admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-19T16:00:18.397131+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-19 16:03:14 +00:00
parent 025f382030
commit 4ac5669970
40 changed files with 1974 additions and 465 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2021/CVE-2021-38xx/CVE-2021-3899.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-3899",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-06-03T19:15:08.940",
"lastModified": "2024-06-03T19:23:17.807",
"lastModified": "2024-08-19T14:35:00.893",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una condici\u00f3n de ejecuci\u00f3n en la detecci\u00f3n de 'ejecutable reemplazado' que, con la configuraci\u00f3n local correcta, permite a un atacante ejecutar c\u00f3digo arbitrario como root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/apport/+bug/1948376",

16
CVE-2022/CVE-2022-14xx/CVE-2022-1443.json Normal file
View File

@ -0,0 +1,16 @@
{
"id": "CVE-2022-1443",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-19T15:15:07.740",
"lastModified": "2024-08-19T15:15:07.740",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1789. Reason: This candidate is a reservation duplicate of CVE-2024-1789. Notes: All CVE users should reference CVE-2024-1789 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"metrics": {},
"references": []
}

34
CVE-2022/CVE-2022-451xx/CVE-2022-45176.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-45176",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-10T15:15:50.687",
"lastModified": "2024-07-26T18:03:21.673",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T15:35:00.830",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

39
CVE-2023/CVE-2023-508xx/CVE-2023-50808.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50808",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T18:15:47.320",
"lastModified": "2024-02-13T18:23:02.393",
"lastModified": "2024-08-19T15:35:01.787",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Zimbra Collaboration antes de Kepler 9.0.0 Patch 38 GA permite la inyecci\u00f3n de JavaScript basada en DOM en la interfaz de usuario moderna."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",

44
CVE-2023/CVE-2023-70xx/CVE-2023-7061.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7061",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-07-10T02:15:02.740",
"lastModified": "2024-07-11T13:05:54.930",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T14:23:34.857",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:advancedfilemanager:file_manager_advanced_shortcode:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.3",
"matchCriteriaId": "F7251D6F-6EBA-4F9E-BAE7-CC4BD9F45378"
}
]
}
]
}
],
"references": [
{
"url": "https://advancedfilemanager.com/product/file-manager-advanced-shortcode-wordpress/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/26050f70-7a10-4df5-acd5-1c9e7613bf2c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

91
CVE-2024/CVE-2024-223xx/CVE-2024-22377.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22377",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2024-07-09T23:15:10.620",
"lastModified": "2024-07-11T13:05:54.930",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T14:13:45.987",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
@ -51,10 +81,65 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0",
"versionEndIncluding": "10.3.13",
"matchCriteriaId": "73C9BB16-0B50-40AD-991D-CE55D1B4DE56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndIncluding": "11.0.9",
"matchCriteriaId": "4A809B38-F404-4DB2-BD2C-68D2D4B98A68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1.0",
"versionEndIncluding": "11.1.9",
"matchCriteriaId": "703CAE2D-061F-4FCC-A640-2649656830E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndIncluding": "11.2.8",
"matchCriteriaId": "9E7DA8B9-7439-4ABC-A37A-D9FF13D8884C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.3.0",
"versionEndIncluding": "11.3.4",
"matchCriteriaId": "4425C90D-DBB8-4090-A8F0-8ECE129D19DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A62E1361-EFC7-4242-88AD-995A113A6CFC"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083",
"source": "responsible-disclosure@pingidentity.com"
"source": "responsible-disclosure@pingidentity.com",
"tags": [
"Broken Link"
]
}
]
}

