admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-24T00:55:24.693980+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-24 00:55:28 +00:00
parent 4dadd299e7
commit 7348f8f507
24 changed files with 643 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2023/CVE-2023-332xx/CVE-2023-33295.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-33295",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T20:15:10.567",
"lastModified": "2024-01-19T22:52:48.170",
"lastModified": "2024-01-23T23:15:07.890",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation."
"value": "Cohesity DataProtect prior to 6.8.1_u5 or 7.1 was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Cohesity DataProtect 6.8.1 y 6.6.0d ten\u00eda una vulnerabilidad de control de acceso incorrecto debido a la falta de validaci\u00f3n del certificado TLS."
}
],
"metrics": {},

32
CVE-2023/CVE-2023-358xx/CVE-2023-35835.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-35835",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T23:15:07.947",
"lastModified": "2024-01-23T23:15:07.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. The device provides a WiFi access point for initial configuration. The WiFi network provided has no network authentication (such as an encryption key) and persists permanently, including after enrollment and setup is complete. The WiFi network serves a web-based configuration utility, as well as an unauthenticated ModBus protocol interface."
}
],
"metrics": {},
"references": [
{
"url": "https://www.solaxpower.com/downloads/",
"source": "cve@mitre.org"
},
{
"url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/",
"source": "cve@mitre.org"
},
{
"url": "https://yougottahackthat.com/blog/",
"source": "cve@mitre.org"
},
{
"url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-358xx/CVE-2023-35836.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-35836",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T23:15:08.000",
"lastModified": "2024-01-23T23:15:08.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. An attacker within RF range can obtain a cleartext copy of the network configuration of the device, including the Wi-Fi PSK, during device setup and reconfiguration. Upon success, the attacker is able to further infiltrate the target's Wi-Fi networks."
}
],
"metrics": {},
"references": [
{
"url": "https://www.solaxpower.com/downloads/",
"source": "cve@mitre.org"
},
{
"url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/",
"source": "cve@mitre.org"
},
{
"url": "https://yougottahackthat.com/blog/",
"source": "cve@mitre.org"
},
{
"url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-358xx/CVE-2023-35837.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-35837",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-23T23:15:08.050",
"lastModified": "2024-01-23T23:15:08.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in SolaX Pocket WiFi 3 through 3.001.02. Authentication for web interface is completed via an unauthenticated WiFi AP. The administrative password for the web interface has a default password, equal to the registration ID of the device. This same registration ID is used as the WiFi SSID name. No routine is in place to force a change to this password on first use or bring its default state to the attention of the user. Once authenticated, an attacker can reconfigure the device or upload new firmware, both of which can lead to Denial of Service, code execution, or Escalation of Privileges."
}
],
"metrics": {},
"references": [
{
"url": "https://www.solaxpower.com/downloads/",
"source": "cve@mitre.org"
},
{
"url": "https://www.solaxpower.com/help/upgrading-the-pocket-wifi-firmware/",
"source": "cve@mitre.org"
},
{
"url": "https://yougottahackthat.com/blog/",
"source": "cve@mitre.org"
},
{
"url": "https://yougottahackthat.com/blog/1370/solax-inverters-pocket-wifi-using-poor-authentication",
"source": "cve@mitre.org"
}
]
}

