admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-09 03:57:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-28T21:00:24.883582+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-28 21:00:28 +00:00
parent bb3fe1a9db
commit 81154de26e
13 changed files with 425 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-515xx/CVE-2023-51533.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51533",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-28T19:15:09.963",
"lastModified": "2024-02-28T19:15:09.963",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.This issue affects Ecwid Ecommerce Shopping Cart: from n/a through 6.12.4.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ecwid-shopping-cart/wordpress-ecwid-ecommerce-shopping-cart-plugin-6-12-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2023/CVE-2023-516xx/CVE-2023-51692.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51692",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-28T19:15:10.147",
"lastModified": "2024-02-28T19:15:10.147",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.This issue affects Customer Reviews for WooCommerce: from n/a through 5.38.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/customer-reviews-woocommerce/wordpress-customer-reviews-for-woocommerce-plugin-5-38-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

20
CVE-2023/CVE-2023-520xx/CVE-2023-52047.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-52047",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.590",
"lastModified": "2024-02-28T20:15:41.590",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dedecms v5.7.112 was discovered to contain a Cross-Site Request Forgery (CSRF) in the file manager."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/chongfujun/test/blob/main/2023-52047.docx",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-520xx/CVE-2023-52048.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-52048",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.640",
"lastModified": "2024-02-28T20:15:41.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "RuoYi v4.7.8 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /system/notice/."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/chongfujun/test/blob/main/2023-52048.docx",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-241xx/CVE-2024-24148.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24148",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.683",
"lastModified": "2024-02-28T20:15:41.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/libming/libming/issues/308",
"source": "cve@mitre.org"
}
]
}

36
CVE-2024/CVE-2024-251xx/CVE-2024-25169.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-25169",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.723",
"lastModified": "2024-02-28T20:15:41.723",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0",
"source": "cve@mitre.org"
},
{
"url": "https://ibb.co/JKh4hmD",
"source": "cve@mitre.org"
},
{
"url": "https://ibb.co/Pt9qd8t",
"source": "cve@mitre.org"
},
{
"url": "https://ibb.co/hLLPTVp",
"source": "cve@mitre.org"
},
{
"url": "https://ibb.co/rfrKj3r",
"source": "cve@mitre.org"
}
]
}

28
CVE-2024/CVE-2024-251xx/CVE-2024-25170.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-25170",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.770",
"lastModified": "2024-02-28T20:15:41.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shenhav12/CVE-2024-25170-Mezzanine-v6.0.0",
"source": "cve@mitre.org"
},
{
"url": "https://ibb.co/DpxHpz9",
"source": "cve@mitre.org"
},
{
"url": "https://ibb.co/T0fhLwR",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-252xx/CVE-2024-25202.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25202",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.810",
"lastModified": "2024-02-28T20:15:41.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Agampreet-Singh/CVE-2024-25202",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-254xx/CVE-2024-25435.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25435",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.857",
"lastModified": "2024-02-28T20:15:41.857",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25435%20-%3E%20Reflected%20XSS%20on%20md1patient%20login%20page",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-258xx/CVE-2024-25859.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25859",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T20:15:41.900",
"lastModified": "2024-02-28T20:15:41.900",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://www.blesta.com/2024/02/08/security-advisory/",
"source": "cve@mitre.org"
}
]
}

59
CVE-2024/CVE-2024-272xx/CVE-2024-27285.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-27285",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-28T20:15:41.940",
"lastModified": "2024-02-28T20:15:41.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "YARD is a Ruby Documentation tool. The \"frames.html\" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the \"frames.erb\" template file. This vulnerability is fixed in 0.9.35."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-279xx/CVE-2024-27948.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27948",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-02-28T19:15:11.357",
"lastModified": "2024-02-28T19:15:11.357",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/atahualpa/wordpress-atahualpa-theme-3-7-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

32
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-28T19:00:26.420903+00:00
2024-02-28T21:00:24.883582+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-28T18:15:45.940000+00:00
2024-02-28T20:15:41.940000+00:00
```
### Last Data Feed Release
@ -29,29 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
239832
239844
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `12`
* [CVE-2023-51681](CVE-2023/CVE-2023-516xx/CVE-2023-51681.json) (`2024-02-28T17:15:07.270`)
* [CVE-2023-51683](CVE-2023/CVE-2023-516xx/CVE-2023-51683.json) (`2024-02-28T17:15:07.760`)
* [CVE-2023-52223](CVE-2023/CVE-2023-522xx/CVE-2023-52223.json) (`2024-02-28T17:15:07.953`)
* [CVE-2023-52226](CVE-2023/CVE-2023-522xx/CVE-2023-52226.json) (`2024-02-28T17:15:08.150`)
* [CVE-2024-0560](CVE-2024/CVE-2024-05xx/CVE-2024-0560.json) (`2024-02-28T17:15:08.340`)
* [CVE-2024-21749](CVE-2024/CVE-2024-217xx/CVE-2024-21749.json) (`2024-02-28T17:15:08.543`)
* [CVE-2024-1847](CVE-2024/CVE-2024-18xx/CVE-2024-1847.json) (`2024-02-28T18:15:45.687`)
* [CVE-2024-26342](CVE-2024/CVE-2024-263xx/CVE-2024-26342.json) (`2024-02-28T18:15:45.890`)
* [CVE-2024-27103](CVE-2024/CVE-2024-271xx/CVE-2024-27103.json) (`2024-02-28T18:15:45.940`)
* [CVE-2023-51533](CVE-2023/CVE-2023-515xx/CVE-2023-51533.json) (`2024-02-28T19:15:09.963`)
* [CVE-2023-51692](CVE-2023/CVE-2023-516xx/CVE-2023-51692.json) (`2024-02-28T19:15:10.147`)
* [CVE-2023-52047](CVE-2023/CVE-2023-520xx/CVE-2023-52047.json) (`2024-02-28T20:15:41.590`)
* [CVE-2023-52048](CVE-2023/CVE-2023-520xx/CVE-2023-52048.json) (`2024-02-28T20:15:41.640`)
* [CVE-2024-27948](CVE-2024/CVE-2024-279xx/CVE-2024-27948.json) (`2024-02-28T19:15:11.357`)
* [CVE-2024-24148](CVE-2024/CVE-2024-241xx/CVE-2024-24148.json) (`2024-02-28T20:15:41.683`)
* [CVE-2024-25169](CVE-2024/CVE-2024-251xx/CVE-2024-25169.json) (`2024-02-28T20:15:41.723`)
* [CVE-2024-25170](CVE-2024/CVE-2024-251xx/CVE-2024-25170.json) (`2024-02-28T20:15:41.770`)
* [CVE-2024-25202](CVE-2024/CVE-2024-252xx/CVE-2024-25202.json) (`2024-02-28T20:15:41.810`)
* [CVE-2024-25435](CVE-2024/CVE-2024-254xx/CVE-2024-25435.json) (`2024-02-28T20:15:41.857`)
* [CVE-2024-25859](CVE-2024/CVE-2024-258xx/CVE-2024-25859.json) (`2024-02-28T20:15:41.900`)
* [CVE-2024-27285](CVE-2024/CVE-2024-272xx/CVE-2024-27285.json) (`2024-02-28T20:15:41.940`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `0`
* [CVE-2023-41784](CVE-2023/CVE-2023-417xx/CVE-2023-41784.json) (`2024-02-28T17:46:34.213`)
## Download and Usage