admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-05T17:00:24.843520+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-05 17:00:28 +00:00
parent 6392719977
commit c071aad507
19 changed files with 931 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2023/CVE-2023-473xx/CVE-2023-47355.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-47355",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T16:15:54.910",
"lastModified": "2024-02-05T16:15:54.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The com.eypcnnapps.quickreboot (aka Eyuep Can Yilmaz {ROOT] Quick Reboot) application 1.0.8 for Android has exposed broadcast receivers for PowerOff, Reboot, and Recovery (e.g., com.eypcnnapps.quickreboot.widget.PowerOff) that are susceptible to unauthorized broadcasts because of missing input validation."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/com.eypcnnapps.quickreboot/blob/main/CWE-925.md",
"source": "cve@mitre.org"
},
{
"url": "https://play.google.com/store/apps/details?id=com.eypcnnapps.quickreboot",
"source": "cve@mitre.org"
}
]
}

69
CVE-2023/CVE-2023-51xx/CVE-2023-5124.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-5124",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.100",
"lastModified": "2024-01-29T16:19:17.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-05T16:48:58.247",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The Page Builder: Pagelayer WordPress plugin before 1.8.0 doesn't prevent attackers with administrator privileges from inserting malicious JavaScript inside a post's header or footer code, even when unfiltered_html is disallowed, such as in multi-site WordPress configurations."
},
{
"lang": "es",
"value": "El complemento Page Builder: Pagelayer de WordPress anterior a 1.8.0 no impide que atacantes con privilegios de administrador inserten JavaScript malicioso dentro del c\u00f3digo de encabezado o pie de p\u00e1gina de una publicaci\u00f3n, incluso cuando unfiltered_html no est\u00e1 permitido, como en configuraciones de WordPress de m\u00faltiples sitios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pagelayer:pagelayer:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.0",
"matchCriteriaId": "53EEDFB1-D756-4754-93D7-B5DA7512C9A6"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/1ef86546-3467-432c-a863-1ca3e5c65bd4/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-521xx/CVE-2023-52138.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-52138",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-05T15:15:08.393",
"lastModified": "2024-02-05T15:15:08.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Engrampa is an archive manager for the MATE environment. Engrampa is found to be vulnerable to a Path Traversal vulnerability that can be leveraged to achieve full Remote Command Execution (RCE) on the target. While handling CPIO archives, the Engrampa Archive manager follows symlink, cpio by default will follow stored symlinks while extracting and the Archiver will not check the symlink location, which leads to arbitrary file writes to unintended locations. When the victim extracts the archive, the attacker can craft a malicious cpio or ISO archive to achieve RCE on the target system. This vulnerability was fixed in commit 63d5dfa.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-25"
}
]
}
],
"references": [
{
"url": "https://github.com/mate-desktop/engrampa/commit/63d5dfa9005c6b16d0f0ccd888cc859fca78f970",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/mate-desktop/engrampa/security/advisories/GHSA-c98h-v39w-3r7v",
"source": "security-advisories@github.com"
}
]
}

69
CVE-2023/CVE-2023-72xx/CVE-2023-7204.json
View File

@ -2,19 +2,80 @@
"id": "CVE-2023-7204",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.997",
"lastModified": "2024-01-29T16:19:11.720",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-05T16:45:16.630",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "The WP STAGING WordPress Backup plugin before 3.2.0 allows access to cache files during the cloning process which provides"
},
{
"lang": "es",
"value": "El complemento WP STAGING WordPress Backup anterior a 3.2.0 permite el acceso a archivos de cach\u00e9 durante el proceso de clonaci\u00f3n, lo que proporciona"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-staging:wp_staging:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.0",
"matchCriteriaId": "1B88CADE-E0B1-4B3F-9362-0DC926B58D7B"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/65a8cf83-d6cc-4d4c-a482-288a83a69879/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2023/CVE-2023-72xx/CVE-2023-7216.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-7216",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-05T15:15:08.903",
"lastModified": "2024-02-05T15:15:08.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A path traversal vulnerability was found in the CPIO utility. This issue could allow a remote unauthenticated attacker to trick a user into opening a specially crafted archive. During the extraction process, the archiver could follow symlinks outside of the intended directory, which could be utilized to run arbitrary commands on the target system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-7216",
"source": "secalert@redhat.com"
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249901",
"source": "secalert@redhat.com"
}
]
}

55
CVE-2024/CVE-2024-03xx/CVE-2024-0323.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0323",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-02-05T16:15:54.980",
"lastModified": "2024-02-05T16:15:54.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The FTP server used on the B&R\nAutomation Runtime supports unsecure encryption mechanisms, such as SSLv3,\nTLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct\nman-in-the-middle attacks or to decrypt communications between the affected product\nclients. \u00a0\n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@ch.abb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cybersecurity@ch.abb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf",
"source": "cybersecurity@ch.abb.com"
}
]
}

