admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-26T02:00:17.716740+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-26 02:03:11 +00:00
parent 9618b807b7
commit 701bd30112
10 changed files with 748 additions and 374 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2024/CVE-2024-247xx/CVE-2024-24764.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24764",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-26T01:15:47.890",
"lastModified": "2024-06-26T01:15:47.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema (`october://`) allowed external links, therefore allowing an open redirect outside the scope of the active host. This vulnerability has been patched in version 3.5.15."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://github.com/octobercms/october/security/advisories/GHSA-v2vf-jv88-3fp5",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-299xx/CVE-2024-29953.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29953",
"sourceIdentifier": "sirt@brocade.com",
"published": "2024-06-26T00:15:10.030",
"lastModified": "2024-06-26T00:15:10.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. \nThis could allow an authenticated user to view other users' session encoded passwords."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23227",
"source": "sirt@brocade.com"
}
]
}

55
CVE-2024/CVE-2024-299xx/CVE-2024-29954.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-29954",
"sourceIdentifier": "sirt@brocade.com",
"published": "2024-06-26T00:15:10.263",
"lastModified": "2024-06-26T00:15:10.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp.\n\nDetail.\nWhen the firmwaredownload command is incorrectly entered or points to an erroneous file, the firmware download log captures the failed command, including any password entered in the command line."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23226",
"source": "sirt@brocade.com"
}
]
}

67
CVE-2024/CVE-2024-383xx/CVE-2024-38364.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-38364",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-26T00:15:10.480",
"lastModified": "2024-06-26T00:15:10.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.6,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/DSpace/DSpace/commit/f1059b4340857cca3dc4c45b1ebbadce6bb61c0b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/DSpace/DSpace/pull/8891",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/DSpace/DSpace/pull/9638",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/DSpace/DSpace/security/advisories/GHSA-94cc-xjxr-pwvf",
"source": "security-advisories@github.com"
}
]
}

51
CVE-2024/CVE-2024-385xx/CVE-2024-38526.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-38526",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-26T00:15:10.703",
"lastModified": "2024-06-26T00:15:10.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "pdoc provides API Documentation for Python Projects. Documentation generated with `pdoc --math` linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc 14.5.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://github.com/mitmproxy/pdoc/pull/703",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mitmproxy/pdoc/security/advisories/GHSA-5vgj-ggm4-fg62",
"source": "security-advisories@github.com"
},
{
"url": "https://sansec.io/research/polyfill-supply-chain-attack",
"source": "security-advisories@github.com"
}
]
}

51
CVE-2024/CVE-2024-48xx/CVE-2024-4869.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-4869",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-26T00:15:10.897",
"lastModified": "2024-06-26T00:15:10.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018Client-IP\u2019 header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/3.2.0/public/class-gdpr-cookie-consent-public.php#L793",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/gdpr-cookie-consent/tags/3.2.0/public/modules/consent-logs/class-wpl-cookie-consent-consent-logs.php#L570",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/507b2e65-987b-4d4a-8a99-5366048d925e?source=cve",
"source": "security@wordfence.com"
}
]
}

55
CVE-2024/CVE-2024-54xx/CVE-2024-5460.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5460",
"sourceIdentifier": "sirt@brocade.com",
"published": "2024-06-26T00:15:11.093",
"lastModified": "2024-06-26T00:15:11.093",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the default configuration of the Simple Network \nManagement Protocol (SNMP) feature of Brocade Fabric OS versions before \nv9.0.0 could allow an authenticated, remote attacker to read data from \nan affected device via SNMP. The vulnerability is due to hard-coded, \ndefault community string in the configuration file for the SNMP daemon. \nAn attacker could exploit this vulnerability by using the static \ncommunity string in SNMP version 1 queries to an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "sirt@brocade.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24409",
"source": "sirt@brocade.com"
}
]
}

14
CVE-2024/CVE-2024-58xx/CVE-2024-5806.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-5806",
"sourceIdentifier": "security@progress.com",
"published": "2024-06-25T15:15:15.850",
"lastModified": "2024-06-25T18:50:42.040",
"lastModified": "2024-06-26T00:15:11.293",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass in limited scenarios.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2."
"value": "Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2."
}
],
"metrics": {
@ -17,19 +17,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]

