diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38944.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38944.json new file mode 100644 index 00000000000..88873092414 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38944.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38944", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T00:15:52.143", + "lastModified": "2024-03-06T00:15:52.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Multilaser RE160V firmware v12.03.01.09_pt and Multilaser RE163V firmware v12.03.01.10_pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://seclists.org/fulldisclosure/2024/Mar/0", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38945.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38945.json new file mode 100644 index 00000000000..d88cf8f57e7 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38945.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38945", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T00:15:52.247", + "lastModified": "2024-03-06T00:15:52.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Multilaser RE160 v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01, Multilaser RE160V v12.03.01.08_pt and V12.03.01.09_pt, and Multilaser RE163V v12.03.01.08_pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-389xx/CVE-2023-38946.json b/CVE-2023/CVE-2023-389xx/CVE-2023-38946.json new file mode 100644 index 00000000000..a30d9075e19 --- /dev/null +++ b/CVE-2023/CVE-2023-389xx/CVE-2023-38946.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-38946", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T00:15:52.300", + "lastModified": "2024-03-06T00:15:52.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Multilaser RE160 firmware v5.07.51_pt_MTL01 and v5.07.52_pt_MTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://seclists.org/fulldisclosure/2024/Mar/2", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-433xx/CVE-2023-43318.json b/CVE-2023/CVE-2023-433xx/CVE-2023-43318.json new file mode 100644 index 00000000000..82f9ab2656e --- /dev/null +++ b/CVE-2023/CVE-2023-433xx/CVE-2023-43318.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-43318", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T00:15:52.347", + "lastModified": "2024-03-06T00:15:52.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/str2ver/CVE-2023-43318/tree/main", + "source": "cve@mitre.org" + }, + { + "url": "https://seclists.org/fulldisclosure/2024/Mar/9", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44186.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44186.json index ddd5cc66e94..7d6990b8ba9 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44186.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44186.json @@ -2,12 +2,12 @@ "id": "CVE-2023-44186", "sourceIdentifier": "sirt@juniper.net", "published": "2023-10-11T21:15:09.890", - "lastModified": "2023-10-19T16:21:41.143", - "vulnStatus": "Analyzed", + "lastModified": "2024-03-06T00:15:52.390", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3;\n * 23.2 versions prior to 23.2R2.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO;\n * 23.2 versions prior to 23.2R2-EVO.\n\n\n\n\n\n\n" + "value": "\nAn Improper Handling of Exceptional Conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and Junos OS Evolved allows an attacker to send a BGP update message with an AS PATH containing a large number of 4-byte ASes, leading to a Denial of Service (DoS). Continued receipt and processing of these BGP updates will create a sustained Denial of Service (DoS) condition.\n\nThis issue is hit when the router has Non-Stop Routing (NSR) enabled, has a non-4-byte-AS capable BGP neighbor, receives a BGP update message with a prefix that includes a long AS PATH containing large number of 4-byte ASes, and has to advertise the prefix towards the non-4-byte-AS capable BGP neighbor.\n\nNote: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability.\nThis issue affects:\n\nJuniper Networks Junos OS:\n\n\n\n * All versions prior to 20.4R3-S8;\n * 21.1 versions 21.1R1 and later;\n * 21.2 versions prior to 21.2R3-S6;\n * 21.3 versions prior to 21.3R3-S5;\n * 21.4 versions prior to 21.4R3-S5;\n * 22.1 versions prior to 22.1R3-S4;\n * 22.2 versions prior to 22.2R3-S2;\n * 22.3 versions prior to 22.3R2-S2, 22.3R3-S1;\n * 22.4 versions prior to 22.4R2-S1, 22.4R3.