admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-27T05:00:23.971967+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-27 05:00:27 +00:00
parent 99f28e444d
commit 5fa01143f1
11 changed files with 413 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2023/CVE-2023-433xx/CVE-2023-43361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43361",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-02T21:15:34.520",
"lastModified": "2023-10-04T17:05:22.400",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-27T03:15:07.687",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -90,6 +90,14 @@
"Issue Tracking"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GJKTWQXOZDMCXVEFCQZVH3F3FQYMNYLI/",
"source": "cve@mitre.org"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T47YXGRUCUKN7WEOHUEIUNJ2KZ2C2IDN/",
"source": "cve@mitre.org"
},
{
"url": "https://xiph.org/vorbis/",
"source": "cve@mitre.org",

8
CVE-2023/CVE-2023-516xx/CVE-2023-51698.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51698",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-12T21:15:10.150",
"lastModified": "2024-01-22T17:57:50.930",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-27T03:15:07.783",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -103,6 +103,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OZKXNZ3HGH6KH65OEKVCEAOZJWNZ32FQ/",
"source": "security-advisories@github.com"
}
]
}

28
CVE-2023/CVE-2023-523xx/CVE-2023-52389.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-52389",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-27T03:15:07.883",
"lastModified": "2024-01-27T03:15:07.883",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "UTF32Encoding.cpp in POCO has a Poco::UTF32Encoding integer overflow and resultant stack buffer overflow because Poco::UTF32Encoding::convert() and Poco::UTF32::queryConvert() may return a negative integer if a UTF-32 byte sequence evaluates to a value of 0x80000000 or higher. This is fixed in 1.11.8p2, 1.12.5p2, and 1.13.0."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/pocoproject/poco/compare/poco-1.12.5p2-release...poco-1.13.0-release",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/pocoproject/poco/issues/4320",
"source": "cve@mitre.org"
},
{
"url": "https://pocoproject.org/blog/?p=1226",
"source": "cve@mitre.org"
}
]
}

47
CVE-2023/CVE-2023-64xx/CVE-2023-6497.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2023-6497",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-27T04:15:08.047",
"lastModified": "2024-01-27T04:15:08.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the automatic redirect URL setting in all versions up to and including 4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3007737%40wordpress-simple-paypal-shopping-cart&new=3007737%40wordpress-simple-paypal-shopping-cart&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6201a1-7ca9-461b-b9ad-16407120dfae?source=cve",
"source": "security@wordfence.com"
}
]
}

6
CVE-2023/CVE-2023-70xx/CVE-2023-7008.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-7008",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-23T13:15:07.573",
"lastModified": "2024-01-24T03:15:08.553",
"lastModified": "2024-01-27T03:15:07.933",
"vulnStatus": "Modified",
"descriptions": [
{
@ -143,6 +143,10 @@
"Issue Tracking"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMDEG5PKONWNHOEYSUDRT6JEOISRMN2/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QHNBXGKJWISJETTTDTZKTBFIBJUOSLKL/",
"source": "secalert@redhat.com"

47
CVE-2024/CVE-2024-06xx/CVE-2024-0664.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-0664",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-27T04:15:08.237",
"lastModified": "2024-01-27T04:15:08.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027347%40meks-smart-social-widget&new=3027347%40meks-smart-social-widget&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/722aae99-fcfb-4234-9245-5db57aaa03c5?source=cve",
"source": "security@wordfence.com"
}
]
}

51
CVE-2024/CVE-2024-06xx/CVE-2024-0667.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-0667",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-01-27T04:15:08.453",
"lastModified": "2024-01-27T04:15:08.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.21/booster/controller.php#L34",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve",
"source": "security@wordfence.com"
}
]
}

6
CVE-2024/CVE-2024-221xx/CVE-2024-22195.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22195",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-11T03:15:11.200",
"lastModified": "2024-01-25T02:15:53.583",
"lastModified": "2024-01-27T03:15:08.043",
"vulnStatus": "Modified",
"descriptions": [
{
@ -121,6 +121,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/",
"source": "security-advisories@github.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/",
"source": "security-advisories@github.com"

128
CVE-2024/CVE-2024-232xx/CVE-2024-23223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23223",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.557",
"lastModified": "2024-01-26T18:15:13.060",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-27T03:48:24.797",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,39 +14,145 @@
"value": "Se solucion\u00f3 un problema de privacidad mejorando el manejo de archivos. Este problema se solucion\u00f3 en macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 y iPadOS 17.3. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "93A0FBA9-3FF2-483E-8669-E2C196B3A444"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "F927B013-925E-4474-B464-3FA0241F9269"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3",
"matchCriteriaId": "F265723B-24BD-4BD9-A45C-6FFD000A7B03"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/33",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/39",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/40",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214055",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214059",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214060",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

89
CVE-2024/CVE-2024-232xx/CVE-2024-23224.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23224",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.600",
"lastModified": "2024-01-26T17:15:13.233",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-01-27T03:45:02.100",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,98 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.3, macOS Ventura 13.6.4. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.4",
"matchCriteriaId": "A3916CD8-E6D5-4786-903E-B86026859CE6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
}
]
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/36",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/37",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214058",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/HT214061",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

22
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-27T03:00:24.391308+00:00
2024-01-27T05:00:23.971967+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-27T01:23:57.087000+00:00
2024-01-27T04:15:08.453000+00:00
```
### Last Data Feed Release
@ -29,21 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236954
236958
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `4`
* [CVE-2023-6482](CVE-2023/CVE-2023-64xx/CVE-2023-6482.json) (`2024-01-27T01:15:08.033`)
* [CVE-2023-52389](CVE-2023/CVE-2023-523xx/CVE-2023-52389.json) (`2024-01-27T03:15:07.883`)
* [CVE-2023-6497](CVE-2023/CVE-2023-64xx/CVE-2023-6497.json) (`2024-01-27T04:15:08.047`)
* [CVE-2024-0664](CVE-2024/CVE-2024-06xx/CVE-2024-0664.json) (`2024-01-27T04:15:08.237`)
* [CVE-2024-0667](CVE-2024/CVE-2024-06xx/CVE-2024-0667.json) (`2024-01-27T04:15:08.453`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `6`
* [CVE-2023-44000](CVE-2023/CVE-2023-440xx/CVE-2023-44000.json) (`2024-01-27T01:23:57.087`)
* [CVE-2023-43361](CVE-2023/CVE-2023-433xx/CVE-2023-43361.json) (`2024-01-27T03:15:07.687`)
* [CVE-2023-51698](CVE-2023/CVE-2023-516xx/CVE-2023-51698.json) (`2024-01-27T03:15:07.783`)
* [CVE-2023-7008](CVE-2023/CVE-2023-70xx/CVE-2023-7008.json) (`2024-01-27T03:15:07.933`)
* [CVE-2024-22195](CVE-2024/CVE-2024-221xx/CVE-2024-22195.json) (`2024-01-27T03:15:08.043`)
* [CVE-2024-23224](CVE-2024/CVE-2024-232xx/CVE-2024-23224.json) (`2024-01-27T03:45:02.100`)
* [CVE-2024-23223](CVE-2024/CVE-2024-232xx/CVE-2024-23223.json) (`2024-01-27T03:48:24.797`)
## Download and Usage