diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json index 49b31703533..21c13186799 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40547.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40547", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-25T16:15:07.717", - "lastModified": "2024-02-08T19:25:40.323", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-19T11:15:07.980", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,8 +60,18 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "description": [ { "lang": "en", @@ -72,16 +82,6 @@ "value": "CWE-787" } ] - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-346" - } - ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-405xx/CVE-2023-40548.json b/CVE-2023/CVE-2023-405xx/CVE-2023-40548.json index 2ea7e29c26d..962bc587f21 100644 --- a/CVE-2023/CVE-2023-405xx/CVE-2023-40548.json +++ b/CVE-2023/CVE-2023-405xx/CVE-2023-40548.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40548", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-29T15:15:08.893", - "lastModified": "2024-02-06T18:37:23.327", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-19T11:15:08.670", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,8 +60,18 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "description": [ { "lang": "en", @@ -72,16 +82,6 @@ "value": "CWE-787" } ] - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-122" - } - ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5378.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5378.json index 6d9a39c2cad..0206b1fec8d 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5378.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5378.json @@ -2,12 +2,12 @@ "id": "CVE-2023-5378", "sourceIdentifier": "cvd@cert.pl", "published": "2024-01-29T12:15:07.860", - "lastModified": "2024-02-02T02:06:20.437", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-19T12:15:43.980", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2 (newer versions were not tested; the vendor has not confirmed fixing the vulnerability). \n\n\n" + "value": "Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2.\u00a0MegaBIP 5.08 was tested and is not vulnerable. A precise range of vulnerable versions remains unknown.\n\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6780.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6780.json index 5c0cb0b9d2b..b6daf4f3b0d 100644 --- a/CVE-2023/CVE-2023-67xx/CVE-2023-6780.json +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6780.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6780", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-31T14:15:48.917", - "lastModified": "2024-02-12T18:57:56.580", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-19T12:15:44.103", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,8 +60,18 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + }, + { + "source": "nvd@nist.gov", + "type": "Secondary", "description": [ { "lang": "en", @@ -72,16 +82,6 @@ "value": "CWE-190" } ] - }, - { - "source": "secalert@redhat.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-131" - } - ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7216.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7216.json index c95856ff13c..56da7da8a17 100644 --- a/CVE-2023/CVE-2023-72xx/CVE-2023-7216.json +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7216.json @@ -2,8 +2,8 @@ "id": "CVE-2023-7216", "sourceIdentifier": "secalert@redhat.com", "published": "2024-02-05T15:15:08.903", - "lastModified": "2024-02-13T00:37:01.273", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-19T12:15:44.277", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -60,23 +60,23 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "secalert@redhat.com", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-22" - }, - { - "lang": "en", - "value": "CWE-59" } ] }, { - "source": "secalert@redhat.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ + { + "lang": "en", + "value": "CWE-22" + }, { "lang": "en", "value": "CWE-59" diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1343.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1343.json new file mode 100644 index 00000000000..37356aad3c6 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1343.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1343", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-02-19T12:15:44.413", + "lastModified": "2024-02-19T12:15:44.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree BackUp'." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1344.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1344.json new file mode 100644 index 00000000000..68f86d6dada --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1344.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1344", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-02-19T12:15:44.617", + "lastModified": "2024-02-19T12:15:44.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\\LaborOfficeFree\\' directory. This user can log in remotely and has root-like privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1345.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1345.json new file mode 100644 index 00000000000..41cdf60eb92 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1345.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1345", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-02-19T12:15:44.803", + "lastModified": "2024-02-19T12:15:44.803", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-521" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1346.