admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-06T00:56:05.541367+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-06 00:56:09 +00:00
parent 7e1f66661e
commit aff65fb21f
23 changed files with 496 additions and 48 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2023/CVE-2023-389xx/CVE-2023-38944.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38944",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-06T00:15:52.143",
"lastModified": "2024-03-06T00:15:52.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header."
}
],
"metrics": {},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2024/Mar/0",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-389xx/CVE-2023-38945.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38945",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-06T00:15:52.247",
"lastModified": "2024-03-06T00:15:52.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL."
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/1",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-389xx/CVE-2023-38946.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-38946",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-06T00:15:52.300",
"lastModified": "2024-03-06T00:15:52.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie."
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/2",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-433xx/CVE-2023-43318.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-43318",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-06T00:15:52.347",
"lastModified": "2024-03-06T00:15:52.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/str2ver/CVE-2023-43318/tree/main",
"source": "cve@mitre.org"
},
{
"url": "https://seclists.org/fulldisclosure/2024/Mar/9",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-441xx/CVE-2023-44186.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-44186",
"sourceIdentifier": "sirt@juniper.net",
"published": "2023-10-11T21:15:09.890",
"lastModified": "2023-10-19T16:21:41.143",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-06T00:15:52.390",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n"
"value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n"
},
{
"lang": "es",

32
CVE-2023/CVE-2023-452xx/CVE-2023-45289.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-45289",
"sourceIdentifier": "security@golang.org",
"published": "2024-03-05T23:15:07.137",
"lastModified": "2024-03-05T23:15:07.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded."
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/569340",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/65065",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2600",
"source": "security@golang.org"
}
]
}

32
CVE-2023/CVE-2023-452xx/CVE-2023-45290.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-45290",
"sourceIdentifier": "security@golang.org",
"published": "2024-03-05T23:15:07.210",
"lastModified": "2024-03-05T23:15:07.210",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines."
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/569341",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/65383",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2599",
"source": "security@golang.org"
}
]
}

20
CVE-2023/CVE-2023-486xx/CVE-2023-48644.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-48644",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:07.260",
"lastModified": "2024-03-05T23:15:07.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on."
}
],
"metrics": {},
"references": [
{
"url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-48644",
"source": "cve@mitre.org"
}
]
}

21
CVE-2023/CVE-2023-525xx/CVE-2023-52521.json
View File

@ -2,27 +2,14 @@
"id": "CVE-2023-52521",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:48.127",
"lastModified": "2024-03-04T13:58:23.447",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-05T23:15:07.310",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Annotate bpf_long_memcpy with data_race\n\nsyzbot reported a data race splat between two processes trying to\nupdate the same BPF map value via syscall on different CPUs:\n\n BUG: KCSAN: data-race in bpf_percpu_array_update / bpf_percpu_array_update\n\n write to 0xffffe8fffe7425d8 of 8 bytes by task 8257 on cpu 1:\n bpf_long_memcpy include/linux/bpf.h:428 [inline]\n bpf_obj_memcpy include/linux/bpf.h:441 [inline]\n copy_map_value_long include/linux/bpf.h:464 [inline]\n bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380\n bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175\n generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749\n bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4648\n __sys_bpf+0x28a/0x780\n __do_sys_bpf kernel/bpf/syscall.c:5241 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5239 [inline]\n __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n write to 0xffffe8fffe7425d8 of 8 bytes by task 8268 on cpu 0:\n bpf_long_memcpy include/linux/bpf.h:428 [inline]\n bpf_obj_memcpy include/linux/bpf.h:441 [inline]\n copy_map_value_long include/linux/bpf.h:464 [inline]\n bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380\n bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175\n generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749\n bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4648\n __sys_bpf+0x28a/0x780\n __do_sys_bpf kernel/bpf/syscall.c:5241 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5239 [inline]\n __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n value changed: 0x0000000000000000 -> 0xfffffff000002788\n\nThe bpf_long_memcpy is used with 8-byte aligned pointers, power-of-8 size\nand forced to use long read/writes to try to atomically copy long counters.\nIt is best-effort only and no barriers are here since it _will_ race with\nconcurrent updates from BPF programs. The bpf_long_memcpy() is called from\nbpf(2) syscall. Marco suggested that the best way to make this known to\nKCSAN would be to use data_race() annotation."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/5685f8a6fae1fbe480493b980a1fdbe67c86a094",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6a86b5b5cd76d2734304a0173f5f01aa8aa2025e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e562de67dc9196f2415f117796a2108c00ac7fc6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
"references": []
}

20
CVE-2024/CVE-2024-228xx/CVE-2024-22889.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-22889",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-06T00:15:52.633",
"lastModified": "2024-03-06T00:15:52.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-242xx/CVE-2024-24275.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24275",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:07.520",
"lastModified": "2024-03-05T23:15:07.520",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function."
}
],
"metrics": {},
"references": [
{
"url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-242xx/CVE-2024-24276.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24276",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:07.583",
"lastModified": "2024-03-05T23:15:07.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components."
}
],
"metrics": {},
"references": [
{
"url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-242xx/CVE-2024-24278.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24278",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:07.633",
"lastModified": "2024-03-05T23:15:07.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function."
}
],
"metrics": {},
"references": [
{
"url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/",
"source": "cve@mitre.org"
}
]
}

