admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-05T23:00:26.286741+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-05 23:00:30 +00:00
parent 3bc9b7230f
commit 7e1f66661e
22 changed files with 816 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2019/CVE-2019-102xx/CVE-2019-10271.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-10271",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-06-24T19:15:10.553",
"lastModified": "2020-08-24T17:37:01.140",
"lastModified": "2024-03-05T21:11:12.187",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -15,13 +15,13 @@
}
],
"metrics": {
"cvssMetricV30": [
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -85,8 +85,8 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ultimatemember:ultimate_member:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.39",
"matchCriteriaId": "725AC319-2863-4B03-ACF6-CAD5BC228E2A"
"versionEndExcluding": "2.0.40",
"matchCriteriaId": "A0451A41-7BA3-42DA-A431-52551BC7C4EE"
}
]
}

10
CVE-2021/CVE-2021-458xx/CVE-2021-45810.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2021-45810",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-03-22T11:15:07.807",
"lastModified": "2022-04-01T14:09:34.847",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-05T22:15:46.827",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Multiple versions of GlobalProtect-openconnect are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server."
"value": "GlobalProtect-openconnect versions prior to 2.0.0 (exclusive) are affected by incorrect access control in GPService through DBUS, GUI. The way GlobalProtect-Openconnect is set up enables arbitrary users to start a VPN connection to arbitrary servers. By hosting an openconnect compatible server, the attack can redirect the entire host's traffic via their own server."
},
{
"lang": "es",
@ -102,6 +102,10 @@
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://github.com/yuezk/GlobalProtect-openconnect/issues/114#issuecomment-1914008203",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-288xx/CVE-2023-28892.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28892",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-29T15:15:07.730",
"lastModified": "2023-04-01T01:39:10.697",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-05T21:15:07.250",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -65,6 +65,10 @@
}
],
"references": [
{
"url": "https://forums.malwarebytes.com/topic/307429-release-adwcleaner-841/",
"source": "cve@mitre.org"
},
{
"url": "https://malwarebytes.com",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-506xx/CVE-2023-50693.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-50693",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-19T20:15:11.917",
"lastModified": "2024-01-26T13:50:52.407",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-05T21:15:07.367",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue in dom96 Jester v.0.6.0 and before allows a remote attacker to execute arbitrary code via a crafted request."
"value": "An issue in Jester v.0.6.0 and before allows a remote attacker to send a malicious crafted request."
},
{
"lang": "es",

43
CVE-2024/CVE-2024-13xx/CVE-2024-1356.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-1356",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-03-05T21:15:07.593",
"lastModified": "2024-03-05T21:15:07.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt",
"source": "security-alert@hpe.com"
}
]
}

32
CVE-2024/CVE-2024-17xx/CVE-2024-1764.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-1764",
"sourceIdentifier": "security@devolutions.net",
"published": "2024-03-05T22:15:46.947",
"lastModified": "2024-03-05T22:15:46.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@devolutions.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2024-0002",
"source": "security@devolutions.net"
}
]
}

20
CVE-2024/CVE-2024-18xx/CVE-2024-1898.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-1898",
"sourceIdentifier": "security@devolutions.net",
"published": "2024-03-05T22:15:47.020",
"lastModified": "2024-03-05T22:15:47.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator.\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2024-0002",
"source": "security@devolutions.net"
}
]
}

20
CVE-2024/CVE-2024-19xx/CVE-2024-1900.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-1900",
"sourceIdentifier": "security@devolutions.net",
"published": "2024-03-05T22:15:47.060",
"lastModified": "2024-03-05T22:15:47.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. \n\nThe user will stay authenticated until the Devolutions Server token expiration."
}
],
"metrics": {},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2024-0002",
"source": "security@devolutions.net"
}
]
}

