admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-09-17 18:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-28T05:02:39.286455+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-28 05:05:51 +00:00
parent 3b4cbf0d45
commit b3316f424e
8 changed files with 291 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2024/CVE-2024-116xx/CVE-2024-11667.json
View File

@ -2,20 +2,24 @@
"id": "CVE-2024-11667",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-11-27T10:15:04.210",
"lastModified": "2024-11-27T10:15:04.210",
"lastModified": "2024-11-28T03:15:14.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware\u00a0versions V5.00 through V5.38,\u00a0USG FLEX 50(W) series firmware\u00a0versions V5.10 through V5.38, and\u00a0USG20(W)-VPN series firmware\u00a0versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL."
},
{
"lang": "es",
"value": "Una vulnerabilidad de directory traversal en la interfaz de administraci\u00f3n web de las versiones de firmware de la serie Zyxel ATP V5.00 a V5.38, las versiones de firmware de la serie USG FLEX V5.00 a V5.38, las versiones de firmware de la serie USG FLEX 50(W) V5.10 a V5.38 y las versiones de firmware de la serie USG20(W)-VPN V5.10 a V5.38 podr\u00eda permitir que un atacante descargue o cargue archivos a trav\u00e9s de una URL manipulada espec\u00edficamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
@ -38,7 +42,7 @@
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -49,7 +53,7 @@
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024",
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-27-2024",
"source": "security@zyxel.com.tw"
}
]

37
CVE-2024/CVE-2024-383xx/CVE-2024-38309.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-38309",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-11-28T03:15:15.963",
"lastModified": "2024-11-28T03:15:15.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier).\r\nIf a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed."
}
],
"metrics": {},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU97531313/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

37
CVE-2024/CVE-2024-383xx/CVE-2024-38389.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-38389",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-11-28T03:15:16.113",
"lastModified": "2024-11-28T03:15:16.113",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed."
}
],
"metrics": {},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU97531313/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

37
CVE-2024/CVE-2024-386xx/CVE-2024-38658.json Normal file
View File

@ -0,0 +1,37 @@
{
"id": "CVE-2024-38658",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-11-28T03:15:16.237",
"lastModified": "2024-11-28T03:15:16.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed."
}
],
"metrics": {},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU97531313/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://monitouch.fujielectric.com/site/download-e/03tellus_inf/index.php",
"source": "vultures@jpcert.or.jp"
}
]
}

78
CVE-2024/CVE-2024-469xx/CVE-2024-46939.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-46939",
"sourceIdentifier": "security@vivo.com",
"published": "2024-11-28T04:15:03.987",
"lastModified": "2024-11-28T04:15:03.987",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite\u00a0local specific files"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@vivo.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:D/RE:X/U:X",
"baseScore": 2.4,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NO",
"recovery": "AUTOMATIC",
"valueDensity": "DIFFUSE",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security@vivo.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://www.vivo.com/en/support/security-advisory-detail?id=13",
"source": "security@vivo.com"
}
]
}

76
CVE-2024/CVE-2024-530xx/CVE-2024-53008.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-53008",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-11-28T03:15:16.363",
"lastModified": "2024-11-28T03:15:16.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://git.haproxy.org/?p=haproxy-2.6.git;a=commit;h=1afca10150ac3e4e2224055cc31b6f1e4a70efe2",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://git.haproxy.org/?p=haproxy-2.8.git;a=commit;h=01c1056a44823c5ffb8f74660b32c099d9b5355b",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://git.haproxy.org/?p=haproxy-2.9.git;a=commit;h=4bcaece344c8738dac1ab5bd8cc81e2a22701d71",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://git.haproxy.org/?p=haproxy-3.0.git;a=commit;h=95a607c4b3af09be2a495b9c2872ea252ccff603",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://jvn.jp/en/jp/JVN88385716/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.haproxy.org/",
"source": "vultures@jpcert.or.jp"
}
]
}

