admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-20T15:00:57.494435+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-20 15:01:01 +00:00
parent 584f91a897
commit 8921a9da4d
32 changed files with 1046 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2023/CVE-2023-392xx/CVE-2023-39244.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-39244",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-15T13:15:45.770",
"lastModified": "2024-02-15T14:28:26.433",
"lastModified": "2024-02-20T14:15:07.910",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an improper access control vulnerability in EHAC component. A remote unauthenticated attacker could potentially exploit this vulnerability to gain unrestricted access to the SOAP APIs.\n\n"
"value": "DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials."
},
{
"lang": "es",
"value": "DELL ESI (Enterprise Storage Integrator) para SAP LAMA, versi\u00f3n 10.0, contiene una vulnerabilidad de control de acceso inadecuado en el componente EHAC. Un atacante remoto no autenticado podr\u00eda explotar esta vulnerabilidad para obtener acceso sin restricciones a las API SOAP."
}
],
"metrics": {

55
CVE-2023/CVE-2023-427xx/CVE-2023-42791.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-42791",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-02-20T14:15:08.030",
"lastModified": "2024-02-20T14:15:08.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A relative path traversal in Fortinet FortiManager version 7.4.0 and 7.2.0 through 7.2.3 and 7.0.0 through 7.0.8 and 6.4.0 through 6.4.12 and 6.2.0 through 6.2.11 allows attacker to execute unauthorized code or commands via crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-189",
"source": "psirt@fortinet.com"
}
]
}

10
CVE-2023/CVE-2023-491xx/CVE-2023-49109.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49109",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-20T10:15:07.927",
"lastModified": "2024-02-20T10:15:07.927",
"lastModified": "2024-02-20T13:15:07.877",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Remote Code Execution in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue. "
},
{
"lang": "es",
"value": "Exposici\u00f3n de la ejecuci\u00f3n remota de c\u00f3digo en Apache Dolphinscheduler. Este problema afecta a Apache DolphinScheduler: versiones anteriores a 3.2.1. Recomendamos a los usuarios que actualicen Apache DolphinScheduler a la versi\u00f3n 3.2.1, que soluciona el problema."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/20/4",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/dolphinscheduler/pull/14991",
"source": "security@apache.org"

10
CVE-2023/CVE-2023-492xx/CVE-2023-49250.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-49250",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-20T10:15:08.040",
"lastModified": "2024-02-20T10:15:08.040",
"lastModified": "2024-02-20T13:15:07.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Because the HttpUtils class did not verify certificates, an attacker that could perform a Man-in-the-Middle (MITM) attack on outgoing https connections could impersonate the server.\n\nThis issue affects Apache DolphinScheduler: before 3.2.0.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes the issue.\n\n"
},
{
"lang": "es",
"value": "Debido a que la clase HttpUtils no verific\u00f3 los certificados, un atacante que pudiera realizar un ataque Man-in-the-Middle (MITM) en conexiones https salientes podr\u00eda hacerse pasar por el servidor. Este problema afecta a Apache DolphinScheduler: versiones anteriores a 3.2.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 3.2.1, que soluciona el problema."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/20/1",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/dolphinscheduler/pull/15288",
"source": "security@apache.org"

10
CVE-2023/CVE-2023-502xx/CVE-2023-50270.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50270",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-20T10:15:08.140",
"lastModified": "2024-02-20T10:15:08.140",
"lastModified": "2024-02-20T13:15:08.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Session Fixation Apache DolphinScheduler before version 3.2.0, which session is still valid after the password change.\n\nUsers are recommended to upgrade to version 3.2.1, which fixes this issue."
},
{
"lang": "es",
"value": "Correcci\u00f3n de sesi\u00f3n de Apache DolphinScheduler anterior a la versi\u00f3n 3.2.0, cuya sesi\u00f3n sigue siendo v\u00e1lida despu\u00e9s del cambio de contrase\u00f1a. Se recomienda a los usuarios actualizar a la versi\u00f3n 3.2.1, que soluciona este problema."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/20/3",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/dolphinscheduler/pull/15219",
"source": "security@apache.org"

