a la inyecci\u00f3n de SQL. El ataque puede iniciarse de forma remota. El identificador asociado de esta vulnerabilidad es VDB-252695."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -60,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,14 +105,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://vuldb.com/?ctiid.252695",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?id.252695",
"source": "cna@vuldb.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:remyandrade:testimonial_page_manager:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6031C8F3-826A-4CD4-A296-FEC8EC9E2883"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252695",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252695",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-12xx/CVE-2024-1258.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1258",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T21:15:08.660",
"lastModified": "2024-02-06T21:15:08.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key\r . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:H/Au:N/C:P/I:N/A:N",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.8
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.2,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-321"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/XblX1My7jNV7",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252997",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252997",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-12xx/CVE-2024-1259.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1259",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T21:15:08.877",
"lastModified": "2024-02-06T21:15:08.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/rCt6PpJxBvuI",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252998",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252998",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-12xx/CVE-2024-1260.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1260",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T22:16:14.463",
"lastModified": "2024-02-06T22:16:14.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/H73DuWdyifaI",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252999",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252999",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-12xx/CVE-2024-1261.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1261",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-06T22:16:14.693",
"lastModified": "2024-02-06T22:16:14.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/v2JpHJngvw7E",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.253000",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.253000",
"source": "cna@vuldb.com"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22514.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22514",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T21:15:09.110",
"lastModified": "2024-02-06T21:15:09.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22515.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22515",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T21:15:09.177",
"lastModified": "2024-02-06T21:15:09.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Orange-418/CVE-2024-22515-File-Upload-Vulnerability",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22519.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22519",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T22:16:14.913",
"lastModified": "2024-02-06T22:16:14.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Drone-Lab/opendroneid-vulnerability",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22520.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22520",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T22:16:14.960",
"lastModified": "2024-02-06T22:16:14.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Drone-Lab/Dronetag-vulnerability",
"source": "cve@mitre.org"
}
]
}

102
CVE-2024/CVE-2024-239xx/CVE-2024-23941.json
View File

@ -2,27 +2,107 @@
"id": "CVE-2024-23941",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-02-01T04:15:49.967",
"lastModified": "2024-02-01T13:41:44.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T21:37:12.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de cross site scripting en Group Office antes de v6.6.182, antes de v6.7.64 y antes de v6.8.31, lo que puede permitir que un atacante remoto autenticado ejecute un script arbitrario en el navegador web del usuario que inicia sesi\u00f3n en el producto."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/Intermesh/groupoffice/",
"source": "vultures@jpcert.or.jp"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
{
"url": "https://jvn.jp/en/jp/JVN63567545/",
"source": "vultures@jpcert.or.jp"
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"url": "https://www.group-office.com/",
"source": "vultures@jpcert.or.jp"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.182",
"matchCriteriaId": "E57242BD-9BF6-4B67-9583-60F0C357DCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.64",
"matchCriteriaId": "BE1C3FEA-5399-43E7-B467-0C32FBEBF7F3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:group-office:group_office:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.0",
"versionEndExcluding": "6.8.31",
"matchCriteriaId": "8E8C282E-9E5B-478A-80B2-A3A86ED67495"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Intermesh/groupoffice/",
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
},
{
"url": "https://jvn.jp/en/jp/JVN63567545/",
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.group-office.com/",
"source": "vultures@jpcert.or.jp",
"tags": [
"Product"
]
}
]
}

73
CVE-2024/CVE-2024-240xx/CVE-2024-24029.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-24029",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T16:15:55.783",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T21:04:04.993",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data."
},
{
"lang": "es",
"value": "JFinalCMS 5.0.0 es vulnerable a la inyecci\u00f3n de SQL a trav\u00e9s de /admin/content/data."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://gitee.com/heyewei/JFinalcms/issues/I8VE52",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jfinalcms_project:jfinalcms:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0813B8F4-66B1-42C6-83A7-831B13233428"
}
]
}
]
}
],
"references": [
{
"url": "https://gitee.com/heyewei/JFinalcms/issues/I8VE52",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-241xx/CVE-2024-24161.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2024-24161",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T16:15:55.880",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T21:21:36.413",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered."
},
{
"lang": "es",
"value": "MRCMS 3.0 contiene una vulnerabilidad de lectura arbitraria de archivos en /admin/file/edit.do ya que el par\u00e1metro de ruta entrante no est\u00e1 filtrado."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/wy876/cve/issues/2",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mrcms:mrcms:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC8B6F2A-C4B3-487F-B391-ECA5F1A2DDD9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wy876/cve/issues/2",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

