Auto-Update: 2024-03-04T09:08:31.672135+00:00

2025-09-17 18:45:49 +00:00 · 2024-03-04 09:08:35 +00:00 · 2024-03-04 09:08:35 +00:00 · 68459f6938
commit 68459f6938
parent 0529246c42
8 changed files with 366 additions and 32 deletions
--- a/CVE-2023/CVE-2023-251xx/CVE-2023-25176.json
+++ b/CVE-2023/CVE-2023-251xx/CVE-2023-25176.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-25176",
+  "sourceIdentifier": "scy@openharmony.io",
+  "published": "2024-03-04T07:15:06.387",
+  "lastModified": "2024-03-04T07:15:06.387",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "in OpenHarmony v3.2.4 and prior versions allow a local attacker cause information leak through out-of-bounds Read."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "scy@openharmony.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.9,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.4,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "scy@openharmony.io",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md",
+      "source": "scy@openharmony.io"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-44xx/CVE-2023-4479.json
+++ b/CVE-2023/CVE-2023-44xx/CVE-2023-4479.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-4479",
+  "sourceIdentifier": "security@m-files.com",
+  "published": "2024-03-04T08:15:08.160",
+  "lastModified": "2024-03-04T08:15:08.160",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time period."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@m-files.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@m-files.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.m-files.com/about/trust-center/security-advisories/cve-2023-4479/",
+      "source": "security@m-files.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-467xx/CVE-2023-46708.json
+++ b/CVE-2023/CVE-2023-467xx/CVE-2023-46708.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-46708",
+  "sourceIdentifier": "scy@openharmony.io",
+  "published": "2024-03-04T07:15:08.100",
+  "lastModified": "2024-03-04T07:15:08.100",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "in OpenHarmony v3.2.4 and prior versions allow a local attacker arbitrary code execution in any apps through use after free."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "scy@openharmony.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "scy@openharmony.io",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-416"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md",
+      "source": "scy@openharmony.io"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-496xx/CVE-2023-49602.json
+++ b/CVE-2023/CVE-2023-496xx/CVE-2023-49602.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-49602",
+  "sourceIdentifier": "scy@openharmony.io",
+  "published": "2024-03-04T07:15:08.780",
+  "lastModified": "2024-03-04T07:15:08.780",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "in OpenHarmony v3.2.4 and prior versions allow a local attacker cause apps crash through type confusion."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "scy@openharmony.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 2.9,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.4,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "scy@openharmony.io",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-843"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md",
+      "source": "scy@openharmony.io"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-218xx/CVE-2024-21816.json
+++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21816.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-21816",
+  "sourceIdentifier": "scy@openharmony.io",
+  "published": "2024-03-04T07:15:09.743",
+  "lastModified": "2024-03-04T07:15:09.743",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "scy@openharmony.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.0,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "scy@openharmony.io",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-281"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md",
+      "source": "scy@openharmony.io"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-218xx/CVE-2024-21826.json
+++ b/CVE-2024/CVE-2024-218xx/CVE-2024-21826.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-21826",
+  "sourceIdentifier": "scy@openharmony.io",
+  "published": "2024-03-04T07:15:10.380",
+  "lastModified": "2024-03-04T07:15:10.380",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "scy@openharmony.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "scy@openharmony.io",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-922"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md",