32
CVE-2024/CVE-2024-247xx/CVE-2024-24783.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-24783",
"sourceIdentifier": "security@golang.org",
"published": "2024-03-05T23:15:07.683",
"lastModified": "2024-03-05T23:15:07.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates."
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/569339",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/65390",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2598",
"source": "security@golang.org"
}
]
}

32
CVE-2024/CVE-2024-247xx/CVE-2024-24784.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-24784",
"sourceIdentifier": "security@golang.org",
"published": "2024-03-05T23:15:07.733",
"lastModified": "2024-03-05T23:15:07.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers."
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/555596",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/65083",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2609",
"source": "security@golang.org"
}
]
}

32
CVE-2024/CVE-2024-247xx/CVE-2024-24785.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-24785",
"sourceIdentifier": "security@golang.org",
"published": "2024-03-05T23:15:07.777",
"lastModified": "2024-03-05T23:15:07.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates."
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/564196",
"source": "security@golang.org"
},
{
"url": "https://go.dev/issue/65697",
"source": "security@golang.org"
},
{
"url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2610",
"source": "security@golang.org"
}
]
}

24
CVE-2024/CVE-2024-247xx/CVE-2024-24786.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-24786",
"sourceIdentifier": "security@golang.org",
"published": "2024-03-05T23:15:07.820",
"lastModified": "2024-03-05T23:15:07.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set."
}
],
"metrics": {},
"references": [
{
"url": "https://go.dev/cl/569356",
"source": "security@golang.org"
},
{
"url": "https://pkg.go.dev/vuln/GO-2024-2611",
"source": "security@golang.org"
}
]
}

8
CVE-2024/CVE-2024-248xx/CVE-2024-24806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24806",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-07T22:15:10.173",
"lastModified": "2024-02-28T16:43:37.573",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-05T23:15:07.867",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -141,6 +141,10 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html",
"source": "security-advisories@github.com"
}
]
}

24
CVE-2024/CVE-2024-258xx/CVE-2024-25817.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-25817",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-06T00:15:52.703",
"lastModified": "2024-03-06T00:15:52.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/advisories/GHSA-3qx3-6hxr-j2ch",
"source": "cve@mitre.org"
},
{
"url": "https://www.cubeyond.net/blog/my-cves/eza-cve-report",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-272xx/CVE-2024-27278.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-27278",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-03-06T00:15:52.817",
"lastModified": "2024-03-06T00:15:52.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenPNE Plugin \"opTimelinePlugin\" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users."
}
],
"metrics": {},
"references": [
{
"url": "http://www.openpne.jp/archives/13458/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://jvn.jp/en/jp/JVN78084105/",
"source": "vultures@jpcert.or.jp"
}
]
}

20
CVE-2024/CVE-2024-277xx/CVE-2024-27764.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27764",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:07.993",
"lastModified": "2024-03-05T23:15:07.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component."
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-277xx/CVE-2024-27765.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27765",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:08.050",
"lastModified": "2024-03-05T23:15:08.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component."
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90",
"source": "cve@mitre.org"
}
]
}

