admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-04T21:00:25.955254+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-04 21:00:29 +00:00
parent a4bc82a486
commit 8d89132b8d
29 changed files with 1232 additions and 81 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
CVE-2021/CVE-2021-471xx/CVE-2021-47104.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2021-47104",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-04T19:15:18.643",
"lastModified": "2024-03-04T19:15:18.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/qib: Fix memory leak in qib_user_sdma_queue_pkts()\n\nThe wrong goto label was used for the error case and missed cleanup of the\npkt allocation.\n\nAddresses-Coverity-ID: 1493352 (\"Resource leak\")"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0aaec9c5f60754b56f84460ea439b8c5e91f4caa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1ced0a3015a95c6a6db45e37250912c4c86697ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/76b648063eb36c72dfc0a6896de8a0a7d2c7841c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/79dcbd8176152b860028b62f81a635d987365752",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7cf6466e00a77b0a914b7b2c28a1fc7947d55e59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aefcc25f3a0cd28a87d11d41d30419a12cd26a34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bee90911e0138c76ee67458ac0d58b38a3190f65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d53456492b5d02033c73dfa0f3b94c86337791ba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2021/CVE-2021-471xx/CVE-2021-47105.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-47105",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-04T19:15:18.707",
"lastModified": "2024-03-04T19:15:18.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nice: xsk: return xsk buffers back to pool when cleaning the ring\n\nCurrently we only NULL the xdp_buff pointer in the internal SW ring but\nwe never give it back to the xsk buffer pool. This means that buffers\ncan be leaked out of the buff pool and never be used again.\n\nAdd missing xsk_buff_free() call to the routine that is supposed to\nclean the entries that are left in the ring so that these buffers in the\numem can be used by other sockets.\n\nAlso, only go through the space that is actually left to be cleaned\ninstead of a whole ring."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad6d20da2cfbe14b7b1200d15f39e65988b0b9e8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/afe8a3ba85ec2a6b6849367e25c06a2f8e0ddd05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2021/CVE-2021-471xx/CVE-2021-47106.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-47106",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-04T19:15:18.750",
"lastModified": "2024-03-04T19:15:18.750",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy()\n\nWe need to use list_for_each_entry_safe() iterator\nbecause we can not access @catchall after kfree_rcu() call.\n\nsyzbot reported:\n\nBUG: KASAN: use-after-free in nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline]\nBUG: KASAN: use-after-free in nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline]\nBUG: KASAN: use-after-free in nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493\nRead of size 8 at addr ffff8880716e5b80 by task syz-executor.3/8871\n\nCPU: 1 PID: 8871 Comm: syz-executor.3 Not tainted 5.16.0-rc5-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011\nCall Trace:\n <TASK>\n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106\n print_address_description.constprop.0.cold+0x8d/0x2ed mm/kasan/report.c:247\n __kasan_report mm/kasan/report.c:433 [inline]\n kasan_report.cold+0x83/0xdf mm/kasan/report.c:450\n nft_set_catchall_destroy net/netfilter/nf_tables_api.c:4486 [inline]\n nft_set_destroy net/netfilter/nf_tables_api.c:4504 [inline]\n nft_set_destroy+0x3fd/0x4f0 net/netfilter/nf_tables_api.c:4493\n __nft_release_table+0x79f/0xcd0 net/netfilter/nf_tables_api.c:9626\n nft_rcv_nl_event+0x4f8/0x670 net/netfilter/nf_tables_api.c:9688\n notifier_call_chain+0xb5/0x200 kernel/notifier.c:83\n blocking_notifier_call_chain kernel/notifier.c:318 [inline]\n blocking_notifier_call_chain+0x67/0x90 kernel/notifier.c:306\n netlink_release+0xcb6/0x1dd0 net/netlink/af_netlink.c:788\n __sock_release+0xcd/0x280 net/socket.c:649\n sock_close+0x18/0x20 net/socket.c:1314\n __fput+0x286/0x9f0 fs/file_table.c:280\n task_work_run+0xdd/0x1a0 kernel/task_work.c:164\n tracehook_notify_resume include/linux/tracehook.h:189 [inline]\n exit_to_user_mode_loop kernel/entry/common.c:175 [inline]\n exit_to_user_mode_prepare+0x27e/0x290 kernel/entry/common.c:207\n __syscall_exit_to_user_mode_work kernel/entry/common.c:289 [inline]\n syscall_exit_to_user_mode+0x19/0x60 kernel/entry/common.c:300\n