admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-22T16:00:18.186666+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-22 16:03:14 +00:00
parent a352ecc9fb
commit 671fc80622
32 changed files with 1771 additions and 310 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2024/CVE-2024-215xx/CVE-2024-21552.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-21552",
"sourceIdentifier": "report@snyk.io",
"published": "2024-07-22T15:15:02.410",
"lastModified": "2024-07-22T15:15:02.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "All versions of `SuperAGI` are vulnerable to Arbitrary Code Execution due to unsafe use of the \u2018eval\u2019 function. An attacker could induce the LLM output to exploit this vulnerability and gain arbitrary code execution on the SuperAGI application server."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "report@snyk.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L149",
"source": "report@snyk.io"
},
{
"url": "https://github.com/TransformerOptimus/SuperAGI/blob/9361f0491716e56bd0c0ae2f3b49da201a18c58c/superagi/agent/output_handler.py#L180",
"source": "report@snyk.io"
}
]
}

6
CVE-2024/CVE-2024-233xx/CVE-2024-23321.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23321",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-22T10:15:02.540",
"lastModified": "2024-07-22T13:00:31.330",
"lastModified": "2024-07-22T14:15:04.500",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -29,6 +29,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/1",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/lr8npobww786nrnddd1pcy974r17c830",
"source": "security@apache.org"

64
CVE-2024/CVE-2024-256xx/CVE-2024-25638.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-25638",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-22T14:15:04.593",
"lastModified": "2024-07-22T14:15:04.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dnsjava is an implementation of DNS in Java. Records in DNS replies are not checked for their relevance to the query, allowing an attacker to respond with RRs from different zones. This vulnerability is fixed in 3.6.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-345"
},
{
"lang": "en",
"value": "CWE-349"
}
]
}
],
"references": [
{
"url": "https://github.com/dnsjava/dnsjava/commit/bc51df1c455e6c9fb7cbd42fcb6d62d16047818d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dnsjava/dnsjava/security/advisories/GHSA-cfxw-4h78-h7fw",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-260xx/CVE-2024-26020.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-26020",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-22T15:15:02.660",
"lastModified": "2024-07-22T15:15:02.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An arbitrary script execution vulnerability exists in the MPV functionality of Ankitects Anki 24.04. A specially crafted flashcard can lead to a arbitrary code execution. An attacker can send malicious flashcard to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1993",
"source": "talos-cna@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-290xx/CVE-2024-29073.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-29073",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-22T15:15:02.943",
"lastModified": "2024-07-22T15:15:02.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An vulnerability in the handling of Latex exists in Ankitects Anki 24.04. When Latex is sanitized to prevent unsafe commands, the verbatim package, which comes installed by default in many Latex distributions, has been overlooked. A specially crafted flashcard can lead to an arbitrary file read. An attacker can share a flashcard to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-829"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1992",
"source": "talos-cna@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-321xx/CVE-2024-32152.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-32152",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-22T15:15:03.197",
"lastModified": "2024-07-22T15:15:03.197",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-184"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1994",
"source": "talos-cna@cisco.com"
}
]
}

56
CVE-2024/CVE-2024-324xx/CVE-2024-32484.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-32484",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-22T15:15:03.417",
"lastModified": "2024-07-22T15:15:03.417",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An reflected XSS vulnerability exists in the handling of invalid paths in the Flask server in Ankitects Anki 24.04. A specially crafted flashcard can lead to JavaScript code execution and result in an arbitrary file read. An attacker can share a malicious flashcard to trigger this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1995",
"source": "talos-cna@cisco.com"
}
]
}

6
CVE-2024/CVE-2024-344xx/CVE-2024-34457.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34457",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-22T10:15:03.607",
"lastModified": "2024-07-22T13:00:31.330",
"lastModified": "2024-07-22T14:15:04.883",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -29,6 +29,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/2",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/brlfrmvw9dcv38zoofmhxg7qookmwn7j",
"source": "security@apache.org"