59
CVE-2023/CVE-2023-503xx/CVE-2023-50306.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-50306",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-02-20T14:15:08.237",
"lastModified": "2024-02-20T14:15:08.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Common Licensing 9.0 could allow a local user to enumerate usernames due to an observable response discrepancy. IBM X-Force ID: 273337."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-204"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/273337",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7120660",
"source": "psirt@us.ibm.com"
}
]
}

10
CVE-2023/CVE-2023-517xx/CVE-2023-51770.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-51770",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-20T10:15:08.243",
"lastModified": "2024-02-20T10:15:08.243",
"lastModified": "2024-02-20T13:15:08.077",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Arbitrary File Read Vulnerability in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.1. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.1, which fixes the issue."
},
{
"lang": "es",
"value": "Vulnerabilidad de lectura de archivos arbitrarios en Apache Dolphinscheduler. Este problema afecta a Apache DolphinScheduler: versiones anteriores a 3.2.1. Recomendamos a los usuarios que actualicen Apache DolphinScheduler a la versi\u00f3n 3.2.1, que soluciona el problema."
}
],
"metrics": {},
@ -24,6 +28,10 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/02/20/2",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/dolphinscheduler/pull/15433",
"source": "security@apache.org"

24
CVE-2023/CVE-2023-524xx/CVE-2023-52433.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52433",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-20T13:15:08.140",
"lastModified": "2024-02-20T13:15:08.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction\n\nNew elements in this transaction might expired before such transaction\nends. Skip sync GC for such elements otherwise commit path might walk\nover an already released object. Once transaction is finished, async GC\nwill collect such expired element."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2ee52ae94baa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3213ff99a35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-15xx/CVE-2024-1546.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-1546",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.477",
"lastModified": "2024-02-20T14:15:08.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
}
]
}

28
CVE-2024/CVE-2024-15xx/CVE-2024-1547.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-1547",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.547",
"lastModified": "2024-02-20T14:15:08.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123 and Firefox ESR < 115.8."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1877879",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
}
]
}

28
CVE-2024/CVE-2024-15xx/CVE-2024-1548.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-1548",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.603",
"lastModified": "2024-02-20T14:15:08.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1832627",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
}
]
}

28
CVE-2024/CVE-2024-15xx/CVE-2024-1549.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-1549",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.683",
"lastModified": "2024-02-20T14:15:08.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1833814",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
}
]
}

28
CVE-2024/CVE-2024-15xx/CVE-2024-1550.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-1550",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.733",
"lastModified": "2024-02-20T14:15:08.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860065",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
}
]
}

28
CVE-2024/CVE-2024-15xx/CVE-2024-1551.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-1551",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.790",
"lastModified": "2024-02-20T14:15:08.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864385",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
}
]
}

28
CVE-2024/CVE-2024-15xx/CVE-2024-1552.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-1552",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.840",
"lastModified": "2024-02-20T14:15:08.840",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior. *Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874502",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
}
]
}

28
CVE-2024/CVE-2024-15xx/CVE-2024-1553.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-1553",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.903",
"lastModified": "2024-02-20T14:15:08.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123 and Firefox ESR < 115.8."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855686%2C1867982%2C1871498%2C1872296%2C1873521%2C1873577%2C1873597%2C1873866%2C1874080%2C1874740%2C1875795%2C1875906%2C1876425%2C1878211%2C1878286",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-06/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-15xx/CVE-2024-1554.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1554",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.960",
"lastModified": "2024-02-20T14:15:08.960",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1816390",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-15xx/CVE-2024-1555.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1555",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:09.007",
"lastModified": "2024-02-20T14:15:09.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1873223",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-15xx/CVE-2024-1556.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1556",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:09.053",
"lastModified": "2024-02-20T14:15:09.053",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1870414",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
}
]
}

24
CVE-2024/CVE-2024-15xx/CVE-2024-1557.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-1557",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:09.100",
"lastModified": "2024-02-20T14:15:09.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123."
}
],
"metrics": {},
"references": [
{
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746471%2C1848829%2C1864011%2C1869175%2C1869455%2C1869938%2C1871606",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"
}
]
}

88
CVE-2024/CVE-2024-16xx/CVE-2024-1661.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-1661",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-20T13:15:08.230",
"lastModified": "2024-02-20T13:15:08.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:L/AC:H/Au:S/C:P/I:N/A:N",
"accessVector": "LOCAL",
"accessComplexity": "HIGH",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.0
},
"baseSeverity": "LOW",
"exploitabilityScore": 1.5,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-Totolink/X6000R-Hardcoded-Password.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.254179",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.254179",
"source": "cna@vuldb.com"
}
]
}

