mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-05-20T23:55:29.980201+00:00
This commit is contained in:
parent
e212910b36
commit
b9dcc5c182
59
CVE-2024/CVE-2024-347xx/CVE-2024-34710.json
Normal file
59
CVE-2024/CVE-2024-347xx/CVE-2024-34710.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2024-34710",
|
||||
"sourceIdentifier": "security-advisories@github.com",
|
||||
"published": "2024-05-20T22:15:08.500",
|
||||
"lastModified": "2024-05-20T22:15:08.500",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.\n"
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.1,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 4.2
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security-advisories@github.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-1336"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac",
|
||||
"source": "security-advisories@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf",
|
||||
"source": "security-advisories@github.com"
|
||||
}
|
||||
]
|
||||
}
|
44
CVE-2024/CVE-2024-49xx/CVE-2024-4985.json
Normal file
44
CVE-2024/CVE-2024-49xx/CVE-2024-4985.json
Normal file
@ -0,0 +1,44 @@
|
||||
{
|
||||
"id": "CVE-2024-4985",
|
||||
"sourceIdentifier": "product-cna@github.com",
|
||||
"published": "2024-05-20T22:15:08.727",
|
||||
"lastModified": "2024-05-20T22:15:08.727",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "product-cna@github.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-303"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.12",
|
||||
"source": "product-cna@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10",
|
||||
"source": "product-cna@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.4",
|
||||
"source": "product-cna@github.com"
|
||||
},
|
||||
{
|
||||
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.15",
|
||||
"source": "product-cna@github.com"
|
||||
}
|
||||
]
|
||||
}
|
92
CVE-2024/CVE-2024-51xx/CVE-2024-5145.json
Normal file
92
CVE-2024/CVE-2024-51xx/CVE-2024-5145.json
Normal file
@ -0,0 +1,92 @@
|
||||
{
|
||||
"id": "CVE-2024-5145",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-05-20T23:15:08.533",
|
||||
"lastModified": "2024-05-20T23:15:08.533",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265289 was assigned to this vulnerability."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 6.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "SINGLE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 6.5
|
||||
},
|
||||
"baseSeverity": "MEDIUM",
|
||||
"exploitabilityScore": 8.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-434"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/CveSecLook/cve/issues/38",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.265289",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.265289",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.339721",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
20
README.md
20
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-05-20T22:00:30.187293+00:00
|
||||
2024-05-20T23:55:29.980201+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-05-20T21:15:09.990000+00:00
|
||||
2024-05-20T23:15:08.533000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -33,26 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
250876
|
||||
250879
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `6`
|
||||
Recently added CVEs: `3`
|
||||
|
||||
- [CVE-2024-33900](CVE-2024/CVE-2024-339xx/CVE-2024-33900.json) (`2024-05-20T21:15:09.177`)
|
||||
- [CVE-2024-33901](CVE-2024/CVE-2024-339xx/CVE-2024-33901.json) (`2024-05-20T21:15:09.243`)
|
||||
- [CVE-2024-35191](CVE-2024/CVE-2024-351xx/CVE-2024-35191.json) (`2024-05-20T21:15:09.307`)
|
||||
