Auto-Update: 2024-02-26T21:01:01.385142+00:00

2025-05-07 19:16:29 +00:00 · 2024-02-26 21:01:05 +00:00 · 2024-02-26 21:01:05 +00:00 · 924eb3c5ef
commit 924eb3c5ef
parent d1aab09d70
8 changed files with 199 additions and 34 deletions
--- a/CVE-2024/CVE-2024-18xx/CVE-2024-1899.json
+++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1899.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2024-1899",
+  "sourceIdentifier": "vulnreport@tenable.com",
+  "published": "2024-02-26T19:15:07.037",
+  "lastModified": "2024-02-26T19:15:07.037",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions.\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "vulnreport@tenable.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.tenable.com/security/research/tra-2024-05",
+      "source": "vulnreport@tenable.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-245xx/CVE-2024-24528.json
+++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24528.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2024-24528",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-26T19:15:07.247",
+  "lastModified": "2024-02-26T19:15:07.247",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2024/CVE-2024-245xx/CVE-2024-24564.json
+++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24564.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-24564",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-02-26T20:19:05.627",
+  "lastModified": "2024-02-26T20:19:05.627",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.7,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-125"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-261xx/CVE-2024-26149.json
+++ b/CVE-2024/CVE-2024-261xx/CVE-2024-26149.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-26149",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-02-26T20:19:05.853",
+  "lastModified": "2024-02-26T20:19:05.853",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.7,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-119"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-264xx/CVE-2024-26481.json
+++ b/CVE-2024/CVE-2024-264xx/CVE-2024-26481.json
@ -2,12 +2,12 @@
  "id": "CVE-2024-26481",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-22T05:15:09.867",
-  "lastModified": "2024-02-22T19:07:27.197",
+  "lastModified": "2024-02-26T19:15:07.300",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Kirby CMS v4.1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the URL parameter."
+      "value": "Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter."
    },
    {
      "lang": "es",
--- a/CVE-2024/CVE-2024-264xx/CVE-2024-26482.json
+++ b/CVE-2024/CVE-2024-264xx/CVE-2024-26482.json
@ -2,12 +2,12 @@
  "id": "CVE-2024-26482",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-22T05:15:09.917",
-  "lastModified": "2024-02-22T19:07:27.197",
+  "lastModified": "2024-02-26T19:15:07.357",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "An HTML injection vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted payload."
+      "value": "An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned \"injecting malicious scripts\" would not occur."
    },
    {
      "lang": "es",
--- a/CVE-2024/CVE-2024-270xx/CVE-2024-27089.json
+++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27089.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2024-27089",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-02-26T20:19:06.073",
