admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-21T05:00:24.108677+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-21 05:00:27 +00:00
parent fd28988dd3
commit 56cc1ef485
25 changed files with 860 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-401xx/CVE-2023-40191.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-40191",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:07.870",
"lastModified": "2024-02-21T03:15:07.870",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (XSS) vulnerability in the instance settings for Accounts in Liferay Portal 7.4.3.44 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, and 7.4 update 44 through 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the \u201cBlocked Email Domains\u201d text field"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-40191",
"source": "security@liferay.com"
}
]
}

55
CVE-2023/CVE-2023-424xx/CVE-2023-42496.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-42496",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:08.057",
"lastModified": "2024-02-21T03:15:08.057",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (XSS) vulnerability on the add assignees to a role page in Liferay Portal 7.3.3 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 6, 7.4 GA through update 92, and 7.3 before update 34 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_roles_admin_web_portlet_RolesAdminPortlet_tabs2 parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42496",
"source": "security@liferay.com"
}
]
}

55
CVE-2023/CVE-2023-424xx/CVE-2023-42498.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-42498",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:08.240",
"lastModified": "2024-02-21T03:15:08.240",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Reflected cross-site scripting (XSS) vulnerability in the Language Override edit screen in Liferay Portal 7.4.3.8 through 7.4.3.97, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 4 through 92 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portal_language_override_web_internal_portlet_PLOPortlet_key parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2023-42498",
"source": "security@liferay.com"
}
]
}

12
CVE-2023/CVE-2023-492xx/CVE-2023-49295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49295",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-10T22:15:50.610",
"lastModified": "2024-01-19T19:05:52.550",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-21T03:15:08.410",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -170,6 +170,14 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G5RSHDTVMYAIGYVVFGKTMFHAZJMA3EVV/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZE7IOKXX5AATU2WR3V76X5Y3A44QAATG/",
"source": "security-advisories@github.com"
}
]
}

14
CVE-2023/CVE-2023-65xx/CVE-2023-6546.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6546",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T20:15:08.260",
"lastModified": "2024-01-10T09:15:44.393",
"lastModified": "2024-02-21T04:15:07.553",
"vulnStatus": "Modified",
"descriptions": [
{
@ -41,19 +41,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
@ -164,6 +164,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:0930",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6546",
"source": "secalert@redhat.com",

47
CVE-2024/CVE-2024-11xx/CVE-2024-1108.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-1108",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T03:15:08.567",
"lastModified": "2024-02-21T03:15:08.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3036754/plugin-groups/trunk/classes/class-plugin-groups.php",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8298f1fb-3165-40e3-9192-805a07c14cae?source=cve",
"source": "security@wordfence.com"
}
]
}

51
CVE-2024/CVE-2024-15xx/CVE-2024-1501.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-1501",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T04:15:07.800",
"lastModified": "2024-02-21T04:15:07.800",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/wordpress-database-reset/trunk/class-db-reset-admin.php#L127",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037742%40wordpress-database-reset&new=3037742%40wordpress-database-reset&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e493cf-d022-404d-a501-a6671e6116f4?source=cve",
"source": "security@wordfence.com"
}
]
}

47
CVE-2024/CVE-2024-15xx/CVE-2024-1562.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-1562",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-21T04:15:07.987",
"lastModified": "2024-02-21T04:15:07.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038517%40wc-gsheetconnector&new=3038517%40wc-gsheetconnector&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=cve",
"source": "security@wordfence.com"
}
]
}