47
CVE-2024/CVE-2024-357xx/CVE-2024-35730.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-35730",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-08T13:15:54.667",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-22T14:23:34.797",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pluginus:woot:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.0.6.4",
"matchCriteriaId": "CB0C6F1B-0499-4B9E-AA73-F27EB87ECDA8"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

89
CVE-2024/CVE-2024-369xx/CVE-2024-36991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36991",
"sourceIdentifier": "prodsec@splunk.com",
"published": "2024-07-01T17:15:07.860",
"lastModified": "2024-07-03T02:03:58.577",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-22T15:00:45.110",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "prodsec@splunk.com",
"type": "Secondary",
@ -61,14 +91,65 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.0.0",
"versionEndExcluding": "9.0.10",
"matchCriteriaId": "09264EE5-FA8A-49C5-AB1F-AEAC16CDC591"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.1.0",
"versionEndExcluding": "9.1.5",
"matchCriteriaId": "565039EE-74F6-451C-AFB3-F6C9F7AA0EEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "9.2.0",
"versionEndExcluding": "9.2.2",
"matchCriteriaId": "B1342052-4733-49BB-95F0-A89B07A3F2E3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://advisory.splunk.com/advisories/SVD-2024-0711",
"source": "prodsec@splunk.com"
"source": "prodsec@splunk.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://research.splunk.com/application/e7c2b064-524e-4d65-8002-efce808567aa",
"source": "prodsec@splunk.com"
"source": "prodsec@splunk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

100
CVE-2024/CVE-2024-379xx/CVE-2024-37998.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-37998",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-07-22T14:15:05.453",
"lastModified": "2024-07-22T14:15:05.453",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). The password of administrative accounts of the affected applications can be reset without requiring the knowledge of the current password, given the auto login is enabled. This could allow an unauthorized attacker to obtain administrative access of the affected applications."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-620"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html",
"source": "productcert@siemens.com"
}
]
}

6
CVE-2024/CVE-2024-385xx/CVE-2024-38503.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38503",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-22T10:15:08.723",
"lastModified": "2024-07-22T13:00:31.330",
"lastModified": "2024-07-22T14:15:05.780",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -29,6 +29,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/22/3",
"source": "security@apache.org"
},
{
"url": "https://syncope.apache.org/security#cve-2024-38503-html-tags-can-be-injected-into-console-or-enduser",
"source": "security@apache.org"

4
CVE-2024/CVE-2024-387xx/CVE-2024-38788.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-38788",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-07-22T11:15:04.953",
"lastModified": "2024-07-22T13:00:31.330",
"lastModified": "2024-07-22T14:15:06.010",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in B?i Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06."
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in B\u1edfi Admin 2020 UiPress lite allows SQL Injection.This issue affects UiPress lite: from n/a through 3.4.06."
},
{
"lang": "es",

100
CVE-2024/CVE-2024-396xx/CVE-2024-39601.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39601",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-07-22T14:15:06.107",
"lastModified": "2024-07-22T14:15:06.107",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V5.40), SICORE Base system (All versions < V1.4.0). Affected devices allow a remote authenticated user or an unauthenticated user with physical access to downgrade the firmware of the device. This could allow an attacker to downgrade the device to older versions with known vulnerabilities."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "productcert@siemens.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-071402.html",
"source": "productcert@siemens.com"
}
]
}

