admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-25T13:00:24.895440+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-25 13:00:28 +00:00
parent 1c3e5adffc
commit 84ae9f4786
15 changed files with 179 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2023/CVE-2023-60xx/CVE-2023-6004.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6004",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-03T17:15:11.623",
"lastModified": "2024-01-16T19:43:11.933",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-25T12:15:45.527",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -41,7 +41,7 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -49,12 +49,12 @@
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
"impactScore": 3.4
}
]
},

55
CVE-2023/CVE-2023-62xx/CVE-2023-6282.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6282",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-25T12:15:45.917",
"lastModified": "2024-01-25T12:15:45.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IceHrm 23.0.0.OS does not sufficiently encode user-controlled input, which creates a Cross-Site Scripting (XSS) vulnerability via /icehrm/app/fileupload_page.php, in multiple parameters. An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload and partially hijacking the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-icehrm",
"source": "cve-coordination@incibe.es"
}
]
}

16
CVE-2023/CVE-2023-67xx/CVE-2023-6710.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6710",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-12T22:15:22.950",
"lastModified": "2024-01-08T14:15:46.957",
"lastModified": "2024-01-25T12:15:46.210",
"vulnStatus": "Modified",
"descriptions": [
{
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

10
CVE-2024/CVE-2024-07xx/CVE-2024-0741.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0741",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.173",
"lastModified": "2024-01-23T15:47:28.250",
"lastModified": "2024-01-25T12:15:46.473",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
},
{
"lang": "es",
"value": "Una escritura fuera de los l\u00edmites en ANGLE podr\u00eda haber permitido que un atacante corrompiera la memoria y provocara un bloqueo potencialmente explotable. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864587",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"

10
CVE-2024/CVE-2024-07xx/CVE-2024-0742.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0742",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.230",
"lastModified": "2024-01-23T15:47:28.250",
"lastModified": "2024-01-25T12:15:46.520",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
},
{
"lang": "es",
"value": "Era posible que el usuario activara o descartara ciertas indicaciones y cuadros de di\u00e1logo del navegador sin querer debido a una marca de tiempo incorrecta utilizada para evitar la entrada despu\u00e9s de cargar la p\u00e1gina. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867152",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"

10
CVE-2024/CVE-2024-07xx/CVE-2024-0746.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0746",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.417",
"lastModified": "2024-01-23T15:47:28.250",
"lastModified": "2024-01-25T12:15:46.560",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
},
{
"lang": "es",
"value": "Un usuario de Linux que hubiera abierto el cuadro de di\u00e1logo de vista previa de impresi\u00f3n podr\u00eda haber provocado que el navegador fallara. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1660223",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"

10
CVE-2024/CVE-2024-07xx/CVE-2024-0747.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0747",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.463",
"lastModified": "2024-01-23T15:47:28.250",
"lastModified": "2024-01-25T12:15:46.610",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
},
{
"lang": "es",
"value": "Cuando una p\u00e1gina principal cargaba una secundaria en un iframe con \"unsafe-inline\", la pol\u00edtica de seguridad de contenido principal podr\u00eda haber anulado la pol\u00edtica de seguridad de contenido secundaria. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1764343",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"

10
CVE-2024/CVE-2024-07xx/CVE-2024-0749.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0749",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.550",
"lastModified": "2024-01-23T15:47:28.250",
"lastModified": "2024-01-25T12:15:46.657",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
},
{
"lang": "es",
"value": "Un sitio de phishing podr\u00eda haber reutilizado un cuadro de di\u00e1logo \"acerca de:\" para mostrar contenido de phishing con un origen incorrecto en la barra de direcciones. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1813463",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"

10
CVE-2024/CVE-2024-07xx/CVE-2024-0750.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0750",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.597",
"lastModified": "2024-01-23T15:47:28.250",
"lastModified": "2024-01-25T12:15:46.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
},
{
"lang": "es",
"value": "Un error en el c\u00e1lculo del retraso de las notificaciones emergentes podr\u00eda haber hecho posible que un atacante enga\u00f1ara a un usuario para que concediera permisos. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1863083",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"

10
CVE-2024/CVE-2024-07xx/CVE-2024-0751.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0751",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.643",
"lastModified": "2024-01-23T15:47:28.250",
"lastModified": "2024-01-25T12:15:46.740",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
},
{
"lang": "es",
"value": "Se podr\u00eda haber utilizado una extensi\u00f3n devtools maliciosa para escalar privilegios. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1865689",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"

10
CVE-2024/CVE-2024-07xx/CVE-2024-0753.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0753",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.730",
"lastModified": "2024-01-23T15:47:28.250",
"lastModified": "2024-01-25T12:15:46.783",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
},
{
"lang": "es",
"value": "En configuraciones HSTS espec\u00edficas, un atacante podr\u00eda haber omitido HSTS en un subdominio. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1870262",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"

