admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-17T13:00:38.305363+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-17 13:03:25 +00:00
parent 3ae9aa1db8
commit 94bafe0365
7 changed files with 376 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2023/CVE-2023-275xx/CVE-2023-27534.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27534",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-03-30T20:15:07.427",
"lastModified": "2023-11-07T04:09:59.060",
"lastModified": "2024-03-17T12:15:07.023",
"vulnStatus": "Modified",
"descriptions": [
{
@ -46,7 +46,7 @@
]
},
{
"source": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"source": "support@hackerone.com",
"type": "Secondary",
"description": [
{
@ -227,6 +227,10 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html",
"source": "support@hackerone.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/",
"source": "support@hackerone.com"

88
CVE-2024/CVE-2024-25xx/CVE-2024-2560.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2560",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-17T11:15:06.297",
"lastModified": "2024-03-17T11:15:06.297",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromSysToolRestoreSet.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.257059",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.257059",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-25xx/CVE-2024-2561.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2561",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-17T11:15:06.540",
"lastModified": "2024-03-17T11:15:06.540",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.257060",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.257060",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-25xx/CVE-2024-2562.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2562",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-17T12:15:07.343",
"lastModified": "2024-03-17T12:15:07.343",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This affects the function InsertRole of the file /apps/system/services/role_menu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257061 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/PandaXGO/PandaX/issues/4",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.257061",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.257061",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-25xx/CVE-2024-2563.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2563",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-17T12:15:07.617",
"lastModified": "2024-03-17T12:15:07.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-24"
}
]
}
],
"references": [
{
"url": "https://github.com/PandaXGO/PandaX/pull/3",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.257062",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.257062",
"source": "cna@vuldb.com"
}
]
}

18
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-17T11:00:37.561237+00:00
2024-03-17T13:00:38.305363+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-17T10:15:06.923000+00:00
2024-03-17T12:15:07.617000+00:00
```
### Last Data Feed Release
@ -29,22 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
241726
241730
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `4`
* [CVE-2024-2557](CVE-2024/CVE-2024-25xx/CVE-2024-2557.json) (`2024-03-17T09:15:07.007`)