73
CVE-2024/CVE-2024-10xx/CVE-2024-1009.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1009",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T17:15:09.727",
"lastModified": "2024-01-29T17:39:52.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-05T16:40:18.130",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Employee Management System 1.0. Ha sido calificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /Admin/login.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento txtusername conduce a la inyecci\u00f3n de SQL. El ataque puede lanzarse de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. VDB-252278 es el identificador asignado a esta vulnerabilidad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,20 +93,57 @@
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_management_system_project:employee_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F35A050-7DDD-42B4-8C33-387B07453E39"
}
]
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.252278",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.252278",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://youtu.be/oL98TSjy89Q?si=_T6YkJZlbn7SJ4Gn",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
}
]
}

81
CVE-2024/CVE-2024-10xx/CVE-2024-1010.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1010",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T17:15:09.967",
"lastModified": "2024-01-29T17:39:52.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-05T16:27:21.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279."
},
{
"lang": "es",
"value": "Una vulnerabilidad ha sido encontrada en SourceCodester Employee Management System 1.0 y clasificada como problem\u00e1tica. Una parte desconocida del archivo edit-profile.php afecta a esta vulnerabilidad. La manipulaci\u00f3n del argumento nombre fullname/phone/date of birth/address/date of appointment conduce a cross site scripting. Es posible iniciar el ataque de forma remota. El identificador asociado de esta vulnerabilidad es VDB-252279."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,7 +85,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -69,24 +93,67 @@
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_management_system_project:employee_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F35A050-7DDD-42B4-8C33-387B07453E39"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jomskiller/Employee-Management-System---Stored-XSS",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://github.com/jomskiller/Employee-Management-System---Stored-XSS/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Mitigation",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252279",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252279",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-10xx/CVE-2024-1011.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-1011",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-29T17:15:10.213",
"lastModified": "2024-01-29T17:39:52.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-05T16:35:15.313",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en SourceCodester Employee Management System 1.0 y clasificada como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo delete-leave.php del componente Leave Handler. La manipulaci\u00f3n del argumento id conduce a controles de acceso inadecuados. El ataque se puede iniciar de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-252280."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -61,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,18 +105,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:employee_management_system_project:employee_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F35A050-7DDD-42B4-8C33-387B07453E39"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jomskiller/Employee-Managemet-System---Broken-Access-Control",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.252280",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.252280",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2024/CVE-2024-216xx/CVE-2024-21664.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-21664",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-09T20:15:43.740",
"lastModified": "2024-01-16T19:30:49.207",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-05T16:15:55.207",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in version 2.0.19.\n"
"value": "jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in versions 2.0.19 and 1.2.28.\n"
},
{
"lang": "es",
@ -96,6 +96,10 @@
"Patch"
]
},
{
"url": "https://github.com/lestrrat-go/jwx/commit/8c53d0ae52d5ab1e2b37c5abb67def9e7958fd65",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lestrrat-go/jwx/commit/d69a721931a5c48b9850a42404f18e143704adcd",
"source": "security-advisories@github.com",

28
CVE-2024/CVE-2024-230xx/CVE-2024-23054.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-23054",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T16:15:55.437",
"lastModified": "2024-02-05T16:15:55.437",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm)."
}
],
"metrics": {},
"references": [
{
"url": "http://plone.com",
"source": "cve@mitre.org"
},
{
"url": "http://ploneorg.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-23054/README.md",
"source": "cve@mitre.org"
}
]
}

64
CVE-2024/CVE-2024-233xx/CVE-2024-23388.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23388",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-26T07:15:59.320",
"lastModified": "2024-01-26T13:51:45.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-05T15:18:21.920",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,11 +14,67 @@
"value": "La autorizaci\u00f3n inadecuada en el controlador para un problema de esquema de URL personalizado en la aplicaci\u00f3n \"Mercari\" para Android anterior a la versi\u00f3n 5.78.0 permite a un atacante remoto llevar a un usuario a acceder a un sitio web arbitrario a trav\u00e9s de la aplicaci\u00f3n vulnerable. Como resultado, el usuario puede convertirse en v\u00edctima de un ataque de phishing."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mercari:mercari:*:*:*:*:*:android:*:*",
"versionEndExcluding": "5.78.0",
"matchCriteriaId": "C2EF5FC4-4F02-4A63-9D90-8740949133EA"
}
]
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN70818619/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
}
]
}