92
CVE-2024/CVE-2024-224xx/CVE-2024-22477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22477",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2024-07-09T23:15:10.827",
"lastModified": "2024-07-11T13:05:54.930",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T14:21:51.203",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 2.7
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
@ -51,10 +81,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.3.0",
"versionEndIncluding": "10.3.13",
"matchCriteriaId": "73C9BB16-0B50-40AD-991D-CE55D1B4DE56"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0.0",
"versionEndIncluding": "11.0.9",
"matchCriteriaId": "4A809B38-F404-4DB2-BD2C-68D2D4B98A68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1.0",
"versionEndIncluding": "11.1.9",
"matchCriteriaId": "703CAE2D-061F-4FCC-A640-2649656830E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndIncluding": "11.2.8",
"matchCriteriaId": "9E7DA8B9-7439-4ABC-A37A-D9FF13D8884C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.3.0",
"versionEndIncluding": "11.3.4",
"matchCriteriaId": "4425C90D-DBB8-4090-A8F0-8ECE129D19DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pingidentity:pingfederate:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A62E1361-EFC7-4242-88AD-995A113A6CFC"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.pingidentity.com/r/en-us/pingfederate-120/lwu1707324350083",
"source": "responsible-disclosure@pingidentity.com"
"source": "responsible-disclosure@pingidentity.com",
"tags": [
"Broken Link",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-256xx/CVE-2024-25633.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-25633",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-15T19:15:18.213",
"lastModified": "2024-08-19T13:00:23.117",
"lastModified": "2024-08-19T14:15:21.880",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one might disallow user creation except for by system administrators, administrators and trusted services. If administrators are allowed to create new users (which is the default), the vulnerability allows any user to create new users in teams where they are members. The new users are automatically validated and administrators are not notified. This can allow a user with permanent or temporary access to a user account or API key to maintain persistence in an eLabFTW system. Additionally, it allows the user to create separate account under a different name, and produce misleading revision histories. No additional privileges are granted to the new user. Users should upgrade to version 5.0.0 to receive a patch. As a workaround, disabling both options that allow *administrators* to create users will provide a mitigation."
"value": "eLabFTW is an open source electronic lab notebook for research labs. In an eLabFTW system, one can configure who is allowed to create new user accounts. A vulnerability has been found starting in version 4.4.0 and prior to version 5.0.0 that allows regular users to create new, validated accounts in their team. If the system has anonymous access enabled (disabled by default) an unauthenticated user can create regular users in any team. This vulnerability has been fixed since version 5.0.0, released on February 17th 2024. Some workarounds are available. Disabling both options that allow *administrators* to create users will provide a mitigation. Additionally, disabling anonymous user access will stop anonymous access (including using existing access keys)."
},
{
"lang": "es",

34
CVE-2024/CVE-2024-297xx/CVE-2024-29781.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29781",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:52.027",
"lastModified": "2024-07-11T14:35:15.730",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T14:35:05.933",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-316xx/CVE-2024-31613.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31613",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-10T16:15:13.347",
"lastModified": "2024-06-10T18:06:22.600",
"lastModified": "2024-08-19T15:35:03.517",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "BOSSCMS v3.10 es vulnerable a Cross-Site Request Forgery (CSRF) en name=\"head_code\" o name=\"foot_code\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/ss122-0ss/BOSSCMS/blob/main/bosscms%20csrf.md",

39
CVE-2024/CVE-2024-324xx/CVE-2024-32489.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32489",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-15T06:15:11.033",
"lastModified": "2024-04-15T13:15:31.997",
"lastModified": "2024-08-19T15:35:04.270",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "TCPDF anterior a 6.7.4 maneja mal las llamadas que usan sintaxis HTML."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://github.com/tecnickcom/TCPDF/commit/51cd1b39de5643836e62661d162c472d63167df7",