+  "lastModified": "2024-02-26T20:19:06.073",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not in the allowed scope of that CNA's CVE ID assignments."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-02-26T19:00:26.705992+00:00
+2024-02-26T21:01:01.385142+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-02-26T18:25:58.083000+00:00
+2024-02-26T20:19:06.073000+00:00
 ```

 ### Last Data Feed Release
@ -29,44 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-239505
+239510
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `16`
+Recently added CVEs: `5`

-* [CVE-2019-25160](CVE-2019/CVE-2019-251xx/CVE-2019-25160.json) (`2024-02-26T18:15:06.930`)
-* [CVE-2019-25161](CVE-2019/CVE-2019-251xx/CVE-2019-25161.json) (`2024-02-26T18:15:06.997`)
-* [CVE-2019-25162](CVE-2019/CVE-2019-251xx/CVE-2019-25162.json) (`2024-02-26T18:15:07.043`)
-* [CVE-2020-36775](CVE-2020/CVE-2020-367xx/CVE-2020-36775.json) (`2024-02-26T18:15:07.103`)
-* [CVE-2021-46906](CVE-2021/CVE-2021-469xx/CVE-2021-46906.json) (`2024-02-26T18:15:07.160`)
-* [CVE-2023-52474](CVE-2023/CVE-2023-524xx/CVE-2023-52474.json) (`2024-02-26T18:15:07.237`)
-* [CVE-2024-24401](CVE-2024/CVE-2024-244xx/CVE-2024-24401.json) (`2024-02-26T17:15:10.393`)
-* [CVE-2024-24402](CVE-2024/CVE-2024-244xx/CVE-2024-24402.json) (`2024-02-26T17:15:10.443`)
-* [CVE-2024-25767](CVE-2024/CVE-2024-257xx/CVE-2024-25767.json) (`2024-02-26T17:15:10.497`)
-* [CVE-2024-27081](CVE-2024/CVE-2024-270xx/CVE-2024-27081.json) (`2024-02-26T17:15:10.550`)
-* [CVE-2024-27087](CVE-2024/CVE-2024-270xx/CVE-2024-27087.json) (`2024-02-26T17:15:10.783`)
-* [CVE-2024-27088](CVE-2024/CVE-2024-270xx/CVE-2024-27088.json) (`2024-02-26T17:15:11.000`)
-* [CVE-2024-25768](CVE-2024/CVE-2024-257xx/CVE-2024-25768.json) (`2024-02-26T18:15:07.757`)
-* [CVE-2024-25770](CVE-2024/CVE-2024-257xx/CVE-2024-25770.json) (`2024-02-26T18:15:07.810`)
-* [CVE-2024-26455](CVE-2024/CVE-2024-264xx/CVE-2024-26455.json) (`2024-02-26T18:15:07.863`)
-* [CVE-2024-27084](CVE-2024/CVE-2024-270xx/CVE-2024-27084.json) (`2024-02-26T18:15:07.920`)
+* [CVE-2024-1899](CVE-2024/CVE-2024-18xx/CVE-2024-1899.json) (`2024-02-26T19:15:07.037`)
+* [CVE-2024-24528](CVE-2024/CVE-2024-245xx/CVE-2024-24528.json) (`2024-02-26T19:15:07.247`)
+* [CVE-2024-24564](CVE-2024/CVE-2024-245xx/CVE-2024-24564.json) (`2024-02-26T20:19:05.627`)
+* [CVE-2024-26149](CVE-2024/CVE-2024-261xx/CVE-2024-26149.json) (`2024-02-26T20:19:05.853`)
+* [CVE-2024-27089](CVE-2024/CVE-2024-270xx/CVE-2024-27089.json) (`2024-02-26T20:19:06.073`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `9`
+Recently modified CVEs: `2`

-* [CVE-2024-21802](CVE-2024/CVE-2024-218xx/CVE-2024-21802.json) (`2024-02-26T18:15:07.290`)
-* [CVE-2024-21825](CVE-2024/CVE-2024-218xx/CVE-2024-21825.json) (`2024-02-26T18:15:07.390`)
-* [CVE-2024-21836](CVE-2024/CVE-2024-218xx/CVE-2024-21836.json) (`2024-02-26T18:15:07.487`)
-* [CVE-2024-23496](CVE-2024/CVE-2024-234xx/CVE-2024-23496.json) (`2024-02-26T18:15:07.580`)
-* [CVE-2024-23605](CVE-2024/CVE-2024-236xx/CVE-2024-23605.json) (`2024-02-26T18:15:07.673`)
-* [CVE-2024-23206](CVE-2024/CVE-2024-232xx/CVE-2024-23206.json) (`2024-02-26T18:24:10.707`)
-* [CVE-2024-23211](CVE-2024/CVE-2024-232xx/CVE-2024-23211.json) (`2024-02-26T18:24:10.707`)
-* [CVE-2024-23213](CVE-2024/CVE-2024-232xx/CVE-2024-23213.json) (`2024-02-26T18:24:10.707`)
-* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-02-26T18:25:58.083`)
+* [CVE-2024-26481](CVE-2024/CVE-2024-264xx/CVE-2024-26481.json) (`2024-02-26T19:15:07.300`)
+* [CVE-2024-26482](CVE-2024/CVE-2024-264xx/CVE-2024-26482.json) (`2024-02-26T19:15:07.357`)


 ## Download and Usage