89
CVE-2024/CVE-2024-236xx/CVE-2024-23641.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23641",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-24T17:15:08.600",
"lastModified": "2024-01-24T18:45:34.830",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-05T16:50:59.327",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue."
},
{
"lang": "es",
"value": "SvelteKit es un kit de desarrollo web. En SvelteKit 2, enviar una solicitud GET con un cuerpo, por ejemplo, `{}` a una aplicaci\u00f3n Sveltekit creada y vista previa/alojada arroja `La solicitud con el m\u00e9todo GET/HEAD no puede tener cuerpo.` y bloquea la vista previa/alojamiento. Despu\u00e9s de que esto suceda, se debe reiniciar manualmente la aplicaci\u00f3n. Las solicitudes de `TRACE` tambi\u00e9n provocar\u00e1n que la aplicaci\u00f3n falle. Las p\u00e1ginas prerenderizadas y las aplicaciones SvelteKit 1 no se ven afectadas. `@sveltejs/adapter-node` versiones 2.1.2, 3.0.3 y 4.0.1 y `@sveltejs/kit` versi\u00f3n 2.4.3 contienen un parche para este problema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,14 +80,59 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:svelte:adapter-node:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.1.2",
"matchCriteriaId": "209634B7-FE22-4485-9028-260DB48686B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:svelte:adapter-node:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.3",
"matchCriteriaId": "14D47D99-43E6-4E15-A6D8-9E834635EA9F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:svelte:adapter-node:4.0.0:*:*:*:*:node.js:*:*",
"matchCriteriaId": "BD037ACA-67C2-4005-A9F6-B13D67578493"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:svelte:kit:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.4.3",
"matchCriteriaId": "849FCB2F-C3D7-4377-8D03-2B7F60077BED"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

28
CVE-2024/CVE-2024-243xx/CVE-2024-24397.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-24397",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T16:15:55.493",
"lastModified": "2024-02-05T16:15:55.493",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field."
}
],
"metrics": {},
"references": [
{
"url": "http://stimulsoft.com",
"source": "cve@mitre.org"
},
{
"url": "https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R",
"source": "cve@mitre.org"
},
{
"url": "https://cves.at/posts/cve-2024-24397/writeup/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-244xx/CVE-2024-24468.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24468",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T16:15:55.543",
"lastModified": "2024-02-05T16:15:55.543",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/tang-0717/cms/blob/main/3.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-244xx/CVE-2024-24469.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24469",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-05T16:15:55.597",
"lastModified": "2024-02-05T16:15:55.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/tang-0717/cms/blob/main/2.md",
"source": "cve@mitre.org"
}
]
}

63
CVE-2024/CVE-2024-247xx/CVE-2024-24762.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24762",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-05T15:15:09.260",
"lastModified": "2024-02-05T15:15:09.260",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "FastAPI is a web framework for building APIs with Python 3.8+ based on standard Python type hints. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests. It's a ReDoS(Regular expression Denial of Service), it only applies to those reading form data, using `python-multipart`. This vulnerability has been patched in version 0.109.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tiangolo/fastapi/releases/tag/0.109.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-247xx/CVE-2024-24768.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24768",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-05T15:15:09.607",
"lastModified": "2024-02-05T15:15:09.607",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-315"
}
]
}
],
"references": [
{
"url": "https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/1Panel-dev/1Panel/pull/3817",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h",
"source": "security-advisories@github.com"
}
]
}