do_syscall_64+0x42/0xb0 arch/x86/entry/common.c:86\n entry_SYSCALL_64_after_hwframe+0x44/0xae\nRIP: 0033:0x7f75fbf28adb\nCode: 0f 05 48 3d 00 f0 ff ff 77 45 c3 0f 1f 40 00 48 83 ec 18 89 7c 24 0c e8 63 fc ff ff 8b 7c 24 0c 41 89 c0 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 35 44 89 c7 89 44 24 0c e8 a1 fc ff ff 8b 44\nRSP: 002b:00007ffd8da7ec10 EFLAGS: 00000293 ORIG_RAX: 0000000000000003\nRAX: 0000000000000000 RBX: 0000000000000004 RCX: 00007f75fbf28adb\nRDX: 00007f75fc08e828 RSI: ffffffffffffffff RDI: 0000000000000003\nRBP: 00007f75fc08a960 R08: 0000000000000000 R09: 00007f75fc08e830\nR10: 00007ffd8da7ed10 R11: 0000000000000293 R12: 00000000002067c3\nR13: 00007ffd8da7ed10 R14: 00007f75fc088f60 R15: 0000000000000032\n </TASK>\n\nAllocated by task 8886:\n kasan_save_stack+0x1e/0x50 mm/kasan/common.c:38\n kasan_set_track mm/kasan/common.c:46 [inline]\n set_alloc_info mm/kasan/common.c:434 [inline]\n ____kasan_kmalloc mm/kasan/common.c:513 [inline]\n ____kasan_kmalloc mm/kasan/common.c:472 [inline]\n __kasan_kmalloc+0xa6/0xd0 mm/kasan/common.c:522\n kasan_kmalloc include/linux/kasan.h:269 [inline]\n kmem_cache_alloc_trace+0x1ea/0x4a0 mm/slab.c:3575\n kmalloc include/linux/slab.h:590 [inline]\n nft_setelem_catchall_insert net/netfilter/nf_tables_api.c:5544 [inline]\n nft_setelem_insert net/netfilter/nf_tables_api.c:5562 [inline]\n nft_add_set_elem+0x232e/0x2f40 net/netfilter/nf_tables_api.c:5936\n nf_tables_newsetelem+0x6ff/0xbb0 net/netfilter/nf_tables_api.c:6032\n nfnetlink_rcv_batch+0x1710/0x25f0 net/netfilter/nfnetlink.c:513\n nfnetlink_rcv_skb_batch net/netfilter/nfnetlink.c:634 [inline]\n nfnetlink_rcv+0x3af/0x420 net/netfilter/nfnetlink.c:652\n netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline]\n netlink_unicast+0x533/0x7d0 net/netlink/af_netlink.c:1345\n netlink_sendmsg+0x904/0xdf0 net/netlink/af_netlink.c:1921\n sock_sendmsg_nosec net/\n---truncated---"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f7d9b31ce7abdbb29bf018131ac920c9f698518",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9d558e5f0d6fdd0a568f73dceb0b40c4f5012e5a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2021/CVE-2021-471xx/CVE-2021-47107.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-47107",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-04T19:15:18.793",
"lastModified": "2024-03-04T19:15:18.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Fix READDIR buffer overflow\n\nIf a client sends a READDIR count argument that is too small (say,\nzero), then the buffer size calculation in the new init_dirlist\nhelper functions results in an underflow, allowing the XDR stream\nfunctions to write beyond the actual buffer.\n\nThis calculation has always been suspect. NFSD has never sanity-\nchecked the READDIR count argument, but the old entry encoders\nmanaged the problem correctly.\n\nWith the commits below, entry encoding changed, exposing the\nunderflow to the pointer arithmetic in xdr_reserve_space().\n\nModern NFS clients attempt to retrieve as much data as possible\nfor each READDIR request. Also, we have no unit tests that\nexercise the behavior of READDIR at the lower bound of @count\nvalues. Thus this case was missed during testing."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/53b1119a6e5028b125f431a0116ba73510d82a72",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/eabc0aab98e5218ceecd82069b0d6fdfff5ee885",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2021/CVE-2021-471xx/CVE-2021-47108.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2021-47108",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-04T19:15:18.837",
"lastModified": "2024-03-04T19:15:18.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/mediatek: hdmi: Perform NULL pointer check for mtk_hdmi_conf\n\nIn commit 41ca9caaae0b\n(\"drm/mediatek: hdmi: Add check for CEA modes only\") a check\nfor CEA modes was added to function mtk_hdmi_bridge_mode_valid()\nin order to address possible issues on MT8167;\nmoreover, with commit c91026a938c2\n(\"drm/mediatek: hdmi: Add optional limit on maximal HDMI mode clock\")\nanother similar check was introduced.\n\nUnfortunately though, at the time of writing, MT8173 does not provide\nany mtk_hdmi_conf structure and this is crashing the kernel with NULL\npointer upon entering mtk_hdmi_bridge_mode_valid(), which happens as\nsoon as a HDMI cable gets plugged in.\n\nTo fix this regression, add a NULL pointer check for hdmi->conf in the\nsaid function, restoring HDMI functionality and avoiding NULL pointer\nkernel panics."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3b8e19a0aa3933a785be9f1541afd8d398c4ec69",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/71d07ebc5000b9c1d140e99e7493b0bafa954776",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

