admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-26T03:00:25.384184+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-26 03:00:29 +00:00
parent 84ae97a83a
commit 7d3e520c46
25 changed files with 678 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2023/CVE-2023-54xx/CVE-2023-5455.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5455",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-10T13:15:48.643",
"lastModified": "2024-01-17T01:41:11.040",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-26T02:15:07.177",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -498,6 +498,14 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U76DAZZVY7V4XQBOOV5ETPTHW3A6MW5O/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UFNUQH7IOHTKCTKQWFHONWGUBOUANL6I/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.freeipa.org/release-notes/4-10-3.html",
"source": "secalert@redhat.com",

63
CVE-2023/CVE-2023-56xx/CVE-2023-5612.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-5612",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-26T02:15:07.357",
"lastModified": "2024-01-26T02:15:07.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab affecting all versions before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. It was possible to read the user email address via tags feed although the visibility in the user profile has been disabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/428441",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2208790",
"source": "cve@gitlab.com"
}
]
}

63
CVE-2023/CVE-2023-59xx/CVE-2023-5933.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-5933",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-26T01:15:08.660",
"lastModified": "2024-01-26T01:15:08.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430236",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2225710",
"source": "cve@gitlab.com"
}
]
}

63
CVE-2023/CVE-2023-61xx/CVE-2023-6159.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2023-6159",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-26T02:15:07.567",
"lastModified": "2024-01-26T02:15:07.567",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/431924",
"source": "cve@gitlab.com"
},
{
"url": "https://hackerone.com/reports/2251278",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2024/CVE-2024-04xx/CVE-2024-0402.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0402",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-26T01:15:08.920",
"lastModified": "2024-01-26T01:15:08.920",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437819",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2024/CVE-2024-04xx/CVE-2024-0456.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-0456",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-01-26T01:15:09.110",
"lastModified": "2024-01-26T01:15:09.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/",
"source": "cve@gitlab.com"
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/430726",
"source": "cve@gitlab.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0804.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0804",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.720",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:07.777",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1515137",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0805.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0805",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.787",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:07.833",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1514925",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0806",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.847",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:07.887",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1505176",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0807",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.897",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:07.943",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1505080",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0808",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:07.950",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:07.993",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1504936",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0809",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.003",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:08.050",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1497985",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0810.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0810",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.063",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:08.107",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1496250",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0811",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.117",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:08.160",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1494490",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0812",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.167",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:08.210",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1484394",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0813",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.223",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:08.263",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1477151",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

12
CVE-2024/CVE-2024-08xx/CVE-2024-0814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0814",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-01-24T00:15:08.273",
"lastModified": "2024-01-24T13:49:03.187",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-26T02:15:08.317",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",
@ -23,6 +23,14 @@
{
"url": "https://crbug.com/1463935",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/",
"source": "chrome-cve-admin@google.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/",
"source": "chrome-cve-admin@google.com"
}
]
}

6
CVE-2024/CVE-2024-206xx/CVE-2024-20677.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-20677",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:50.887",
"lastModified": "2024-01-16T20:02:24.243",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-26T01:15:09.533",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "<p>A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.</p>\n<p>3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.</p>\n<p>This change is effective as of the January 9, 2024 security update.</p>\n"
"value": "A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365.\n3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time.\nThis change is effective as of the January 9, 2024 security update.\n"
},
{
"lang": "es",

43
CVE-2024/CVE-2024-213xx/CVE-2024-21326.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-21326",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.010",
"lastModified": "2024-01-26T01:15:10.010",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21326",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2024/CVE-2024-213xx/CVE-2024-21382.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-21382",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.187",
"lastModified": "2024-01-26T01:15:10.187",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge for Android Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21382",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2024/CVE-2024-213xx/CVE-2024-21383.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-21383",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.367",
"lastModified": "2024-01-26T01:15:10.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21383",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2024/CVE-2024-213xx/CVE-2024-21385.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-21385",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.540",
"lastModified": "2024-01-26T01:15:10.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21385",
"source": "secure@microsoft.com"
}
]
}

43
CVE-2024/CVE-2024-213xx/CVE-2024-21387.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-21387",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-26T01:15:10.703",
"lastModified": "2024-01-26T01:15:10.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Edge for Android Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21387",
"source": "secure@microsoft.com"
}
]
}