20
CVE-2024/CVE-2024-19xx/CVE-2024-1901.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-1901",
"sourceIdentifier": "security@devolutions.net",
"published": "2024-03-05T22:15:47.103",
"lastModified": "2024-03-05T22:15:47.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable.\n\n\n"
}
],
"metrics": {},
"references": [
{
"url": "https://devolutions.net/security/advisories/DEVO-2024-0002",
"source": "security@devolutions.net"
}
]
}

103
CVE-2024/CVE-2024-207xx/CVE-2024-20747.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20747",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:48.860",
"lastModified": "2024-02-15T17:15:09.063",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-05T22:17:24.763",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 20.005.30539, 23.008.20470 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,14 +50,105 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1908",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory"
]
}
]
}

103
CVE-2024/CVE-2024-207xx/CVE-2024-20748.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20748",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:49.050",
"lastModified": "2024-02-15T17:15:09.160",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-05T22:17:26.913",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 20.005.30539, 23.008.20470 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,14 +50,105 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1909",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory"
]
}
]
}

103
CVE-2024/CVE-2024-207xx/CVE-2024-20749.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20749",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-02-15T13:15:49.237",
"lastModified": "2024-02-15T17:15:09.253",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-05T22:17:17.527",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 20.005.30539, 23.008.20470 y anteriores de Acrobat Reader se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para evitar mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -46,14 +50,105 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "003DFCB5-0AB3-4758-AB2C-C94EABA7CCF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "23.008.20533",
"matchCriteriaId": "E194EB06-36A7-486A-A556-A4A51256C8F7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "D4DBB9C3-11E4-4F50-B7B8-B75DD384F8A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30574",
"matchCriteriaId": "F2BDF07B-649F-4C09-B8DD-458FF75ADB35"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-07.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1910",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Third Party Advisory"
]
}
]
}

55
CVE-2024/CVE-2024-21xx/CVE-2024-2179.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2179",
"sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"published": "2024-03-05T21:15:09.100",
"lastModified": "2024-03-05T21:15:09.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes",
"source": "ff5b8ace-8b95-4078-9743-eac1ca5451de"
}
]
}

6
CVE-2024/CVE-2024-228xx/CVE-2024-22894.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-22894",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-30T10:15:09.833",
"lastModified": "2024-02-08T16:40:42.490",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-05T21:15:07.790",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An issue in AIT-Deutschland Alpha Innotec Heatpumps wp2reg-V.3.88.0-9015 and Novelan Heatpumps wp2reg-V.3.88.0-9015, allows remote attackers to execute arbitrary code via the password component in the shadow file."
"value": "An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file."
},
{
"lang": "es",

43
CVE-2024/CVE-2024-256xx/CVE-2024-25611.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-25611",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-03-05T21:15:07.887",
"lastModified": "2024-03-05T21:15:07.887",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2024/CVE-2024-256xx/CVE-2024-25612.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-25612",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-03-05T21:15:08.133",
"lastModified": "2024-03-05T21:15:08.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2024/CVE-2024-256xx/CVE-2024-25613.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-25613",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-03-05T21:15:08.307",
"lastModified": "2024-03-05T21:15:08.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2024/CVE-2024-256xx/CVE-2024-25614.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-25614",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-03-05T21:15:08.473",
"lastModified": "2024-03-05T21:15:08.473",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. \n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2024/CVE-2024-256xx/CVE-2024-25615.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-25615",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-03-05T21:15:08.637",
"lastModified": "2024-03-05T21:15:08.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": " An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt",
"source": "security-alert@hpe.com"
}
]
}

43
CVE-2024/CVE-2024-256xx/CVE-2024-25616.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-25616",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-03-05T21:15:08.807",
"lastModified": "2024-03-05T21:15:08.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-alert@hpe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt",
"source": "security-alert@hpe.com"
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25858.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25858",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T21:15:09.030",
"lastModified": "2024-03-05T21:15:09.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands."
}
],
"metrics": {},
"references": [
{
"url": "https://www.foxit.com/support/security-bulletins.html",
"source": "cve@mitre.org"
}
]
}