14
CVE-2024/CVE-2024-325xx/CVE-2024-32503.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32503",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T16:15:10.507",
"lastModified": "2024-08-09T13:34:04.417",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T15:35:05.037",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-762"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-328xx/CVE-2024-32895.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32895",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:53.997",
"lastModified": "2024-07-11T13:58:33.960",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T14:35:06.930",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-329xx/CVE-2024-32900.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32900",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.357",
"lastModified": "2024-07-11T14:22:34.243",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T14:35:07.680",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -53,6 +73,16 @@
"value": "CWE-667"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-329xx/CVE-2024-32913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32913",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:55.327",
"lastModified": "2024-07-16T14:55:20.067",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T14:35:08.433",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -53,6 +73,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-329xx/CVE-2024-32918.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32918",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:55.683",
"lastModified": "2024-08-16T17:49:01.547",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T14:35:09.183",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-269"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-353xx/CVE-2024-35358.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35358",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T16:15:10.777",
"lastModified": "2024-05-30T18:19:11.743",
"lastModified": "2024-08-19T15:35:06.977",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se ha descubierto una vulnerabilidad en la versi\u00f3n 2.3 de Di\u00f1o Physics School Assistant. La vulnerabilidad afecta a un c\u00f3digo no identificado dentro del archivo /classes/Master.php?f=view_category. La manipulaci\u00f3n del argumento id puede provocar una inyecci\u00f3n de SQL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://vuln.pentester.stream/pentester-vulnerability-research/post/2298731/vuln14-blind-sql-injection-time-based",

34
CVE-2024/CVE-2024-353xx/CVE-2024-35359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35359",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T17:15:34.010",
"lastModified": "2024-07-18T16:49:50.677",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T15:35:07.723",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-353xx/CVE-2024-35397.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35397",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T15:15:09.407",
"lastModified": "2024-05-28T17:11:55.903",
"lastModified": "2024-08-19T15:35:08.463",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que TOTOLINK CP900L v4.1.5cu.798_B20221228 contiene una vulnerabilidad de inyecci\u00f3n de comandos en la funci\u00f3n NTPSyncWithHost a trav\u00e9s del par\u00e1metro hostTime. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante una solicitud manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "http://totolink.com",

39
CVE-2024/CVE-2024-354xx/CVE-2024-35468.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35468",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-30T18:15:09.617",
"lastModified": "2024-05-30T18:18:58.870",
"lastModified": "2024-08-19T15:35:09.230",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en /hrm/index.php en SourceCodester Human Resource Management System 1.0 permite a atacantes ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro contrase\u00f1a."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/dovankha/CVE-2024-35468",

34
CVE-2024/CVE-2024-367xx/CVE-2024-36774.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36774",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.660",
"lastModified": "2024-07-16T14:22:43.240",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T15:35:09.967",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-434"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [

68
CVE-2024/CVE-2024-373xx/CVE-2024-37316.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37316",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-14T16:15:11.707",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T15:31:28.043",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,18 +81,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:calendar:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3.0",
"versionEndExcluding": "4.6.8",
"matchCriteriaId": "0C6E9F6A-219B-4C55-8567-EC6A671D0C3B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/calendar/pull/5966",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2r7q-vfmv-79qf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://hackerone.com/reports/2457588",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
}
]
}

68
CVE-2024/CVE-2024-373xx/CVE-2024-37317.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37317",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-14T16:15:11.960",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T15:42:54.980",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,18 +81,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:notes:*:*:*:*:*:nextcloud:*:*",
"versionStartIncluding": "4.6.0",
"versionEndExcluding": "4.9.3",
"matchCriteriaId": "E2A24E4C-43C7-4799-9C22-8CD82C579B49"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/notes/pull/1260",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wfqv-cx85-7rjx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://hackerone.com/reports/2254151",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
}
]
}

64
CVE-2024/CVE-2024-378xx/CVE-2024-37865.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37865",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T21:15:14.860",
"lastModified": "2024-07-11T13:05:54.930",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T14:04:02.713",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,67 @@
"value": "Un problema en S3Browser v.11.4.5 y v.10.9.9 y solucionado en v.11.5.7 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del componente de almacenamiento compatible con S3."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:s3browser:s3_browser:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.7.5",
"matchCriteriaId": "2997C6FA-3386-4A1D-B0CD-C84C12BCF780"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/iTrooz/629bd30cfa09cc527a0859e8cca83a4b",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