\n\n\n\n\nJuniper Networks Junos OS Evolved\n\n\n\n * All versions prior to 20.4R3-S8-EVO;\n * 21.1 versions 21.1R1-EVO and later;\n * 21.2 versions prior to 21.2R3-S6-EVO;\n * 21.3 versions prior to 21.3R3-S5-EVO;\n * 21.4 versions prior to 21.4R3-S5-EVO;\n * 22.1 versions prior to 22.1R3-S4-EVO;\n * 22.2 versions prior to 22.2R3-S2-EVO;\n * 22.3 versions prior to 22.3R2-S2-EVO, 22.3R3-S1-EVO;\n * 22.4 versions prior to 22.4R2-S1-EVO, 22.4R3-EVO.\n\n\n\n\n\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45289.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45289.json new file mode 100644 index 00000000000..066dd96ca0b --- /dev/null +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45289.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-45289", + "sourceIdentifier": "security@golang.org", + "published": "2024-03-05T23:15:07.137", + "lastModified": "2024-03-05T23:15:07.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as \"Authorization\" or \"Cookie\". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://go.dev/cl/569340", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/65065", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2024-2600", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-452xx/CVE-2023-45290.json b/CVE-2023/CVE-2023-452xx/CVE-2023-45290.json new file mode 100644 index 00000000000..8a0dc72fa09 --- /dev/null +++ b/CVE-2023/CVE-2023-452xx/CVE-2023-45290.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-45290", + "sourceIdentifier": "security@golang.org", + "published": "2024-03-05T23:15:07.210", + "lastModified": "2024-03-05T23:15:07.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://go.dev/cl/569341", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/65383", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2024-2599", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48644.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48644.json new file mode 100644 index 00000000000..f4ca0268c38 --- /dev/null +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48644.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-48644", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-05T23:15:07.260", + "lastModified": "2024-03-05T23:15:07.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://excellium-services.com/cert-xlm-advisory/CVE-2023-48644", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52521.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52521.json index 5423d747950..ebc5eacb7d1 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52521.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52521.json @@ -2,27 +2,14 @@ "id": "CVE-2023-52521", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:48.127", - "lastModified": "2024-03-04T13:58:23.447", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-05T23:15:07.310", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Annotate bpf_long_memcpy with data_race\n\nsyzbot reported a data race splat between two processes trying to\nupdate the same BPF map value via syscall on different CPUs:\n\n BUG: KCSAN: data-race in bpf_percpu_array_update / bpf_percpu_array_update\n\n write to 0xffffe8fffe7425d8 of 8 bytes by task 8257 on cpu 1:\n bpf_long_memcpy include/linux/bpf.h:428 [inline]\n bpf_obj_memcpy include/linux/bpf.h:441 [inline]\n copy_map_value_long include/linux/bpf.h:464 [inline]\n bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380\n bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175\n generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749\n bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4648\n __sys_bpf+0x28a/0x780\n __do_sys_bpf kernel/bpf/syscall.c:5241 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5239 [inline]\n __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n write to 0xffffe8fffe7425d8 of 8 bytes by task 8268 on cpu 0:\n bpf_long_memcpy include/linux/bpf.h:428 [inline]\n bpf_obj_memcpy include/linux/bpf.h:441 [inline]\n copy_map_value_long include/linux/bpf.h:464 [inline]\n bpf_percpu_array_update+0x3bb/0x500 kernel/bpf/arraymap.c:380\n bpf_map_update_value+0x190/0x370 kernel/bpf/syscall.c:175\n generic_map_update_batch+0x3ae/0x4f0 kernel/bpf/syscall.c:1749\n bpf_map_do_batch+0x2df/0x3d0 kernel/bpf/syscall.c:4648\n __sys_bpf+0x28a/0x780\n __do_sys_bpf kernel/bpf/syscall.c:5241 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5239 [inline]\n __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5239\n do_syscall_x64 arch/x86/entry/common.c:50 [inline]\n do_syscall_64+0x41/0xc0 arch/x86/entry/common.c:80\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\n\n value changed: 0x0000000000000000 -> 0xfffffff000002788\n\nThe bpf_long_memcpy is used with 8-byte aligned pointers, power-of-8 size\nand forced to use long read/writes to try to atomically copy long counters.