17
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-11-28T03:03:30.578893+00:00
2024-11-28T05:02:39.286455+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-11-28T01:15:04.320000+00:00
2024-11-28T04:15:03.987000+00:00
```
### Last Data Feed Release
@ -33,20 +33,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
271558
271563
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `5`
- [CVE-2018-9377](CVE-2018/CVE-2018-93xx/CVE-2018-9377.json) (`2024-11-28T01:15:04.320`)
- [CVE-2024-38309](CVE-2024/CVE-2024-383xx/CVE-2024-38309.json) (`2024-11-28T03:15:15.963`)
- [CVE-2024-38389](CVE-2024/CVE-2024-383xx/CVE-2024-38389.json) (`2024-11-28T03:15:16.113`)
- [CVE-2024-38658](CVE-2024/CVE-2024-386xx/CVE-2024-38658.json) (`2024-11-28T03:15:16.237`)
- [CVE-2024-46939](CVE-2024/CVE-2024-469xx/CVE-2024-46939.json) (`2024-11-28T04:15:03.987`)
- [CVE-2024-53008](CVE-2024/CVE-2024-530xx/CVE-2024-53008.json) (`2024-11-28T03:15:16.363`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2024-11667](CVE-2024/CVE-2024-116xx/CVE-2024-11667.json) (`2024-11-28T03:15:14.943`)
## Download and Usage

9
_state.csv
View File

@ -126936,7 +126936,7 @@ CVE-2018-9370,0,0,ae53e355aa0524bf60f4d348ee71944e38f6c6c59f44b44474743ec3d5eda5
CVE-2018-9371,0,0,dce1635a39fc875c3a6010e78992681138a4af74d8f57da615da4dd9d5becbf0,2024-11-22T21:25:48.853000
CVE-2018-9372,0,0,5241fff5e37359ca4d40d4d0ef51eddfb8e42f03921d8e136fe460686e5ef5c0,2024-11-19T21:56:45.533000
CVE-2018-9374,0,0,98a6fbbb04a2957aedc1b044162badd058f6e51b87cbbbc6085ee46fbc44a729,2024-11-28T00:15:03.827000
CVE-2018-9377,1,1,c031ed8956527a9392741d5679d4c3a9ceec752c203602c9fe045e60dfa9de21,2024-11-28T01:15:04.320000
CVE-2018-9377,0,0,c031ed8956527a9392741d5679d4c3a9ceec752c203602c9fe045e60dfa9de21,2024-11-28T01:15:04.320000
CVE-2018-9385,0,0,a04751693f742cd9abca42cb6fa43b673fbcc24bbf305f54b6cb4b8b3d812bd4,2018-12-12T21:37:19.207000
CVE-2018-9409,0,0,ebcda6f7e24e6f698fa6ccd47d9f60bf8bc1c7442cbc31f290fa0b923152d8a0,2024-11-20T20:35:04.480000
CVE-2018-9410,0,0,67eeebcbba32822e3887bccb33fae18efb160aec58d1cb7ea07ebe4be1e04e64,2024-11-22T22:28:51.533000
@ -243745,7 +243745,7 @@ CVE-2024-11663,0,0,3626413ca3e66966b7d786a611d25e545ae4de59326fcb8c9442c9f727c44
CVE-2024-11664,0,0,f7e3e3893aefbf47475119b5cc15d35a6bf3fef30ce727b8b58d082d350666b1,2024-11-25T09:15:06.800000
CVE-2024-11665,0,0,432484acd0139af98341fd7fe90b0662197ea5956295af2989047d68fc0277cd,2024-11-25T00:15:03.957000
CVE-2024-11666,0,0,2250b20e698d0c0188636489287d2b59448a3bc6ff2a33a1b94eca03d876ba25,2024-11-25T00:15:04.040000