16
CVE-2024/CVE-2024-393xx/CVE-2024-39306.json Normal file
View File

@ -0,0 +1,16 @@
{
"id": "CVE-2024-39306",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-19T14:15:22.423",
"lastModified": "2024-08-19T14:15:22.423",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-39304. Reason: This candidate is a duplicate of CVE-2024-39304. Notes: All CVE users should reference CVE-2024-39304 instead of this candidate. This CVE was issued to a vulnerability that is dependent on CVE-2024-39304. According to rule 4.2.15 of the CVE CNA rules, \"CNAs MUST NOT assign a different CVE ID to a Vulnerability that is fully interdependent with another Vulnerability. The Vulnerabilities are effectively the same single Vulnerability and MUST use one CVE ID.\""
}
],
"metrics": {},
"references": []
}

12
CVE-2024/CVE-2024-420xx/CVE-2024-42062.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42062",
"sourceIdentifier": "security@apache.org",
"published": "2024-08-07T08:16:12.250",
"lastModified": "2024-08-12T18:56:52.773",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-19T14:15:22.663",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -61,22 +61,22 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
"value": "CWE-863"
}
]
},
{
"source": "security@apache.org",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-276"
}
]
}

64
CVE-2024/CVE-2024-426xx/CVE-2024-42681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42681",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T17:15:18.303",
"lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T15:59:00.500",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,67 @@
"value": " La vulnerabilidad de permisos inseguros en xxl-job v.2.4.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente ID de subtarea."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xuxueli:xxl-job:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C90A77A0-C0DF-4EEB-AB59-EFAEBCFFE60B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xuxueli/xxl-job/issues/3516",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

65
CVE-2024/CVE-2024-428xx/CVE-2024-42843.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42843",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T17:15:18.400",
"lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T15:58:03.563",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": " Projectworlds Online Examination System v1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro subject en feed.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:online_examination_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32029B59-C9C3-4474-8BF6-D5A0410EB748"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ganzhi-qcy/cve/issues/6",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-430xx/CVE-2024-43009.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-43009",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T20:15:13.410",
"lastModified": "2024-08-19T13:00:23.117",
"lastModified": "2024-08-19T14:35:10.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de Cross-Site Scripting (XSS) reflejado en user/login.php en la l\u00ednea 24 en ZZCMS 2023 y versiones anteriores. La aplicaci\u00f3n inserta directamente el valor del encabezado HTTP_REFERER en la respuesta HTML sin una desinfecci\u00f3n adecuada. Un atacante puede aprovechar esta vulnerabilidad enga\u00f1ando a un usuario para que visite una URL especialmente manipulada, que incluye un encabezado Referer malicioso. Esto puede llevar a la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en el contexto del navegador de la v\u00edctima, lo que podr\u00eda resultar en secuestro de sesi\u00f3n, alteraci\u00f3n u otras actividades maliciosas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "http://www.zzcms.net/about/download.html",

39
CVE-2024/CVE-2024-430xx/CVE-2024-43011.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-43011",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-16T20:15:13.497",
"lastModified": "2024-08-19T13:00:23.117",
"lastModified": "2024-08-19T14:35:10.893",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos en el archivo admin/del.php en la l\u00ednea 62 en ZZCMS 2023 y versiones anteriores. Debido a una validaci\u00f3n y desinfecci\u00f3n insuficientes de la entrada del usuario para las rutas de los archivos, un atacante puede aprovechar esta vulnerabilidad utilizando t\u00e9cnicas de recorrido de directorio para eliminar archivos arbitrarios en el servidor. Esto puede provocar la eliminaci\u00f3n de archivos cr\u00edticos, lo que podr\u00eda alterar el funcionamiento normal del sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "http://www.zzcms.net/about/download.html",

16
CVE-2024/CVE-2024-433xx/CVE-2024-43372.json Normal file
View File

@ -0,0 +1,16 @@
{
"id": "CVE-2024-43372",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-19T14:15:23.140",
"lastModified": "2024-08-19T14:15:23.140",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-43369. Reason: This candidate is a duplicate of CVE-2024-43369. Notes: All CVE users should reference CVE-2024-43369 instead of this candidate. This CVE was issued to a vulnerability that is dependent on CVE-2024-43369. According to rule 4.2.15 of the CVE CNA rules, \"CNAs MUST NOT assign a different CVE ID to a Vulnerability that is fully interdependent with another Vulnerability. The Vulnerabilities are effectively the same single Vulnerability and MUST use one CVE ID.\""
}
],
"metrics": {},
"references": []
}

