admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-12T23:00:24.509771+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-12 23:00:28 +00:00
parent 26de6b7870
commit 832989529b
26 changed files with 1253 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
CVE-2023/CVE-2023-324xx/CVE-2023-32451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32451",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-06T08:15:48.843",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:37:35.780",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:display_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.21",
"matchCriteriaId": "BFE32F01-E2FB-439E-8E2D-2A5E59FBC76B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

57
CVE-2023/CVE-2023-324xx/CVE-2023-32474.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32474",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-06T08:15:50.647",
"lastModified": "2024-02-06T13:53:38.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:37:18.687",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 5.2
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:display_manager:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.21",
"matchCriteriaId": "BFE32F01-E2FB-439E-8E2D-2A5E59FBC76B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000215216/dsa-2023-182-dell",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-524xx/CVE-2023-52427.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-52427",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-11T04:15:08.100",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:39:34.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In OpenDDS through 3.27, there is a segmentation fault for a DataWriter with a large value of resource_limits.max_samples. NOTE: the vendor's position is that the product is not designed to handle a max_samples value that is too large for the amount of memory on the system."
},
{
"lang": "es",
"value": "En OpenDDS hasta la versi\u00f3n 3.27, hay un error de segmentaci\u00f3n para un DataWriter con un valor grande de Resource_limits.max_samples. NOTA: la posici\u00f3n del proveedor es que el producto no est\u00e1 manipulado para manejar un valor max_samples que sea demasiado grande para la cantidad de memoria del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:objectcomputing:opendds:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.27",
"matchCriteriaId": "1DE845EB-4121-4281-9997-6B7AD6555F62"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/OpenDDS/OpenDDS/issues/4388",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

8
CVE-2024/CVE-2024-06xx/CVE-2024-0685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0685",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-02T05:15:08.603",
"lastModified": "2024-02-07T17:41:00.460",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-12T22:15:07.950",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -96,6 +96,10 @@
"Patch"
]
},
{
"url": "https://sec.stealthcopter.com/ninja-contact-forms/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve",
"source": "security@wordfence.com",

55
CVE-2024/CVE-2024-12xx/CVE-2024-1250.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1250",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-12T21:15:08.313",
"lastModified": "2024-02-12T21:15:08.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/439175",
"source": "cve@gitlab.com"
}
]
}

59
CVE-2024/CVE-2024-14xx/CVE-2024-1459.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1459",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-12T21:15:08.533",
"lastModified": "2024-02-12T21:15:08.533",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-24"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-1459",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2259475",
"source": "secalert@redhat.com"
}
]
}

57
CVE-2024/CVE-2024-222xx/CVE-2024-22208.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-22208",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-05T21:15:11.830",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:40:50.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. La funcionalidad 'compartir preguntas frecuentes' permite a cualquier actor no autenticado hacer un mal uso de la aplicaci\u00f3n phpMyFAQ para enviar correos electr\u00f3nicos arbitrarios a una amplia gama de objetivos. La aplicaci\u00f3n phpMyFAQ tiene una funcionalidad donde cualquiera puede compartir un elemento de preguntas frecuentes con otros. La interfaz de esta funcionalidad permite compartir cualquier art\u00edculo de phpMyFAQ con 5 direcciones de correo electr\u00f3nico. Cualquier actor no autenticado puede realizar esta acci\u00f3n. Existe un CAPTCHA, sin embargo, la cantidad de personas a las que env\u00eda correos electr\u00f3nicos con una sola solicitud no est\u00e1 limitada a 5 por el backend. De este modo, un atacante puede resolver un \u00fanico CAPTCHA y enviar miles de correos electr\u00f3nicos a la vez. Un atacante puede utilizar el servidor de correo electr\u00f3nico de la aplicaci\u00f3n objetivo para enviar mensajes de phishing. Esto puede hacer que el servidor est\u00e9 en una lista negra, lo que hace que todos los correos electr\u00f3nicos terminen en spam. Tambi\u00e9n puede provocar da\u00f1os a la reputaci\u00f3n. Este problema se solucion\u00f3 en la versi\u00f3n 3.2.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.5",
"matchCriteriaId": "0203E85A-673E-4D3F-BAAF-AE6CABA807FD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-237xx/CVE-2024-23759.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23759",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.087",
"lastModified": "2024-02-12T22:15:08.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via \"search\" parameter of the Parcelshopfinder/AddAddressBookEntry\" function."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0046/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-237xx/CVE-2024-23760.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23760",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.193",
"lastModified": "2024-02-12T22:15:08.193",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0050/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-237xx/CVE-2024-23761.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23761",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.247",
"lastModified": "2024-02-12T22:15:08.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0048/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-237xx/CVE-2024-23762.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23762",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.307",
"lastModified": "2024-02-12T22:15:08.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0049/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-237xx/CVE-2024-23763.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-23763",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.367",
"lastModified": "2024-02-12T22:15:08.367",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://herolab.usd.de/security-advisories/usd-2023-0047/",
"source": "cve@mitre.org"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23833.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23833",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-12T21:15:08.760",
"lastModified": "2024-02-12T21:15:08.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2024/CVE-2024-243xx/CVE-2024-24337.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24337",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-12T22:15:08.430",
"lastModified": "2024-02-12T22:15:08.430",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components."
}
],
"metrics": {},
"references": [
{
"url": "https://nitipoom-jar.github.io/CVE-2024-24337/",
"source": "cve@mitre.org"
}
]
}