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1346.json new file mode 100644 index 00000000000..8fdfce40178 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1346.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1346", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-02-19T12:15:45.000", + "lastModified": "2024-02-19T12:15:45.000", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-521" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1580.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1580.json new file mode 100644 index 00000000000..dac463b1df6 --- /dev/null +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1580.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-1580", + "sourceIdentifier": "cve-coordination@google.com", + "published": "2024-02-19T11:15:08.817", + "lastModified": "2024-02-19T11:15:08.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d.\n\n\n\n" + }, + { + "lang": "es", + "value": "Un desbordamiento de enteros en el decodificador dav1d AV1 que puede ocurrir al decodificar videos con un tama\u00f1o de cuadro grande. Esto puede provocar da\u00f1os en la memoria del decodificador AV1. Recomendamos actualizar la versi\u00f3n anterior 1.4.0 de dav1d." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS", + "source": "cve-coordination@google.com" + }, + { + "url": "https://code.videolan.org/videolan/dav1d/-/releases/1.4.0", + "source": "cve-coordination@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-257xx/CVE-2024-25710.json b/CVE-2024/CVE-2024-257xx/CVE-2024-25710.json index 52cacb3172b..33905ec4bdb 100644 --- a/CVE-2024/CVE-2024-257xx/CVE-2024-25710.json +++ b/CVE-2024/CVE-2024-257xx/CVE-2024-25710.json @@ -2,12 +2,16 @@ "id": "CVE-2024-25710", "sourceIdentifier": "security@apache.org", "published": "2024-02-19T09:15:37.943", - "lastModified": "2024-02-19T09:15:37.943", + "lastModified": "2024-02-19T11:15:09.090", "vulnStatus": "Received", "descriptions": [ { "lang": "en", "value": "Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0.\n\nUsers are recommended to upgrade to version 1.26.0 which fixes the issue.\n\n" + }, + { + "lang": "es", + "value": "Bucle con vulnerabilidad de condici\u00f3n de salida inalcanzable (\"bucle infinito\") en Apache Commons Compress. Este problema afecta a Apache Commons Compress: desde 1.3 hasta 1.25.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.26.0, que soluciona el problema." } ], "metrics": { @@ -47,6 +51,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/02/19/1", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf", "source": "security@apache.org" diff --git a/CVE-2024/CVE-2024-263xx/CVE-2024-26308.json b/CVE-2024/CVE-2024-263xx/CVE-2024-26308.json index a9e7808213b..0fafed3d787 100644 --- a/CVE-2024/CVE-2024-263xx/CVE-2024-26308.json +++ b/CVE-2024/CVE-2024-263xx/CVE-2024-26308.json @@ -2,12 +2,16 @@ "id": "CVE-2024-26308", "sourceIdentifier": "security@apache.org", "published": "2024-02-19T09:15:38.277", - "lastModified": "2024-02-19T09:15:38.277", + "lastModified": "2024-02-19T11:15:09.173", "vulnStatus": "Received", "descriptions": [ { "lang": "en", "value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26.\n\nUsers are recommended to upgrade to version 1.26, which fixes the issue.\n\n" + }, + { + "lang": "es", + "value": "Asignaci\u00f3n de recursos sin l\u00edmites o vulnerabilidad de limitaci\u00f3n en Apache Commons Compress. Este problema afecta a Apache Commons Compress: desde 1.21 antes de 1.26. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.26, que soluciona el problema." } ], "metrics": {}, @@ -24,6 +28,10 @@ } ], "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/02/19/2", + "source": "security@apache.org" + }, { "url": "https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg", "source": "security@apache.org" diff --git a/README.md b/README.md index b67da175d94..cbc71a19c10 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-19T11:01:05.710679+00:00 +2024-02-19T13:00:33.673603+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-19T09:15:38.277000+00:00 +2024-02-19T12:15:45+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -238874 +238879 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `5` -* [CVE-2024-25710](CVE-2024/CVE-2024-257xx/CVE-2024-25710.json) (`2024-02-19T09:15:37.943`) -* [CVE-2024-26308](CVE-2024/CVE-2024-263xx/CVE-2024-26308.json) (`2024-02-19T09:15:38.277`) +* [CVE-2024-1580](CVE-2024/CVE-2024-15xx/CVE-2024-1580.json) (`2024-02-19T11:15:08.817`) +* [CVE-2024-1343](CVE-2024/CVE-2024-13xx/CVE-2024-1343.json) (`2024-02-19T12:15:44.413`) +* [CVE-2024-1344](CVE-2024/CVE-2024-13xx/CVE-2024-1344.json) (`2024-02-19T12:15:44.617`) +* [CVE-2024-1345](CVE-2024/CVE-2024-13xx/CVE-2024-1345.json) (`2024-02-19T12:15:44.803`) +* [CVE-2024-1346](CVE-2024/CVE-2024-13xx/CVE-2024-1346.json) (`2024-02-19T12:15:45.000`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `7` +* [CVE-2023-40547](CVE-2023/CVE-2023-405xx/CVE-2023-40547.json) (`2024-02-19T11:15:07.980`) +* [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-02-19T11:15:08.670`) +* [CVE-2023-5378](CVE-2023/CVE-2023-53xx/CVE-2023-5378.json) (`2024-02-19T12:15:43.980`) +* [CVE-2023-6780](CVE-2023/CVE-2023-67xx/CVE-2023-6780.json) (`2024-02-19T12:15:44.103`) +* [CVE-2023-7216](CVE-2023/CVE-2023-72xx/CVE-2023-7216.json) (`2024-02-19T12:15:44.277`) +* [CVE-2024-25710](CVE-2024/CVE-2024-257xx/CVE-2024-25710.json) (`2024-02-19T11:15:09.090`) +* [CVE-2024-26308](CVE-2024/CVE-2024-263xx/CVE-2024-26308.json) (`2024-02-19T11:15:09.173`) ## Download and Usage