24
CVE-2024/CVE-2024-242xx/CVE-2024-24254.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-24254",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T22:16:15.010",
"lastModified": "2024-02-06T22:16:15.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Drone-Lab/PX4-Autopilot/blob/report-can-not-pause-vulnerability/Multi-Threaded%20Race%20Condition%20bug%20found%20in%20PX4%20cause%20drone%20can%20not%20PAUSE.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/PX4/PX4-Autopilot",
"source": "cve@mitre.org"
}
]
}

72
CVE-2024/CVE-2024-244xx/CVE-2024-24470.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-24470",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-02T16:15:55.923",
"lastModified": "2024-02-02T16:30:16.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-06T21:07:34.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Request Forgery en flusity-CMS v.2.33 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente update_post.php."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/tang-0717/cms/blob/main/1.md",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flusity:flusity:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6B6ED7-B93A-4853-9D83-40BCD781342C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/tang-0717/cms/blob/main/1.md",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-245xx/CVE-2024-24575.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-24575",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-06T22:16:15.057",
"lastModified": "2024-02-06T22:16:15.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/libgit2/libgit2/releases/tag/v1.6.5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/libgit2/libgit2/releases/tag/v1.7.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-245xx/CVE-2024-24577.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24577",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-06T22:16:15.270",
"lastModified": "2024-02-06T22:16:15.270",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/libgit2/libgit2/releases/tag/v1.6.5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/libgit2/libgit2/releases/tag/v1.7.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8",
"source": "security-advisories@github.com"
}
]
}

28
CVE-2024/CVE-2024-246xx/CVE-2024-24680.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-24680",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-06T22:16:15.470",
"lastModified": "2024-02-06T22:16:15.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings."
}
],
"metrics": {},
"references": [
{
"url": "https://docs.djangoproject.com/en/5.0/releases/security/",
"source": "cve@mitre.org"
},
{
"url": "https://groups.google.com/forum/#%21forum/django-announce",
"source": "cve@mitre.org"
},
{
"url": "https://www.djangoproject.com/weblog/2024/feb/06/security-releases/",
"source": "cve@mitre.org"
}
]
}