71
CVE-2024/CVE-2024-16xx/CVE-2024-1631.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2024-1631",
"sourceIdentifier": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"published": "2024-02-21T03:15:08.747",
"lastModified": "2024-02-21T03:15:08.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Impact\nThe library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation.\n\n\nSince the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe)\n is compromised, one could lose funds associated with the principal on \nledgers or lose access to a canister where this principal is the \ncontroller. Users are asked to take proactive measures mentioned below \nin Workarounds:Users to protect their assets.\n\n\nPatches\nPatch for the vulnerability is available in v1.0.1 for all the packages listed in the advisory. Please upgrade and deploy your canisters immediately.\n\n\nWorkarounds\nDevelopers\nThe recommended fix is to upgrade the package to the \npatched version. If that is not possible, there are couple of \nworkarounds to handle the insecure key generation.\n\n\n\n * Invoking the function as Ed25519KeyIdentity.generate(null)\n would fix the broken conditional evaluation and force the function to \ngenerate a securely random seed. However, this is not guaranteed to work\n for future upgrades.\n\n * Passing a securely generated randomness as a seed to Ed25519KeyIdentity.generate would force the library to use it as the seed to generate the key pair.\n\n\nUsers\nRemoving a controller of a canister if it's the affected principal\nFor all canisters you control, fetch the controllers of the canisters using\n\n\ndfx canister info --ic <CANISTER>\n\n\n \n\n\n\nIf you see the principal 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe as one of the controllers, follow the steps below\n\n\ndfx identity whoami # record CURRENT_IDENTITY\n\ndfx identity new <NEW_IDENTITY_NAME> \ndfx identity use <NEW_IDENTITY_NAME> \ndfx identity get-principal <NEW_IDENTITY_NAME> # record NEW_IDENTITY_PRINCIPAL\n\ndfx identity use <CURRENT_IDENTITY>\ndfx canister update-settings --ic <CANISTER> --add-controller <NEW_IDENTITY_PRINCIPAL>\ndfx canister update-settings --ic <CANISTER> --remove-controller `535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe`\n\n\n \n\n\n\nFor more details on canister management, please visit here https://internetcomputer.org/docs/current/tutorials/developer-journey/level-1/1.6-managing-canisters \n\n\nChecking funds on wallets / ledgers\nIf you have funds on ledgers using a browser wallet, please check if the account principal matches 535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe. If it does, please create a new account and transfer the funds to the new account immediately.\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-321"
},
{
"lang": "en",
"value": "CWE-330"
}
]
}
],
"references": [
{
"url": "https://agent-js.icp.xyz/identity/index.html",
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b"
},
{
"url": "https://github.com/dfinity/agent-js",
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b"
},
{
"url": "https://github.com/dfinity/agent-js/pull/851",
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b"
},
{
"url": "https://www.npmjs.com/package/@dfinity/identity/v/1.0.1",
"source": "6b35d637-e00f-4228-858c-b20ad6e1d07b"
}
]
}

24
CVE-2024/CVE-2024-16xx/CVE-2024-1669.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1669",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.150",
"lastModified": "2024-02-21T04:15:08.150",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/41495060",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-16xx/CVE-2024-1670.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1670",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.210",
"lastModified": "2024-02-21T04:15:08.210",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/41481374",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-16xx/CVE-2024-1671.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1671",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.257",
"lastModified": "2024-02-21T04:15:08.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/41487933",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-16xx/CVE-2024-1672.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1672",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.297",
"lastModified": "2024-02-21T04:15:08.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/41485789",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-16xx/CVE-2024-1673.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1673",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.347",
"lastModified": "2024-02-21T04:15:08.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/41490491",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-16xx/CVE-2024-1674.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1674",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.430",
"lastModified": "2024-02-21T04:15:08.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40095183",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-16xx/CVE-2024-1675.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1675",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.540",
"lastModified": "2024-02-21T04:15:08.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/41486208",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-16xx/CVE-2024-1676.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1676",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-02-21T04:15:08.580",
"lastModified": "2024-02-21T04:15:08.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://issues.chromium.org/issues/40944847",
"source": "chrome-cve-admin@google.com"
}
]
}

10
CVE-2024/CVE-2024-233xx/CVE-2024-23301.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23301",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-12T23:15:10.030",
"lastModified": "2024-02-03T19:15:08.450",
"lastModified": "2024-02-21T03:15:08.950",
"vulnStatus": "Modified",
"descriptions": [
{
@ -140,6 +140,14 @@
{
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2024/CVE-2024-242xx/CVE-2024-24258.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24258",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T18:15:52.083",
"lastModified": "2024-02-20T03:15:08.257",
"lastModified": "2024-02-21T03:15:09.043",
"vulnStatus": "Modified",
"descriptions": [
{
@ -80,6 +80,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/",
"source": "cve@mitre.org"

6
CVE-2024/CVE-2024-242xx/CVE-2024-24259.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24259",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T18:15:52.133",
"lastModified": "2024-02-20T03:15:08.330",
"lastModified": "2024-02-21T03:15:09.110",
"vulnStatus": "Modified",
"descriptions": [
{
@ -80,6 +80,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/",
"source": "cve@mitre.org"

55
CVE-2024/CVE-2024-251xx/CVE-2024-25151.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25151",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T04:15:08.627",
"lastModified": "2024-02-21T04:15:08.627",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-256xx/CVE-2024-25603.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25603",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:09.173",
"lastModified": "2024-02-21T03:15:09.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26266.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26266",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:09.353",
"lastModified": "2024-02-21T03:15:09.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26269.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26269",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-21T03:15:09.527",
"lastModified": "2024-02-21T03:15:09.527",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269",
"source": "security@liferay.com"
}
]
}