60
CVE-2024/CVE-2024-433xx/CVE-2024-43379.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-43379",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-19T15:15:08.683",
"lastModified": "2024-08-19T15:15:08.683",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TruffleHog is a secrets scanning tool. Prior to v3.81.9, this vulnerability allows a malicious actor to craft data in a way that, when scanned by specific detectors, could trigger the detector to make an unauthorized request to an endpoint chosen by the attacker. For an exploit to be effective, the target endpoint must be an unauthenticated GET endpoint that produces side effects. The victim must scan the maliciously crafted data and have such an endpoint targeted for the exploit to succeed. The vulnerability has been resolved in TruffleHog v3.81.9 and later versions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/trufflesecurity/trufflehog/commit/fe5624c70923355128868cffd647b6e2cfe11443",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/trufflesecurity/trufflehog/security/advisories/GHSA-3r74-v83p-f4f4",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-433xx/CVE-2024-43380.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-43380",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-19T15:15:08.893",
"lastModified": "2024-08-19T15:15:08.893",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "fugit contains time tools for flor and the floraison group. The fugit \"natural\" parser, that turns \"every wednesday at 5pm\" into \"0 17 * * 3\", accepted any length of input and went on attempting to parse it, not returning promptly, as expected. The parse call could hold the thread with no end in sight. Fugit dependents that do not check (user) input length for plausibility are impacted. A fix was released in fugit 1.11.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/floraison/fugit/commit/ad2c1c9c737213d585fff0b51c927d178b2c05a5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/floraison/fugit/issues/104",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/floraison/fugit/security/advisories/GHSA-2m96-52r3-2f3g",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-433xx/CVE-2024-43399.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-43399",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-19T15:15:09.073",
"lastModified": "2024-08-19T15:15:09.073",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. Before 4.0.7, there is a flaw in the Static Libraries analysis section. Specifically, during the extraction of .a extension files, the measure intended to prevent Zip Slip attacks is improperly implemented. Since the implemented measure can be bypassed, the vulnerability allows an attacker to extract files to any desired location within the server running MobSF. This vulnerability is fixed in 4.0.7."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/cc625fe8430f3437a473e82aa2966d100a4dc883",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-4hh3-vj32-gr6j",
"source": "security-advisories@github.com"
}
]
}

66
CVE-2024/CVE-2024-61xx/CVE-2024-6113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-6113",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-06-20T06:15:10.310",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-19T15:24:11.240",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:monbela_tourist_inn_online_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E689E6B3-30E9-405A-A3AB-A5597F84A664"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wangyuan-ui/CVE/issues/3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.268865",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.268865",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.358991",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

4
CVE-2024/CVE-2024-73xx/CVE-2024-7300.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7300",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-31T07:15:02.760",
"lastModified": "2024-07-31T14:15:08.080",
"lastModified": "2024-08-19T14:15:23.360",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -15,7 +15,7 @@
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273168. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life."
"value": "A vulnerability classified as problematic has been found in Bolt CMS 3.7.1. Affected is an unknown function of the file /bolt/editcontent/showcases of the component Showcase Creation Handler. The manipulation of the argument title/textarea leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the affected release tree is end-of-life."
},
{
"lang": "es",

4
CVE-2024/CVE-2024-78xx/CVE-2024-7898.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-7898",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-17T18:15:04.250",
"lastModified": "2024-08-19T12:59:59.177",
"lastModified": "2024-08-19T15:15:09.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tosei Online Store Management System ??????????? 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
"value": "A vulnerability classified as critical was found in Tosei Online Store Management System \u30cd\u30c3\u30c8\u5e97\u8217\u7ba1\u7406\u30b7\u30b9\u30c6\u30e0 4.02/4.03/4.04. This vulnerability affects unknown code of the component Backend. The manipulation leads to use of default credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",