59
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-05T21:00:25.249896+00:00
2024-03-05T23:00:26.286741+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-05T20:43:45.700000+00:00
2024-03-05T22:17:26.913000+00:00
```
### Last Data Feed Release
@ -29,47 +29,40 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240585
240598
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `13`
* [CVE-2022-22399](CVE-2022/CVE-2022-223xx/CVE-2022-22399.json) (`2024-03-05T20:16:00.620`)
* [CVE-2023-25681](CVE-2023/CVE-2023-256xx/CVE-2023-25681.json) (`2024-03-05T20:16:00.857`)
* [CVE-2023-26282](CVE-2023/CVE-2023-262xx/CVE-2023-26282.json) (`2024-03-05T20:16:01.077`)
* [CVE-2024-23225](CVE-2024/CVE-2024-232xx/CVE-2024-23225.json) (`2024-03-05T20:16:01.370`)
* [CVE-2024-23243](CVE-2024/CVE-2024-232xx/CVE-2024-23243.json) (`2024-03-05T20:16:01.450`)
* [CVE-2024-23256](CVE-2024/CVE-2024-232xx/CVE-2024-23256.json) (`2024-03-05T20:16:01.503`)
* [CVE-2024-23296](CVE-2024/CVE-2024-232xx/CVE-2024-23296.json) (`2024-03-05T20:16:01.553`)
* [CVE-2024-2055](CVE-2024/CVE-2024-20xx/CVE-2024-2055.json) (`2024-03-05T20:16:01.617`)
* [CVE-2024-2056](CVE-2024/CVE-2024-20xx/CVE-2024-2056.json) (`2024-03-05T20:16:01.703`)
* [CVE-2024-1356](CVE-2024/CVE-2024-13xx/CVE-2024-1356.json) (`2024-03-05T21:15:07.593`)
* [CVE-2024-25611](CVE-2024/CVE-2024-256xx/CVE-2024-25611.json) (`2024-03-05T21:15:07.887`)
* [CVE-2024-25612](CVE-2024/CVE-2024-256xx/CVE-2024-25612.json) (`2024-03-05T21:15:08.133`)
* [CVE-2024-25613](CVE-2024/CVE-2024-256xx/CVE-2024-25613.json) (`2024-03-05T21:15:08.307`)
* [CVE-2024-25614](CVE-2024/CVE-2024-256xx/CVE-2024-25614.json) (`2024-03-05T21:15:08.473`)
* [CVE-2024-25615](CVE-2024/CVE-2024-256xx/CVE-2024-25615.json) (`2024-03-05T21:15:08.637`)
* [CVE-2024-25616](CVE-2024/CVE-2024-256xx/CVE-2024-25616.json) (`2024-03-05T21:15:08.807`)
* [CVE-2024-25858](CVE-2024/CVE-2024-258xx/CVE-2024-25858.json) (`2024-03-05T21:15:09.030`)
* [CVE-2024-2179](CVE-2024/CVE-2024-21xx/CVE-2024-2179.json) (`2024-03-05T21:15:09.100`)
* [CVE-2024-1764](CVE-2024/CVE-2024-17xx/CVE-2024-1764.json) (`2024-03-05T22:15:46.947`)
* [CVE-2024-1898](CVE-2024/CVE-2024-18xx/CVE-2024-1898.json) (`2024-03-05T22:15:47.020`)
* [CVE-2024-1900](CVE-2024/CVE-2024-19xx/CVE-2024-1900.json) (`2024-03-05T22:15:47.060`)
* [CVE-2024-1901](CVE-2024/CVE-2024-19xx/CVE-2024-1901.json) (`2024-03-05T22:15:47.103`)
### CVEs modified in the last Commit
Recently modified CVEs: `19`
Recently modified CVEs: `8`
