admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-29T00:55:25.076144+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-29 00:55:28 +00:00
parent e2a4119c96
commit a2dd6a89f7
13 changed files with 430 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2023/CVE-2023-400xx/CVE-2023-40072.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-40072",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-08-18T10:15:12.847",
"lastModified": "2024-01-23T10:15:10.163",
"lastModified": "2024-02-28T23:15:08.150",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, and WAB-S1167 v1.0.7 and earlier."
"value": "OS command injection vulnerability in ELECOM network devices allows an authenticated user to execute an arbitrary OS command by sending a specially crafted request. Affected products and versions are as follows: WAB-S600-PS all versions, WAB-S300 all versions, WAB-M1775-PS v1.1.21 and earlier, WAB-S1775 v1.1.9 and earlier, WAB-S1167 v1.0.7 and earlier, and WAB-M2133 v1.3.22 and earlier."
}
],
"metrics": {

55
CVE-2023/CVE-2023-56xx/CVE-2023-5617.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-5617",
"sourceIdentifier": "security.vulnerabilities@hitachivantara.com",
"published": "2024-02-28T23:15:08.260",
"lastModified": "2024-02-28T23:15:08.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nHitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.6, including\u00a09.5.x and 8.3.x, display the version of Tomcat when a server error is encountered.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security.vulnerabilities@hitachivantara.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-550"
}
]
}
],
"references": [
{
"url": "https://support.pentaho.com/hc/en-us/articles/24313358254861--Resolved-Hitachi-Vantara-Pentaho-Data-Integration-Analytics-Server-generated-Error-Message-Containing-Sensitive-Information-Versions-before-10-1-0-0-and-9-3-0-6-including-all-versions-before-10-0-x-Impacted-CVE-2023-5617",
"source": "security.vulnerabilities@hitachivantara.com"
}
]
}

6
CVE-2024/CVE-2024-213xx/CVE-2024-21374.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-21374",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:55.137",
"lastModified": "2024-02-22T18:41:59.337",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-28T23:15:09.047",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Microsoft Teams for Android Information Disclosure"
"value": "Microsoft Teams for Android Information Disclosure Vulnerability"
},
{
"lang": "es",

24
CVE-2024/CVE-2024-217xx/CVE-2024-21798.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-21798",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-02-28T23:15:09.453",
"lastModified": "2024-02-28T23:15:09.453",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN44166658/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/",
"source": "vultures@jpcert.or.jp"
}
]
}

20
CVE-2024/CVE-2024-225xx/CVE-2024-22532.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22532",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T23:15:09.507",
"lastModified": "2024-02-28T23:15:09.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/pwndorei/CVE-2024-22532",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-239xx/CVE-2024-23910.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23910",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-02-28T23:15:09.557",
"lastModified": "2024-02-28T23:15:09.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN44166658/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/",
"source": "vultures@jpcert.or.jp"
}
]
}

71
CVE-2024/CVE-2024-251xx/CVE-2024-25126.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2024-25126",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-29T00:15:51.200",
"lastModified": "2024-02-29T00:15:51.200",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack\u2019s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"references": [
{
"url": "https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2024/CVE-2024-254xx/CVE-2024-25422.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25422",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T23:15:09.610",
"lastModified": "2024-02-28T23:15:09.610",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/tzyyyyyyy/semcms",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-255xx/CVE-2024-25579.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25579",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-02-28T23:15:09.660",
"lastModified": "2024-02-28T23:15:09.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU99444194/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.elecom.co.jp/news/security/20240220-01/",
"source": "vultures@jpcert.or.jp"
}
]
}

71
CVE-2024/CVE-2024-261xx/CVE-2024-26141.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2024-26141",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-29T00:15:51.403",
"lastModified": "2024-02-29T00:15:51.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml",
"source": "security-advisories@github.com"
}
]
}

79
CVE-2024/CVE-2024-261xx/CVE-2024-26146.json Normal file
View File

@ -0,0 +1,79 @@
{
"id": "CVE-2024-26146",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-29T00:15:51.597",
"lastModified": "2024-02-29T00:15:51.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"references": [
{
"url": "https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2024/CVE-2024-265xx/CVE-2024-26559.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-26559",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T23:15:09.763",
"lastModified": "2024-02-28T23:15:09.763",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information."
}
],
"metrics": {},
"references": [
{
"url": "https://syst1m.cn/2024/01/22/U%E9%AA%8C%E8%AF%81%E7%BD%91%E7%BB%9C%E7%94%A8%E6%88%B7%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E/",
"source": "cve@mitre.org"
}
]
}