71
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-06T21:00:24.562759+00:00
2024-02-06T23:00:24.337319+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-06T20:59:08.493000+00:00
2024-02-06T22:16:15.470000+00:00
```
### Last Data Feed Release
@ -29,53 +29,46 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237805
237825
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `20`
* [CVE-2024-1254](CVE-2024/CVE-2024-12xx/CVE-2024-1254.json) (`2024-02-06T19:15:09.747`)
* [CVE-2024-1255](CVE-2024/CVE-2024-12xx/CVE-2024-1255.json) (`2024-02-06T19:15:10.270`)
* [CVE-2024-1256](CVE-2024/CVE-2024-12xx/CVE-2024-1256.json) (`2024-02-06T20:16:02.943`)
* [CVE-2024-1257](CVE-2024/CVE-2024-12xx/CVE-2024-1257.json) (`2024-02-06T20:16:03.213`)
* [CVE-2024-22237](CVE-2024/CVE-2024-222xx/CVE-2024-22237.json) (`2024-02-06T20:16:03.430`)
* [CVE-2024-22238](CVE-2024/CVE-2024-222xx/CVE-2024-22238.json) (`2024-02-06T20:16:03.590`)
* [CVE-2024-22239](CVE-2024/CVE-2024-222xx/CVE-2024-22239.json) (`2024-02-06T20:16:03.750`)
* [CVE-2024-22240](CVE-2024/CVE-2024-222xx/CVE-2024-22240.json) (`2024-02-06T20:16:03.917`)
* [CVE-2024-22241](CVE-2024/CVE-2024-222xx/CVE-2024-22241.json) (`2024-02-06T20:16:04.080`)
* [CVE-2023-38579](CVE-2023/CVE-2023-385xx/CVE-2023-38579.json) (`2024-02-06T22:16:12.910`)
* [CVE-2023-40143](CVE-2023/CVE-2023-401xx/CVE-2023-40143.json) (`2024-02-06T22:16:13.113`)
* [CVE-2023-40544](CVE-2023/CVE-2023-405xx/CVE-2023-40544.json) (`2024-02-06T22:16:13.337`)
* [CVE-2023-42765](CVE-2023/CVE-2023-427xx/CVE-2023-42765.json) (`2024-02-06T22:16:13.523`)
* [CVE-2023-45213](CVE-2023/CVE-2023-452xx/CVE-2023-45213.json) (`2024-02-06T22:16:13.697`)
* [CVE-2023-45222](CVE-2023/CVE-2023-452xx/CVE-2023-45222.json) (`2024-02-06T22:16:13.873`)
* [CVE-2023-45227](CVE-2023/CVE-2023-452xx/CVE-2023-45227.json) (`2024-02-06T22:16:14.050`)
* [CVE-2023-45735](CVE-2023/CVE-2023-457xx/CVE-2023-45735.json) (`2024-02-06T22:16:14.240`)
* [CVE-2024-1258](CVE-2024/CVE-2024-12xx/CVE-2024-1258.json) (`2024-02-06T21:15:08.660`)
* [CVE-2024-1259](CVE-2024/CVE-2024-12xx/CVE-2024-1259.json) (`2024-02-06T21:15:08.877`)
* [CVE-2024-22514](CVE-2024/CVE-2024-225xx/CVE-2024-22514.json) (`2024-02-06T21:15:09.110`)
* [CVE-2024-22515](CVE-2024/CVE-2024-225xx/CVE-2024-22515.json) (`2024-02-06T21:15:09.177`)
* [CVE-2024-1260](CVE-2024/CVE-2024-12xx/CVE-2024-1260.json) (`2024-02-06T22:16:14.463`)
* [CVE-2024-1261](CVE-2024/CVE-2024-12xx/CVE-2024-1261.json) (`2024-02-06T22:16:14.693`)
* [CVE-2024-22519](CVE-2024/CVE-2024-225xx/CVE-2024-22519.json) (`2024-02-06T22:16:14.913`)
* [CVE-2024-22520](CVE-2024/CVE-2024-225xx/CVE-2024-22520.json) (`2024-02-06T22:16:14.960`)
* [CVE-2024-24254](CVE-2024/CVE-2024-242xx/CVE-2024-24254.json) (`2024-02-06T22:16:15.010`)
* [CVE-2024-24575](CVE-2024/CVE-2024-245xx/CVE-2024-24575.json) (`2024-02-06T22:16:15.057`)
* [CVE-2024-24577](CVE-2024/CVE-2024-245xx/CVE-2024-24577.json) (`2024-02-06T22:16:15.270`)
* [CVE-2024-24680](CVE-2024/CVE-2024-246xx/CVE-2024-24680.json) (`2024-02-06T22:16:15.470`)