56
CVE-2024/CVE-2024-245xx/CVE-2024-24559.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24559",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-05T21:15:12.127",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:40:56.547",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available."
},
{
"lang": "es",
"value": "Vyper es un lenguaje de contrato inteligente pit\u00f3nico para EVM. Hay un error en la gesti\u00f3n de la pila al compilar el `IR` para `sha3_64`. En concreto, la variable \"altura\" est\u00e1 mal calculada. La vulnerabilidad no se puede activar sin escribir el `IR` a mano (es decir, no se puede activar desde un c\u00f3digo vyper normal). `sha3_64` se utiliza para la recuperaci\u00f3n en asignaciones. No se encontr\u00f3 ning\u00fan flujo que almacenara en cach\u00e9 la \"clave\", por lo que no deber\u00eda ser posible desencadenar el problema al compilar el \"IR\" generado por el compilador. Este problema no se activa durante la compilaci\u00f3n normal del c\u00f3digo vyper, por lo que el impacto es bajo. Al momento de publicaci\u00f3n no hay ning\u00fan parche disponible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,14 +70,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vyperlang:vyper:*:*:*:*:*:python:*:*",
"versionEndIncluding": "0.3.10",
"matchCriteriaId": "832C489D-4288-46B4-A29E-0E7168748042"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

62
CVE-2024/CVE-2024-245xx/CVE-2024-24574.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24574",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-05T21:15:12.340",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:41:04.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\\phpmyfaq\\admin\\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5."
},
{
"lang": "es",
"value": "phpMyFAQ es una aplicaci\u00f3n web de preguntas frecuentes de c\u00f3digo abierto para PHP 8.1+ y MySQL, PostgreSQL y otras bases de datos. El eco inseguro del nombre de archivo en phpMyFAQ\\phpmyfaq\\admin\\attachments.php conduce a la ejecuci\u00f3n permitida de c\u00f3digo JavaScript en el lado del cliente (XSS). Esta vulnerabilidad ha sido parcheada en la versi\u00f3n 3.2.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -50,18 +74,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2.5",
"matchCriteriaId": "0203E85A-673E-4D3F-BAAF-AE6CABA807FD"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/pull/2827",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-248xx/CVE-2024-24807.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-24807",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-05T21:15:12.557",
"lastModified": "2024-02-06T01:00:55.997",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:41:24.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12."
},
{
"lang": "es",
"value": "Sulu es un sistema de gesti\u00f3n de contenidos PHP de c\u00f3digo abierto altamente extensible basado en el framework Symfony. Hay un problema al ingresar HTML en el nombre de la etiqueta. El HTML se ejecuta cuando el nombre de la etiqueta aparece en el formulario de autocompletar. S\u00f3lo los usuarios administradores pueden crear etiquetas, por lo que ellos son los \u00fanicos afectados. El problema se solucion\u00f3 con las versiones 2.4.16 y 2.5.12."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -46,18 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.4.16",
"matchCriteriaId": "0800F014-E0B5-4227-A1A5-D52CCFF36C36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sulu:sulu:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.5.0",
"versionEndExcluding": "2.5.12",
"matchCriteriaId": "4FA81B8E-D39D-4AB5-98FA-410DD9648F31"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sulu/sulu/releases/tag/2.4.16",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/sulu/sulu/releases/tag/2.5.12",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-253xx/CVE-2024-25318.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-25318",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T14:15:09.033",
"lastModified": "2024-02-09T14:26:32.663",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:37:44.753",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2."
},
{
"lang": "es",
"value": "Code-projects Hotel Managment System 1.0 permite la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'pid' en Hotel/admin/print.php?pid=2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hotel_management_system_project:hotel_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8F64636D-FD66-4CE6-8BD2-F9772B65CCC9"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-3.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Product"
]
}
]
}