71
CVE-2023/CVE-2023-471xx/CVE-2023-47115.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2023-47115",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-23T23:15:08.100",
"lastModified": "2024-01-23T23:15:08.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Label Studio is an a popular open source data labeling tool. Versions prior to 1.9.2 have a cross-site scripting (XSS) vulnerability that could be exploited when an authenticated user uploads a crafted image file for their avatar that gets rendered as a HTML file on the website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image.\n\nThe file `users/functions.py` lines 18-49 show that the only verification check is that the file is an image by extracting the dimensions from the file. Label Studio serves avatar images using Django's built-in `serve` view, which is not secure for production use according to Django's documentation. The issue with the Django `serve` view is that it determines the `Content-Type` of the response by the file extension in the URL path. Therefore, an attacker can upload an image that contains malicious HTML code and name the file with a `.html` extension to be rendered as a HTML page. The only file extension validation is performed on the client-side, which can be easily bypassed.\n\nVersion 1.9.2 fixes this issue. Other remediation strategies include validating the file extension on the server side, not in client-side code; removing the use of Django's `serve` view and implement a secure controller for viewing uploaded avatar images; saving file content in the database rather than on the filesystem to mitigate against other file related vulnerabilities; and avoiding trusting user controlled inputs."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://docs.djangoproject.com/en/4.2/ref/views/#serving-files-in-development",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/users/functions.py#L18-L49",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/HumanSignal/label-studio/blob/1.8.2/label_studio/users/urls.py#L25-L26",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/HumanSignal/label-studio/commit/a7a71e594f32ec4af8f3f800d5ccb8662e275da3",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-q68h-xwq5-mm7x",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2023/CVE-2023-56xx/CVE-2023-5646.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5646",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-20T02:15:08.193",
"lastModified": "2023-11-07T04:24:13.770",
"lastModified": "2024-01-23T23:15:08.317",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: it is a duplicate"
"value": "Rejected reason: \n** REJECT **DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5241. Reason: This record is a reservation duplicate of CVE-2023-5241. Notes: All CVE users should reference CVE-2023-5241 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.\n"
}
],
"metrics": {},

4
CVE-2023/CVE-2023-56xx/CVE-2023-5647.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5647",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-20T02:15:08.300",
"lastModified": "2023-11-07T04:24:13.800",
"lastModified": "2024-01-23T23:15:08.373",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: it is a duplicate"
"value": "Rejected reason: ** REJECT **\nDO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5212. Reason: This record is a reservation duplicate of CVE-2023-5212. Notes: All CVE users should reference CVE-2023-5212\u00a0instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.\n"
}
],
"metrics": {},

4
CVE-2023/CVE-2023-56xx/CVE-2023-5655.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5655",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-20T02:15:08.367",
"lastModified": "2023-11-07T04:24:13.847",
"lastModified": "2024-01-23T23:15:08.403",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: it is a duplicate"
"value": "Rejected reason: ** REJECT **\nDO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5534. Reason: This record is a reservation duplicate of CVE-2023-5534. Notes: All CVE users should reference CVE-2023-5534 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.\n"
}
],
"metrics": {},

4
CVE-2023/CVE-2023-56xx/CVE-2023-5656.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-5656",
"sourceIdentifier": "security@wordfence.com",
"published": "2023-10-20T08:15:13.707",
"lastModified": "2023-11-07T04:24:13.880",
"lastModified": "2024-01-23T23:15:08.440",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: it is a duplicate"
"value": "Rejected reason: ** REJECT **\nDO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-5533. Reason: This record is a reservation duplicate of CVE-2023-5533. Notes: All CVE users should reference CVE-2023-5533 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.\n"
}
],
"metrics": {},

24
CVE-2024/CVE-2024-08xx/CVE-2024-0804.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0804",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.720",
"lastModified": "2024-01-24T00:15:07.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1515137",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-08xx/CVE-2024-0805.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0805",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.787",
"lastModified": "2024-01-24T00:15:07.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1514925",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-08xx/CVE-2024-0806.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0806",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.847",
"lastModified": "2024-01-24T00:15:07.847",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1505176",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-08xx/CVE-2024-0807.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0807",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.897",
"lastModified": "2024-01-24T00:15:07.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1505080",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-08xx/CVE-2024-0808.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0808",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.950",
"lastModified": "2024-01-24T00:15:07.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1504936",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-08xx/CVE-2024-0809.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0809",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.003",
"lastModified": "2024-01-24T00:15:08.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1497985",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-08xx/CVE-2024-0810.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0810",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.063",
"lastModified": "2024-01-24T00:15:08.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1496250",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-08xx/CVE-2024-0811.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0811",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.117",
"lastModified": "2024-01-24T00:15:08.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1494490",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-08xx/CVE-2024-0812.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0812",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.167",
"lastModified": "2024-01-24T00:15:08.167",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1484394",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-08xx/CVE-2024-0813.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0813",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.223",
"lastModified": "2024-01-24T00:15:08.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1477151",
"source": "chrome-cve-admin@google.com"
}
]
}