59
CVE-2023/CVE-2023-323xx/CVE-2023-32331.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-32331",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-04T19:15:18.893",
"lastModified": "2024-03-04T19:15:18.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Connect:Express for UNIX 1.5.0 is vulnerable to a buffer overflow that could allow a remote attacker to cause a denial of service through its browser UI. IBM X-Force ID: 254979."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/254979",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7011443",
"source": "psirt@us.ibm.com"
}
]
}

75
CVE-2023/CVE-2023-35xx/CVE-2023-3509.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3509",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-21T23:15:08.223",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:59:58.357",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionEndIncluding": "16.7.6",
"matchCriteriaId": "0A04F244-8B1C-451C-9C0F-86885410FBD9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.8.0",
"versionEndIncluding": "16.8.3",
"matchCriteriaId": "E0A7B883-EFAA-456B-AB89-9FEF5BED60CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06CEE568-A6C1-4C8A-8786-B561643668AB"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416945",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link",
"Permissions Required"
]
},
{
"url": "https://hackerone.com/reports/2037814",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

75
CVE-2023/CVE-2023-48xx/CVE-2023-4895.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4895",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T01:15:07.780",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:15:42.960",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "12.0",
"versionEndIncluding": "16.76",
"matchCriteriaId": "C33D3245-F0DB-408F-8E54-4CEE331BDF88"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.8",
"versionEndExcluding": "16.8.3",
"matchCriteriaId": "C2172309-EFB1-4A6E-A65F-A4286273C09B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "1E374890-90FC-4DC5-8C0B-87CC99B4A4D7"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/424766",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://hackerone.com/reports/2134787",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

55
CVE-2023/CVE-2023-60xx/CVE-2023-6068.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6068",
"sourceIdentifier": "psirt@arista.com",
"published": "2024-03-04T20:15:50.267",
"lastModified": "2024-03-04T20:15:50.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "On affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL\u2019s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and some"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@arista.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@arista.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-283"
}
]
}
],
"references": [
{
"url": "https://www.arista.com/en/support/advisories-notices/security-advisory/19023-security-advisory-0091",
"source": "psirt@arista.com"
}
]
}

75
CVE-2023/CVE-2023-64xx/CVE-2023-6477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6477",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:51.533",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:25:04.490",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.5.0",
"versionEndExcluding": "16.7.6",
"matchCriteriaId": "B2558C81-DADC-475C-A06B-DB9048CE85FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.8.0",
"versionEndIncluding": "16.8.3",
"matchCriteriaId": "BF18D8E8-7406-46F4-BDDD-CC743A5C4D80"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "1E374890-90FC-4DC5-8C0B-87CC99B4A4D7"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/433463",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://hackerone.com/reports/2270898",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