28
CVE-2024/CVE-2024-251xx/CVE-2024-25196.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-25196",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T14:15:09.160",
"lastModified": "2024-02-20T14:15:09.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/issues/4005",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4017",
"source": "cve@mitre.org"
},
{
"url": "https://robotics.stackexchange.com/questions/106008/ros2nav2user-misconfiguration-of-parameters-may-cause-instantaneous-crashs",
"source": "cve@mitre.org"
}
]
}

32
CVE-2024/CVE-2024-251xx/CVE-2024-25197.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-25197",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T14:15:09.213",
"lastModified": "2024-02-20T14:15:09.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/issues/3940",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ros-planning/navigation2/issues/3958",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ros-planning/navigation2/issues/3971",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ros-planning/navigation2/issues/3972",
"source": "cve@mitre.org"
}
]
}

28
CVE-2024/CVE-2024-251xx/CVE-2024-25198.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-25198",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T14:15:09.260",
"lastModified": "2024-02-20T14:15:09.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4068",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4070",
"source": "cve@mitre.org"
}
]
}

28
CVE-2024/CVE-2024-251xx/CVE-2024-25199.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-25199",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T14:15:09.300",
"lastModified": "2024-02-20T14:15:09.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4078",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ros-planning/navigation2/pull/4079",
"source": "cve@mitre.org"
}
]
}

55
CVE-2024/CVE-2024-256xx/CVE-2024-25610.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-25610",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T13:15:08.493",
"lastModified": "2024-02-20T13:15:08.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry\u2019s content text field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26265.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26265",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T13:15:08.673",
"lastModified": "2024-02-20T13:15:08.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26267.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26267",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T13:15:08.843",
"lastModified": "2024-02-20T13:15:08.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26268.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26268",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T14:15:09.350",
"lastModified": "2024-02-20T14:15:09.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268",
"source": "security@liferay.com"
}
]
}

55
CVE-2024/CVE-2024-262xx/CVE-2024-26270.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26270",
"sourceIdentifier": "security@liferay.com",
"published": "2024-02-20T14:15:09.530",
"lastModified": "2024-02-20T14:15:09.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user\u2019s hashed password in the page\u2019s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@liferay.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@liferay.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-201"
}
]
}
],
"references": [
{
"url": "https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26270",
"source": "security@liferay.com"
}
]
}

32
CVE-2024/CVE-2024-265xx/CVE-2024-26581.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-26581",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-20T13:15:09.020",
"lastModified": "2024-02-20T13:15:09.020",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "netfilter: nft_set_rbtree: skip end interval element from gc\n\nrbtree lazy gc on insert might collect an end interval element that has\nbeen just added in this transactions, skip end interval elements that\nare not yet active."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1296c110c5a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/60c0c230c6f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6eb14441f106",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b734f7a47aeb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