67
CVE-2024/CVE-2024-254xx/CVE-2024-25417.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2024-25417",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-11T21:15:46.200",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:39:48.423",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que flusity-CMS v2.33 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /core/tools/add_translation.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flusity:flusity:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6B6ED7-B93A-4853-9D83-40BCD781342C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Carl0724/cms/blob/main/3.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

67
CVE-2024/CVE-2024-254xx/CVE-2024-25418.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2024-25418",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-11T21:15:46.253",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:39:57.963",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que flusity-CMS v2.33 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /core/tools/delete_menu.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flusity:flusity:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6B6ED7-B93A-4853-9D83-40BCD781342C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Carl0724/cms/blob/main/2.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

67
CVE-2024/CVE-2024-254xx/CVE-2024-25419.json
View File

@ -2,19 +2,78 @@
"id": "CVE-2024-25419",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-11T21:15:46.310",
"lastModified": "2024-02-11T22:29:15.837",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:40:04.610",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que flusity-CMS v2.33 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente /core/tools/update_menu.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flusity:flusity:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "1B6B6ED7-B93A-4853-9D83-40BCD781342C"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Carl0724/cms/blob/main/1.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

68
CVE-2024/CVE-2024-254xx/CVE-2024-25451.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-25451",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.143",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:37:54.227",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Bento4 v1.6.0-640 conten\u00eda un error de falta de memoria a trav\u00e9s de la funci\u00f3n AP4_DataBuffer::ReallocateBuffer()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:axiosys:bento4:1.6.0-640:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7DB535-F27C-455F-9E99-3EF80B828022"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/872",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2024/CVE-2024-254xx/CVE-2024-25452.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-25452",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.193",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:38:36.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Bento4 v1.6.0-640 conten\u00eda un error de falta de memoria a trav\u00e9s de la funci\u00f3n AP4_UrlAtom::AP4_UrlAtom()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:axiosys:bento4:1.6.0-640:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7DB535-F27C-455F-9E99-3EF80B828022"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/873",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

74
CVE-2024/CVE-2024-254xx/CVE-2024-25453.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2024-25453",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.240",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:38:53.453",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Bento4 v1.6.0-640 conten\u00eda una desreferencia de puntero NULL a trav\u00e9s de la funci\u00f3n AP4_StszAtom::GetSampleSize()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:axiosys:bento4:1.6.0-640:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7DB535-F27C-455F-9E99-3EF80B828022"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/204",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/874",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

68
CVE-2024/CVE-2024-254xx/CVE-2024-25454.json
View File

@ -2,19 +2,79 @@
"id": "CVE-2024-25454",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-09T15:15:09.293",
"lastModified": "2024-02-09T17:31:15.470",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-12T21:39:19.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Bento4 v1.6.0-640 conten\u00eda una desreferencia de puntero NULL a trav\u00e9s de la funci\u00f3n AP4_DescriptorFinder::Test()."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:axiosys:bento4:1.6.0-640:*:*:*:*:*:*:*",
"matchCriteriaId": "8C7DB535-F27C-455F-9E99-3EF80B828022"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/axiomatic-systems/Bento4/issues/875",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