67
CVE-2023/CVE-2023-65xx/CVE-2023-6564.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6564",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-08T12:15:55.767",
"lastModified": "2024-02-08T13:44:11.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:56:09.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,10 +80,41 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.4.3:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "6A759830-9D31-4AF5-912F-CA91D6023AD6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.5.3:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "D2A7EFB5-6D86-4034-99EF-78E95E32D155"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.6.1:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "598CF5D0-C052-4794-A66D-45BB6E002212"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-com/gl-infra/production/-/issues/17213",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Issue Tracking",
"Permissions Required"
]
}
]
}

77
CVE-2023/CVE-2023-67xx/CVE-2023-6736.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6736",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-07T22:15:09.043",
"lastModified": "2024-02-26T21:15:07.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:33:21.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "11.3.0",
"versionEndExcluding": "16.7.6",
"matchCriteriaId": "0A393A71-3927-44F2-B9C6-7E33534F72C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.8.0",
"versionEndExcluding": "16.8.3",
"matchCriteriaId": "1920E538-FE0D-40A6-8EA3-667D9835DA8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "1E374890-90FC-4DC5-8C0B-87CC99B4A4D7"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/435036",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://hackerone.com/reports/2269023",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Technical Description"
]
}
]
}

83
CVE-2023/CVE-2023-68xx/CVE-2023-6840.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2023-6840",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-07T22:15:09.500",
"lastModified": "2024-02-08T03:29:33.180",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:52:05.890",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions from 16.4 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows a maintainer to change the name of a protected branch that bypasses the security policy added to block MR."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones desde 16.4 anterior a 16.6.7, 16.7 anterior a 16.7.5 y 16.8 anterior a 16.8.2 lo que permite a un fabricante cambiar el nombre de una rama protegida que omite la pol\u00edtica de seguridad agregada para bloquear MR."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,14 +80,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.4.0",
"versionEndExcluding": "16.6.7",
"matchCriteriaId": "5A1A9E0E-DFC2-4567-9218-6F7B9FE56F34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.7.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "8ECA9350-B77B-41F6-B234-72BF47FD50E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.8.0",
"versionEndExcluding": "16.8.2",
"matchCriteriaId": "FDA190F8-0AAA-44DF-8A6B-A9A4380D478C"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/435500",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Issue Tracking",
"Permissions Required"
]
},
{
"url": "https://hackerone.com/reports/2280292",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required",
"Technical Description"
]
}
]
}

75
CVE-2024/CVE-2024-04xx/CVE-2024-0410.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0410",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:51.723",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:25:41.347",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.8
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndExcluding": "16.7.6",
"matchCriteriaId": "B0EDCF56-03C7-48C1-98D4-64564BE5E8C6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.8.0",
"versionEndExcluding": "16.8.3",
"matchCriteriaId": "32EE52BE-8BFD-40AA-9826-76DB2188E48E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06CEE568-A6C1-4C8A-8786-B561643668AB"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/437988",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://hackerone.com/reports/2296778",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

75
CVE-2024/CVE-2024-08xx/CVE-2024-0861.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0861",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:51.973",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:26:41.663",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.4.0",
"versionEndExcluding": "16.7.6",
"matchCriteriaId": "E0C6BB02-2255-4DA6-BCEB-36792BF910BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.8.0",
"versionEndExcluding": "16.8.3",
"matchCriteriaId": "1920E538-FE0D-40A6-8EA3-667D9835DA8E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "1E374890-90FC-4DC5-8C0B-87CC99B4A4D7"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/439240",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://hackerone.com/reports/2316435",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

