admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-04T03:00:24.756531+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-04 03:00:28 +00:00
parent c7518b4030
commit 97417cec35
6 changed files with 370 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
CVE-2024/CVE-2024-21xx/CVE-2024-2153.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2153",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-04T01:15:06.953",
"lastModified": "2024-03-04T01:15:06.953",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255585 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20View%20Order%20-%20Mobile%20Management%20Store.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255585",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255585",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-21xx/CVE-2024-2154.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2154",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-04T01:15:07.200",
"lastModified": "2024-03-04T01:15:07.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255586 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/vanitashtml/CVE-Dumps/blob/main/Unauthenticated%20SQL%20Injection%20-%20Mobile%20Management%20Store.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255586",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255586",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-21xx/CVE-2024-2155.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2155",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-04T01:15:07.437",
"lastModified": "2024-03-04T01:15:07.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://github.com/wkeyi0x1/vul-report/blob/main/Best%20pos%20management%20system%20in%20php/report.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255587",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255587",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-21xx/CVE-2024-2156.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2156",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-04T01:15:07.680",
"lastModified": "2024-03-04T01:15:07.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin_class.php. The manipulation of the argument img leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255588."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/wkeyi0x1/vul-report/blob/main/Best%20pos%20management%20system%20in%20php/Report-SQLI-1.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255588",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255588",
"source": "cna@vuldb.com"
}
]
}

33
CVE-2024/CVE-2024-220xx/CVE-2024-22054.json
View File

@ -2,38 +2,19 @@
"id": "CVE-2024-22054",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-02-20T18:15:51.393",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-03-04T02:15:16.820",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.\n\n \n\n \n\nAffected Products:\n\nUniFi Access Points\n\nUniFi Switches\n\nUniFi LTE Backup\n\nUniFi Express (Only Mesh Mode, Router mode is not affected)\n\n \n\nMitigation:\n\nUpdate UniFi Access Points to Version 6.6.65 or later.\n\nUpdate UniFi Switches to Version 6.6.61 or later.\n\nUpdate UniFi LTE Backup to Version 6.6.57 or later.\n\nUpdate UniFi Express to Version 3.2.5 or later."
"value": "A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.\n\n\nAffected Products:\nUniFi Access Points\nUniFi Switches\nUniFi LTE Backup\nUniFi Express (Only Mesh Mode, Router mode is not affected)\n\n \nMitigation:\nUpdate UniFi Access Points to Version 6.6.55 or later.\nUpdate UniFi Switches to Version 6.6.61 or later.\nUpdate UniFi LTE Backup to Version 6.6.57 or later.\nUpdate UniFi Express to Version 3.2.5 or later."
},
{
"lang": "es",
"value": "Un paquete de descubrimiento con formato incorrecto enviado por un actor malintencionado con acceso preexistente a la red podr\u00eda interrumpir la funcionalidad de administraci\u00f3n y descubrimiento de dispositivos. Productos afectados: Puntos de acceso UniFi Conmutadores UniFi Copia de seguridad UniFi LTE UniFi Express (solo el modo malla, el modo enrutador no se ve afectado) Mitigaci\u00f3n: actualice los puntos de acceso UniFi a la versi\u00f3n 6.6.65 o posterior. Actualice UniFi Switches a la versi\u00f3n 6.6.61 o posterior. Actualice UniFi LTE Backup a la versi\u00f3n 6.6.57 o posterior. Actualice UniFi Express a la versi\u00f3n 3.2.5 o posterior."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "support@hackerone.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"metrics": {},
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-037-037/9aeeccef-ca4a-4f10-9f66-1eb400b3d027",

20
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-04T00:55:25.108787+00:00
2024-03-04T03:00:24.756531+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-04T00:15:47.303000+00:00
2024-03-04T02:15:16.820000+00:00
```
### Last Data Feed Release
@ -23,28 +23,30 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-03-03T01:00:28.265427+00:00
2024-03-04T01:00:28.248638+00:00
```
### Total Number of included CVEs
```plain
240388
240392
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `4`
* [CVE-2024-28088](CVE-2024/CVE-2024-280xx/CVE-2024-28088.json) (`2024-03-04T00:15:47.017`)
* [CVE-2024-2151](CVE-2024/CVE-2024-21xx/CVE-2024-2151.json) (`2024-03-04T00:15:47.070`)
* [CVE-2024-2152](CVE-2024/CVE-2024-21xx/CVE-2024-2152.json) (`2024-03-04T00:15:47.303`)
* [CVE-2024-2153](CVE-2024/CVE-2024-21xx/CVE-2024-2153.json) (`2024-03-04T01:15:06.953`)
* [CVE-2024-2154](CVE-2024/CVE-2024-21xx/CVE-2024-2154.json) (`2024-03-04T01:15:07.200`)
* [CVE-2024-2155](CVE-2024/CVE-2024-21xx/CVE-2024-2155.json) (`2024-03-04T01:15:07.437`)
* [CVE-2024-2156](CVE-2024/CVE-2024-21xx/CVE-2024-2156.json) (`2024-03-04T01:15:07.680`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
* [CVE-2024-22054](CVE-2024/CVE-2024-220xx/CVE-2024-22054.json) (`2024-03-04T02:15:16.820`)
## Download and Usage