### CVEs modified in the last Commit
Recently modified CVEs: `44`
Recently modified CVEs: `7`
* [CVE-2023-41279](CVE-2023/CVE-2023-412xx/CVE-2023-41279.json) (`2024-02-06T20:10:17.043`)
* [CVE-2023-6909](CVE-2023/CVE-2023-69xx/CVE-2023-6909.json) (`2024-02-06T20:16:01.753`)
* [CVE-2023-6975](CVE-2023/CVE-2023-69xx/CVE-2023-6975.json) (`2024-02-06T20:16:02.677`)
* [CVE-2023-50359](CVE-2023/CVE-2023-503xx/CVE-2023-50359.json) (`2024-02-06T20:18:14.547`)
* [CVE-2023-47566](CVE-2023/CVE-2023-475xx/CVE-2023-47566.json) (`2024-02-06T20:18:26.263`)
* [CVE-2023-45037](CVE-2023/CVE-2023-450xx/CVE-2023-45037.json) (`2024-02-06T20:18:34.557`)
* [CVE-2023-45036](CVE-2023/CVE-2023-450xx/CVE-2023-45036.json) (`2024-02-06T20:18:45.043`)
* [CVE-2023-45028](CVE-2023/CVE-2023-450xx/CVE-2023-45028.json) (`2024-02-06T20:19:17.697`)
* [CVE-2023-45027](CVE-2023/CVE-2023-450xx/CVE-2023-45027.json) (`2024-02-06T20:19:44.367`)
* [CVE-2023-51520](CVE-2023/CVE-2023-515xx/CVE-2023-51520.json) (`2024-02-06T20:20:11.330`)
* [CVE-2023-0686](CVE-2023/CVE-2023-06xx/CVE-2023-0686.json) (`2024-02-06T20:22:59.393`)
* [CVE-2023-52175](CVE-2023/CVE-2023-521xx/CVE-2023-52175.json) (`2024-02-06T20:46:18.473`)
* [CVE-2023-6676](CVE-2023/CVE-2023-66xx/CVE-2023-6676.json) (`2024-02-06T20:51:50.407`)
* [CVE-2024-1048](CVE-2024/CVE-2024-10xx/CVE-2024-1048.json) (`2024-02-06T19:15:09.083`)
* [CVE-2024-23940](CVE-2024/CVE-2024-239xx/CVE-2024-23940.json) (`2024-02-06T19:19:33.920`)
* [CVE-2024-20263](CVE-2024/CVE-2024-202xx/CVE-2024-20263.json) (`2024-02-06T19:23:20.600`)
* [CVE-2024-24556](CVE-2024/CVE-2024-245xx/CVE-2024-24556.json) (`2024-02-06T19:24:46.810`)
* [CVE-2024-24558](CVE-2024/CVE-2024-245xx/CVE-2024-24558.json) (`2024-02-06T19:35:24.230`)
* [CVE-2024-24567](CVE-2024/CVE-2024-245xx/CVE-2024-24567.json) (`2024-02-06T19:41:58.417`)
* [CVE-2024-22319](CVE-2024/CVE-2024-223xx/CVE-2024-22319.json) (`2024-02-06T19:52:31.520`)
* [CVE-2024-22320](CVE-2024/CVE-2024-223xx/CVE-2024-22320.json) (`2024-02-06T19:54:23.043`)
* [CVE-2024-1069](CVE-2024/CVE-2024-10xx/CVE-2024-1069.json) (`2024-02-06T20:11:52.587`)
* [CVE-2024-23745](CVE-2024/CVE-2024-237xx/CVE-2024-23745.json) (`2024-02-06T20:42:12.490`)
* [CVE-2024-1196](CVE-2024/CVE-2024-11xx/CVE-2024-1196.json) (`2024-02-06T20:57:49.480`)
* [CVE-2024-24160](CVE-2024/CVE-2024-241xx/CVE-2024-24160.json) (`2024-02-06T20:59:08.493`)
* [CVE-2023-20246](CVE-2023/CVE-2023-202xx/CVE-2023-20246.json) (`2024-02-06T21:15:08.530`)
* [CVE-2023-30999](CVE-2023/CVE-2023-309xx/CVE-2023-30999.json) (`2024-02-06T21:31:55.033`)
* [CVE-2024-24029](CVE-2024/CVE-2024-240xx/CVE-2024-24029.json) (`2024-02-06T21:04:04.993`)
* [CVE-2024-24470](CVE-2024/CVE-2024-244xx/CVE-2024-24470.json) (`2024-02-06T21:07:34.547`)
* [CVE-2024-24161](CVE-2024/CVE-2024-241xx/CVE-2024-24161.json) (`2024-02-06T21:21:36.413`)
* [CVE-2024-1197](CVE-2024/CVE-2024-11xx/CVE-2024-1197.json) (`2024-02-06T21:26:02.920`)
* [CVE-2024-23941](CVE-2024/CVE-2024-239xx/CVE-2024-23941.json) (`2024-02-06T21:37:12.433`)
## Download and Usage