\nIt is best-effort only and no barriers are here since it _will_ race with\nconcurrent updates from BPF programs. The bpf_long_memcpy() is called from\nbpf(2) syscall. Marco suggested that the best way to make this known to\nKCSAN would be to use data_race() annotation." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], "metrics": {}, - "references": [ - { - "url": "https://git.kernel.org/stable/c/5685f8a6fae1fbe480493b980a1fdbe67c86a094", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/6a86b5b5cd76d2734304a0173f5f01aa8aa2025e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/e562de67dc9196f2415f117796a2108c00ac7fc6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - } - ] + "references": [] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22889.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22889.json new file mode 100644 index 00000000000..46045ffe29c --- /dev/null +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22889.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-22889", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T00:15:52.633", + "lastModified": "2024-03-06T00:15:52.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24275.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24275.json new file mode 100644 index 00000000000..cd275c0890b --- /dev/null +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24275.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-24275", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-05T23:15:07.520", + "lastModified": "2024-03-05T23:15:07.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24276.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24276.json new file mode 100644 index 00000000000..25a4c2d96a2 --- /dev/null +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24276.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-24276", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-05T23:15:07.583", + "lastModified": "2024-03-05T23:15:07.583", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-242xx/CVE-2024-24278.json b/CVE-2024/CVE-2024-242xx/CVE-2024-24278.json new file mode 100644 index 00000000000..f2c7be76483 --- /dev/null +++ b/CVE-2024/CVE-2024-242xx/CVE-2024-24278.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-24278", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-05T23:15:07.633", + "lastModified": "2024-03-05T23:15:07.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24783.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24783.json new file mode 100644 index 00000000000..e12887f0b34 --- /dev/null +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24783.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-24783", + "sourceIdentifier": "security@golang.org", + "published": "2024-03-05T23:15:07.683", + "lastModified": "2024-03-05T23:15:07.683", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://go.dev/cl/569339", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/65390", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2024-2598", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24784.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24784.json new file mode 100644 index 00000000000..b016c414e64 --- /dev/null +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24784.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-24784", + "sourceIdentifier": "security@golang.org", + "published": "2024-03-05T23:15:07.733", + "lastModified": "2024-03-05T23:15:07.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://go.dev/cl/555596", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/65083", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2024-2609", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24785.