68
CVE-2024/CVE-2024-399xx/CVE-2024-39902.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-39902",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-22T14:15:06.383",
"lastModified": "2024-07-22T14:15:06.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tuleap is an open source suite to improve management of software developments and collaboration. Prior to Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8, the checkbox \"Apply same permissions to all sub-items of this folder\" in the document manager permissions modal is not taken into account and always considered as unchecked. In situations where the permissions are being restricted some users might still keep, incorrectly, the possibility to edit or manage items. Only change made via the web UI are affected, changes directly made via the REST API are not impacted. This vulnerability is fixed in Tuleap Community Edition 15.10.99.128 and Tuleap Enterprise Edition 15.10-6 and 15.9-8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"references": [
{
"url": "https://github.com/Enalean/tuleap/commit/580161e8a065fba30ca5ca1f6f1bdb4f4b1424bb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/Enalean/tuleap/security/advisories/GHSA-5jq5-vxmq-xrj7",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=580161e8a065fba30ca5ca1f6f1bdb4f4b1424bb",
"source": "security-advisories@github.com"
},
{
"url": "https://tuleap.net/plugins/tracker/?aid=38675",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-411xx/CVE-2024-41129.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-41129",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-22T15:15:03.710",
"lastModified": "2024-07-22T15:15:03.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ops library is a Python framework for developing and testing Kubernetes and machine charms. The issue here is that ops passes the secret content as one of the args via CLI. This issue may affect any of the charms that are using: Juju (>=3.0), Juju secrets and not correctly capturing and processing `subprocess.CalledProcessError`. This vulnerability is fixed in 2.15.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://github.com/canonical/operator/commit/fea6d2072435a62170d4c01272572f1a7e916e61",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/canonical/operator/security/advisories/GHSA-hcmv-jmqh-fjgm",
"source": "security-advisories@github.com"
}
]
}

72
CVE-2024/CVE-2024-411xx/CVE-2024-41131.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-41131",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-22T15:15:03.933",
"lastModified": "2024-07-22T15:15:03.933",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. An Out-of-bounds Write vulnerability has been found in the ImageSharp gif decoder, allowing attackers to cause a crash using a specially crafted gif. This can potentially lead to denial of service. All users are advised to upgrade to v3.1.5 or v2.1.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://github.com/SixLabors/ImageSharp/commit/9dda64a8186af67baf06b6d9c1ab599c3608b693",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/a1f287977139109a987065643b8172c748abdadb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/pull/2754",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/pull/2756",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-63p8-c4ww-9cg7",
"source": "security-advisories@github.com"
}
]
}

88
CVE-2024/CVE-2024-411xx/CVE-2024-41132.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-41132",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-22T15:15:04.160",
"lastModified": "2024-07-22T15:15:04.160",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in the Gif decoder. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. All users are advised to upgrade to v3.1.5 or v2.1.9."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-789"
}
]
}
],
"references": [
{
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"source": "security-advisories@github.com"
},
{
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/59de13c8cc47f2b402e2c43aa7024511d029d515",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/9816ca45016c5d3859986f3c600e8934bc450a56",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/b496109051cc39feee1f6cde48fca6481de17f9a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/pull/2759",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/pull/2764",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/pull/2770",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-qxrv-gp6x-rc23",
"source": "security-advisories@github.com"
}
]
}

21
CVE-2024/CVE-2024-413xx/CVE-2024-41314.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-41314",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-22T14:15:06.627",
"lastModified": "2024-07-22T14:15:06.627",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_1_vif_disable/README.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-413xx/CVE-2024-41315.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-41315",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-22T14:15:06.693",
"lastModified": "2024-07-22T14:15:06.693",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_4_apcli_do_enr_pin_wps/README.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-413xx/CVE-2024-41316.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-41316",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-22T14:15:06.757",
"lastModified": "2024-07-22T14:15:06.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_2_apcli_cancel_wps/README.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-413xx/CVE-2024-41317.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-41317",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-22T14:15:06.817",
"lastModified": "2024-07-22T14:15:06.817",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_3_apcli_do_enr_pbc_wps/README.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-413xx/CVE-2024-41318.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-41318",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-22T14:15:06.880",
"lastModified": "2024-07-22T14:15:06.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_5_apcli_wps_gen_pincode/README.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-413xx/CVE-2024-41320.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-41320",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-22T14:15:06.940",
"lastModified": "2024-07-22T14:15:06.940",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the ifname parameter in the get_apcli_conn_info function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yanggao017/vuln/blob/main/TOTOLINK/A6000R/CI_6_get_apcli_conn_info/README.md",
"source": "cve@mitre.org"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41824.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41824",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-07-22T15:15:04.400",
"lastModified": "2024-07-22T15:15:04.400",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2024.07 parameters of the \"password\" type could leak into the build log in some specific cases"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41825.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41825",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-07-22T15:15:04.630",
"lastModified": "2024-07-22T15:15:04.630",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2024.07 stored XSS was possible on the Code Inspection tab"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41826.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41826",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-07-22T15:15:04.847",
"lastModified": "2024-07-22T15:15:04.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2024.07 stored XSS was possible on Show Connection page"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41827.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41827",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-07-22T15:15:05.057",
"lastModified": "2024-07-22T15:15:05.057",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2024.07 access tokens could continue working after deletion or expiration"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41828.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41828",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-07-22T15:15:05.270",
"lastModified": "2024-07-22T15:15:05.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2024.07 comparison of authorization tokens took non-constant time"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-208"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
}
]
}