* [CVE-2023-44324](CVE-2023/CVE-2023-443xx/CVE-2023-44324.json) (`2024-03-05T19:56:42.527`)
* [CVE-2023-5665](CVE-2023/CVE-2023-56xx/CVE-2023-5665.json) (`2024-03-05T20:23:44.463`)
* [CVE-2023-38995](CVE-2023/CVE-2023-389xx/CVE-2023-38995.json) (`2024-03-05T20:24:27.990`)
* [CVE-2023-40548](CVE-2023/CVE-2023-405xx/CVE-2023-40548.json) (`2024-03-05T20:43:45.700`)
* [CVE-2024-27198](CVE-2024/CVE-2024-271xx/CVE-2024-27198.json) (`2024-03-05T19:01:18.917`)
* [CVE-2024-21350](CVE-2024/CVE-2024-213xx/CVE-2024-21350.json) (`2024-03-05T20:02:13.803`)
* [CVE-2024-21368](CVE-2024/CVE-2024-213xx/CVE-2024-21368.json) (`2024-03-05T20:02:40.983`)
* [CVE-2024-21369](CVE-2024/CVE-2024-213xx/CVE-2024-21369.json) (`2024-03-05T20:02:44.637`)
* [CVE-2024-21370](CVE-2024/CVE-2024-213xx/CVE-2024-21370.json) (`2024-03-05T20:02:50.433`)
* [CVE-2024-21375](CVE-2024/CVE-2024-213xx/CVE-2024-21375.json) (`2024-03-05T20:02:54.560`)
* [CVE-2024-21365](CVE-2024/CVE-2024-213xx/CVE-2024-21365.json) (`2024-03-05T20:03:23.807`)
* [CVE-2024-21366](CVE-2024/CVE-2024-213xx/CVE-2024-21366.json) (`2024-03-05T20:03:30.197`)
* [CVE-2024-21367](CVE-2024/CVE-2024-213xx/CVE-2024-21367.json) (`2024-03-05T20:03:33.437`)
* [CVE-2024-21359](CVE-2024/CVE-2024-213xx/CVE-2024-21359.json) (`2024-03-05T20:03:56.137`)
* [CVE-2024-21360](CVE-2024/CVE-2024-213xx/CVE-2024-21360.json) (`2024-03-05T20:03:58.480`)
* [CVE-2024-21361](CVE-2024/CVE-2024-213xx/CVE-2024-21361.json) (`2024-03-05T20:04:01.077`)
* [CVE-2024-1354](CVE-2024/CVE-2024-13xx/CVE-2024-1354.json) (`2024-03-05T20:22:24.573`)
* [CVE-2024-1355](CVE-2024/CVE-2024-13xx/CVE-2024-1355.json) (`2024-03-05T20:22:38.100`)
* [CVE-2024-1359](CVE-2024/CVE-2024-13xx/CVE-2024-1359.json) (`2024-03-05T20:22:49.650`)
* [CVE-2019-10271](CVE-2019/CVE-2019-102xx/CVE-2019-10271.json) (`2024-03-05T21:11:12.187`)
* [CVE-2021-45810](CVE-2021/CVE-2021-458xx/CVE-2021-45810.json) (`2024-03-05T22:15:46.827`)
* [CVE-2023-28892](CVE-2023/CVE-2023-288xx/CVE-2023-28892.json) (`2024-03-05T21:15:07.250`)
* [CVE-2023-50693](CVE-2023/CVE-2023-506xx/CVE-2023-50693.json) (`2024-03-05T21:15:07.367`)
* [CVE-2024-22894](CVE-2024/CVE-2024-228xx/CVE-2024-22894.json) (`2024-03-05T21:15:07.790`)
* [CVE-2024-20749](CVE-2024/CVE-2024-207xx/CVE-2024-20749.json) (`2024-03-05T22:17:17.527`)
* [CVE-2024-20747](CVE-2024/CVE-2024-207xx/CVE-2024-20747.json) (`2024-03-05T22:17:24.763`)
* [CVE-2024-20748](CVE-2024/CVE-2024-207xx/CVE-2024-20748.json) (`2024-03-05T22:17:26.913`)
## Download and Usage