56
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-05T15:00:26.125532+00:00
2024-02-05T17:00:24.843520+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-05T14:15:59.100000+00:00
2024-02-05T16:50:59.327000+00:00
```
### Last Data Feed Release
@ -29,47 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237564
237574
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `10`
* [CVE-2024-1225](CVE-2024/CVE-2024-12xx/CVE-2024-1225.json) (`2024-02-05T13:15:58.977`)
* [CVE-2024-23108](CVE-2024/CVE-2024-231xx/CVE-2024-23108.json) (`2024-02-05T14:15:57.827`)
* [CVE-2024-23109](CVE-2024/CVE-2024-231xx/CVE-2024-23109.json) (`2024-02-05T14:15:59.100`)
* [CVE-2023-52138](CVE-2023/CVE-2023-521xx/CVE-2023-52138.json) (`2024-02-05T15:15:08.393`)
* [CVE-2023-7216](CVE-2023/CVE-2023-72xx/CVE-2023-7216.json) (`2024-02-05T15:15:08.903`)
* [CVE-2023-47355](CVE-2023/CVE-2023-473xx/CVE-2023-47355.json) (`2024-02-05T16:15:54.910`)
* [CVE-2024-24762](CVE-2024/CVE-2024-247xx/CVE-2024-24762.json) (`2024-02-05T15:15:09.260`)
* [CVE-2024-24768](CVE-2024/CVE-2024-247xx/CVE-2024-24768.json) (`2024-02-05T15:15:09.607`)
* [CVE-2024-0323](CVE-2024/CVE-2024-03xx/CVE-2024-0323.json) (`2024-02-05T16:15:54.980`)
* [CVE-2024-23054](CVE-2024/CVE-2024-230xx/CVE-2024-23054.json) (`2024-02-05T16:15:55.437`)
* [CVE-2024-24397](CVE-2024/CVE-2024-243xx/CVE-2024-24397.json) (`2024-02-05T16:15:55.493`)
* [CVE-2024-24468](CVE-2024/CVE-2024-244xx/CVE-2024-24468.json) (`2024-02-05T16:15:55.543`)
* [CVE-2024-24469](CVE-2024/CVE-2024-244xx/CVE-2024-24469.json) (`2024-02-05T16:15:55.597`)
### CVEs modified in the last Commit
Recently modified CVEs: `42`
Recently modified CVEs: `8`
* [CVE-2024-22667](CVE-2024/CVE-2024-226xx/CVE-2024-22667.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-23196](CVE-2024/CVE-2024-231xx/CVE-2024-23196.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24855](CVE-2024/CVE-2024-248xx/CVE-2024-24855.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24857](CVE-2024/CVE-2024-248xx/CVE-2024-24857.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24858](CVE-2024/CVE-2024-248xx/CVE-2024-24858.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24859](CVE-2024/CVE-2024-248xx/CVE-2024-24859.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24860](CVE-2024/CVE-2024-248xx/CVE-2024-24860.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24861](CVE-2024/CVE-2024-248xx/CVE-2024-24861.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-24864](CVE-2024/CVE-2024-248xx/CVE-2024-24864.json) (`2024-02-05T13:54:19.310`)
* [CVE-2024-20001](CVE-2024/CVE-2024-200xx/CVE-2024-20001.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20002](CVE-2024/CVE-2024-200xx/CVE-2024-20002.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20003](CVE-2024/CVE-2024-200xx/CVE-2024-20003.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20004](CVE-2024/CVE-2024-200xx/CVE-2024-20004.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20006](CVE-2024/CVE-2024-200xx/CVE-2024-20006.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20007](CVE-2024/CVE-2024-200xx/CVE-2024-20007.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20009](CVE-2024/CVE-2024-200xx/CVE-2024-20009.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20010](CVE-2024/CVE-2024-200xx/CVE-2024-20010.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20011](CVE-2024/CVE-2024-200xx/CVE-2024-20011.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20012](CVE-2024/CVE-2024-200xx/CVE-2024-20012.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20013](CVE-2024/CVE-2024-200xx/CVE-2024-20013.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20015](CVE-2024/CVE-2024-200xx/CVE-2024-20015.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-20016](CVE-2024/CVE-2024-200xx/CVE-2024-20016.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-24866](CVE-2024/CVE-2024-248xx/CVE-2024-24866.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-24870](CVE-2024/CVE-2024-248xx/CVE-2024-24870.json) (`2024-02-05T13:54:33.663`)
* [CVE-2024-24838](CVE-2024/CVE-2024-248xx/CVE-2024-24838.json) (`2024-02-05T13:54:33.663`)
* [CVE-2023-7204](CVE-2023/CVE-2023-72xx/CVE-2023-7204.json) (`2024-02-05T16:45:16.630`)
* [CVE-2023-5124](CVE-2023/CVE-2023-51xx/CVE-2023-5124.json) (`2024-02-05T16:48:58.247`)
* [CVE-2024-23388](CVE-2024/CVE-2024-233xx/CVE-2024-23388.json) (`2024-02-05T15:18:21.920`)
* [CVE-2024-21664](CVE-2024/CVE-2024-216xx/CVE-2024-21664.json) (`2024-02-05T16:15:55.207`)
* [CVE-2024-1010](CVE-2024/CVE-2024-10xx/CVE-2024-1010.json) (`2024-02-05T16:27:21.587`)
* [CVE-2024-1011](CVE-2024/CVE-2024-10xx/CVE-2024-1011.json) (`2024-02-05T16:35:15.313`)
* [CVE-2024-1009](CVE-2024/CVE-2024-10xx/CVE-2024-1009.json) (`2024-02-05T16:40:18.130`)
* [CVE-2024-23641](CVE-2024/CVE-2024-236xx/CVE-2024-23641.json) (`2024-02-05T16:50:59.327`)
## Download and Usage