24
CVE-2024/CVE-2024-08xx/CVE-2024-0814.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-0814",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.273",
"lastModified": "2024-01-24T00:15:08.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium)"
}
],
"metrics": {},
"references": [
{
"url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://crbug.com/1463935",
"source": "chrome-cve-admin@google.com"
}
]
}

28
CVE-2024/CVE-2024-234xx/CVE-2024-23453.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-23453",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-24T00:15:08.327",
"lastModified": "2024-01-24T00:15:08.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN96154238/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://spoon-support.spooncast.net/jp/update",
"source": "vultures@jpcert.or.jp"
}
]
}

67
CVE-2024/CVE-2024-236xx/CVE-2024-23633.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-23633",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-24T00:15:08.373",
"lastModified": "2024-01-24T00:15:08.373",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image.\n\n`data_import/uploader.py` lines 125C5 through 146 showed that if a URL passed the server side request forgery verification checks, the contents of the file would be downloaded using the filename in the URL. The downloaded file path could then be retrieved by sending a request to `/api/projects/{project_id}/file-uploads?ids=[{download_id}]` where `{project_id}` was the ID of the project and `{download_id}` was the ID of the downloaded file. Once the downloaded file path was retrieved by the previous API endpoint, `data_import/api.py`lines 595C1 through 616C62 demonstrated that the `Content-Type` of the response was determined by the file extension, since `mimetypes.guess_type` guesses the `Content-Type` based on the file extension. Since the `Content-Type` was determined by the file extension of the downloaded file, an attacker could import in a `.html` file that would execute JavaScript when visited.\n\nVersion 1.10.1 contains a patch for this issue. Other remediation strategies are also available. For all user provided files that are downloaded by Label Studio, set the `Content-Security-Policy: sandbox;` response header when viewed on the site. The `sandbox` directive restricts a page's actions to prevent popups, execution of plugins and scripts and enforces a `same-origin` policy. Alternatively, restrict the allowed file extensions that may be downloaded."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/api.py#L595C1-L616C62",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/uploader.py#L125C5-L146",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-fq23-g58m-799r",
"source": "security-advisories@github.com"
}
]
}

75
CVE-2024/CVE-2024-236xx/CVE-2024-23638.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2024-23638",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-24T00:15:08.573",
"lastModified": "2024-01-24T00:15:08.573",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-825"
}
]
}
],
"references": [
{
"url": "http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch",
"source": "security-advisories@github.com"
},
{
"url": "http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx",
"source": "security-advisories@github.com"
},
{
"url": "https://megamansec.github.io/Squid-Security-Audit/stream-assert.html",
"source": "security-advisories@github.com"
}
]
}