77
CVE-2024/CVE-2024-10xx/CVE-2024-1066.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1066",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-07T22:15:09.797",
"lastModified": "2024-02-08T03:29:33.180",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T21:00:15.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay`"
},
{
"lang": "es",
"value": "Se ha descubierto un problema en GitLab EE que afecta a todas las versiones desde 13.3.0 anterior a 16.6.7, 16.7 anterior a 16.7.5 y 16.8 anterior a 16.8.2, lo que permite a un atacante agotar los recursos utilizando las `vulnerabilidadesCountByDay` de GraphQL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -35,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -46,10 +80,47 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.3.0",
"versionEndExcluding": "16.6.7",
"matchCriteriaId": "9050BD58-8285-4043-A5CE-D176B837C006"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.7.0",
"versionEndExcluding": "16.7.5",
"matchCriteriaId": "6EBC5A56-73F8-43A7-8EC8-B76904367719"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.8.0",
"versionEndExcluding": "16.8.2",
"matchCriteriaId": "49D0039A-BE00-4F9D-8385-2B81C5AB5CD6"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/420341",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Issue Tracking",
"Permissions Required"
]
}
]
}

58
CVE-2024/CVE-2024-12xx/CVE-2024-1250.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1250",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-12T21:15:08.313",
"lastModified": "2024-02-13T14:01:49.147",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:57:39.907",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,10 +80,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.8.0",
"versionEndExcluding": "16.8.2",
"matchCriteriaId": "FDA190F8-0AAA-44DF-8A6B-A9A4380D478C"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/439175",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

61
CVE-2024/CVE-2024-14xx/CVE-2024-1451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1451",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:52.153",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:12:59.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,14 +80,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06CEE568-A6C1-4C8A-8786-B561643668AB"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/441457",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://hackerone.com/reports/2371126",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

70
CVE-2024/CVE-2024-15xx/CVE-2024-1525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1525",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-02-22T00:15:52.327",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-04T20:14:59.457",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@gitlab.com",
"type": "Secondary",
@ -50,10 +80,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1",
"versionEndExcluding": "16.7.6",
"matchCriteriaId": "F78B6F50-69F7-45F5-9541-5F35620206A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.8",
"versionEndExcluding": "16.8.3",
"matchCriteriaId": "59BDFC85-244E-41F5-9F55-D4497756954B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06CEE568-A6C1-4C8A-8786-B561643668AB"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/438144",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

2
CVE-2024/CVE-2024-18xx/CVE-2024-1820.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1820",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-23T16:15:47.223",
"lastModified": "2024-02-29T01:43:54.970",
"lastModified": "2024-03-04T19:15:19.107",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-18xx/CVE-2024-1821.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1821",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-23T16:15:47.510",
"lastModified": "2024-02-29T01:43:55.040",
"lastModified": "2024-03-04T19:15:19.237",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-18xx/CVE-2024-1826.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1826",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-23T17:15:08.323",
"lastModified": "2024-02-29T01:43:55.387",
"lastModified": "2024-03-04T19:15:19.323",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-18xx/CVE-2024-1827.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1827",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-23T18:15:50.013",
"lastModified": "2024-02-29T01:43:55.457",
"lastModified": "2024-03-04T19:15:19.403",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-18xx/CVE-2024-1828.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1828",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-23T18:15:50.263",
"lastModified": "2024-02-29T01:43:55.527",
"lastModified": "2024-03-04T19:15:19.483",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-18xx/CVE-2024-1829.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1829",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-23T18:15:50.517",
"lastModified": "2024-02-29T01:43:55.597",
"lastModified": "2024-03-04T19:15:19.557",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-18xx/CVE-2024-1830.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1830",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-23T19:15:08.733",
"lastModified": "2024-02-29T01:43:55.670",
"lastModified": "2024-03-04T19:15:19.630",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

55
CVE-2024/CVE-2024-20xx/CVE-2024-2048.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2048",
"sourceIdentifier": "security@hashicorp.com",
"published": "2024-03-04T20:15:50.690",
"lastModified": "2024-03-04T20:15:50.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Vault and Vault Enterprise (\u201cVault\u201d) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@hashicorp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@hashicorp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382",
"source": "security@hashicorp.com"
}
]
}

55
CVE-2024/CVE-2024-278xx/CVE-2024-27889.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27889",
"sourceIdentifier": "psirt@arista.com",
"published": "2024-03-04T20:15:50.503",
"lastModified": "2024-03-04T20:15:50.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@arista.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@arista.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093",
"source": "psirt@arista.com"
}
]
}