* [CVE-2024-2558](CVE-2024/CVE-2024-25xx/CVE-2024-2558.json) (`2024-03-17T09:15:07.253`)
* [CVE-2024-2559](CVE-2024/CVE-2024-25xx/CVE-2024-2559.json) (`2024-03-17T10:15:06.923`)
* [CVE-2024-2560](CVE-2024/CVE-2024-25xx/CVE-2024-2560.json) (`2024-03-17T11:15:06.297`)
* [CVE-2024-2561](CVE-2024/CVE-2024-25xx/CVE-2024-2561.json) (`2024-03-17T11:15:06.540`)
* [CVE-2024-2562](CVE-2024/CVE-2024-25xx/CVE-2024-2562.json) (`2024-03-17T12:15:07.343`)
* [CVE-2024-2563](CVE-2024/CVE-2024-25xx/CVE-2024-2563.json) (`2024-03-17T12:15:07.617`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
* [CVE-2023-27534](CVE-2023/CVE-2023-275xx/CVE-2023-27534.json) (`2024-03-17T12:15:07.023`)
## Download and Usage

12
_state.csv
View File

@ -219336,7 +219336,7 @@ CVE-2023-2753,0,0,4ecf5398bff210b49fa24c4de40f831d5fe62d4e27f885c305b06210dc7395
CVE-2023-27530,0,0,bbdbd6bd09e5403444301a316c014367de950b68297f3c5c5163341a6899a17f,2023-12-08T22:15:07.603000
CVE-2023-27532,0,0,6e558ef4c9db36b1e54f4e743272a386ec3944cb0cd1f1ee52412a3f882d8662,2023-03-16T17:23:23.517000
CVE-2023-27533,0,0,8efc2d3b0d613e079e2ff08782daf5d279bd3c39cc2493d8662942722001c292,2023-11-07T04:09:58.970000
CVE-2023-27534,0,0,050633623f1cf1e05b1c279cec01cc762f530cc67c1b171bcd8578dcb6c62548,2023-11-07T04:09:59.060000
CVE-2023-27534,0,1,aae8ee275589144f846d2a1300226fddeee79fb032dfd4b8bfac5d0cf836e6aa,2024-03-17T12:15:07.023000
CVE-2023-27535,0,0,9dd9adc2eef50b049de0adb22bb47f77301b46425035a140d7678322628887a0,2023-11-07T04:09:59.127000
CVE-2023-27536,0,0,4e21d8aa8217d2d2a6dea9322c843207d3839bd7f7d74aa22c6fcfbbcd573a34,2023-11-07T04:09:59.200000
CVE-2023-27537,0,0,7c58ae2df903a95939ca9660d65f06d149e776b6a57035215f459abd5b18eb8f,2023-10-20T18:44:28.253000
@ -241054,17 +241054,18 @@ CVE-2024-25553,0,0,7897cd9b8668fce1d605300c650e28167f9921d03a4fde26bc34f4ebe4511
CVE-2024-25554,0,0,a87c08d7479e0670c1de7ac680e974b7c966b7f12d7b309312798a5acd199088,2024-03-01T08:15:38.107000
CVE-2024-25559,0,0,621d2089e4066088e4f2e7151d4c52b797349073e2e5f4d074059dc172fb61d6,2024-02-15T06:23:39.303000
CVE-2024-2556,0,0,f6e73ecbdd62c86e33863379d33d4829c115d0be00b9b5391e10c6c81ce51f15,2024-03-17T08:15:05.997000
CVE-2024-2557,1,1,5d3f733a093e77ccb0a08d0634715f15a6043f5481c9b8ee58e4fd139484271a,2024-03-17T09:15:07.007000
CVE-2024-2557,0,0,5d3f733a093e77ccb0a08d0634715f15a6043f5481c9b8ee58e4fd139484271a,2024-03-17T09:15:07.007000
CVE-2024-25578,0,0,ff68f9ee0e3394b3fa83fe8766f2e044325a5fd043b437de063c0cd80654c610,2024-03-01T14:04:26.010000
CVE-2024-25579,0,0,91953a88eab65ef3b6eb3b0fbea08ce09211ffa83ae8783d4b439f2092b924fc,2024-02-29T13:49:47.277000
CVE-2024-2558,1,1,8050607ac23e65960674849c352be5db1907b1d534dc2d541c620caa66cdb423,2024-03-17T09:15:07.253000
CVE-2024-2559,1,1,6201292f4311a87cf81b00e3f119f7b5b1d2f3fd530328ce8bf64628b2483016,2024-03-17T10:15:06.923000
CVE-2024-2558,0,0,8050607ac23e65960674849c352be5db1907b1d534dc2d541c620caa66cdb423,2024-03-17T09:15:07.253000
CVE-2024-2559,0,0,6201292f4311a87cf81b00e3f119f7b5b1d2f3fd530328ce8bf64628b2483016,2024-03-17T10:15:06.923000
CVE-2024-25592,0,0,0412b365f90f8498f043e36695d62af9e4613ca29af17a99e02dba80f6454731,2024-03-15T16:26:49.320000
CVE-2024-25593,0,0,1b575b30fd4fb0e3fa8c9a56cd48628f4c588b446b23deb90120a47d669ff1d9,2024-03-15T16:26:49.320000
CVE-2024-25594,0,0,041a8f1098ea8eb68537c88dc97c5b5bc81f29a13cfba102c394bd754ead05ca,2024-02-29T13:49:29.390000
CVE-2024-25596,0,0,13114d7ee8f79cd717d046d21908c5184e1a5e393e712bad1e319d6228d0994e,2024-03-15T16:26:49.320000
