admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-02T21:00:24.118271+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-02 21:00:27 +00:00
parent 8a3d5e24a7
commit 4fe3c33795
14 changed files with 880 additions and 84 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2023/CVE-2023-375xx/CVE-2023-37527.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2023-37527",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-02T19:15:07.990",
"lastModified": "2024-02-02T19:15:07.990",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform can possibly allow an attacker to execute malicious javascript code in the application session or in database, via remote injection, while rendering content in a web page. \n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209",
"source": "psirt@hcl.com"
}
]
}

68
CVE-2024/CVE-2024-08xx/CVE-2024-0889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0889",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T23:15:08.790",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T19:45:04.827",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -64,6 +84,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +105,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kmint21:golden_ftp_server:2.02b:*:*:*:professional:*:*:*",
"matchCriteriaId": "CA19C169-A31E-4FC9-B3EF-E5482A1767AF"
}
]
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?ctiid.252041",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252041",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-08xx/CVE-2024-0890.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0890",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T23:15:09.017",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T19:42:08.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hongmaple:octopus:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5564EB82-D0CE-4DD8-B45C-AFA07A8D38DD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/biantaibao/octopus_SQL2/blob/main/report.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252042",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252042",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-08xx/CVE-2024-0891.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0891",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-25T23:15:09.250",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T19:36:26.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hongmaple:octopus:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5564EB82-D0CE-4DD8-B45C-AFA07A8D38DD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/biantaibao/octopus_XSS/blob/main/report.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252043",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252043",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-09xx/CVE-2024-0918.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0918",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T09:15:07.707",
"lastModified": "2024-01-28T09:15:07.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T20:42:21.260",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:trendnet:tew-800mb_firmware:1.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4EC8AB7B-14B7-42A6-9D56-591C1883823E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:trendnet:tew-800mb:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1E0E5976-8FF6-45F9-A206-2FD7C996EE63"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252122",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252122",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://warp-desk-89d.notion.site/TEW-800MB-1f9576ce12234b72b08b9c7f4c7d32a6?pvs=4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-09xx/CVE-2024-0919.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0919",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T09:15:08.023",
"lastModified": "2024-01-28T09:15:08.090",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T20:47:04.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:trendnet:tew-815dap_firmware:1.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "97E4A40B-A954-4575-9817-78D79122FC14"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:trendnet:tew-815dap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7664ADC9-6364-4FA7-BB0E-1371975BC3AE"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252123",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252123",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c?pvs=4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-09xx/CVE-2024-0920.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0920",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T09:15:08.293",
"lastModified": "2024-01-28T09:15:08.337",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T19:50:50.540",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -75,18 +95,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:trendnet:tew-822dre_firmware:1.03b02:*:*:*:*:*:*:*",