152
CVE-2024/CVE-2024-79xx/CVE-2024-7922.json Normal file
View File

@ -0,0 +1,152 @@
{
"id": "CVE-2024-7922",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-19T15:15:09.403",
"lastModified": "2024-08-19T15:15:09.403",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814 and classified as critical. Affected by this issue is the function cgi_audio_search/cgi_create_playlist/cgi_get_album_all_tracks/cgi_get_alltracks_editlist/cgi_get_artist_all_album/cgi_get_genre_all_tracks/cgi_get_tracks_list/cgi_set_airplay_content/cgi_write_playlist of the file /cgi-bin/myMusic.cgi. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_create_playlist.md",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_get_tracks_list.md",
"source": "cna@vuldb.com"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275108",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275108",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.391669",
"source": "cna@vuldb.com"
}
]
}

67
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-08-19T14:00:19.612838+00:00
2024-08-19T16:00:18.397131+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-08-19T13:53:27.237000+00:00
2024-08-19T15:59:00.500000+00:00
```
### Last Data Feed Release
@ -33,44 +33,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
260471
260478
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `7`
- [CVE-2022-1443](CVE-2022/CVE-2022-14xx/CVE-2022-1443.json) (`2024-08-19T15:15:07.740`)
- [CVE-2024-39306](CVE-2024/CVE-2024-393xx/CVE-2024-39306.json) (`2024-08-19T14:15:22.423`)
- [CVE-2024-43372](CVE-2024/CVE-2024-433xx/CVE-2024-43372.json) (`2024-08-19T14:15:23.140`)
- [CVE-2024-43379](CVE-2024/CVE-2024-433xx/CVE-2024-43379.json) (`2024-08-19T15:15:08.683`)
- [CVE-2024-43380](CVE-2024/CVE-2024-433xx/CVE-2024-43380.json) (`2024-08-19T15:15:08.893`)
- [CVE-2024-43399](CVE-2024/CVE-2024-433xx/CVE-2024-43399.json) (`2024-08-19T15:15:09.073`)
- [CVE-2024-7922](CVE-2024/CVE-2024-79xx/CVE-2024-7922.json) (`2024-08-19T15:15:09.403`)
### CVEs modified in the last Commit
Recently modified CVEs: `322`
Recently modified CVEs: `31`
- [CVE-2024-7887](CVE-2024/CVE-2024-78xx/CVE-2024-7887.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7896](CVE-2024/CVE-2024-78xx/CVE-2024-7896.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7897](CVE-2024/CVE-2024-78xx/CVE-2024-7897.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7898](CVE-2024/CVE-2024-78xx/CVE-2024-7898.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7899](CVE-2024/CVE-2024-78xx/CVE-2024-7899.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7900](CVE-2024/CVE-2024-79xx/CVE-2024-7900.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7901](CVE-2024/CVE-2024-79xx/CVE-2024-7901.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7902](CVE-2024/CVE-2024-79xx/CVE-2024-7902.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7903](CVE-2024/CVE-2024-79xx/CVE-2024-7903.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7904](CVE-2024/CVE-2024-79xx/CVE-2024-7904.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7905](CVE-2024/CVE-2024-79xx/CVE-2024-7905.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7906](CVE-2024/CVE-2024-79xx/CVE-2024-7906.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7907](CVE-2024/CVE-2024-79xx/CVE-2024-7907.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7908](CVE-2024/CVE-2024-79xx/CVE-2024-7908.