admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-19T13:00:33.673603+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-19 13:00:37 +00:00
parent 87da0ff01f
commit 60b74b8eb0
13 changed files with 368 additions and 59 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
CVE-2023/CVE-2023-405xx/CVE-2023-40547.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40547",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-25T16:15:07.717",
"lastModified": "2024-02-08T19:25:40.323",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-19T11:15:07.980",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -60,8 +60,18 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -72,16 +82,6 @@
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [

26
CVE-2023/CVE-2023-405xx/CVE-2023-40548.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40548",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-29T15:15:08.893",
"lastModified": "2024-02-06T18:37:23.327",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-19T11:15:08.670",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -60,8 +60,18 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -72,16 +82,6 @@
"value": "CWE-787"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"configurations": [

6
CVE-2023/CVE-2023-53xx/CVE-2023-5378.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5378",
"sourceIdentifier": "cvd@cert.pl",
"published": "2024-01-29T12:15:07.860",
"lastModified": "2024-02-02T02:06:20.437",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-19T12:15:43.980",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2 (newer versions were not tested; the vendor has not confirmed fixing the vulnerability). \n\n\n"
"value": "Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2.\u00a0MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown.\n\n\n"
},
{
"lang": "es",

26
CVE-2023/CVE-2023-67xx/CVE-2023-6780.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6780",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-31T14:15:48.917",
"lastModified": "2024-02-12T18:57:56.580",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-19T12:15:44.103",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -60,8 +60,18 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -72,16 +82,6 @@
"value": "CWE-190"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-131"
}
]
}
],
"configurations": [

16
CVE-2023/CVE-2023-72xx/CVE-2023-7216.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7216",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-05T15:15:08.903",
"lastModified": "2024-02-13T00:37:01.273",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-19T12:15:44.277",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -60,23 +60,23 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "secalert@redhat.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
},
{
"lang": "en",
"value": "CWE-59"

55
CVE-2024/CVE-2024-13xx/CVE-2024-1343.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1343",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-02-19T12:15:44.413",
"lastModified": "2024-02-19T12:15:44.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree BackUp'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2024/CVE-2024-13xx/CVE-2024-1344.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1344",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-02-19T12:15:44.617",
"lastModified": "2024-02-19T12:15:44.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\\LaborOfficeFree\\' directory. This user can log in remotely and has root-like privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2024/CVE-2024-13xx/CVE-2024-1345.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1345",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-02-19T12:15:44.803",
"lastModified": "2024-02-19T12:15:44.803",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2024/CVE-2024-13xx/CVE-2024-1346.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1346",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-02-19T12:15:45.000",
"lastModified": "2024-02-19T12:15:45.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree",
"source": "cve-coordination@incibe.es"
}
]
}

63
CVE-2024/CVE-2024-15xx/CVE-2024-1580.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-1580",
"sourceIdentifier": "cve-coordination@google.com",
"published": "2024-02-19T11:15:08.817",
"lastModified": "2024-02-19T11:15:08.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.\n\n\n\n"
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en el decodificador dav1d AV1 que puede ocurrir al decodificar videos con un tama\u00f1o de cuadro grande. Esto puede provocar da\u00f1os en la memoria del decodificador AV1. Recomendamos actualizar la versi\u00f3n anterior 1.4.0 de dav1d."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "cve-coordination@google.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS",
"source": "cve-coordination@google.com"
},
{
"url": "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0",
"source": "cve-coordination@google.com"
}
]
}

10
CVE-2024/CVE-2024-257xx/CVE-2024-25710.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25710",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-19T09:15:37.943",
"lastModified": "2024-02-19T09:15:37.943",
"lastModified": "2024-02-19T11:15:09.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.\n\nUsers are recommended to upgrade to version 1.26.0 which fixes the issue.\n\n"
},
{
"lang": "es",
"value": "Bucle con vulnerabilidad de condici\u00f3n de salida inalcanzable (\"bucle infinito\") en Apache Commons Compress. Este problema afecta a Apache Commons Compress: desde 1.3 hasta 1.25.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.26.0, que soluciona el problema."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/19/1",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf",
"source": "security@apache.org"

10
CVE-2024/CVE-2024-263xx/CVE-2024-26308.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-26308",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-19T09:15:38.277",
"lastModified": "2024-02-19T09:15:38.277",
"lastModified": "2024-02-19T11:15:09.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.\n\nUsers are recommended to upgrade to version 1.26, which fixes the issue.\n\n"
},
{
"lang": "es",
"value": "Asignaci\u00f3n de recursos sin l\u00edmites o vulnerabilidad de limitaci\u00f3n en Apache Commons Compress. Este problema afecta a Apache Commons Compress: desde 1.21 antes de 1.26. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.26, que soluciona el problema."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/19/2",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg",
"source": "security@apache.org"

24
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-19T11:01:05.710679+00:00
2024-02-19T13:00:33.673603+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-19T09:15:38.277000+00:00
2024-02-19T12:15:45+00:00
```
### Last Data Feed Release
@ -29,21 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238874
238879
```
### CVEs added in the last Commit
Recently added CVEs: `2`
Recently added CVEs: `5`
* [CVE-2024-25710](CVE-2024/CVE-2024-257xx/CVE-2024-25710.json) (`2024-02-19T09:15:37.943`)
* [CVE-2024-26308](CVE-2024/CVE-2024-263xx/CVE-2024-26308.json) (`2024-02-19T09:15:38.277`)
* [CVE-2024-1580](CVE-2024/CVE-2024-15xx/CVE-2024-1580.json) (`2024-02-19T11:15:08.817`)
* [CVE-2024-1343](CVE-2024/CVE-2024-13xx/CVE-2024-1343.json) (`2024-02-19T12:15:44.413`)
* [CVE-2024-1344](CVE-2024/CVE-2024-13xx/CVE-2024-1344.json) (`2024-02-19T12:15:44.617`)
* [CVE-2024-1345](CVE-2024/CVE-2024-13xx/CVE-2024-1345.json) (`2024-02-19T12:15:44.803`)
* [CVE-2024-1346](CVE-2024/CVE-2024-13xx/CVE-2024-1346.json) (`2024-02-19T12:15:45.000`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `7`
* [CVE-2023-40547](CVE-2023/CVE-2023-405xx/CVE-2023-40547.json) (`2024-02-19T11:15:07.980`)
* [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-02-19T11:15:08.670`)
* [CVE-2023-5378](CVE-2023/CVE-2023-53xx/CVE-2023-5378.json) (`2024-02-19T12:15:43.980`)
* [CVE-2023-6780](CVE-2023/CVE-2023-67xx/CVE-2023-6780.json) (`2024-02-19T12:15:44.103`)
* [CVE-2023-7216](CVE-2023/CVE-2023-72xx/CVE-2023-7216.json) (`2024-02-19T12:15:44.277`)
* [CVE-2024-25710](CVE-2024/CVE-2024-257xx/CVE-2024-25710.json) (`2024-02-19T11:15:09.090`)
* [CVE-2024-26308](CVE-2024/CVE-2024-263xx/CVE-2024-26308.json) (`2024-02-19T11:15:09.173`)
## Download and Usage