"matchCriteriaId": "3308314F-339F-49CE-92D1-4FD01F78570B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:trendnet:tew-822dre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C96E1973-C97A-4B75-824D-6EAE4CFA3694"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252124",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252124",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8?pvs=4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-09xx/CVE-2024-0921.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0921",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T14:15:50.237",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T19:33:48.557",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en D-Link DIR-816 A2 1.10CNB04 y clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /goform/setDeviceSettings del componente Web Interface es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento statuscheckpppoeuser conduce a la inyecci\u00f3n de comandos del sistema operativo. El ataque se puede lanzar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-252139."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dlink:dir-816_a2_firmware:1.10cnb04:*:*:*:*:*:*:*",
"matchCriteriaId": "0E1F661E-809B-4AB6-B1E9-2F9F1C97B2C8"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dlink:dir-816_a2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0BF6D7-F3B3-4E25-807B-21055E5887CE"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xiyuanhuaigu/cve/blob/main/rce.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252139",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252139",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-09xx/CVE-2024-0922.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0922",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T14:15:50.527",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T19:32:04.233",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tenda AC10U 15.03.06.49_multi_TDE01 y clasificada como cr\u00edtica. La funci\u00f3n formSetDeviceName es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento devName provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252128. NOTA: Se contact\u00f3 primeramente con proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,58 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C36BB3-509E-4120-B2EC-F4D061A71F2A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF286BB-A1D3-4E51-AB31-B5A531A8B440"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formQuickIndex.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252127",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252127",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-09xx/CVE-2024-0923.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-0923",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-26T14:15:50.747",
"lastModified": "2024-01-26T16:33:07.620",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-02T19:27:35.900",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Tenda AC10U 15.03.06.49_multi_TDE01 y clasificada como cr\u00edtica. La funci\u00f3n formSetDeviceName es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento devName provoca un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252128. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -71,18 +95,59 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tendacn:ac10u_firmware:15.03.06.49_multi_tde01:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C36BB3-509E-4120-B2EC-F4D061A71F2A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tendacn:ac10u:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFF286BB-A1D3-4E51-AB31-B5A531A8B440"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetDeviceName.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252128",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252128",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

88
CVE-2024/CVE-2024-11xx/CVE-2024-1189.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1189",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T19:15:08.217",
"lastModified": "2024-02-02T19:15:08.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/15-exploit-perl.txt",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252679",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252679",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-11xx/CVE-2024-1190.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1190",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-02T19:15:08.460",
"lastModified": "2024-02-02T19:15:08.460",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P",
"accessVector": "LOCAL",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 1.7
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.1,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://fitoxs.com/vuldb/16-exploit-perl.txt",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.252680",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.252680",
"source": "cna@vuldb.com"
}
]
}

76
CVE-2024/CVE-2024-225xx/CVE-2024-22545.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22545",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-26T08:15:42.480",
