admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 10:10:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-04-27T14:00:38.032924+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-04-27 14:03:27 +00:00
parent 29eb060d99
commit 7ee559615a
6 changed files with 350 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2024/CVE-2024-250xx/CVE-2024-25048.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-25048",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-27T12:15:10.517",
"lastModified": "2024-04-27T12:15:10.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Appliance 9.3 CD and LTS are vulnerable to a heap-based buffer overflow, caused by improper bounds checking. A remote authenticated attacker could overflow a buffer and execute arbitrary code on the system or cause the server to crash. IBM X-Force ID: 283137."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283137",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7149481",
"source": "psirt@us.ibm.com"
}
]
}

92
CVE-2024/CVE-2024-42xx/CVE-2024-4249.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4249",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-27T12:15:10.740",
"lastModified": "2024-04-27T12:15:10.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been classified as critical. Affected is the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-262140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formwrlSSIDget.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.262140",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.262140",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.319834",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-42xx/CVE-2024-4250.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4250",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-27T12:15:10.963",
"lastModified": "2024-04-27T12:15:10.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been declared as critical. Affected by this vulnerability is the function formwrlSSIDset of the file /goform/wifiSSIDset. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262141 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/formwrlSSIDset.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.262141",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.262141",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.319835",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-42xx/CVE-2024-4251.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4251",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-27T13:15:09.850",
"lastModified": "2024-04-27T13:15:09.850",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tenda i21 1.0.0.14(4656). It has been rated as critical. Affected by this issue is the function fromDhcpSetSer of the file /goform/DhcpSetSe. The manipulation of the argument dhcpStartIp/dhcpEndIp/dhcpGw/dhcpMask/dhcpLeaseTime/dhcpDns1/dhcpDns2 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262142 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.0
},
"baseSeverity": "HIGH",
"exploitabilityScore": 8.0,
"impactScore": 10.0,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/i/i21/fromDhcpSetSer.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.262142",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.262142",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.319836",
"source": "cna@vuldb.com"
}
]
}

15
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-04-27T12:00:38.039714+00:00
2024-04-27T14:00:38.032924+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-04-27T11:15:06.500000+00:00
2024-04-27T13:15:09.850000+00:00
```
### Last Data Feed Release
@ -33,16 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
246955
246959
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `4`