- [CVE-2024-35192](CVE-2024/CVE-2024-351xx/CVE-2024-35192.json) (`2024-05-20T21:15:09.550`)
|
||||
- [CVE-2024-35194](CVE-2024/CVE-2024-351xx/CVE-2024-35194.json) (`2024-05-20T21:15:09.773`)
|
||||
- [CVE-2024-35195](CVE-2024/CVE-2024-351xx/CVE-2024-35195.json) (`2024-05-20T21:15:09.990`)
|
||||
- [CVE-2024-34710](CVE-2024/CVE-2024-347xx/CVE-2024-34710.json) (`2024-05-20T22:15:08.500`)
|
||||
- [CVE-2024-4985](CVE-2024/CVE-2024-49xx/CVE-2024-4985.json) (`2024-05-20T22:15:08.727`)
|
||||
- [CVE-2024-5145](CVE-2024/CVE-2024-51xx/CVE-2024-5145.json) (`2024-05-20T23:15:08.533`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `1`
|
||||
Recently modified CVEs: `0`
|
||||
|
||||
- [CVE-2019-20180](CVE-2019/CVE-2019-201xx/CVE-2019-20180.json) (`2024-05-20T21:15:08.827`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
17
_state.csv
17
_state.csv
@ -137076,7 +137076,7 @@ CVE-2019-20176,0,0,119d4e137d19b3147bebb5f12cacdd3df688d102b05711091e1d0fdf4b011
|
||||
CVE-2019-20178,0,0,f0742cf19222f81d609a3b4802cdb734b7ad73f74080d2124e95754262fa6a86,2023-11-07T03:08:40.090000
|
||||
CVE-2019-20179,0,0,d184903ff51d6af8532bb7eedbe1337b6792d7fb2b734649090d1ff7cb4600bd,2023-11-07T03:08:40.150000
|
||||
CVE-2019-2018,0,0,8e7de94004ce5aeb65fcd755bdea96ed2fbaf715a253f2bd9a9a49dc72d55f26,2020-08-24T17:37:01.140000
|
||||
CVE-2019-20180,0,1,46f84788396671dffc6f82fb348b1eb821b79caf25a751cce7d1e43c127e2ce7,2024-05-20T21:15:08.827000
|
||||
CVE-2019-20180,0,0,46f84788396671dffc6f82fb348b1eb821b79caf25a751cce7d1e43c127e2ce7,2024-05-20T21:15:08.827000
|
||||
CVE-2019-20181,0,0,a962294bc94f45d4e7ced6d052a4960ff2a2c5ff7fbe324f918a57d49ce907d1,2023-11-07T03:08:40.277000
|
||||
CVE-2019-20182,0,0,4b992830ce564e13dd461d8e339ca0c172e1d6e68d4d6e47c6d5ea934ee33639,2023-11-07T03:08:40.340000
|
||||
CVE-2019-20183,0,0,41006a2836624d7a622c75f65686509fa9798ce30621a14f7fcb66ab1254c43e,2023-11-07T03:08:40.397000
|
||||
@ -249210,8 +249210,8 @@ CVE-2024-3388,0,0,9a13547aa29d2171bfe252870fb3dde44261a463a11a31d9062dc130e0f3c4
|
||||
CVE-2024-33883,0,0,d21d8ca934661e52f0e44367a0fd9ba1bffeaf9f6f5050d38db197cfeb832973,2024-04-29T12:42:03.667000
|
||||
CVE-2024-33891,0,0,dbfd0a46c344c55dc0dc7b94e4bd09b3968a700bb28b10a9c34051909c1cf008,2024-04-29T12:42:03.667000
|
||||
CVE-2024-33899,0,0,3953877290e7ea59299fc2e6fd3641cdc5f0dd0a60947ca4a9fd862e9c59d70e,2024-04-29T12:42:03.667000
|
||||
CVE-2024-33900,1,1,8cbc6afee3f3bf0be10864103df9daa85f7657fddf3822bcf0ba2459d05ee94b,2024-05-20T21:15:09.177000
|
||||
CVE-2024-33901,1,1,b14d67142bf430998d05d13984477b69852654e5ebfd2667061f027427e474fd,2024-05-20T21:15:09.243000
|
||||
CVE-2024-33900,0,0,8cbc6afee3f3bf0be10864103df9daa85f7657fddf3822bcf0ba2459d05ee94b,2024-05-20T21:15:09.177000
|
||||
CVE-2024-33901,0,0,b14d67142bf430998d05d13984477b69852654e5ebfd2667061f027427e474fd,2024-05-20T21:15:09.243000
|
||||
CVE-2024-33903,0,0,d2659cb95032f4bf4e82ec7ebb3e3a955a9eb80acf170b021644b79abb230380,2024-04-29T12:42:03.667000
|
||||
CVE-2024-33904,0,0,4e23880abf5747270fb682428cdb1c8d9da3ad9f2ae0530104035f429e5a2c50,2024-04-29T12:42:03.667000
|
||||
CVE-2024-33905,0,0,4f2af541fd9603df50f92dd094e460dd4dcee3f568c1f2af9533e6ef2f5fb1b0,2024-05-01T18:15:24.390000
|
||||
@ -249593,6 +249593,7 @@ CVE-2024-34707,0,0,4ed4d85a391d834d7fb079efda0834353a1979685e57868a3cb454f56a739
|
||||
CVE-2024-34708,0,0,50ae7ddc2e75e3cdce67dd59d0961391cf6e2a4b57c62edc7a621111d8513880,2024-05-14T16:12:23.490000
|
||||
CVE-2024-34709,0,0,06ef108f024a9984841f3f127183d5734c022052a25b089dea508889fcf5f5e7,2024-05-14T16:12:23.490000
|
||||
CVE-2024-3471,0,0,54767cbf563c0be6df0476fd4d8642a65d7e71e0c7bed8d9d2a79519c6ab070f,2024-05-02T13:27:25.103000
|
||||
CVE-2024-34710,1,1,5dc4665d60f068782e169ed16e4b5aeed2aca25ab0ab03aa4614a987dea76645,2024-05-20T22:15:08.500000