6
CVE-2024/CVE-2024-215xx/CVE-2024-21596.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-21596",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-01-12T01:15:47.267",
"lastModified": "2024-01-19T22:58:28.350",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-26T01:15:10.873",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\n\nThe primary RE is not impacted by this issue and there is no impact on traffic.\n\nThis issue only affects devices with NSR enabled.\n\nThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.1 versions earlier than 23.1R2;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S2-EVO;\n * 22.3-EVO versions later than 22.3R1-EVO;\n * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.1-EVO versions earlier than 23.1R2-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
"value": "\nA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS).\n\nIf an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE.\n\nThe primary RE is not impacted by this issue and there is no impact on traffic.\n\nThis issue only affects devices with NSR enabled.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations.\n\nThis issue affects:\n\nJuniper Networks Junos OS\n\n\n\n * All versions earlier than 20.4R3-S9;\n * 21.2 versions earlier than 21.2R3-S7;\n * 21.3 versions earlier than 21.3R3-S5;\n * 21.4 versions earlier than 21.4R3-S5;\n * 22.1 versions earlier than 22.1R3-S4;\n * 22.2 versions earlier than 22.2R3-S2;\n * 22.3 versions earlier than 22.3R3-S1;\n * 22.4 versions earlier than 22.4R2-S2, 22.4R3;\n * 23.1 versions earlier than 23.1R2;\n * 23.2 versions earlier than 23.2R1-S2, 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions earlier than 21.3R3-S5-EVO;\n * 21.4-EVO versions earlier than 21.4R3-S5-EVO;\n * 22.1-EVO versions earlier than 22.1R3-S4-EVO;\n * 22.2-EVO versions earlier than 22.2R3-S2-EVO;\n * 22.3-EVO versions later than 22.3R1-EVO;\n * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO;\n * 23.1-EVO versions earlier than 23.1R2-EVO;\n * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.\n\n\n\n\n\n\n"
},
{
"lang": "es",