CVE-2024-11667,0,0,c8310f735b16cd2f5817915b1b9e873b3013e35d9d8d818e6d57a1d216894219,2024-11-27T10:15:04.210000
CVE-2024-11667,0,1,623b49dca2a1a534ffbd8f116339108bc3210c6b3403e4c93f0e00df5d59fcc7,2024-11-28T03:15:14.943000
CVE-2024-11668,0,0,76595504dbd2b64d21bcff47f11c8e8cc91ab680fc6cee5f2ffc1737d953cc2b,2024-11-26T19:15:22.027000
CVE-2024-11669,0,0,a5de8e98bfb8b633c540619e4d481ef856cf620fef729b0da27716832b9fbae5,2024-11-26T19:15:22.367000
CVE-2024-1167,0,0,ed50fa0852f2fbdcdff47243517d528056863b720fcd10bdada66efed3504e8a,2024-02-09T20:20:51.900000
@ -258359,6 +258359,7 @@ CVE-2024-38304,0,0,c9c5e31995efec3c1031188bcbced9384b5bd23fcd1002d4307a7715d8d36
CVE-2024-38305,0,0,8b2a25f772813217d648083a791c87824d2ddecf111410c1e83c757aac9fac81,2024-11-25T18:16:27.450000
CVE-2024-38306,0,0,302c251894cd8175c95dcaa248535d0e8a6962400e46ca01099390440f888d26,2024-06-25T18:50:42.040000
CVE-2024-38308,0,0,fe139b0ba6074f0e39f21bcc0d3b2863f88a6047b3a5a779d5f8bedf5488475c,2024-10-07T15:24:34.517000
CVE-2024-38309,1,1,e9859535163e2537f52f330494955ad7e2d3d87be6120960b3eec832ceef721f,2024-11-28T03:15:15.963000
CVE-2024-3831,0,0,50e818929dc56e84afc0dd8fe8fae7a8b323529f272034386ddae5543191124f,2024-05-14T16:11:39.510000
CVE-2024-38312,0,0,1126d925e9f3df6172b0d645f8055a412179734e7392e5e8aca22a182aa8d817,2024-10-30T19:35:13.407000
CVE-2024-38313,0,0,6104dc2b29b4c8ac118d88c83436ea8db6780255231d99b7909daa998f4d9c3c,2024-09-12T17:48:33.947000
@ -258414,6 +258415,7 @@ CVE-2024-38385,0,0,ad39ce50ee10d7c4352abf70f77a4305b91c93b47f7bafc6237b8077dda88
CVE-2024-38386,0,0,4681bfa2c99f249f935e8a6e34318b7575619c3c0775d501b8fe8a79c951203a,2024-09-04T16:56:41.463000
CVE-2024-38387,0,0,014a3d44dcc0a711ef94361a639acd581d9d8567d9ef5156c648a25b68eac6a4,2024-11-15T14:00:09.720000
CVE-2024-38388,0,0,59d748481b79bef641da29fa14283366526c194312c93d8df5bfc773a451913c,2024-06-21T11:22:01.687000
CVE-2024-38389,1,1,71a435fa4e6bc2c9ca202a26967d25085bb6b17864b502b24db74662eb6aab06,2024-11-28T03:15:16.113000
CVE-2024-3839,0,0,7c6a8e24e8992e3cadc889bd78886524b88f88c58f4f3536293ab700e2d6e3b8,2024-07-03T02:06:38.637000
CVE-2024-38390,0,0,79dc30f8af84c9201715bbbab17f78ad07e2499ec7748a40259461d61601cd3c,2024-09-09T13:38:26.600000
CVE-2024-38391,0,0,20b04656bf618f5c1be614d3d82a6f2592410c65ddd3dee3dc7474add7c8b054,2024-07-02T20:15:05.730000
@ -258671,6 +258673,7 @@ CVE-2024-38653,0,0,c8ed77058a52701b560001b5f44bd7270c8687b6c4890948d6b9eaf03edfd
CVE-2024-38654,0,0,f45589254774140aa774de676d23baded7790116b3c26a33eefbf7b8b5299f5e,2024-11-13T17:35:06.447000