+      "source": "scy@openharmony.io"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-266xx/CVE-2024-26622.json
+++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26622.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-26622",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2024-03-04T07:15:11.063",
+  "lastModified": "2024-03-04T07:15:11.063",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntomoyo: fix UAF write bug in tomoyo_write_control()\n\nSince tomoyo_write_control() updates head->write_buf when write()\nof long lines is requested, we need to fetch head->write_buf after\nhead->io_sem is held.  Otherwise, concurrent write() requests can\ncause use-after-free-write and double-free problems."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-03-04T05:00:24.896550+00:00
+2024-03-04T09:08:31.672135+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-03-04T03:15:07.800000+00:00
+2024-03-04T08:15:08.160000+00:00
 ```

 ### Last Data Feed Release
@ -29,46 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-240413
+240420
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `21`
+Recently added CVEs: `7`

-* [CVE-2024-20005](CVE-2024/CVE-2024-200xx/CVE-2024-20005.json) (`2024-03-04T03:15:06.917`)
-* [CVE-2024-20017](CVE-2024/CVE-2024-200xx/CVE-2024-20017.json) (`2024-03-04T03:15:06.970`)
-* [CVE-2024-20018](CVE-2024/CVE-2024-200xx/CVE-2024-20018.json) (`2024-03-04T03:15:07.017`)
-* [CVE-2024-20019](CVE-2024/CVE-2024-200xx/CVE-2024-20019.json) (`2024-03-04T03:15:07.060`)
-* [CVE-2024-20020](CVE-2024/CVE-2024-200xx/CVE-2024-20020.json) (`2024-03-04T03:15:07.107`)
-* [CVE-2024-20022](CVE-2024/CVE-2024-200xx/CVE-2024-20022.json) (`2024-03-04T03:15:07.150`)
-* [CVE-2024-20023](CVE-2024/CVE-2024-200xx/CVE-2024-20023.json) (`2024-03-04T03:15:07.193`)
-* [CVE-2024-20024](CVE-2024/CVE-2024-200xx/CVE-2024-20024.json) (`2024-03-04T03:15:07.237`)
-* [CVE-2024-20025](CVE-2024/CVE-2024-200xx/CVE-2024-20025.json) (`2024-03-04T03:15:07.280`)
-* [CVE-2024-20026](CVE-2024/CVE-2024-200xx/CVE-2024-20026.json) (`2024-03-04T03:15:07.320`)
-* [CVE-2024-20027](CVE-2024/CVE-2024-200xx/CVE-2024-20027.json) (`2024-03-04T03:15:07.363`)
-* [CVE-2024-20028](CVE-2024/CVE-2024-200xx/CVE-2024-20028.json) (`2024-03-04T03:15:07.403`)
-* [CVE-2024-20029](CVE-2024/CVE-2024-200xx/CVE-2024-20029.json) (`2024-03-04T03:15:07.453`)
-* [CVE-2024-20030](CVE-2024/CVE-2024-200xx/CVE-2024-20030.json) (`2024-03-04T03:15:07.500`)
-* [CVE-2024-20031](CVE-2024/CVE-2024-200xx/CVE-2024-20031.json) (`2024-03-04T03:15:07.540`)
-* [CVE-2024-20032](CVE-2024/CVE-2024-200xx/CVE-2024-20032.json) (`2024-03-04T03:15:07.587`)
-* [CVE-2024-20033](CVE-2024/CVE-2024-200xx/CVE-2024-20033.json) (`2024-03-04T03:15:07.630`)
-* [CVE-2024-20034](CVE-2024/CVE-2024-200xx/CVE-2024-20034.json) (`2024-03-04T03:15:07.673`)
-* [CVE-2024-20036](CVE-2024/CVE-2024-200xx/CVE-2024-20036.json) (`2024-03-04T03:15:07.717`)
-* [CVE-2024-20037](CVE-2024/CVE-2024-200xx/CVE-2024-20037.json) (`2024-03-04T03:15:07.760`)
-* [CVE-2024-20038](CVE-2024/CVE-2024-200xx/CVE-2024-20038.json) (`2024-03-04T03:15:07.800`)
+* [CVE-2023-25176](CVE-2023/CVE-2023-251xx/CVE-2023-25176.json) (`2024-03-04T07:15:06.387`)
+* [CVE-2023-46708](CVE-2023/CVE-2023-467xx/CVE-2023-46708.json) (`2024-03-04T07:15:08.100`)
+* [CVE-2023-49602](CVE-2023/CVE-2023-496xx/CVE-2023-49602.json) (`2024-03-04T07:15:08.780`)
+* [CVE-2023-4479](CVE-2023/CVE-2023-44xx/CVE-2023-4479.json) (`2024-03-04T08:15:08.160`)
+* [CVE-2024-21816](CVE-2024/CVE-2024-218xx/CVE-2024-21816.json) (`2024-03-04T07:15:09.743`)
+* [CVE-2024-21826](CVE-2024/CVE-2024-218xx/CVE-2024-21826.json) (`2024-03-04T07:15:10.380`)
+* [CVE-2024-26622](CVE-2024/CVE-2024-266xx/CVE-2024-26622.json) (`2024-03-04T07:15:11.063`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `6`
+Recently modified CVEs: `0`

-* [CVE-2023-4408](CVE-2023/CVE-2023-44xx/CVE-2023-4408.json) (`2024-03-04T03:15:06.087`)
-* [CVE-2023-50387](CVE-2023/CVE-2023-503xx/CVE-2023-50387.json) (`2024-03-04T03:15:06.217`)
-* [CVE-2023-50868](CVE-2023/CVE-2023-508xx/CVE-2023-50868.json) (`2024-03-04T03:15:06.500`)
-* [CVE-2023-5517](CVE-2023/CVE-2023-55xx/CVE-2023-5517.json) (`2024-03-04T03:15:06.577`)
-* [CVE-2023-5679](CVE-2023/CVE-2023-56xx/CVE-2023-5679.json) (`2024-03-04T03:15:06.680`)
-* [CVE-2023-6516](CVE-2023/CVE-2023-65xx/CVE-2023-6516.json) (`2024-03-04T03:15:06.827`)


 ## Download and Usage