64
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-26T00:55:25.245537+00:00
2024-01-26T03:00:25.384184+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-26T00:15:12.187000+00:00
2024-01-26T02:15:08.317000+00:00
```
### Last Data Feed Release
@ -23,53 +23,49 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-01-25T01:00:28.284562+00:00
2024-01-26T01:00:28.285926+00:00
```
### Total Number of included CVEs
```plain
236843
236853
```
### CVEs added in the last Commit
Recently added CVEs: `22`
Recently added CVEs: `10`
* [CVE-2024-0889](CVE-2024/CVE-2024-08xx/CVE-2024-0889.json) (`2024-01-25T23:15:08.790`)
* [CVE-2024-0890](CVE-2024/CVE-2024-08xx/CVE-2024-0890.json) (`2024-01-25T23:15:09.017`)
* [CVE-2024-0891](CVE-2024/CVE-2024-08xx/CVE-2024-0891.json) (`2024-01-25T23:15:09.250`)
* [CVE-2024-21619](CVE-2024/CVE-2024-216xx/CVE-2024-21619.json) (`2024-01-25T23:15:09.467`)
* [CVE-2024-21620](CVE-2024/CVE-2024-216xx/CVE-2024-21620.json) (`2024-01-25T23:15:09.680`)
* [CVE-2024-23613](CVE-2024/CVE-2024-236xx/CVE-2024-23613.json) (`2024-01-26T00:15:08.123`)
* [CVE-2024-23614](CVE-2024/CVE-2024-236xx/CVE-2024-23614.json) (`2024-01-26T00:15:08.373`)
* [CVE-2024-23615](CVE-2024/CVE-2024-236xx/CVE-2024-23615.json) (`2024-01-26T00:15:08.627`)
* [CVE-2024-23616](CVE-2024/CVE-2024-236xx/CVE-2024-23616.json) (`2024-01-26T00:15:08.843`)
* [CVE-2024-23617](CVE-2024/CVE-2024-236xx/CVE-2024-23617.json) (`2024-01-26T00:15:09.060`)
* [CVE-2024-23618](CVE-2024/CVE-2024-236xx/CVE-2024-23618.json) (`2024-01-26T00:15:09.263`)
* [CVE-2024-23619](CVE-2024/CVE-2024-236xx/CVE-2024-23619.json) (`2024-01-26T00:15:09.470`)
* [CVE-2024-23620](CVE-2024/CVE-2024-236xx/CVE-2024-23620.json) (`2024-01-26T00:15:09.687`)
* [CVE-2024-23621](CVE-2024/CVE-2024-236xx/CVE-2024-23621.json) (`2024-01-26T00:15:09.957`)
* [CVE-2024-23622](CVE-2024/CVE-2024-236xx/CVE-2024-23622.json) (`2024-01-26T00:15:10.190`)
* [CVE-2024-23624](CVE-2024/CVE-2024-236xx/CVE-2024-23624.json) (`2024-01-26T00:15:10.397`)
* [CVE-2024-23625](CVE-2024/CVE-2024-236xx/CVE-2024-23625.json) (`2024-01-26T00:15:10.620`)
* [CVE-2024-23626](CVE-2024/CVE-2024-236xx/CVE-2024-23626.json) (`2024-01-26T00:15:10.820`)
* [CVE-2024-23627](CVE-2024/CVE-2024-236xx/CVE-2024-23627.json) (`2024-01-26T00:15:11.037`)
* [CVE-2024-23628](CVE-2024/CVE-2024-236xx/CVE-2024-23628.json) (`2024-01-26T00:15:11.273`)
* [CVE-2024-23629](CVE-2024/CVE-2024-236xx/CVE-2024-23629.json) (`2024-01-26T00:15:11.650`)
* [CVE-2024-23630](CVE-2024/CVE-2024-236xx/CVE-2024-23630.json) (`2024-01-26T00:15:12.187`)
* [CVE-2023-5933](CVE-2023/CVE-2023-59xx/CVE-2023-5933.json) (`2024-01-26T01:15:08.660`)
* [CVE-2023-5612](CVE-2023/CVE-2023-56xx/CVE-2023-5612.json) (`2024-01-26T02:15:07.357`)
* [CVE-2023-6159](CVE-2023/CVE-2023-61xx/CVE-2023-6159.json) (`2024-01-26T02:15:07.567`)
* [CVE-2024-0402](CVE-2024/CVE-2024-04xx/CVE-2024-0402.json) (`2024-01-26T01:15:08.920`)
* [CVE-2024-0456](CVE-2024/CVE-2024-04xx/CVE-2024-0456.json) (`2024-01-26T01:15:09.110`)
* [CVE-2024-21326](CVE-2024/CVE-2024-213xx/CVE-2024-21326.json) (`2024-01-26T01:15:10.010`)
* [CVE-2024-21382](CVE-2024/CVE-2024-213xx/CVE-2024-21382.json) (`2024-01-26T01:15:10.187`)
* [CVE-2024-21383](CVE-2024/CVE-2024-213xx/CVE-2024-21383.json) (`2024-01-26T01:15:10.367`)
* [CVE-2024-21385](CVE-2024/CVE-2024-213xx/CVE-2024-21385.json) (`2024-01-26T01:15:10.540`)
* [CVE-2024-21387](CVE-2024/CVE-2024-213xx/CVE-2024-21387.json) (`2024-01-26T01:15:10.703`)
### CVEs modified in the last Commit
Recently modified CVEs: `6`
Recently modified CVEs: `14`
* [CVE-2023-36851](CVE-2023/CVE-2023-368xx/CVE-2023-36851.json) (`2024-01-25T23:15:08.073`)
* [CVE-2023-4001](CVE-2023/CVE-2023-40xx/CVE-2023-4001.json) (`2024-01-25T23:15:08.270`)
* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-25T23:15:08.487`)
* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-25T23:15:08.590`)
* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-25T23:15:08.683`)
* [CVE-2024-21617](CVE-2024/CVE-2024-216xx/CVE-2024-21617.json) (`2024-01-26T00:15:07.990`)
* [CVE-2023-5455](CVE-2023/CVE-2023-54xx/CVE-2023-5455.json) (`2024-01-26T02:15:07.177`)
* [CVE-2024-20677](CVE-2024/CVE-2024-206xx/CVE-2024-20677.json) (`2024-01-26T01:15:09.533`)
* [CVE-2024-21596](CVE-2024/CVE-2024-215xx/CVE-2024-21596.json) (`2024-01-26T01:15:10.873`)
* [CVE-2024-0804](CVE-2024/CVE-2024-08xx/CVE-2024-0804.json) (`2024-01-26T02:15:07.777`)
* [CVE-2024-0805](CVE-2024/CVE-2024-08xx/CVE-2024-0805.json) (`2024-01-26T02:15:07.833`)
* [CVE-2024-0806](CVE-2024/CVE-2024-08xx/CVE-2024-0806.json) (`2024-01-26T02:15:07.887`)
* [CVE-2024-0807](CVE-2024/CVE-2024-08xx/CVE-2024-0807.json) (`2024-01-26T02:15:07.943`)
* [CVE-2024-0808](CVE-2024/CVE-2024-08xx/CVE-2024-0808.json) (`2024-01-26T02:15:07.993`)
* [CVE-2024-0809](CVE-2024/CVE-2024-08xx/CVE-2024-0809.json) (`2024-01-26T02:15:08.050`)
* [CVE-2024-0810](CVE-2024/CVE-2024-08xx/CVE-2024-0810.json) (`2024-01-26T02:15:08.107`)
* [CVE-2024-0811](CVE-2024/CVE-2024-08xx/CVE-2024-0811.json) (`2024-01-26T02:15:08.160`)
* [CVE-2024-0812](CVE-2024/CVE-2024-08xx/CVE-2024-0812.json) (`2024-01-26T02:15:08.210`)
* [CVE-2024-0813](CVE-2024/CVE-2024-08xx/CVE-2024-0813.json) (`2024-01-26T02:15:08.263`)
* [CVE-2024-0814](CVE-2024/CVE-2024-08xx/CVE-2024-0814.json) (`2024-01-26T02:15:08.317`)
## Download and Usage