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24785.json new file mode 100644 index 00000000000..94a076405f9 --- /dev/null +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24785.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-24785", + "sourceIdentifier": "security@golang.org", + "published": "2024-03-05T23:15:07.777", + "lastModified": "2024-03-05T23:15:07.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://go.dev/cl/564196", + "source": "security@golang.org" + }, + { + "url": "https://go.dev/issue/65697", + "source": "security@golang.org" + }, + { + "url": "https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2024-2610", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-247xx/CVE-2024-24786.json b/CVE-2024/CVE-2024-247xx/CVE-2024-24786.json new file mode 100644 index 00000000000..ddc78315024 --- /dev/null +++ b/CVE-2024/CVE-2024-247xx/CVE-2024-24786.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-24786", + "sourceIdentifier": "security@golang.org", + "published": "2024-03-05T23:15:07.820", + "lastModified": "2024-03-05T23:15:07.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://go.dev/cl/569356", + "source": "security@golang.org" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2024-2611", + "source": "security@golang.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24806.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24806.json index 4f5745c63b8..4775fe9ac0d 100644 --- a/CVE-2024/CVE-2024-248xx/CVE-2024-24806.json +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24806.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24806", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-07T22:15:10.173", - "lastModified": "2024-02-28T16:43:37.573", - "vulnStatus": "Analyzed", + "lastModified": "2024-03-05T23:15:07.867", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -141,6 +141,10 @@ "Exploit", "Vendor Advisory" ] + }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html", + "source": "security-advisories@github.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-258xx/CVE-2024-25817.json b/CVE-2024/CVE-2024-258xx/CVE-2024-25817.json new file mode 100644 index 00000000000..0c298f51e03 --- /dev/null +++ b/CVE-2024/CVE-2024-258xx/CVE-2024-25817.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-25817", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T00:15:52.703", + "lastModified": "2024-03-06T00:15:52.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/advisories/GHSA-3qx3-6hxr-j2ch", + "source": "cve@mitre.org" + }, + { + "url": "https://www.cubeyond.net/blog/my-cves/eza-cve-report", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27278.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27278.json new file mode 100644 index 00000000000..8bef664271c --- /dev/null +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27278.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-27278", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-03-06T00:15:52.817", + "lastModified": "2024-03-06T00:15:52.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OpenPNE Plugin \"opTimelinePlugin\" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://www.openpne.jp/archives/13458/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN78084105/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-277xx/CVE-2024-27764.json b/CVE-2024/CVE-2024-277xx/CVE-2024-27764.json new file mode 100644 index 00000000000..12f42a38eda --- /dev/null +++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27764.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-27764", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-05T23:15:07.993", + "lastModified": "2024-03-05T23:15:07.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-277xx/CVE-2024-27765.json b/CVE-2024/CVE-2024-277xx/CVE-2024-27765.json new file mode 100644 index 00000000000..823b61485b2 --- /dev/null +++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27765.