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7909](CVE-2024/CVE-2024-79xx/CVE-2024-7909.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7910](CVE-2024/CVE-2024-79xx/CVE-2024-7910.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7911](CVE-2024/CVE-2024-79xx/CVE-2024-7911.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7912](CVE-2024/CVE-2024-79xx/CVE-2024-7912.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7913](CVE-2024/CVE-2024-79xx/CVE-2024-7913.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7914](CVE-2024/CVE-2024-79xx/CVE-2024-7914.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7916](CVE-2024/CVE-2024-79xx/CVE-2024-7916.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7917](CVE-2024/CVE-2024-79xx/CVE-2024-7917.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7919](CVE-2024/CVE-2024-79xx/CVE-2024-7919.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7920](CVE-2024/CVE-2024-79xx/CVE-2024-7920.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-7921](CVE-2024/CVE-2024-79xx/CVE-2024-7921.json) (`2024-08-19T12:59:59.177`)
- [CVE-2024-25633](CVE-2024/CVE-2024-256xx/CVE-2024-25633.json) (`2024-08-19T14:15:21.880`)
- [CVE-2024-29781](CVE-2024/CVE-2024-297xx/CVE-2024-29781.json) (`2024-08-19T14:35:05.933`)
- [CVE-2024-31613](CVE-2024/CVE-2024-316xx/CVE-2024-31613.json) (`2024-08-19T15:35:03.517`)
- [CVE-2024-32489](CVE-2024/CVE-2024-324xx/CVE-2024-32489.json) (`2024-08-19T15:35:04.270`)
- [CVE-2024-32503](CVE-2024/CVE-2024-325xx/CVE-2024-32503.json) (`2024-08-19T15:35:05.037`)
- [CVE-2024-32895](CVE-2024/CVE-2024-328xx/CVE-2024-32895.json) (`2024-08-19T14:35:06.930`)
- [CVE-2024-32900](CVE-2024/CVE-2024-329xx/CVE-2024-32900.json) (`2024-08-19T14:35:07.680`)
- [CVE-2024-32913](CVE-2024/CVE-2024-329xx/CVE-2024-32913.json) (`2024-08-19T14:35:08.433`)
- [CVE-2024-32918](CVE-2024/CVE-2024-329xx/CVE-2024-32918.json) (`2024-08-19T14:35:09.183`)
- [CVE-2024-35358](CVE-2024/CVE-2024-353xx/CVE-2024-35358.json) (`2024-08-19T15:35:06.977`)
- [CVE-2024-35359](CVE-2024/CVE-2024-353xx/CVE-2024-35359.json) (`2024-08-19T15:35:07.723`)
- [CVE-2024-35397](CVE-2024/CVE-2024-353xx/CVE-2024-35397.json) (`2024-08-19T15:35:08.463`)
- [CVE-2024-35468](CVE-2024/CVE-2024-354xx/CVE-2024-35468.json) (`2024-08-19T15:35:09.230`)
- [CVE-2024-36774](CVE-2024/CVE-2024-367xx/CVE-2024-36774.json) (`2024-08-19T15:35:09.967`)
- [CVE-2024-37316](CVE-2024/CVE-2024-373xx/CVE-2024-37316.json) (`2024-08-19T15:31:28.043`)
- [CVE-2024-37317](CVE-2024/CVE-2024-373xx/CVE-2024-37317.json) (`2024-08-19T15:42:54.980`)
- [CVE-2024-37865](CVE-2024/CVE-2024-378xx/CVE-2024-37865.json) (`2024-08-19T14:04:02.713`)
- [CVE-2024-42062](CVE-2024/CVE-2024-420xx/CVE-2024-42062.json) (`2024-08-19T14:15:22.663`)
- [CVE-2024-42681](CVE-2024/CVE-2024-426xx/CVE-2024-42681.json) (`2024-08-19T15:59:00.500`)
- [CVE-2024-42843](CVE-2024/CVE-2024-428xx/CVE-2024-42843.json) (`2024-08-19T15:58:03.563`)
- [CVE-2024-43009](CVE-2024/CVE-2024-430xx/CVE-2024-43009.json) (`2024-08-19T14:35:10.150`)
- [CVE-2024-43011](CVE-2024/CVE-2024-430xx/CVE-2024-43011.json) (`2024-08-19T14:35:10.893`)
- [CVE-2024-6113](CVE-2024/CVE-2024-61xx/CVE-2024-6113.json) (`2024-08-19T15:24:11.240`)
- [CVE-2024-7300](CVE-2024/CVE-2024-73xx/CVE-2024-7300.json) (`2024-08-19T14:15:23.360`)
- [CVE-2024-7898](CVE-2024/CVE-2024-78xx/CVE-2024-7898.json) (`2024-08-19T15:15:09.297`)
## Download and Usage

705
_state.csv
View File

File diff suppressed because it is too large Load Diff