|
||||
CVE-2024-34712,0,0,40b56468c6b0e23be2aec8e055821c01815577c206a3bde1e73f06a6cae6bcb3,2024-05-14T19:17:55.627000
|
||||
CVE-2024-34713,0,0,71c068cea1357926b6436f81cbdf6c8a79fd8b732c917dfd0c04a9555e362968,2024-05-14T19:17:55.627000
|
||||
CVE-2024-34714,0,0,a16faa7f57b02979f0d9baa24210a39fe199236a17b9a6c8ee9e34ebead52447,2024-05-14T19:17:55.627000
|
||||
@ -249712,10 +249713,10 @@ CVE-2024-35184,0,0,b9e43a79a8d3cf5f3dc97bfbc13e9d1e865d4c1cbd767526b45c719d87ddd
|
||||
CVE-2024-35185,0,0,9566de12a112578d6f544cd49512e0fec5a478c1209019c8a894392a85ee7161,2024-05-17T18:36:31.297000
|
||||
CVE-2024-35187,0,0,e540e1bc620ba80ad5fa80f7d3263a6e3207bc8224e5eb747cca071b3bd90ce6,2024-05-17T18:36:31.297000
|
||||
CVE-2024-35190,0,0,df7331f94dde17b6fe9caf5aceb08176ef5d062bd31daf4fd79d8cfe540794ae,2024-05-17T18:35:35.070000
|
||||
CVE-2024-35191,1,1,3fea625f0f16665d25f87c7c16f9d8cab824ad7cfe77d4057d035c38f2b00424,2024-05-20T21:15:09.307000
|
||||
CVE-2024-35192,1,1,afc551a53865ea35750cf87859d26c473f70804fe12f089bd78ff2c0b31a95a2,2024-05-20T21:15:09.550000
|
||||
CVE-2024-35194,1,1,b7f6bdf6baf26167ef80f1f1aa25b6ca57578dbc17f9023e78bb78772baa20b9,2024-05-20T21:15:09.773000
|
||||
CVE-2024-35195,1,1,cc1ea11b9334e63a9a93d27b1f4942a9ae7fafcc7165816bd0ec3c38eaa5d2e6,2024-05-20T21:15:09.990000
|
||||
CVE-2024-35191,0,0,3fea625f0f16665d25f87c7c16f9d8cab824ad7cfe77d4057d035c38f2b00424,2024-05-20T21:15:09.307000
|
||||
CVE-2024-35192,0,0,afc551a53865ea35750cf87859d26c473f70804fe12f089bd78ff2c0b31a95a2,2024-05-20T21:15:09.550000
|
||||
CVE-2024-35194,0,0,b7f6bdf6baf26167ef80f1f1aa25b6ca57578dbc17f9023e78bb78772baa20b9,2024-05-20T21:15:09.773000
|
||||
CVE-2024-35195,0,0,cc1ea11b9334e63a9a93d27b1f4942a9ae7fafcc7165816bd0ec3c38eaa5d2e6,2024-05-20T21:15:09.990000
|
||||
CVE-2024-3520,0,0,f6428e86e9ec472cba9c3c5754043cb34202461d79bcb1fa1b6a365d8347f93e,2024-05-02T18:00:37.360000
|
||||
CVE-2024-35204,0,0,e1a61e5fa740b8d773028d5010a8e42a433a924bdea5e26108812aad66d1c249,2024-05-16T20:15:09.910000
|
||||
CVE-2024-35205,0,0,e759b9359595ebaf333ccada053519f187d3d1cfddc6ef72f21bfd74e59fe204,2024-05-14T16:11:39.510000
|
||||
@ -250815,6 +250816,7 @@ CVE-2024-4974,0,0,30c18840d61a7da1f6d082016a110f1f3e155cb69a321c5f3011e04a781ace
|
||||
CVE-2024-4975,0,0,09924b0fbe93d87fd37542372e09ae669637640cc2222ca882fa05e7d37dfb27,2024-05-17T02:40:45.073000
|
||||
CVE-2024-4976,0,0,cec1c528b9c81bb2353d630af7aeaeed80f8c396bb33272f9e3c075fa645e3ec,2024-05-16T13:03:05.353000
|
||||
CVE-2024-4984,0,0,c181b2792419ab292757f17fa7ed54efe54e64b1f0d7a8e32f201040654607f4,2024-05-16T13:03:05.353000
|
||||
CVE-2024-4985,1,1,bc448e1bde699518577a6998209a5a0146da6fb11a5b9b2f9d4aabb1f818fd6f,2024-05-20T22:15:08.727000
|
||||
CVE-2024-4991,0,0,180b9ed28c0cce46df550147eebf5773d3a2c46d3490c6ab8f019084050e5a01,2024-05-16T13:03:05.353000
|
||||
CVE-2024-4992,0,0,504a91a45451c38d9b5beed8f2c88cac747dfe187af29754ed23c5e483929557,2024-05-16T13:03:05.353000
|
||||
CVE-2024-4993,0,0,54558f9e3463a1500143cda3bf9ee67127625c6afa1872d34f1d786cf2569f73,2024-05-16T13:03:05.353000
|
||||
@ -250875,3 +250877,4 @@ CVE-2024-5134,0,0,44a789f42f5a3c13ba63d82e5081c6abc6a3d25c1481cb7c53cfc6c6e78700
|
||||
CVE-2024-5135,0,0,68cf9bdf9dec0a96d7d353e92a3ea23735e4dfab71f12aba03f45faad350b446,2024-05-20T13:00:04.957000
|
||||
CVE-2024-5136,0,0,7e1453b58a6b8cdb889318a17e467bc4887e911147f2bbd5898eefe5c0fc0fa9,2024-05-20T13:00:04.957000
|
||||
CVE-2024-5137,0,0,9ef636c571a0277ac03884ccb19a37de0ac2ceab7c0195ff8a91e587e734c012,2024-05-20T13:00:04.957000
|
||||
CVE-2024-5145,1,1,c53440da82a6dd0eb446d498465c5990d294584701f1510d2f50eecfd1574c85,2024-05-20T23:15:08.533000
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user