admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-05T05:00:24.508275+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-05 05:00:28 +00:00
parent d5401ee739
commit b7164e886e
4 changed files with 173 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2024/CVE-2024-218xx/CVE-2024-21815.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-21815",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2024-03-05T03:15:06.060",
"lastModified": "2024-03-05T03:15:06.060",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nInsufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/Security-Advisories/CVE-2024-21815",
"source": "disclosures@gallagher.com"
}
]
}

55
CVE-2024/CVE-2024-218xx/CVE-2024-21838.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-21838",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2024-03-05T03:15:06.280",
"lastModified": "2024-03-05T03:15:06.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nImproper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. \n\nThis issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), \u00a0all version of 8.60 and prior.\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838",
"source": "disclosures@gallagher.com"
}
]
}

55
CVE-2024/CVE-2024-223xx/CVE-2024-22383.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22383",
"sourceIdentifier": "disclosures@gallagher.com",
"published": "2024-03-05T03:15:06.470",
"lastModified": "2024-03-05T03:15:06.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nMissing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. \n\nThis issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)),\u00a08.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)).\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "disclosures@gallagher.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-772"
}
]
}
],
"references": [
{
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383",
"source": "disclosures@gallagher.com"
}
]
}

29
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-05T03:00:26.464298+00:00
2024-03-05T05:00:24.508275+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-05T02:15:27.493000+00:00
2024-03-05T03:15:06.470000+00:00
```
### Last Data Feed Release
@ -29,35 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240521
240524
```
### CVEs added in the last Commit
Recently added CVEs: `14`
Recently added CVEs: `3`
* [CVE-2024-25269](CVE-2024/CVE-2024-252xx/CVE-2024-25269.json) (`2024-03-05T01:15:06.780`)
* [CVE-2024-0698](CVE-2024/CVE-2024-06xx/CVE-2024-0698.json) (`2024-03-05T02:15:25.460`)
* [CVE-2024-0825](CVE-2024/CVE-2024-08xx/CVE-2024-0825.json) (`2024-03-05T02:15:25.653`)
* [CVE-2024-1088](CVE-2024/CVE-2024-10xx/CVE-2024-1088.json) (`2024-03-05T02:15:25.813`)
* [CVE-2024-1093](CVE-2024/CVE-2024-10xx/CVE-2024-1093.json) (`2024-03-05T02:15:25.970`)
* [CVE-2024-1095](CVE-2024/CVE-2024-10xx/CVE-2024-1095.json) (`2024-03-05T02:15:26.130`)
* [CVE-2024-1178](CVE-2024/CVE-2024-11xx/CVE-2024-1178.json) (`2024-03-05T02:15:26.290`)
* [CVE-2024-1285](CVE-2024/CVE-2024-12xx/CVE-2024-1285.json) (`2024-03-05T02:15:26.447`)
* [CVE-2024-1381](CVE-2024/CVE-2024-13xx/CVE-2024-1381.json) (`2024-03-05T02:15:26.620`)
* [CVE-2024-1478](CVE-2024/CVE-2024-14xx/CVE-2024-1478.json) (`2024-03-05T02:15:26.773`)
* [CVE-2024-1731](CVE-2024/CVE-2024-17xx/CVE-2024-1731.json) (`2024-03-05T02:15:26.937`)
* [CVE-2024-1769](CVE-2024/CVE-2024-17xx/CVE-2024-1769.json) (`2024-03-05T02:15:27.093`)
* [CVE-2024-1782](CVE-2024/CVE-2024-17xx/CVE-2024-1782.json) (`2024-03-05T02:15:27.253`)
* [CVE-2024-22188](CVE-2024/CVE-2024-221xx/CVE-2024-22188.json) (`2024-03-05T02:15:27.443`)
* [CVE-2024-21815](CVE-2024/CVE-2024-218xx/CVE-2024-21815.json) (`2024-03-05T03:15:06.060`)
* [CVE-2024-21838](CVE-2024/CVE-2024-218xx/CVE-2024-21838.json) (`2024-03-05T03:15:06.280`)
* [CVE-2024-22383](CVE-2024/CVE-2024-223xx/CVE-2024-22383.json) (`2024-03-05T03:15:06.470`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `0`
* [CVE-2024-21338](CVE-2024/CVE-2024-213xx/CVE-2024-21338.json) (`2024-03-05T02:00:01.990`)
* [CVE-2024-24213](CVE-2024/CVE-2024-242xx/CVE-2024-24213.json) (`2024-03-05T02:15:27.493`)
## Download and Usage