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-27765", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-05T23:15:08.050", + "lastModified": "2024-03-05T23:15:08.050", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ba883d3036e..44392ff7532 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-05T23:00:26.286741+00:00 +2024-03-06T00:56:05.541367+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-05T22:17:26.913000+00:00 +2024-03-06T00:15:52.817000+00:00 ``` ### Last Data Feed Release @@ -29,40 +29,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -240598 +240617 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `19` -* [CVE-2024-1356](CVE-2024/CVE-2024-13xx/CVE-2024-1356.json) (`2024-03-05T21:15:07.593`) -* [CVE-2024-25611](CVE-2024/CVE-2024-256xx/CVE-2024-25611.json) (`2024-03-05T21:15:07.887`) -* [CVE-2024-25612](CVE-2024/CVE-2024-256xx/CVE-2024-25612.json) (`2024-03-05T21:15:08.133`) -* [CVE-2024-25613](CVE-2024/CVE-2024-256xx/CVE-2024-25613.json) (`2024-03-05T21:15:08.307`) -* [CVE-2024-25614](CVE-2024/CVE-2024-256xx/CVE-2024-25614.json) (`2024-03-05T21:15:08.473`) -* [CVE-2024-25615](CVE-2024/CVE-2024-256xx/CVE-2024-25615.json) (`2024-03-05T21:15:08.637`) -* [CVE-2024-25616](CVE-2024/CVE-2024-256xx/CVE-2024-25616.json) (`2024-03-05T21:15:08.807`) -* [CVE-2024-25858](CVE-2024/CVE-2024-258xx/CVE-2024-25858.json) (`2024-03-05T21:15:09.030`) -* [CVE-2024-2179](CVE-2024/CVE-2024-21xx/CVE-2024-2179.json) (`2024-03-05T21:15:09.100`) -* [CVE-2024-1764](CVE-2024/CVE-2024-17xx/CVE-2024-1764.json) (`2024-03-05T22:15:46.947`) -* [CVE-2024-1898](CVE-2024/CVE-2024-18xx/CVE-2024-1898.json) (`2024-03-05T22:15:47.020`) -* [CVE-2024-1900](CVE-2024/CVE-2024-19xx/CVE-2024-1900.json) (`2024-03-05T22:15:47.060`) -* [CVE-2024-1901](CVE-2024/CVE-2024-19xx/CVE-2024-1901.json) (`2024-03-05T22:15:47.103`) +* [CVE-2023-45289](CVE-2023/CVE-2023-452xx/CVE-2023-45289.json) (`2024-03-05T23:15:07.137`) +* [CVE-2023-45290](CVE-2023/CVE-2023-452xx/CVE-2023-45290.json) (`2024-03-05T23:15:07.210`) +* [CVE-2023-48644](CVE-2023/CVE-2023-486xx/CVE-2023-48644.json) (`2024-03-05T23:15:07.260`) +* [CVE-2023-38944](CVE-2023/CVE-2023-389xx/CVE-2023-38944.json) (`2024-03-06T00:15:52.143`) +* [CVE-2023-38945](CVE-2023/CVE-2023-389xx/CVE-2023-38945.json) (`2024-03-06T00:15:52.247`) +* [CVE-2023-38946](CVE-2023/CVE-2023-389xx/CVE-2023-38946.json) (`2024-03-06T00:15:52.300`) +* [CVE-2023-43318](CVE-2023/CVE-2023-433xx/CVE-2023-43318.json) (`2024-03-06T00:15:52.347`) +* [CVE-2024-24275](CVE-2024/CVE-2024-242xx/CVE-2024-24275.json) (`2024-03-05T23:15:07.520`) +* [CVE-2024-24276](CVE-2024/CVE-2024-242xx/CVE-2024-24276.json) (`2024-03-05T23:15:07.583`) +* [CVE-2024-24278](CVE-2024/CVE-2024-242xx/CVE-2024-24278.json) (`2024-03-05T23:15:07.633`) +* [CVE-2024-24783](CVE-2024/CVE-2024-247xx/CVE-2024-24783.json) (`2024-03-05T23:15:07.683`) +* [CVE-2024-24784](CVE-2024/CVE-2024-247xx/CVE-2024-24784.json) (`2024-03-05T23:15:07.733`) +* [CVE-2024-24785](CVE-2024/CVE-2024-247xx/CVE-2024-24785.json) (`2024-03-05T23:15:07.777`) +* [CVE-2024-24786](CVE-2024/CVE-2024-247xx/CVE-2024-24786.json) (`2024-03-05T23:15:07.820`) +* [CVE-2024-27764](CVE-2024/CVE-2024-277xx/CVE-2024-27764.json) (`2024-03-05T23:15:07.993`) +* [CVE-2024-27765](CVE-2024/CVE-2024-277xx/CVE-2024-27765.json) (`2024-03-05T23:15:08.050`) +* [CVE-2024-22889](CVE-2024/CVE-2024-228xx/CVE-2024-22889.json) (`2024-03-06T00:15:52.633`) +* [CVE-2024-25817](CVE-2024/CVE-2024-258xx/CVE-2024-25817.json) (`2024-03-06T00:15:52.703`) +* [CVE-2024-27278](CVE-2024/CVE-2024-272xx/CVE-2024-27278.json) (`2024-03-06T00:15:52.817`) ### CVEs modified in the last Commit -Recently modified CVEs: `8` +Recently modified CVEs: `3` -* [CVE-2019-10271](CVE-2019/CVE-2019-102xx/CVE-2019-10271.json) (`2024-03-05T21:11:12.187`) -* [CVE-2021-45810](CVE-2021/CVE-2021-458xx/CVE-2021-45810.json) (`2024-03-05T22:15:46.827`) -* [CVE-2023-28892](CVE-2023/CVE-2023-288xx/CVE-2023-28892.json) (`2024-03-05T21:15:07.250`) -* [CVE-2023-50693](CVE-2023/CVE-2023-506xx/CVE-2023-50693.json) (`2024-03-05T21:15:07.367`) -* [CVE-2024-22894](CVE-2024/CVE-2024-228xx/CVE-2024-22894.json) (`2024-03-05T21:15:07.790`) -* [CVE-2024-20749](CVE-2024/CVE-2024-207xx/CVE-2024-20749.json) (`2024-03-05T22:17:17.527`) -* [CVE-2024-20747](CVE-2024/CVE-2024-207xx/CVE-2024-20747.json) (`2024-03-05T22:17:24.763`) -* [CVE-2024-20748](CVE-2024/CVE-2024-207xx/CVE-2024-20748.json) (`2024-03-05T22:17:26.913`) +* [CVE-2023-52521](CVE-2023/CVE-2023-525xx/CVE-2023-52521.json) (`2024-03-05T23:15:07.310`) +* [CVE-2023-44186](CVE-2023/CVE-2023-441xx/CVE-2023-44186.json) (`2024-03-06T00:15:52.390`) +* [CVE-2024-24806](CVE-2024/CVE-2024-248xx/CVE-2024-24806.json) (`2024-03-05T23:15:07.867`) ## Download and Usage