67
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-23T23:00:24.827181+00:00
2024-01-24T00:55:24.693980+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-23T22:15:16.587000+00:00
2024-01-24T00:15:08.573000+00:00
```
### Last Data Feed Release
@ -29,53 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236676
236694
```
### CVEs added in the last Commit
Recently added CVEs: `42`
Recently added CVEs: `18`
* [CVE-2023-47200](CVE-2023/CVE-2023-472xx/CVE-2023-47200.json) (`2024-01-23T21:15:08.863`)
* [CVE-2023-47201](CVE-2023/CVE-2023-472xx/CVE-2023-47201.json) (`2024-01-23T21:15:08.910`)
* [CVE-2023-47202](CVE-2023/CVE-2023-472xx/CVE-2023-47202.json) (`2024-01-23T21:15:08.957`)
* [CVE-2023-51200](CVE-2023/CVE-2023-512xx/CVE-2023-51200.json) (`2024-01-23T21:15:09.080`)
* [CVE-2023-52090](CVE-2023/CVE-2023-520xx/CVE-2023-52090.json) (`2024-01-23T21:15:09.123`)
* [CVE-2023-52091](CVE-2023/CVE-2023-520xx/CVE-2023-52091.json) (`2024-01-23T21:15:09.170`)
* [CVE-2023-52092](CVE-2023/CVE-2023-520xx/CVE-2023-52092.json) (`2024-01-23T21:15:09.210`)
* [CVE-2023-52093](CVE-2023/CVE-2023-520xx/CVE-2023-52093.json) (`2024-01-23T21:15:09.253`)
* [CVE-2023-52094](CVE-2023/CVE-2023-520xx/CVE-2023-52094.json) (`2024-01-23T21:15:09.293`)
* [CVE-2023-52324](CVE-2023/CVE-2023-523xx/CVE-2023-52324.json) (`2024-01-23T21:15:09.337`)
* [CVE-2023-52325](CVE-2023/CVE-2023-523xx/CVE-2023-52325.json) (`2024-01-23T21:15:09.383`)
* [CVE-2023-52326](CVE-2023/CVE-2023-523xx/CVE-2023-52326.json) (`2024-01-23T21:15:09.427`)
* [CVE-2023-52327](CVE-2023/CVE-2023-523xx/CVE-2023-52327.json) (`2024-01-23T21:15:09.467`)
* [CVE-2023-52328](CVE-2023/CVE-2023-523xx/CVE-2023-52328.json) (`2024-01-23T21:15:09.507`)
* [CVE-2023-52329](CVE-2023/CVE-2023-523xx/CVE-2023-52329.json) (`2024-01-23T21:15:09.550`)
* [CVE-2023-52330](CVE-2023/CVE-2023-523xx/CVE-2023-52330.json) (`2024-01-23T21:15:09.593`)
* [CVE-2023-52331](CVE-2023/CVE-2023-523xx/CVE-2023-52331.json) (`2024-01-23T21:15:09.633`)
* [CVE-2023-52337](CVE-2023/CVE-2023-523xx/CVE-2023-52337.json) (`2024-01-23T21:15:09.677`)
* [CVE-2023-52338](CVE-2023/CVE-2023-523xx/CVE-2023-52338.json) (`2024-01-23T21:15:09.717`)
* [CVE-2023-31654](CVE-2023/CVE-2023-316xx/CVE-2023-31654.json) (`2024-01-23T22:15:16.340`)
* [CVE-2023-36177](CVE-2023/CVE-2023-361xx/CVE-2023-36177.json) (`2024-01-23T22:15:16.390`)
* [CVE-2023-51199](CVE-2023/CVE-2023-511xx/CVE-2023-51199.json) (`2024-01-23T22:15:16.437`)
* [CVE-2023-51201](CVE-2023/CVE-2023-512xx/CVE-2023-51201.json) (`2024-01-23T22:15:16.480`)
* [CVE-2023-51208](CVE-2023/CVE-2023-512xx/CVE-2023-51208.json) (`2024-01-23T22:15:16.533`)
* [CVE-2023-7237](CVE-2023/CVE-2023-72xx/CVE-2023-7237.json) (`2024-01-23T22:15:16.587`)
* [CVE-2023-35835](CVE-2023/CVE-2023-358xx/CVE-2023-35835.json) (`2024-01-23T23:15:07.947`)
* [CVE-2023-35836](CVE-2023/CVE-2023-358xx/CVE-2023-35836.json) (`2024-01-23T23:15:08.000`)