63
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-04T19:00:32.288836+00:00
2024-03-04T21:00:25.955254+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-04T18:15:09.377000+00:00
2024-03-04T21:00:15.267000+00:00
```
### Last Data Feed Release
@ -29,44 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240483
240492
```
### CVEs added in the last Commit
Recently added CVEs: `25`
Recently added CVEs: `9`
* [CVE-2021-47082](CVE-2021/CVE-2021-470xx/CVE-2021-47082.json) (`2024-03-04T18:15:07.120`)
* [CVE-2021-47083](CVE-2021/CVE-2021-470xx/CVE-2021-47083.json) (`2024-03-04T18:15:07.193`)
* [CVE-2021-47084](CVE-2021/CVE-2021-470xx/CVE-2021-47084.json) (`2024-03-04T18:15:07.253`)
* [CVE-2021-47085](CVE-2021/CVE-2021-470xx/CVE-2021-47085.json) (`2024-03-04T18:15:07.317`)
* [CVE-2021-47086](CVE-2021/CVE-2021-470xx/CVE-2021-47086.json) (`2024-03-04T18:15:07.393`)
* [CVE-2021-47087](CVE-2021/CVE-2021-470xx/CVE-2021-47087.json) (`2024-03-04T18:15:07.457`)
* [CVE-2021-47088](CVE-2021/CVE-2021-470xx/CVE-2021-47088.json) (`2024-03-04T18:15:07.510`)
* [CVE-2021-47089](CVE-2021/CVE-2021-470xx/CVE-2021-47089.json) (`2024-03-04T18:15:07.560`)
* [CVE-2021-47090](CVE-2021/CVE-2021-470xx/CVE-2021-47090.json) (`2024-03-04T18:15:07.610`)
* [CVE-2021-47091](CVE-2021/CVE-2021-470xx/CVE-2021-47091.json) (`2024-03-04T18:15:07.670`)
* [CVE-2021-47092](CVE-2021/CVE-2021-470xx/CVE-2021-47092.json) (`2024-03-04T18:15:07.723`)
* [CVE-2021-47093](CVE-2021/CVE-2021-470xx/CVE-2021-47093.json) (`2024-03-04T18:15:07.787`)
* [CVE-2021-47094](CVE-2021/CVE-2021-470xx/CVE-2021-47094.json) (`2024-03-04T18:15:07.837`)
* [CVE-2021-47095](CVE-2021/CVE-2021-470xx/CVE-2021-47095.json) (`2024-03-04T18:15:07.907`)
* [CVE-2021-47096](CVE-2021/CVE-2021-470xx/CVE-2021-47096.json) (`2024-03-04T18:15:07.960`)
* [CVE-2021-47097](CVE-2021/CVE-2021-470xx/CVE-2021-47097.json) (`2024-03-04T18:15:08.017`)
* [CVE-2021-47098](CVE-2021/CVE-2021-470xx/CVE-2021-47098.json) (`2024-03-04T18:15:08.090`)
* [CVE-2021-47099](CVE-2021/CVE-2021-470xx/CVE-2021-47099.json) (`2024-03-04T18:15:08.153`)
* [CVE-2021-47100](CVE-2021/CVE-2021-471xx/CVE-2021-47100.json) (`2024-03-04T18:15:08.267`)
* [CVE-2021-47101](CVE-2021/CVE-2021-471xx/CVE-2021-47101.json) (`2024-03-04T18:15:08.450`)
* [CVE-2021-47102](CVE-2021/CVE-2021-471xx/CVE-2021-47102.json) (`2024-03-04T18:15:08.600`)
* [CVE-2021-47103](CVE-2021/CVE-2021-471xx/CVE-2021-47103.json) (`2024-03-04T18:15:08.667`)
* [CVE-2023-38360](CVE-2023/CVE-2023-383xx/CVE-2023-38360.json) (`2024-03-04T18:15:08.743`)
* [CVE-2024-27198](CVE-2024/CVE-2024-271xx/CVE-2024-27198.json) (`2024-03-04T18:15:09.040`)