42
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-21T03:00:24.174990+00:00
2024-02-21T05:00:24.108677+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-21T02:15:30.267000+00:00
2024-02-21T04:15:08.627000+00:00
```
### Last Data Feed Release
@ -29,27 +29,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
239026
239045
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `19`
* [CVE-2024-0407](CVE-2024/CVE-2024-04xx/CVE-2024-0407.json) (`2024-02-21T01:15:07.753`)
* [CVE-2024-24475](CVE-2024/CVE-2024-244xx/CVE-2024-24475.json) (`2024-02-21T01:15:07.890`)
* [CVE-2024-25147](CVE-2024/CVE-2024-251xx/CVE-2024-25147.json) (`2024-02-21T02:15:29.750`)
* [CVE-2024-25152](CVE-2024/CVE-2024-251xx/CVE-2024-25152.json) (`2024-02-21T02:15:29.933`)
* [CVE-2024-25601](CVE-2024/CVE-2024-256xx/CVE-2024-25601.json) (`2024-02-21T02:15:30.100`)
* [CVE-2024-25602](CVE-2024/CVE-2024-256xx/CVE-2024-25602.json) (`2024-02-21T02:15:30.267`)
* [CVE-2023-40191](CVE-2023/CVE-2023-401xx/CVE-2023-40191.json) (`2024-02-21T03:15:07.870`)
* [CVE-2023-42496](CVE-2023/CVE-2023-424xx/CVE-2023-42496.json) (`2024-02-21T03:15:08.057`)
* [CVE-2023-42498](CVE-2023/CVE-2023-424xx/CVE-2023-42498.json) (`2024-02-21T03:15:08.240`)
* [CVE-2024-1108](CVE-2024/CVE-2024-11xx/CVE-2024-1108.json) (`2024-02-21T03:15:08.567`)
* [CVE-2024-1631](CVE-2024/CVE-2024-16xx/CVE-2024-1631.json) (`2024-02-21T03:15:08.747`)
* [CVE-2024-25603](CVE-2024/CVE-2024-256xx/CVE-2024-25603.json) (`2024-02-21T03:15:09.173`)
* [CVE-2024-26266](CVE-2024/CVE-2024-262xx/CVE-2024-26266.json) (`2024-02-21T03:15:09.353`)
* [CVE-2024-26269](CVE-2024/CVE-2024-262xx/CVE-2024-26269.json) (`2024-02-21T03:15:09.527`)
* [CVE-2024-1501](CVE-2024/CVE-2024-15xx/CVE-2024-1501.json) (`2024-02-21T04:15:07.800`)
* [CVE-2024-1562](CVE-2024/CVE-2024-15xx/CVE-2024-1562.json) (`2024-02-21T04:15:07.987`)
* [CVE-2024-1669](CVE-2024/CVE-2024-16xx/CVE-2024-1669.json) (`2024-02-21T04:15:08.150`)
* [CVE-2024-1670](CVE-2024/CVE-2024-16xx/CVE-2024-1670.json) (`2024-02-21T04:15:08.210`)
* [CVE-2024-1671](CVE-2024/CVE-2024-16xx/CVE-2024-1671.json) (`2024-02-21T04:15:08.257`)
* [CVE-2024-1672](CVE-2024/CVE-2024-16xx/CVE-2024-1672.json) (`2024-02-21T04:15:08.297`)
* [CVE-2024-1673](CVE-2024/CVE-2024-16xx/CVE-2024-1673.json) (`2024-02-21T04:15:08.347`)
* [CVE-2024-1674](CVE-2024/CVE-2024-16xx/CVE-2024-1674.json) (`2024-02-21T04:15:08.430`)
* [CVE-2024-1675](CVE-2024/CVE-2024-16xx/CVE-2024-1675.json) (`2024-02-21T04:15:08.540`)
* [CVE-2024-1676](CVE-2024/CVE-2024-16xx/CVE-2024-1676.json) (`2024-02-21T04:15:08.580`)
* [CVE-2024-25151](CVE-2024/CVE-2024-251xx/CVE-2024-25151.json) (`2024-02-21T04:15:08.627`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `5`
* [CVE-2024-0794](CVE-2024/CVE-2024-07xx/CVE-2024-0794.json) (`2024-02-21T01:15:07.810`)
* [CVE-2024-24474](CVE-2024/CVE-2024-244xx/CVE-2024-24474.json) (`2024-02-21T01:15:07.857`)
* [CVE-2023-49295](CVE-2023/CVE-2023-492xx/CVE-2023-49295.json) (`2024-02-21T03:15:08.410`)
* [CVE-2023-6546](CVE-2023/CVE-2023-65xx/CVE-2023-6546.json) (`2024-02-21T04:15:07.553`)
* [CVE-2024-23301](CVE-2024/CVE-2024-233xx/CVE-2024-23301.json) (`2024-02-21T03:15:08.950`)
* [CVE-2024-24258](CVE-2024/CVE-2024-242xx/CVE-2024-24258.json) (`2024-02-21T03:15:09.043`)
* [CVE-2024-24259](CVE-2024/CVE-2024-242xx/CVE-2024-24259.json) (`2024-02-21T03:15:09.110`)
## Download and Usage