- [CVE-2024-3309](CVE-2024/CVE-2024-33xx/CVE-2024-3309.json) (`2024-04-27T10:15:07.307`)
- [CVE-2024-4247](CVE-2024/CVE-2024-42xx/CVE-2024-4247.json) (`2024-04-27T10:15:08.730`)
- [CVE-2024-4248](CVE-2024/CVE-2024-42xx/CVE-2024-4248.json) (`2024-04-27T11:15:06.500`)
- [CVE-2024-25048](CVE-2024/CVE-2024-250xx/CVE-2024-25048.json) (`2024-04-27T12:15:10.517`)
- [CVE-2024-4249](CVE-2024/CVE-2024-42xx/CVE-2024-4249.json) (`2024-04-27T12:15:10.740`)
- [CVE-2024-4250](CVE-2024/CVE-2024-42xx/CVE-2024-4250.json) (`2024-04-27T12:15:10.963`)
- [CVE-2024-4251](CVE-2024/CVE-2024-42xx/CVE-2024-4251.json) (`2024-04-27T13:15:09.850`)
### CVEs modified in the last Commit

10
_state.csv
View File

@ -242556,6 +242556,7 @@ CVE-2024-25029,0,0,d48a17c1d5ef1bfa6fbe7d5b73144f127d39825001bfd50aa27289e6a7875
CVE-2024-25030,0,0,fc3de3fd573e21787e1c0bdd960fb3a4c590b360d40ba7c7d9e34380b9c90bde,2024-04-03T17:24:18.150000
CVE-2024-2504,0,0,b952b345d554f248180cfc37dd33de3d29aef92bb40f82f2454b4ee2e2c1523d,2024-04-10T13:23:38.787000
CVE-2024-25046,0,0,64b67efbc5b2947bdef146aee983b6003b7daa23659b2bfe93519b90947330ac,2024-04-03T17:24:18.150000
CVE-2024-25048,1,1,f98b5f829311c9c9a726d02cd66b8a93a4755ae4aa235bf4cd2af7701d9667d0,2024-04-27T12:15:10.517000
CVE-2024-25062,0,0,9596ed5cf07a8bc8469d4afc28fc727a431af7cff3b6b8e84435c301d9955756,2024-02-13T00:40:40.503000
CVE-2024-25063,0,0,ada8a3e76748f7f6ba8d6378c081423ac8f962f095964d00e876ad6b7009736e,2024-03-04T22:45:02.117000
CVE-2024-25064,0,0,1c648660fe74d25bd4bc9587030796b3cc77cb44c915d4df3e4024ac11525ccf,2024-03-04T22:43:15.337000
@ -246541,7 +246542,7 @@ CVE-2024-32961,0,0,1b629054b94b5d4eed78b6abd48fbdc0faa224bb769542485a6d06ff46e20
CVE-2024-3298,0,0,35145d829af4d19541380a93e6723503e514b69e11aa4b007b05099610c37f21,2024-04-04T16:33:06.610000
CVE-2024-3299,0,0,f60f2a80accdd6f345a6a9cd66637eda180121596f90c2e7d75707c9fce20eb6,2024-04-04T16:33:06.610000
CVE-2024-3302,0,0,125cce6ead91da0349b4d4d5e52af6eb4c2a0511fb870ab9451e4f4746c28bb4,2024-04-24T10:15:07.417000
CVE-2024-3309,1,1,82632d4ab50f205d417749892a690be29af5af05b2ab726ec5aeaf17d11f7fdb,2024-04-27T10:15:07.307000
CVE-2024-3309,0,0,82632d4ab50f205d417749892a690be29af5af05b2ab726ec5aeaf17d11f7fdb,2024-04-27T10:15:07.307000
CVE-2024-3311,0,0,cc24f0e110212be66e02c71f4e3192ea09f47ae5e9090cac74e341e472a33c23,2024-04-11T01:25:58.140000
CVE-2024-3313,0,0,a1f61d968ea3c59507e97f1859e014460ea34c753cfc0814a5308608cf321984,2024-04-10T13:23:38.787000
CVE-2024-3314,0,0,78c785cb5b32bdf0baed853861c5d6771b22fff72a031a5ec21a411cf5a4d670,2024-04-11T01:25:58.237000
@ -246952,5 +246953,8 @@ CVE-2024-4243,0,0,06f57d13c6577e082919baf02007629a412b6f97f628566ad77e1dce9d52b4
CVE-2024-4244,0,0,f8fdbf36befd6856b8ec4b41749ee8c0ad841b9c473492c05800c93e3ac814d8,2024-04-26T22:15:08.867000
CVE-2024-4245,0,0,a58bcafe50a11707fd6722bf4d9ade7a08a4043c6956281df8ce202e884f61e9,2024-04-27T08:15:06.277000
CVE-2024-4246,0,0,4beda2b7e903ea592966095d5bc9a339f6323a8e49138b419198977f6b45ee00,2024-04-27T09:15:09.307000
CVE-2024-4247,1,1,b24cddbd7ad05266f8fd7b07ce980f1eceffbf5d124990a47c313a857dc708c3,2024-04-27T10:15:08.730000
CVE-2024-4248,1,1,b64a59e931628b50e5be8940c7ffe82887ab2dc33653b6598bc1bbcda53ef641,2024-04-27T11:15:06.500000
CVE-2024-4247,0,0,b24cddbd7ad05266f8fd7b07ce980f1eceffbf5d124990a47c313a857dc708c3,2024-04-27T10:15:08.730000
CVE-2024-4248,0,0,b64a59e931628b50e5be8940c7ffe82887ab2dc33653b6598bc1bbcda53ef641,2024-04-27T11:15:06.500000
CVE-2024-4249,1,1,d46edcb69b256943f9afeb3eda8cff2f302aaf23ca96ab9f334b49b8885ce130,2024-04-27T12:15:10.740000
CVE-2024-4250,1,1,3a817a5a241d5a69c3fe84967bbd27afa5e95343705c783a0d160691d5c6ba51,2024-04-27T12:15:10.963000
CVE-2024-4251,1,1,80fd93fb173defc106399db70233b4682cf54c5e424c46337e7c5f8b4c5ac241,2024-04-27T13:15:09.850000

Can't render this file because it is too large.