56
CVE-2024/CVE-2024-418xx/CVE-2024-41829.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41829",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-07-22T15:15:05.487",
"lastModified": "2024-07-22T15:15:05.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2024.07 an OAuth code for JetBrains Space could be stolen via Space Application connection"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-303"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
}
]
}

65
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-07-22T14:00:19.705232+00:00
2024-07-22T16:00:18.186666+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-07-22T13:15:02.360000+00:00
2024-07-22T15:15:05.487000+00:00
```
### Last Data Feed Release
@ -33,44 +33,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
257764
257788
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `24`
- [CVE-2024-21552](CVE-2024/CVE-2024-215xx/CVE-2024-21552.json) (`2024-07-22T15:15:02.410`)
- [CVE-2024-25638](CVE-2024/CVE-2024-256xx/CVE-2024-25638.json) (`2024-07-22T14:15:04.593`)
- [CVE-2024-26020](CVE-2024/CVE-2024-260xx/CVE-2024-26020.json) (`2024-07-22T15:15:02.660`)
- [CVE-2024-29073](CVE-2024/CVE-2024-290xx/CVE-2024-29073.json) (`2024-07-22T15:15:02.943`)
- [CVE-2024-32152](CVE-2024/CVE-2024-321xx/CVE-2024-32152.json) (`2024-07-22T15:15:03.197`)
- [CVE-2024-32484](CVE-2024/CVE-2024-324xx/CVE-2024-32484.json) (`2024-07-22T15:15:03.417`)
- [CVE-2024-37998](CVE-2024/CVE-2024-379xx/CVE-2024-37998.json) (`2024-07-22T14:15:05.453`)
- [CVE-2024-39601](CVE-2024/CVE-2024-396xx/CVE-2024-39601.json) (`2024-07-22T14:15:06.107`)
- [CVE-2024-39902](CVE-2024/CVE-2024-399xx/CVE-2024-39902.json) (`2024-07-22T14:15:06.383`)
- [CVE-2024-41129](CVE-2024/CVE-2024-411xx/CVE-2024-41129.json) (`2024-07-22T15:15:03.710`)
- [CVE-2024-41131](CVE-2024/CVE-2024-411xx/CVE-2024-41131.json) (`2024-07-22T15:15:03.933`)
- [CVE-2024-41132](CVE-2024/CVE-2024-411xx/CVE-2024-41132.json) (`2024-07-22T15:15:04.160`)
- [CVE-2024-41314](CVE-2024/CVE-2024-413xx/CVE-2024-41314.json) (`2024-07-22T14:15:06.627`)
- [CVE-2024-41315](CVE-2024/CVE-2024-413xx/CVE-2024-41315.json) (`2024-07-22T14:15:06.693`)
- [CVE-2024-41316](CVE-2024/CVE-2024-413xx/CVE-2024-41316.json) (`2024-07-22T14:15:06.757`)
- [CVE-2024-41317](CVE-2024/CVE-2024-413xx/CVE-2024-41317.json) (`2024-07-22T14:15:06.817`)
- [CVE-2024-41318](CVE-2024/CVE-2024-413xx/CVE-2024-41318.json) (`2024-07-22T14:15:06.880`)
- [CVE-2024-41320](CVE-2024/CVE-2024-413xx/CVE-2024-41320.json) (`2024-07-22T14:15:06.940`)
- [CVE-2024-41824](CVE-2024/CVE-2024-418xx/CVE-2024-41824.json) (`2024-07-22T15:15:04.400`)
- [CVE-2024-41825](CVE-2024/CVE-2024-418xx/CVE-2024-41825.json) (`2024-07-22T15:15:04.630`)
- [CVE-2024-41826](CVE-2024/CVE-2024-418xx/CVE-2024-41826.json) (`2024-07-22T15:15:04.847`)
- [CVE-2024-41827](CVE-2024/CVE-2024-418xx/CVE-2024-41827.json) (`2024-07-22T15:15:05.057`)
- [CVE-2024-41828](CVE-2024/CVE-2024-418xx/CVE-2024-41828.json) (`2024-07-22T15:15:05.270`)
- [CVE-2024-41829](CVE-2024/CVE-2024-418xx/CVE-2024-41829.json) (`2024-07-22T15:15:05.487`)