50
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-06-25T23:55:18.952619+00:00
2024-06-26T02:00:17.716740+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-06-25T23:15:31.923000+00:00
2024-06-26T01:15:47.890000+00:00
```
### Last Data Feed Release
@ -27,55 +27,33 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-06-25T00:00:08.655339+00:00
2024-06-26T00:00:08.662795+00:00
```
### Total Number of included CVEs
```plain
255200
255207
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `7`
- [CVE-2024-30112](CVE-2024/CVE-2024-301xx/CVE-2024-30112.json) (`2024-06-25T22:15:30.117`)
- [CVE-2024-30931](CVE-2024/CVE-2024-309xx/CVE-2024-30931.json) (`2024-06-25T22:15:30.313`)
- [CVE-2024-35527](CVE-2024/CVE-2024-355xx/CVE-2024-35527.json) (`2024-06-25T22:15:30.403`)
- [CVE-2024-37742](CVE-2024/CVE-2024-377xx/CVE-2024-37742.json) (`2024-06-25T22:15:35.183`)
- [CVE-2024-6060](CVE-2024/CVE-2024-60xx/CVE-2024-6060.json) (`2024-06-25T22:15:35.347`)
- [CVE-2024-24764](CVE-2024/CVE-2024-247xx/CVE-2024-24764.json) (`2024-06-26T01:15:47.890`)
- [CVE-2024-29953](CVE-2024/CVE-2024-299xx/CVE-2024-29953.json) (`2024-06-26T00:15:10.030`)
- [CVE-2024-29954](CVE-2024/CVE-2024-299xx/CVE-2024-29954.json) (`2024-06-26T00:15:10.263`)
- [CVE-2024-38364](CVE-2024/CVE-2024-383xx/CVE-2024-38364.json) (`2024-06-26T00:15:10.480`)
- [CVE-2024-38526](CVE-2024/CVE-2024-385xx/CVE-2024-38526.json) (`2024-06-26T00:15:10.703`)
- [CVE-2024-4869](CVE-2024/CVE-2024-48xx/CVE-2024-4869.json) (`2024-06-26T00:15:10.897`)
- [CVE-2024-5460](CVE-2024/CVE-2024-54xx/CVE-2024-5460.json) (`2024-06-26T00:15:11.093`)
### CVEs modified in the last Commit
Recently modified CVEs: `325`
Recently modified CVEs: `1`
- [CVE-2024-35935](CVE-2024/CVE-2024-359xx/CVE-2024-35935.json) (`2024-06-25T22:15:33.360`)
- [CVE-2024-35936](CVE-2024/CVE-2024-359xx/CVE-2024-35936.json) (`2024-06-25T22:15:33.420`)
- [CVE-2024-35940](CVE-2024/CVE-2024-359xx/CVE-2024-35940.json) (`2024-06-25T22:15:33.483`)
- [CVE-2024-35944](CVE-2024/CVE-2024-359xx/CVE-2024-35944.json) (`2024-06-25T22:15:33.550`)
- [CVE-2024-35950](CVE-2024/CVE-2024-359xx/CVE-2024-35950.json) (`2024-06-25T22:15:33.627`)
- [CVE-2024-35955](CVE-2024/CVE-2024-359xx/CVE-2024-35955.json) (`2024-06-25T22:15:33.687`)
- [CVE-2024-35960](CVE-2024/CVE-2024-359xx/CVE-2024-35960.json) (`2024-06-25T22:15:33.753`)
- [CVE-2024-35962](CVE-2024/CVE-2024-359xx/CVE-2024-35962.json) (`2024-06-25T22:15:33.823`)
- [CVE-2024-35967](CVE-2024/CVE-2024-359xx/CVE-2024-35967.json) (`2024-06-25T22:15:33.880`)
- [CVE-2024-35969](CVE-2024/CVE-2024-359xx/CVE-2024-35969.json) (`2024-06-25T22:15:33.940`)
- [CVE-2024-35973](CVE-2024/CVE-2024-359xx/CVE-2024-35973.json) (`2024-06-25T23:15:31.150`)
- [CVE-2024-35976](CVE-2024/CVE-2024-359xx/CVE-2024-35976.json) (`2024-06-25T22:15:34.027`)
- [CVE-2024-35978](CVE-2024/CVE-2024-359xx/CVE-2024-35978.json) (`2024-06-25T22:15:34.133`)
- [CVE-2024-35982](CVE-2024/CVE-2024-359xx/CVE-2024-35982.json) (`2024-06-25T23:15:31.253`)
- [CVE-2024-35983](CVE-2024/CVE-2024-359xx/CVE-2024-35983.json) (`2024-06-25T23:15:31.383`)
- [CVE-2024-35984](CVE-2024/CVE-2024-359xx/CVE-2024-35984.json) (`2024-06-25T22:15:34.233`)
- [CVE-2024-35988](CVE-2024/CVE-2024-359xx/CVE-2024-35988.json) (`2024-06-25T23:15:31.573`)
- [CVE-2024-35990](CVE-2024/CVE-2024-359xx/CVE-2024-35990.json) (`2024-06-25T22:15:34.330`)
- [CVE-2024-35996](CVE-2024/CVE-2024-359xx/CVE-2024-35996.json) (`2024-06-25T22:15:34.480`)
- [CVE-2024-35997](CVE-2024/CVE-2024-359xx/CVE-2024-35997.json) (`2024-06-25T23:15:31.750`)
- [CVE-2024-36004](CVE-2024/CVE-2024-360xx/CVE-2024-36004.json) (`2024-06-25T22:15:34.870`)
- [CVE-2024-36006](CVE-2024/CVE-2024-360xx/CVE-2024-36006.json) (`2024-06-25T22:15:34.963`)
- [CVE-2024-36007](CVE-2024/CVE-2024-360xx/CVE-2024-36007.json) (`2024-06-25T22:15:35.027`)
- [CVE-2024-36008](CVE-2024/CVE-2024-360xx/CVE-2024-36008.json) (`2024-06-25T22:15:35.090`)
- [CVE-2024-36020](CVE-2024/CVE-2024-360xx/CVE-2024-36020.json) (`2024-06-25T23:15:31.923`)
- [CVE-2024-5806](CVE-2024/CVE-2024-58xx/CVE-2024-5806.json) (`2024-06-26T00:15:11.293`)
## Download and Usage

669
_state.csv
View File

File diff suppressed because it is too large Load Diff