"lastModified": "2024-01-31T08:15:42.133",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-02-02T20:38:53.190",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,79 @@
"value": "TRENDnet TEW-824DRU versi\u00f3n 1.04b01 es vulnerable a la inyecci\u00f3n de comandos a trav\u00e9s de system.ntp.server en la funci\u00f3n sub_420AE0()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:trendnet:tew-824dru_firmware:1.04b01:*:*:*:*:*:*:*",
"matchCriteriaId": "4F760ABE-9828-46C1-A663-940CD6D62B33"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:trendnet:tew-824dru:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49CD99AA-9080-46FC-B045-3A26F9B99261"
}
]
}
]
}
],
"references": [
{
"url": "https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

53
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-02T19:00:25.586620+00:00
2024-02-02T21:00:24.118271+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-02T18:26:00.153000+00:00
2024-02-02T20:47:04.077000+00:00
```
### Last Data Feed Release
@ -29,49 +29,32 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237478
237481
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `3`
* [CVE-2024-1186](CVE-2024/CVE-2024-11xx/CVE-2024-1186.json) (`2024-02-02T17:15:11.277`)
* [CVE-2024-23635](CVE-2024/CVE-2024-236xx/CVE-2024-23635.json) (`2024-02-02T17:15:11.527`)
* [CVE-2024-24560](CVE-2024/CVE-2024-245xx/CVE-2024-24560.json) (`2024-02-02T17:15:11.720`)
* [CVE-2024-1187](CVE-2024/CVE-2024-11xx/CVE-2024-1187.json) (`2024-02-02T18:15:32.107`)
* [CVE-2024-1188](CVE-2024/CVE-2024-11xx/CVE-2024-1188.json) (`2024-02-02T18:15:32.327`)
* [CVE-2023-37527](CVE-2023/CVE-2023-375xx/CVE-2023-37527.json) (`2024-02-02T19:15:07.990`)
* [CVE-2024-1189](CVE-2024/CVE-2024-11xx/CVE-2024-1189.json) (`2024-02-02T19:15:08.217`)
* [CVE-2024-1190](CVE-2024/CVE-2024-11xx/CVE-2024-1190.json) (`2024-02-02T19:15:08.460`)
### CVEs modified in the last Commit
Recently modified CVEs: `44`
Recently modified CVEs: `10`
* [CVE-2024-0750](CVE-2024/CVE-2024-07xx/CVE-2024-0750.json) (`2024-02-02T17:14:22.527`)
* [CVE-2024-22550](CVE-2024/CVE-2024-225xx/CVE-2024-22550.json) (`2024-02-02T17:14:39.690`)
* [CVE-2024-0204](CVE-2024/CVE-2024-02xx/CVE-2024-0204.json) (`2024-02-02T17:15:11.167`)
* [CVE-2024-0749](CVE-2024/CVE-2024-07xx/CVE-2024-0749.json) (`2024-02-02T17:18:54.040`)
* [CVE-2024-0747](CVE-2024/CVE-2024-07xx/CVE-2024-0747.json) (`2024-02-02T17:19:06.347`)
* [CVE-2024-0746](CVE-2024/CVE-2024-07xx/CVE-2024-0746.json) (`2024-02-02T17:19:10.737`)
* [CVE-2024-0742](CVE-2024/CVE-2024-07xx/CVE-2024-0742.json) (`2024-02-02T17:19:23.497`)
* [CVE-2024-0741](CVE-2024/CVE-2024-07xx/CVE-2024-0741.json) (`2024-02-02T17:19:30.117`)
* [CVE-2024-20973](CVE-2024/CVE-2024-209xx/CVE-2024-20973.json) (`2024-02-02T17:22:04.880`)
* [CVE-2024-20971](CVE-2024/CVE-2024-209xx/CVE-2024-20971.json) (`2024-02-02T17:24:10.267`)
* [CVE-2024-20977](CVE-2024/CVE-2024-209xx/CVE-2024-20977.json) (`2024-02-02T17:24:20.210`)
* [CVE-2024-20981](CVE-2024/CVE-2024-209xx/CVE-2024-20981.json) (`2024-02-02T17:24:34.507`)
* [CVE-2024-20969](CVE-2024/CVE-2024-209xx/CVE-2024-20969.json) (`2024-02-02T17:24:44.617`)
* [CVE-2024-20983](CVE-2024/CVE-2024-209xx/CVE-2024-20983.json) (`2024-02-02T17:27:04.743`)
* [CVE-2024-20985](CVE-2024/CVE-2024-209xx/CVE-2024-20985.json) (`2024-02-02T17:27:12.127`)
* [CVE-2024-20926](CVE-2024/CVE-2024-209xx/CVE-2024-20926.json) (`2024-02-02T17:35:48.843`)
* [CVE-2024-20922](CVE-2024/CVE-2024-209xx/CVE-2024-20922.json) (`2024-02-02T17:36:17.387`)
* [CVE-2024-20961](CVE-2024/CVE-2024-209xx/CVE-2024-20961.json) (`2024-02-02T17:36:27.917`)
* [CVE-2024-20963](CVE-2024/CVE-2024-209xx/CVE-2024-20963.json) (`2024-02-02T17:36:33.743`)
* [CVE-2024-20965](CVE-2024/CVE-2024-209xx/CVE-2024-20965.json) (`2024-02-02T17:42:20.270`)
* [CVE-2024-20967](CVE-2024/CVE-2024-209xx/CVE-2024-20967.json) (`2024-02-02T17:42:32.037`)
* [CVE-2024-20975](CVE-2024/CVE-2024-209xx/CVE-2024-20975.json) (`2024-02-02T17:42:39.467`)
* [CVE-2024-0926](CVE-2024/CVE-2024-09xx/CVE-2024-0926.json) (`2024-02-02T17:47:20.887`)
* [CVE-2024-0925](CVE-2024/CVE-2024-09xx/CVE-2024-0925.json) (`2024-02-02T17:49:58.700`)
* [CVE-2024-0924](CVE-2024/CVE-2024-09xx/CVE-2024-0924.json) (`2024-02-02T18:00:06.520`)
* [CVE-2024-0923](CVE-2024/CVE-2024-09xx/CVE-2024-0923.json) (`2024-02-02T19:27:35.900`)
* [CVE-2024-0922](CVE-2024/CVE-2024-09xx/CVE-2024-0922.json) (`2024-02-02T19:32:04.233`)
* [CVE-2024-0921](CVE-2024/CVE-2024-09xx/CVE-2024-0921.json) (`2024-02-02T19:33:48.557`)
* [CVE-2024-0891](CVE-2024/CVE-2024-08xx/CVE-2024-0891.json) (`2024-02-02T19:36:26.663`)
* [CVE-2024-0890](CVE-2024/CVE-2024-08xx/CVE-2024-0890.json) (`2024-02-02T19:42:08.830`)
* [CVE-2024-0889](CVE-2024/CVE-2024-08xx/CVE-2024-0889.json) (`2024-02-02T19:45:04.827`)
* [CVE-2024-0920](CVE-2024/CVE-2024-09xx/CVE-2024-0920.json) (`2024-02-02T19:50:50.540`)
* [CVE-2024-22545](CVE-2024/CVE-2024-225xx/CVE-2024-22545.json) (`2024-02-02T20:38:53.190`)
* [CVE-2024-0918](CVE-2024/CVE-2024-09xx/CVE-2024-0918.json) (`2024-02-02T20:42:21.260`)
* [CVE-2024-0919](CVE-2024/CVE-2024-09xx/CVE-2024-0919.json) (`2024-02-02T20:47:04.077`)
## Download and Usage