53
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-05T23:00:26.286741+00:00
2024-03-06T00:56:05.541367+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-05T22:17:26.913000+00:00
2024-03-06T00:15:52.817000+00:00
```
### Last Data Feed Release
@ -29,40 +29,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240598
240617
```
### CVEs added in the last Commit
Recently added CVEs: `13`
Recently added CVEs: `19`
* [CVE-2024-1356](CVE-2024/CVE-2024-13xx/CVE-2024-1356.json) (`2024-03-05T21:15:07.593`)
* [CVE-2024-25611](CVE-2024/CVE-2024-256xx/CVE-2024-25611.json) (`2024-03-05T21:15:07.887`)
* [CVE-2024-25612](CVE-2024/CVE-2024-256xx/CVE-2024-25612.json) (`2024-03-05T21:15:08.133`)
* [CVE-2024-25613](CVE-2024/CVE-2024-256xx/CVE-2024-25613.json) (`2024-03-05T21:15:08.307`)
* [CVE-2024-25614](CVE-2024/CVE-2024-256xx/CVE-2024-25614.json) (`2024-03-05T21:15:08.473`)
* [CVE-2024-25615](CVE-2024/CVE-2024-256xx/CVE-2024-25615.json) (`2024-03-05T21:15:08.637`)
* [CVE-2024-25616](CVE-2024/CVE-2024-256xx/CVE-2024-25616.json) (`2024-03-05T21:15:08.807`)
* [CVE-2024-25858](CVE-2024/CVE-2024-258xx/CVE-2024-25858.json) (`2024-03-05T21:15:09.030`)
* [CVE-2024-2179](CVE-2024/CVE-2024-21xx/CVE-2024-2179.json) (`2024-03-05T21:15:09.100`)
* [CVE-2024-1764](CVE-2024/CVE-2024-17xx/CVE-2024-1764.json) (`2024-03-05T22:15:46.947`)
* [CVE-2024-1898](CVE-2024/CVE-2024-18xx/CVE-2024-1898.json) (`2024-03-05T22:15:47.020`)
* [CVE-2024-1900](CVE-2024/CVE-2024-19xx/CVE-2024-1900.json) (`2024-03-05T22:15:47.060`)
* [CVE-2024-1901](CVE-2024/CVE-2024-19xx/CVE-2024-1901.json) (`2024-03-05T22:15:47.103`)
* [CVE-2023-45289](CVE-2023/CVE-2023-452xx/CVE-2023-45289.json) (`2024-03-05T23:15:07.137`)
* [CVE-2023-45290](CVE-2023/CVE-2023-452xx/CVE-2023-45290.json) (`2024-03-05T23:15:07.210`)
* [CVE-2023-48644](CVE-2023/CVE-2023-486xx/CVE-2023-48644.json) (`2024-03-05T23:15:07.260`)
* [CVE-2023-38944](CVE-2023/CVE-2023-389xx/CVE-2023-38944.json) (`2024-03-06T00:15:52.143`)
* [CVE-2023-38945](CVE-2023/CVE-2023-389xx/CVE-2023-38945.json) (`2024-03-06T00:15:52.247`)
* [CVE-2023-38946](CVE-2023/CVE-2023-389xx/CVE-2023-38946.json) (`2024-03-06T00:15:52.300`)
* [CVE-2023-43318](CVE-2023/CVE-2023-433xx/CVE-2023-43318.json) (`2024-03-06T00:15:52.347`)
* [CVE-2024-24275](CVE-2024/CVE-2024-242xx/CVE-2024-24275.json) (`2024-03-05T23:15:07.520`)
* [CVE-2024-24276](CVE-2024/CVE-2024-242xx/CVE-2024-24276.json) (`2024-03-05T23:15:07.583`)
* [CVE-2024-24278](CVE-2024/CVE-2024-242xx/CVE-2024-24278.json) (`2024-03-05T23:15:07.633`)
* [CVE-2024-24783](CVE-2024/CVE-2024-247xx/CVE-2024-24783.json) (`2024-03-05T23:15:07.683`)
* [CVE-2024-24784](CVE-2024/CVE-2024-247xx/CVE-2024-24784.json) (`2024-03-05T23:15:07.733`)
* [CVE-2024-24785](CVE-2024/CVE-2024-247xx/CVE-2024-24785.json) (`2024-03-05T23:15:07.777`)
* [CVE-2024-24786](CVE-2024/CVE-2024-247xx/CVE-2024-24786.json) (`2024-03-05T23:15:07.820`)
* [CVE-2024-27764](CVE-2024/CVE-2024-277xx/CVE-2024-27764.json) (`2024-03-05T23:15:07.993`)
* [CVE-2024-27765](CVE-2024/CVE-2024-277xx/CVE-2024-27765.json) (`2024-03-05T23:15:08.050`)
* [CVE-2024-22889](CVE-2024/CVE-2024-228xx/CVE-2024-22889.json) (`2024-03-06T00:15:52.633`)
* [CVE-2024-25817](CVE-2024/CVE-2024-258xx/CVE-2024-25817.json) (`2024-03-06T00:15:52.703`)
* [CVE-2024-27278](CVE-2024/CVE-2024-272xx/CVE-2024-27278.json) (`2024-03-06T00:15:52.817`)
### CVEs modified in the last Commit
Recently modified CVEs: `8`
Recently modified CVEs: `3`
* [CVE-2019-10271](CVE-2019/CVE-2019-102xx/CVE-2019-10271.json) (`2024-03-05T21:11:12.187`)
* [CVE-2021-45810](CVE-2021/CVE-2021-458xx/CVE-2021-45810.json) (`2024-03-05T22:15:46.827`)
* [CVE-2023-28892](CVE-2023/CVE-2023-288xx/CVE-2023-28892.json) (`2024-03-05T21:15:07.250`)
* [CVE-2023-50693](CVE-2023/CVE-2023-506xx/CVE-2023-50693.json) (`2024-03-05T21:15:07.367`)
* [CVE-2024-22894](CVE-2024/CVE-2024-228xx/CVE-2024-22894.json) (`2024-03-05T21:15:07.790`)
* [CVE-2024-20749](CVE-2024/CVE-2024-207xx/CVE-2024-20749.json) (`2024-03-05T22:17:17.527`)
* [CVE-2024-20747](CVE-2024/CVE-2024-207xx/CVE-2024-20747.json) (`2024-03-05T22:17:24.763`)
* [CVE-2024-20748](CVE-2024/CVE-2024-207xx/CVE-2024-20748.json) (`2024-03-05T22:17:26.913`)
* [CVE-2023-52521](CVE-2023/CVE-2023-525xx/CVE-2023-52521.json) (`2024-03-05T23:15:07.310`)
* [CVE-2023-44186](CVE-2023/CVE-2023-441xx/CVE-2023-44186.json) (`2024-03-06T00:15:52.390`)
* [CVE-2024-24806](CVE-2024/CVE-2024-248xx/CVE-2024-24806.json) (`2024-03-05T23:15:07.867`)
## Download and Usage