10
CVE-2024/CVE-2024-07xx/CVE-2024-0755.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0755",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-01-23T14:15:38.820",
"lastModified": "2024-01-23T15:47:28.250",
"lastModified": "2024-01-25T12:15:46.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7."
},
{
"lang": "es",
"value": "Errores de seguridad de la memoria presentes en Firefox 121, Firefox ESR 115.6 y Thunderbird 115.6. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox &lt; 122, Firefox ESR &lt; 115.7 y Thunderbird &lt; 115.7."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-01/",
"source": "security@mozilla.org"

6
CVE-2024/CVE-2024-237xx/CVE-2024-23770.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23770",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T04:15:07.670",
"lastModified": "2024-01-22T14:01:09.553",
"lastModified": "2024-01-25T12:15:46.870",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/25/1",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/emikulic/darkhttpd/commit/2b339828b2a42a5fda105ea84934957a7d23e35d",
"source": "cve@mitre.org"

6
CVE-2024/CVE-2024-237xx/CVE-2024-23771.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23771",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T04:15:07.723",
"lastModified": "2024-01-22T14:01:09.553",
"lastModified": "2024-01-25T12:15:46.917",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/25/1",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/emikulic/darkhttpd/commit/f477619d49f3c4de9ad59bd194265a48ddc03f04",
"source": "cve@mitre.org"

30
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-25T11:00:24.904519+00:00
2024-01-25T13:00:24.895440+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-25T10:15:08.140000+00:00
2024-01-25T12:15:46.917000+00:00
```
### Last Data Feed Release
@ -29,25 +29,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236782
236783
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `1`
* [CVE-2023-6282](CVE-2023/CVE-2023-62xx/CVE-2023-6282.json) (`2024-01-25T12:15:45.917`)
### CVEs modified in the last Commit
Recently modified CVEs: `6`
Recently modified CVEs: `13`
* [CVE-2023-39417](CVE-2023/CVE-2023-394xx/CVE-2023-39417.json) (`2024-01-25T09:15:07.503`)
* [CVE-2023-5868](CVE-2023/CVE-2023-58xx/CVE-2023-5868.json) (`2024-01-25T09:15:07.850`)
* [CVE-2023-5869](CVE-2023/CVE-2023-58xx/CVE-2023-5869.json) (`2024-01-25T09:15:08.087`)
* [CVE-2023-5870](CVE-2023/CVE-2023-58xx/CVE-2023-5870.json) (`2024-01-25T09:15:08.373`)
* [CVE-2024-23897](CVE-2024/CVE-2024-238xx/CVE-2024-23897.json) (`2024-01-25T10:15:08.073`)
* [CVE-2024-23898](CVE-2024/CVE-2024-238xx/CVE-2024-23898.json) (`2024-01-25T10:15:08.140`)
* [CVE-2023-6004](CVE-2023/CVE-2023-60xx/CVE-2023-6004.json) (`2024-01-25T12:15:45.527`)
* [CVE-2023-6710](CVE-2023/CVE-2023-67xx/CVE-2023-6710.json) (`2024-01-25T12:15:46.210`)
* [CVE-2024-0741](CVE-2024/CVE-2024-07xx/CVE-2024-0741.json) (`2024-01-25T12:15:46.473`)
* [CVE-2024-0742](CVE-2024/CVE-2024-07xx/CVE-2024-0742.json) (`2024-01-25T12:15:46.520`)
* [CVE-2024-0746](CVE-2024/CVE-2024-07xx/CVE-2024-0746.json) (`2024-01-25T12:15:46.560`)
* [CVE-2024-0747](CVE-2024/CVE-2024-07xx/CVE-2024-0747.json) (`2024-01-25T12:15:46.610`)
* [CVE-2024-0749](CVE-2024/CVE-2024-07xx/CVE-2024-0749.json) (`2024-01-25T12:15:46.657`)
* [CVE-2024-0750](CVE-2024/CVE-2024-07xx/CVE-2024-0750.json) (`2024-01-25T12:15:46.697`)
* [CVE-2024-0751](CVE-2024/CVE-2024-07xx/CVE-2024-0751.json) (`2024-01-25T12:15:46.740`)
* [CVE-2024-0753](CVE-2024/CVE-2024-07xx/CVE-2024-0753.json) (`2024-01-25T12:15:46.783`)
* [CVE-2024-0755](CVE-2024/CVE-2024-07xx/CVE-2024-0755.json) (`2024-01-25T12:15:46.827`)
* [CVE-2024-23770](CVE-2024/CVE-2024-237xx/CVE-2024-23770.json) (`2024-01-25T12:15:46.870`)
* [CVE-2024-23771](CVE-2024/CVE-2024-237xx/CVE-2024-23771.json) (`2024-01-25T12:15:46.917`)
## Download and Usage