* [CVE-2023-35837](CVE-2023/CVE-2023-358xx/CVE-2023-35837.json) (`2024-01-23T23:15:08.050`)
* [CVE-2023-47115](CVE-2023/CVE-2023-471xx/CVE-2023-47115.json) (`2024-01-23T23:15:08.100`)
* [CVE-2024-0804](CVE-2024/CVE-2024-08xx/CVE-2024-0804.json) (`2024-01-24T00:15:07.720`)
* [CVE-2024-0805](CVE-2024/CVE-2024-08xx/CVE-2024-0805.json) (`2024-01-24T00:15:07.787`)
* [CVE-2024-0806](CVE-2024/CVE-2024-08xx/CVE-2024-0806.json) (`2024-01-24T00:15:07.847`)
* [CVE-2024-0807](CVE-2024/CVE-2024-08xx/CVE-2024-0807.json) (`2024-01-24T00:15:07.897`)
* [CVE-2024-0808](CVE-2024/CVE-2024-08xx/CVE-2024-0808.json) (`2024-01-24T00:15:07.950`)
* [CVE-2024-0809](CVE-2024/CVE-2024-08xx/CVE-2024-0809.json) (`2024-01-24T00:15:08.003`)
* [CVE-2024-0810](CVE-2024/CVE-2024-08xx/CVE-2024-0810.json) (`2024-01-24T00:15:08.063`)
* [CVE-2024-0811](CVE-2024/CVE-2024-08xx/CVE-2024-0811.json) (`2024-01-24T00:15:08.117`)
* [CVE-2024-0812](CVE-2024/CVE-2024-08xx/CVE-2024-0812.json) (`2024-01-24T00:15:08.167`)
* [CVE-2024-0813](CVE-2024/CVE-2024-08xx/CVE-2024-0813.json) (`2024-01-24T00:15:08.223`)
* [CVE-2024-0814](CVE-2024/CVE-2024-08xx/CVE-2024-0814.json) (`2024-01-24T00:15:08.273`)
* [CVE-2024-23453](CVE-2024/CVE-2024-234xx/CVE-2024-23453.json) (`2024-01-24T00:15:08.327`)
* [CVE-2024-23633](CVE-2024/CVE-2024-236xx/CVE-2024-23633.json) (`2024-01-24T00:15:08.373`)
* [CVE-2024-23638](CVE-2024/CVE-2024-236xx/CVE-2024-23638.json) (`2024-01-24T00:15:08.573`)
### CVEs modified in the last Commit
Recently modified CVEs: `9`
Recently modified CVEs: `5`
* [CVE-2021-24433](CVE-2021/CVE-2021-244xx/CVE-2021-24433.json) (`2024-01-23T21:03:48.487`)
* [CVE-2022-41619](CVE-2022/CVE-2022-416xx/CVE-2022-41619.json) (`2024-01-23T21:42:44.163`)
* [CVE-2022-41695](CVE-2022/CVE-2022-416xx/CVE-2022-41695.json) (`2024-01-23T21:43:14.987`)
* [CVE-2023-49657](CVE-2023/CVE-2023-496xx/CVE-2023-49657.json) (`2024-01-23T21:15:09.000`)
* [CVE-2023-6129](CVE-2023/CVE-2023-61xx/CVE-2023-6129.json) (`2024-01-23T21:32:01.973`)
* [CVE-2023-52069](CVE-2023/CVE-2023-520xx/CVE-2023-52069.json) (`2024-01-23T21:41:02.097`)
* [CVE-2023-46952](CVE-2023/CVE-2023-469xx/CVE-2023-46952.json) (`2024-01-23T21:44:21.433`)
* [CVE-2024-0562](CVE-2024/CVE-2024-05xx/CVE-2024-0562.json) (`2024-01-23T21:00:27.900`)
* [CVE-2024-0558](CVE-2024/CVE-2024-05xx/CVE-2024-0558.json) (`2024-01-23T21:32:49.297`)
* [CVE-2023-33295](CVE-2023/CVE-2023-332xx/CVE-2023-33295.json) (`2024-01-23T23:15:07.890`)
* [CVE-2023-5646](CVE-2023/CVE-2023-56xx/CVE-2023-5646.json) (`2024-01-23T23:15:08.317`)
* [CVE-2023-5647](CVE-2023/CVE-2023-56xx/CVE-2023-5647.json) (`2024-01-23T23:15:08.373`)
* [CVE-2023-5655](CVE-2023/CVE-2023-56xx/CVE-2023-5655.json) (`2024-01-23T23:15:08.403`)
* [CVE-2023-5656](CVE-2023/CVE-2023-56xx/CVE-2023-5656.json) (`2024-01-23T23:15:08.440`)
## Download and Usage