### CVEs modified in the last Commit
Recently modified CVEs: `266`
Recently modified CVEs: `6`
- [CVE-2024-6945](CVE-2024/CVE-2024-69xx/CVE-2024-6945.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6946](CVE-2024/CVE-2024-69xx/CVE-2024-6946.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6947](CVE-2024/CVE-2024-69xx/CVE-2024-6947.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6948](CVE-2024/CVE-2024-69xx/CVE-2024-6948.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6949](CVE-2024/CVE-2024-69xx/CVE-2024-6949.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6950](CVE-2024/CVE-2024-69xx/CVE-2024-6950.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6951](CVE-2024/CVE-2024-69xx/CVE-2024-6951.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6952](CVE-2024/CVE-2024-69xx/CVE-2024-6952.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6953](CVE-2024/CVE-2024-69xx/CVE-2024-6953.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6954](CVE-2024/CVE-2024-69xx/CVE-2024-6954.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6955](CVE-2024/CVE-2024-69xx/CVE-2024-6955.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6956](CVE-2024/CVE-2024-69xx/CVE-2024-6956.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6957](CVE-2024/CVE-2024-69xx/CVE-2024-6957.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6958](CVE-2024/CVE-2024-69xx/CVE-2024-6958.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6960](CVE-2024/CVE-2024-69xx/CVE-2024-6960.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6961](CVE-2024/CVE-2024-69xx/CVE-2024-6961.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6962](CVE-2024/CVE-2024-69xx/CVE-2024-6962.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6963](CVE-2024/CVE-2024-69xx/CVE-2024-6963.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6964](CVE-2024/CVE-2024-69xx/CVE-2024-6964.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6965](CVE-2024/CVE-2024-69xx/CVE-2024-6965.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6966](CVE-2024/CVE-2024-69xx/CVE-2024-6966.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6967](CVE-2024/CVE-2024-69xx/CVE-2024-6967.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6968](CVE-2024/CVE-2024-69xx/CVE-2024-6968.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6969](CVE-2024/CVE-2024-69xx/CVE-2024-6969.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-6970](CVE-2024/CVE-2024-69xx/CVE-2024-6970.json) (`2024-07-22T13:00:31.330`)
- [CVE-2024-23321](CVE-2024/CVE-2024-233xx/CVE-2024-23321.json) (`2024-07-22T14:15:04.500`)
- [CVE-2024-34457](CVE-2024/CVE-2024-344xx/CVE-2024-34457.json) (`2024-07-22T14:15:04.883`)
- [CVE-2024-35730](CVE-2024/CVE-2024-357xx/CVE-2024-35730.json) (`2024-07-22T14:23:34.797`)
- [CVE-2024-36991](CVE-2024/CVE-2024-369xx/CVE-2024-36991.json) (`2024-07-22T15:00:45.110`)
- [CVE-2024-38503](CVE-2024/CVE-2024-385xx/CVE-2024-38503.json) (`2024-07-22T14:15:05.780`)
- [CVE-2024-38788](CVE-2024/CVE-2024-387xx/CVE-2024-38788.json) (`2024-07-22T14:15:06.010`)
## Download and Usage

560
_state.csv
View File

File diff suppressed because it is too large Load Diff