69
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-12T21:00:24.349070+00:00
2024-02-12T23:00:24.509771+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-12T20:53:02.440000+00:00
2024-02-12T22:15:08.430000+00:00
```
### Last Data Feed Release
@ -29,53 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238201
238210
```
### CVEs added in the last Commit
Recently added CVEs: `22`
Recently added CVEs: `9`
* [CVE-2021-4437](CVE-2021/CVE-2021-44xx/CVE-2021-4437.json) (`2024-02-12T20:15:07.993`)
* [CVE-2022-22506](CVE-2022/CVE-2022-225xx/CVE-2022-22506.json) (`2024-02-12T20:15:08.320`)
* [CVE-2022-34309](CVE-2022/CVE-2022-343xx/CVE-2022-34309.json) (`2024-02-12T19:15:08.837`)
* [CVE-2022-34311](CVE-2022/CVE-2022-343xx/CVE-2022-34311.json) (`2024-02-12T19:15:09.080`)
* [CVE-2024-0164](CVE-2024/CVE-2024-01xx/CVE-2024-0164.json) (`2024-02-12T19:15:09.473`)
* [CVE-2024-0165](CVE-2024/CVE-2024-01xx/CVE-2024-0165.json) (`2024-02-12T19:15:09.700`)
* [CVE-2024-0166](CVE-2024/CVE-2024-01xx/CVE-2024-0166.json) (`2024-02-12T19:15:09.960`)
* [CVE-2024-0167](CVE-2024/CVE-2024-01xx/CVE-2024-0167.json) (`2024-02-12T19:15:10.133`)
* [CVE-2024-0168](CVE-2024/CVE-2024-01xx/CVE-2024-0168.json) (`2024-02-12T19:15:10.330`)
* [CVE-2024-0169](CVE-2024/CVE-2024-01xx/CVE-2024-0169.json) (`2024-02-12T19:15:10.543`)
* [CVE-2024-0170](CVE-2024/CVE-2024-01xx/CVE-2024-0170.json) (`2024-02-12T19:15:10.800`)
* [CVE-2024-22221](CVE-2024/CVE-2024-222xx/CVE-2024-22221.json) (`2024-02-12T19:15:11.043`)
* [CVE-2024-22222](CVE-2024/CVE-2024-222xx/CVE-2024-22222.json) (`2024-02-12T19:15:11.283`)
* [CVE-2024-22223](CVE-2024/CVE-2024-222xx/CVE-2024-22223.json) (`2024-02-12T19:15:11.497`)
* [CVE-2024-22224](CVE-2024/CVE-2024-222xx/CVE-2024-22224.json) (`2024-02-12T19:15:11.713`)
* [CVE-2024-22225](CVE-2024/CVE-2024-222xx/CVE-2024-22225.json) (`2024-02-12T19:15:11.927`)
* [CVE-2024-22226](CVE-2024/CVE-2024-222xx/CVE-2024-22226.json) (`2024-02-12T19:15:12.130`)
* [CVE-2024-22227](CVE-2024/CVE-2024-222xx/CVE-2024-22227.json) (`2024-02-12T19:15:12.333`)
* [CVE-2024-22228](CVE-2024/CVE-2024-222xx/CVE-2024-22228.json) (`2024-02-12T19:15:12.527`)
* [CVE-2024-22230](CVE-2024/CVE-2024-222xx/CVE-2024-22230.json) (`2024-02-12T19:15:12.717`)
* [CVE-2024-25108](CVE-2024/CVE-2024-251xx/CVE-2024-25108.json) (`2024-02-12T20:15:08.590`)
* [CVE-2024-25110](CVE-2024/CVE-2024-251xx/CVE-2024-25110.json) (`2024-02-12T20:15:08.803`)
* [CVE-2024-1250](CVE-2024/CVE-2024-12xx/CVE-2024-1250.json) (`2024-02-12T21:15:08.313`)
* [CVE-2024-1459](CVE-2024/CVE-2024-14xx/CVE-2024-1459.json) (`2024-02-12T21:15:08.533`)
* [CVE-2024-23833](CVE-2024/CVE-2024-238xx/CVE-2024-23833.json) (`2024-02-12T21:15:08.760`)
* [CVE-2024-23759](CVE-2024/CVE-2024-237xx/CVE-2024-23759.json) (`2024-02-12T22:15:08.087`)
* [CVE-2024-23760](CVE-2024/CVE-2024-237xx/CVE-2024-23760.json) (`2024-02-12T22:15:08.193`)
* [CVE-2024-23761](CVE-2024/CVE-2024-237xx/CVE-2024-23761.json) (`2024-02-12T22:15:08.247`)