CVE-2024-25597,0,0,e1e937a2ce2376e555303951d31b92ae54df886e8583dbc9427f46a5c7a19dfc,2024-03-15T16:26:49.320000
CVE-2024-25598,0,0,fb13eab656ab973b3987c473d0c30d3886e191cae180bf92b8f730aaf3f724ee,2024-03-15T16:26:49.320000
CVE-2024-2560,1,1,a7cc379c94422e2afce41b3b6bf6bbbf323812b8496844ae4c1dcf67681d09d4,2024-03-17T11:15:06.297000
CVE-2024-25601,0,0,81f4fdae91c2e2979380ffdf7201132bd42db70ea50ec659a221655da6bb1b91,2024-02-22T19:07:37.840000
CVE-2024-25602,0,0,6a0412f9e3d86cacfb35a934a8fd793128a0f85212ec26797b187230b94df26a,2024-02-22T19:07:37.840000
CVE-2024-25603,0,0,863f490c7ea22d0d3c701bfeb2e8a36747268d73fdd29bb24261158009a35432,2024-02-22T19:07:37.840000
@ -241074,6 +241075,7 @@ CVE-2024-25606,0,0,f4127f65859da9e4eafb304ab5f5357c338dbc6a805533edaf8b3a431051a
CVE-2024-25607,0,0,b1bdbb091cda1b1a0832d5c938cadf7ef73e9fe8fb0a2223ee265a0dd4bacd84,2024-02-20T19:50:53.960000
CVE-2024-25608,0,0,777906eeb0a5b0a9c86f59255c54f56d84853d1b7a72669bef6a4f4e08ea2a75,2024-02-20T19:50:53.960000
CVE-2024-25609,0,0,70b2abe4f6b07d14dd1eaed8f77b182b189fc3d24fbd2fcce03d566544ebecbb,2024-02-20T19:50:53.960000
CVE-2024-2561,1,1,bd018974413114451f5b439e6a0f8391d5f00b5dd172b0eaa3902e1b875f2acd,2024-03-17T11:15:06.540000
CVE-2024-25610,0,0,b35a6722f35ec1b5b38b71e712f8a9e94e1a8cc00e1ca63d3d3fefe1476d192a,2024-02-20T19:50:53.960000
CVE-2024-25611,0,0,b8aad29ecd8dafe739aa6a39e6e9b9c4b39c67e14764ad44399a3e75bbf7bb9a,2024-03-06T15:18:08.093000
CVE-2024-25612,0,0,a837136520aeaa34f4b70e7dd03ddbfd53112c6e4bd6fadaa68c3f07ddc2bf40,2024-03-06T15:18:08.093000
@ -241084,6 +241086,7 @@ CVE-2024-25616,0,0,08e7e92a31b8175954afe7fe6329cd6c1ab805b72ac96ece1d0fb03d1064f
CVE-2024-25617,0,0,d737d9ee2715258f911ebb3f89a3dffbc47a4a22baf4554c7d4e9230aee01721,2024-02-15T06:23:39.303000
CVE-2024-25618,0,0,6ed8249b3ca4bef56b61ecd19434b2c991b2098ab9bdaaf5d9d685277d557b66,2024-02-15T06:23:39.303000
CVE-2024-25619,0,0,39abdc988e4d73d7f7229c43ce3f985993a99ce60ee39e82390d8dd27310f40d,2024-02-15T06:23:39.303000
CVE-2024-2562,1,1,70f9debb76f5aee871bef259609492bc248526475d2b24841c8e51944840bb15,2024-03-17T12:15:07.343000
CVE-2024-25620,0,0,103fa94e29e01d07bc8fc6806aebaa5600b7a8dea376343a1f804f899bde136f,2024-02-15T06:23:39.303000
CVE-2024-25623,0,0,d7097ca06a605433eb8efcfef9343f15725de6d8ed69964da29f4e86bee1b907,2024-02-20T19:50:53.960000
CVE-2024-25625,0,0,aa9fbe54dd7bd2282f80b78321777ab8fac3f81631cae43246d091ee25cf0360,2024-02-20T19:50:53.960000
@ -241091,6 +241094,7 @@ CVE-2024-25626,0,0,d9f83485f5fb6b4cc55a1d4f971342f8155aa2e72270d86c4d53f59fca85d
CVE-2024-25627,0,0,335cf8e2ea0e82de853c22c4501c52460485e1ff41aacc65c72ac02bb7c794f4,2024-02-16T21:39:50.223000
CVE-2024-25628,0,0,a1db75d4a91c0decb510706632a7a99db70da095e2ef543a17e18a8ebf5faf6e,2024-02-16T21:39:50.223000
CVE-2024-25629,0,0,e8492adb2680f110ac06a58986c9b019034accc223969f879ac2af270156ad78,2024-02-23T16:14:43.447000
CVE-2024-2563,1,1,c69203a23c6a79e1918a4ddad25e19618a314dc6a28d3feb5308bf93d7a93818,2024-03-17T12:15:07.617000
CVE-2024-25630,0,0,e8dd8461a6c439d380ff2cfaa26bd120d833e99bc88eaeb33a16736643fcf67c,2024-02-20T19:50:53.960000
CVE-2024-25631,0,0,c8bdaced4c0d5563bd57b345057b4e4f59369a45b7c12f5563c1a08a0da6b5d9,2024-02-20T19:50:53.960000
CVE-2024-25634,0,0,c1510e3ab0b733f2989d621c241e546f656e3e790b7a0232e637470ddb569500,2024-02-20T19:50:53.960000

Can't render this file because it is too large.