CVE-2024-38655,0,0,26921028d57aeb27da418884c4f65831287be30bc954e6fd9c39e161e53e5c78,2024-11-23T21:15:14.393000
CVE-2024-38656,0,0,b5a6998a1d2773376aa607cd8041e3c96fc5a1f41c3e7dc16fe74c7fe2d7dea7,2024-11-23T21:15:14.497000
CVE-2024-38658,1,1,189a74dc30672c653fcaa143682b6cdb2a8a2fc2179698c0b4296b5f9c046534,2024-11-28T03:15:16.237000
CVE-2024-38659,0,0,7f018343721f0a1816fbc1d0de6ee38bcc05d21743970bb8a1218031b26bafff,2024-07-15T07:15:14.163000
CVE-2024-3866,0,0,7a39485bd1345ca492dd2d645f7c31281d1cbae5daa389ff1a3811c5ea0b474f,2024-10-02T18:26:59.520000
CVE-2024-38660,0,0,d0d9175d3816ca2e67508172ccde9924c32e55147382a7404f429ab929961a1c,2024-11-15T14:00:09.720000
@ -264004,6 +264007,7 @@ CVE-2024-46935,0,0,666c6a587a73311e054ad4d061f64579544880375cf82da7a9fb41d79c96b
CVE-2024-46936,0,0,9556709d66661d3070e004b123b00dfabb7cceb4465975e71e6703311d5e642b,2024-09-26T13:32:02.803000
CVE-2024-46937,0,0,2d730b202e105a7bb808efc1c6027ea5796a20be12259b3735aebe8062888851,2024-10-24T17:35:09.287000
CVE-2024-46938,0,0,da0d3931773ce4c6b71560f14f7dad72bb0956018258aa969e0c816d6e411534,2024-09-20T18:15:10.590000
CVE-2024-46939,1,1,c9fe44502c48a049cc96141bf4eaa29e781ffd9c022e218e3055c439250a3d83,2024-11-28T04:15:03.987000
CVE-2024-46942,0,0,42b8c1905f4548ed93111e0e3968d1a6b8f40826bb27ddf0610e8ae6ccaee352,2024-09-25T18:08:58.483000
CVE-2024-46943,0,0,4e628ffdd0e99d1c8a029e386c0cf0435a2a0c962595b05e9b929698e4501314,2024-10-24T17:35:10.093000
CVE-2024-46946,0,0,5adf6fed09d7522a85c453ac4c470cad5917d88736dbb3b605636f5befca45fa,2024-09-20T12:30:17.483000
@ -267552,6 +267556,7 @@ CVE-2024-5297,0,0,d1218091e3a48aa0835b7de76e914f2fa4d051775431f4beee97941e4c1782
CVE-2024-5298,0,0,751024870f0005efd62d8664aa885c619c01fff4fc9d9e46acd3d648d421b0e1,2024-05-24T01:15:30.977000
CVE-2024-5299,0,0,ec4fa401441140dbf77742461a619e82e80b0b3301518890cfd68e9b147d30dc,2024-05-24T01:15:30.977000
CVE-2024-52998,0,0,4a588e0a4ac0cc77f65a3f96d5f4c28074598669804bc16c028b0e79eee85554,2024-11-22T19:15:07.433000
CVE-2024-53008,1,1,eb27408d35fd63e0b06a6d91784ac9fdfba636caf4dc616097e327306086f070,2024-11-28T03:15:16.363000
CVE-2024-5301,0,0,e6554ba8ce305faf67a147a1164dfd0369262e65017220af5d0bddff09928633,2024-09-25T15:18:18.097000
CVE-2024-5302,0,0,39889567f28c32113cd40d7a6613b67998b6932facc1ad2f99b57c33f7aef565,2024-09-25T15:22:17.627000
CVE-2024-5303,0,0,217ef39fe65f9c942556432bd246389e62862800142bbf571d971052d849f886,2024-09-25T15:24:18.680000

Can't render this file because it is too large.