* [CVE-2024-23762](CVE-2024/CVE-2024-237xx/CVE-2024-23762.json) (`2024-02-12T22:15:08.307`)
* [CVE-2024-23763](CVE-2024/CVE-2024-237xx/CVE-2024-23763.json) (`2024-02-12T22:15:08.367`)
* [CVE-2024-24337](CVE-2024/CVE-2024-243xx/CVE-2024-24337.json) (`2024-02-12T22:15:08.430`)
### CVEs modified in the last Commit
Recently modified CVEs: `12`
Recently modified CVEs: `16`
* [CVE-2015-10129](CVE-2015/CVE-2015-101xx/CVE-2015-10129.json) (`2024-02-12T19:02:51.977`)
* [CVE-2019-25159](CVE-2019/CVE-2019-251xx/CVE-2019-25159.json) (`2024-02-12T19:52:18.067`)
* [CVE-2021-32677](CVE-2021/CVE-2021-326xx/CVE-2021-32677.json) (`2024-02-12T20:04:02.160`)
* [CVE-2022-38710](CVE-2022/CVE-2022-387xx/CVE-2022-38710.json) (`2024-02-12T19:15:09.310`)
* [CVE-2022-34310](CVE-2022/CVE-2022-343xx/CVE-2022-34310.json) (`2024-02-12T20:39:15.693`)
* [CVE-2022-38714](CVE-2022/CVE-2022-387xx/CVE-2022-38714.json) (`2024-02-12T20:39:15.693`)
* [CVE-2023-33851](CVE-2023/CVE-2023-338xx/CVE-2023-33851.json) (`2024-02-12T19:54:23.117`)
* [CVE-2023-34042](CVE-2023/CVE-2023-340xx/CVE-2023-34042.json) (`2024-02-12T20:45:24.537`)
* [CVE-2023-6557](CVE-2023/CVE-2023-65xx/CVE-2023-6557.json) (`2024-02-12T20:49:00.610`)
* [CVE-2023-6635](CVE-2023/CVE-2023-66xx/CVE-2023-6635.json) (`2024-02-12T20:50:07.757`)
* [CVE-2024-1215](CVE-2024/CVE-2024-12xx/CVE-2024-1215.json) (`2024-02-12T19:32:08.490`)
* [CVE-2024-0254](CVE-2024/CVE-2024-02xx/CVE-2024-0254.json) (`2024-02-12T20:53:02.440`)
* [CVE-2023-32474](CVE-2023/CVE-2023-324xx/CVE-2023-32474.json) (`2024-02-12T21:37:18.687`)
* [CVE-2023-32451](CVE-2023/CVE-2023-324xx/CVE-2023-32451.json) (`2024-02-12T21:37:35.780`)
* [CVE-2023-52427](CVE-2023/CVE-2023-524xx/CVE-2023-52427.json) (`2024-02-12T21:39:34.807`)
* [CVE-2024-25318](CVE-2024/CVE-2024-253xx/CVE-2024-25318.json) (`2024-02-12T21:37:44.753`)
* [CVE-2024-25451](CVE-2024/CVE-2024-254xx/CVE-2024-25451.json) (`2024-02-12T21:37:54.227`)
* [CVE-2024-25452](CVE-2024/CVE-2024-254xx/CVE-2024-25452.json) (`2024-02-12T21:38:36.037`)
* [CVE-2024-25453](CVE-2024/CVE-2024-254xx/CVE-2024-25453.json) (`2024-02-12T21:38:53.453`)
* [CVE-2024-25454](CVE-2024/CVE-2024-254xx/CVE-2024-25454.json) (`2024-02-12T21:39:19.300`)
* [CVE-2024-25417](CVE-2024/CVE-2024-254xx/CVE-2024-25417.json) (`2024-02-12T21:39:48.423`)
* [CVE-2024-25418](CVE-2024/CVE-2024-254xx/CVE-2024-25418.json) (`2024-02-12T21:39:57.963`)
* [CVE-2024-25419](CVE-2024/CVE-2024-254xx/CVE-2024-25419.json) (`2024-02-12T21:40:04.610`)
* [CVE-2024-22208](CVE-2024/CVE-2024-222xx/CVE-2024-22208.json) (`2024-02-12T21:40:50.080`)
* [CVE-2024-24559](CVE-2024/CVE-2024-245xx/CVE-2024-24559.json) (`2024-02-12T21:40:56.547`)
* [CVE-2024-24574](CVE-2024/CVE-2024-245xx/CVE-2024-24574.json) (`2024-02-12T21:41:04.237`)
* [CVE-2024-24807](CVE-2024/CVE-2024-248xx/CVE-2024-24807.json) (`2024-02-12T21:41:24.647`)
* [CVE-2024-0685](CVE-2024/CVE-2024-06xx/CVE-2024-0685.json) (`2024-02-12T22:15:07.950`)
## Download and Usage