44
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-20T13:00:29.200429+00:00
2024-02-20T15:00:57.494435+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-20T12:15:07.780000+00:00
2024-02-20T14:15:09.530000+00:00
```
### Last Data Feed Release
@ -29,23 +29,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
238941
238967
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `26`
* [CVE-2023-7245](CVE-2023/CVE-2023-72xx/CVE-2023-7245.json) (`2024-02-20T11:15:07.750`)
* [CVE-2024-24793](CVE-2024/CVE-2024-247xx/CVE-2024-24793.json) (`2024-02-20T11:15:08.090`)
* [CVE-2024-24794](CVE-2024/CVE-2024-247xx/CVE-2024-24794.json) (`2024-02-20T11:15:08.343`)
* [CVE-2023-42791](CVE-2023/CVE-2023-427xx/CVE-2023-42791.json) (`2024-02-20T14:15:08.030`)
* [CVE-2023-50306](CVE-2023/CVE-2023-503xx/CVE-2023-50306.json) (`2024-02-20T14:15:08.237`)
* [CVE-2024-1661](CVE-2024/CVE-2024-16xx/CVE-2024-1661.json) (`2024-02-20T13:15:08.230`)
* [CVE-2024-25610](CVE-2024/CVE-2024-256xx/CVE-2024-25610.json) (`2024-02-20T13:15:08.493`)
* [CVE-2024-26265](CVE-2024/CVE-2024-262xx/CVE-2024-26265.json) (`2024-02-20T13:15:08.673`)
* [CVE-2024-26267](CVE-2024/CVE-2024-262xx/CVE-2024-26267.json) (`2024-02-20T13:15:08.843`)
* [CVE-2024-26581](CVE-2024/CVE-2024-265xx/CVE-2024-26581.json) (`2024-02-20T13:15:09.020`)
* [CVE-2024-1546](CVE-2024/CVE-2024-15xx/CVE-2024-1546.json) (`2024-02-20T14:15:08.477`)
* [CVE-2024-1547](CVE-2024/CVE-2024-15xx/CVE-2024-1547.json) (`2024-02-20T14:15:08.547`)
* [CVE-2024-1548](CVE-2024/CVE-2024-15xx/CVE-2024-1548.json) (`2024-02-20T14:15:08.603`)
* [CVE-2024-1549](CVE-2024/CVE-2024-15xx/CVE-2024-1549.json) (`2024-02-20T14:15:08.683`)
* [CVE-2024-1550](CVE-2024/CVE-2024-15xx/CVE-2024-1550.json) (`2024-02-20T14:15:08.733`)
* [CVE-2024-1551](CVE-2024/CVE-2024-15xx/CVE-2024-1551.json) (`2024-02-20T14:15:08.790`)
* [CVE-2024-1552](CVE-2024/CVE-2024-15xx/CVE-2024-1552.json) (`2024-02-20T14:15:08.840`)
* [CVE-2024-1553](CVE-2024/CVE-2024-15xx/CVE-2024-1553.json) (`2024-02-20T14:15:08.903`)
* [CVE-2024-1554](CVE-2024/CVE-2024-15xx/CVE-2024-1554.json) (`2024-02-20T14:15:08.960`)
* [CVE-2024-1555](CVE-2024/CVE-2024-15xx/CVE-2024-1555.json) (`2024-02-20T14:15:09.007`)
* [CVE-2024-1556](CVE-2024/CVE-2024-15xx/CVE-2024-1556.json) (`2024-02-20T14:15:09.053`)
* [CVE-2024-1557](CVE-2024/CVE-2024-15xx/CVE-2024-1557.json) (`2024-02-20T14:15:09.100`)
* [CVE-2024-25196](CVE-2024/CVE-2024-251xx/CVE-2024-25196.json) (`2024-02-20T14:15:09.160`)
* [CVE-2024-25197](CVE-2024/CVE-2024-251xx/CVE-2024-25197.json) (`2024-02-20T14:15:09.213`)
* [CVE-2024-25198](CVE-2024/CVE-2024-251xx/CVE-2024-25198.json) (`2024-02-20T14:15:09.260`)
* [CVE-2024-25199](CVE-2024/CVE-2024-251xx/CVE-2024-25199.json) (`2024-02-20T14:15:09.300`)
* [CVE-2024-26268](CVE-2024/CVE-2024-262xx/CVE-2024-26268.json) (`2024-02-20T14:15:09.350`)
* [CVE-2024-26270](CVE-2024/CVE-2024-262xx/CVE-2024-26270.json) (`2024-02-20T14:15:09.530`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `5`
* [CVE-2024-0182](CVE-2024/CVE-2024-01xx/CVE-2024-0182.json) (`2024-02-20T12:15:07.780`)
* [CVE-2023-49109](CVE-2023/CVE-2023-491xx/CVE-2023-49109.json) (`2024-02-20T13:15:07.877`)
* [CVE-2023-49250](CVE-2023/CVE-2023-492xx/CVE-2023-49250.json) (`2024-02-20T13:15:07.953`)
* [CVE-2023-50270](CVE-2023/CVE-2023-502xx/CVE-2023-50270.json) (`2024-02-20T13:15:08.013`)
* [CVE-2023-51770](CVE-2023/CVE-2023-517xx/CVE-2023-51770.json) (`2024-02-20T13:15:08.077`)
* [CVE-2023-39244](CVE-2023/CVE-2023-392xx/CVE-2023-39244.json) (`2024-02-20T14:15:07.910`)
## Download and Usage