37
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-28T23:00:24.424262+00:00
2024-02-29T00:55:25.076144+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-28T22:15:26.767000+00:00
2024-02-29T00:15:51.597000+00:00
```
### Last Data Feed Release
@ -29,34 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
239859
239869
```
### CVEs added in the last Commit
Recently added CVEs: `15`
Recently added CVEs: `10`
* [CVE-2023-25922](CVE-2023/CVE-2023-259xx/CVE-2023-25922.json) (`2024-02-28T22:15:25.683`)
* [CVE-2023-25925](CVE-2023/CVE-2023-259xx/CVE-2023-25925.json) (`2024-02-28T22:15:25.883`)
* [CVE-2023-45859](CVE-2023/CVE-2023-458xx/CVE-2023-45859.json) (`2024-02-28T22:15:26.070`)
* [CVE-2023-45873](CVE-2023/CVE-2023-458xx/CVE-2023-45873.json) (`2024-02-28T22:15:26.107`)
* [CVE-2023-49338](CVE-2023/CVE-2023-493xx/CVE-2023-49338.json) (`2024-02-28T22:15:26.170`)
* [CVE-2024-1972](CVE-2024/CVE-2024-19xx/CVE-2024-1972.json) (`2024-02-28T22:15:26.210`)
* [CVE-2024-22983](CVE-2024/CVE-2024-229xx/CVE-2024-22983.json) (`2024-02-28T22:15:26.453`)
* [CVE-2024-25350](CVE-2024/CVE-2024-253xx/CVE-2024-25350.json) (`2024-02-28T22:15:26.493`)
* [CVE-2024-25351](CVE-2024/CVE-2024-253xx/CVE-2024-25351.json) (`2024-02-28T22:15:26.533`)
* [CVE-2024-25866](CVE-2024/CVE-2024-258xx/CVE-2024-25866.json) (`2024-02-28T22:15:26.573`)
* [CVE-2024-25867](CVE-2024/CVE-2024-258xx/CVE-2024-25867.json) (`2024-02-28T22:15:26.617`)
* [CVE-2024-25868](CVE-2024/CVE-2024-258xx/CVE-2024-25868.json) (`2024-02-28T22:15:26.657`)
* [CVE-2024-25869](CVE-2024/CVE-2024-258xx/CVE-2024-25869.json) (`2024-02-28T22:15:26.690`)
* [CVE-2024-26450](CVE-2024/CVE-2024-264xx/CVE-2024-26450.json) (`2024-02-28T22:15:26.730`)
* [CVE-2024-26476](CVE-2024/CVE-2024-264xx/CVE-2024-26476.json) (`2024-02-28T22:15:26.767`)
* [CVE-2023-5617](CVE-2023/CVE-2023-56xx/CVE-2023-5617.json) (`2024-02-28T23:15:08.260`)
* [CVE-2024-21798](CVE-2024/CVE-2024-217xx/CVE-2024-21798.json) (`2024-02-28T23:15:09.453`)
* [CVE-2024-22532](CVE-2024/CVE-2024-225xx/CVE-2024-22532.json) (`2024-02-28T23:15:09.507`)
* [CVE-2024-23910](CVE-2024/CVE-2024-239xx/CVE-2024-23910.json) (`2024-02-28T23:15:09.557`)
* [CVE-2024-25422](CVE-2024/CVE-2024-254xx/CVE-2024-25422.json) (`2024-02-28T23:15:09.610`)
* [CVE-2024-25579](CVE-2024/CVE-2024-255xx/CVE-2024-25579.json) (`2024-02-28T23:15:09.660`)
* [CVE-2024-26559](CVE-2024/CVE-2024-265xx/CVE-2024-26559.json) (`2024-02-28T23:15:09.763`)
* [CVE-2024-25126](CVE-2024/CVE-2024-251xx/CVE-2024-25126.json) (`2024-02-29T00:15:51.200`)
* [CVE-2024-26141](CVE-2024/CVE-2024-261xx/CVE-2024-26141.json) (`2024-02-29T00:15:51.403`)
* [CVE-2024-26146](CVE-2024/CVE-2024-261xx/CVE-2024-26146.json) (`2024-02-29T00:15:51.597`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `2`
* [CVE-2023-40072](CVE-2023/CVE-2023-400xx/CVE-2023-40072.json) (`2024-02-28T23:15:08.150`)
* [CVE-2024-21374](CVE-2024/CVE-2024-213xx/CVE-2024-21374.json) (`2024-02-28T23:15:09.047`)
## Download and Usage