* [CVE-2024-27199](CVE-2024/CVE-2024-271xx/CVE-2024-27199.json) (`2024-03-04T18:15:09.377`)
* [CVE-2021-47104](CVE-2021/CVE-2021-471xx/CVE-2021-47104.json) (`2024-03-04T19:15:18.643`)
* [CVE-2021-47105](CVE-2021/CVE-2021-471xx/CVE-2021-47105.json) (`2024-03-04T19:15:18.707`)
* [CVE-2021-47106](CVE-2021/CVE-2021-471xx/CVE-2021-47106.json) (`2024-03-04T19:15:18.750`)
* [CVE-2021-47107](CVE-2021/CVE-2021-471xx/CVE-2021-47107.json) (`2024-03-04T19:15:18.793`)
* [CVE-2021-47108](CVE-2021/CVE-2021-471xx/CVE-2021-47108.json) (`2024-03-04T19:15:18.837`)
* [CVE-2023-32331](CVE-2023/CVE-2023-323xx/CVE-2023-32331.json) (`2024-03-04T19:15:18.893`)
* [CVE-2023-6068](CVE-2023/CVE-2023-60xx/CVE-2023-6068.json) (`2024-03-04T20:15:50.267`)
* [CVE-2024-27889](CVE-2024/CVE-2024-278xx/CVE-2024-27889.json) (`2024-03-04T20:15:50.503`)
* [CVE-2024-2048](CVE-2024/CVE-2024-20xx/CVE-2024-2048.json) (`2024-03-04T20:15:50.690`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `19`
* [CVE-2023-4895](CVE-2023/CVE-2023-48xx/CVE-2023-4895.json) (`2024-03-04T20:15:42.960`)
* [CVE-2023-6477](CVE-2023/CVE-2023-64xx/CVE-2023-6477.json) (`2024-03-04T20:25:04.490`)
* [CVE-2023-6736](CVE-2023/CVE-2023-67xx/CVE-2023-6736.json) (`2024-03-04T20:33:21.807`)
* [CVE-2023-6840](CVE-2023/CVE-2023-68xx/CVE-2023-6840.json) (`2024-03-04T20:52:05.890`)
* [CVE-2023-6564](CVE-2023/CVE-2023-65xx/CVE-2023-6564.json) (`2024-03-04T20:56:09.493`)
* [CVE-2023-3509](CVE-2023/CVE-2023-35xx/CVE-2023-3509.json) (`2024-03-04T20:59:58.357`)
* [CVE-2024-1820](CVE-2024/CVE-2024-18xx/CVE-2024-1820.json) (`2024-03-04T19:15:19.107`)
* [CVE-2024-1821](CVE-2024/CVE-2024-18xx/CVE-2024-1821.json) (`2024-03-04T19:15:19.237`)
* [CVE-2024-1826](CVE-2024/CVE-2024-18xx/CVE-2024-1826.json) (`2024-03-04T19:15:19.323`)
* [CVE-2024-1827](CVE-2024/CVE-2024-18xx/CVE-2024-1827.json) (`2024-03-04T19:15:19.403`)
* [CVE-2024-1828](CVE-2024/CVE-2024-18xx/CVE-2024-1828.json) (`2024-03-04T19:15:19.483`)
* [CVE-2024-1829](CVE-2024/CVE-2024-18xx/CVE-2024-1829.json) (`2024-03-04T19:15:19.557`)
* [CVE-2024-1830](CVE-2024/CVE-2024-18xx/CVE-2024-1830.json) (`2024-03-04T19:15:19.630`)
* [CVE-2024-1451](CVE-2024/CVE-2024-14xx/CVE-2024-1451.json) (`2024-03-04T20:12:59.223`)
* [CVE-2024-1525](CVE-2024/CVE-2024-15xx/CVE-2024-1525.json) (`2024-03-04T20:14:59.457`)
* [CVE-2024-0410](CVE-2024/CVE-2024-04xx/CVE-2024-0410.json) (`2024-03-04T20:25:41.347`)
* [CVE-2024-0861](CVE-2024/CVE-2024-08xx/CVE-2024-0861.json) (`2024-03-04T20:26:41.663`)
* [CVE-2024-1250](CVE-2024/CVE-2024-12xx/CVE-2024-1250.json) (`2024-03-04T20:57:39.907`)
* [CVE-2024-1066](CVE-2024/CVE-2024-10xx/CVE-2024-1066.json) (`2024-03-04T21:00:15.267`)
## Download and Usage