admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-22T23:00:24.156954+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-22 23:00:27 +00:00
parent 117e7d7ec1
commit c28dfb975f
4 changed files with 127 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2022/CVE-2022-253xx/CVE-2022-25377.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2022-25377",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T22:15:47.170",
"lastModified": "2024-02-22T22:15:47.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The ACME-challenge endpoint in Appwrite 0.5.0 through 0.12.x before 0.12.2 allows remote attackers to read arbitrary local files via ../ directory traversal. In order to be vulnerable, APP_STORAGE_CERTIFICATES/.well-known/acme-challenge must exist on disk. (This pathname is automatically created if the user chooses to install Let's Encrypt certificates via Appwrite.)"
}
],
"metrics": {},
"references": [
{
"url": "https://dubell.io/unauthenticated-lfi-in-appwrite-0.5.0-0.12.1/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/appwrite/appwrite/blob/0.12.0/app/controllers/general.php#L539",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/appwrite/appwrite/pull/2780",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/appwrite/appwrite/releases/tag/0.12.2",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-257xx/CVE-2024-25746.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25746",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T22:15:47.253",
"lastModified": "2024-02-22T22:15:47.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/add_white_node.md",
"source": "cve@mitre.org"
}
]
}

67
CVE-2024/CVE-2024-261xx/CVE-2024-26152.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-26152",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-22T22:15:47.310",
"lastModified": "2024-02-22T22:15:47.310",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "### Summary\nOn all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) tag, resulting in an XSS vulnerability.\n\n### Details\nNeed permission to use the \"data import\" function. This was reproduced on Label Studio 1.10.1.\n\n### PoC\n\n1. Create a project.\n![Create a project](https://github.com/HumanSignal/label-studio/assets/3943358/9b1536ad-feac-4238-a1bd-ca9b1b798673)\n\n2. Upload a file containing the payload using the \"Upload Files\" function.\n![2 Upload a file containing the payload using the Upload Files function](https://github.com/HumanSignal/label-studio/assets/3943358/26bb7af1-1cd2-408f-9adf-61e31a5b7328)\n![3 complete](https://github.com/HumanSignal/label-studio/assets/3943358/f2f62774-1fa6-4456-9e6f-8fa1ca0a2d2e)\n\nThe following are the contents of the files used in the PoC\n```\n{\n \"data\": {\n \"prompt\": \"labelstudio universe image\",\n \"images\": [\n {\n \"value\": \"id123#0\",\n \"style\": \"margin: 5px\",\n \"html\": \"<img width='400' src='https://labelstud.io/_astro/images-tab.64279c16_ZaBSvC.avif' onload=alert(document.cookie)>\"\n }\n ]\n }\n}\n```\n\n3. Select the text-to-image generation labeling template of Ranking and scoring\n![3 Select the text-to-image generation labelling template for Ranking and scoring](https://github.com/HumanSignal/label-studio/assets/3943358/f227f49c-a718-4738-bc2a-807da4f97155)\n![5 save](https://github.com/HumanSignal/label-studio/assets/3943358/9b529f8a-8e99-4bb0-bdf6-bb7a95c9b75d)\n\n4. Select a task\n![4 Select a task](https://github.com/HumanSignal/label-studio/assets/3943358/71856b7a-2b1f-44ea-99ab-fc48bc20caa7)\n\n5. Check that the script is running\n![5 Check that the script is running](https://github.com/HumanSignal/label-studio/assets/3943358/e396ae7b-a591-4db7-afe9-5bab30b48cb9)\n\n### Impact\nMalicious scripts can be injected into the code, and when linked with vulnerabilities such as CSRF, it can cause even greater damage. In particular, It can become a source of further attacks, especially when linked to social engineering.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/HumanSignal/label-studio/commit/5df9ae3828b98652e9fa290a19f4deedf51ef6c8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/HumanSignal/label-studio/pull/5232",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/HumanSignal/label-studio/releases/tag/1.11.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6xv9-957j-qfhg",
"source": "security-advisories@github.com"
}
]
}

48
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-22T21:00:30.119467+00:00
2024-02-22T23:00:24.156954+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-22T20:18:58.020000+00:00
2024-02-22T22:15:47.310000+00:00
```
### Last Data Feed Release
@ -29,54 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
239262
239265
```
### CVEs added in the last Commit
Recently added CVEs: `10`
Recently added CVEs: `3`
* [CVE-2024-22547](CVE-2024/CVE-2024-225xx/CVE-2024-22547.json) (`2024-02-22T19:15:08.547`)
* [CVE-2024-25129](CVE-2024/CVE-2024-251xx/CVE-2024-25129.json) (`2024-02-22T19:15:08.600`)
* [CVE-2024-25130](CVE-2024/CVE-2024-251xx/CVE-2024-25130.json) (`2024-02-22T19:15:08.823`)
* [CVE-2024-25385](CVE-2024/CVE-2024-253xx/CVE-2024-25385.json) (`2024-02-22T19:15:09.037`)
* [CVE-2024-26128](CVE-2024/CVE-2024-261xx/CVE-2024-26128.json) (`2024-02-22T19:15:09.093`)
* [CVE-2024-26151](CVE-2024/CVE-2024-261xx/CVE-2024-26151.json) (`2024-02-22T19:15:09.300`)
* [CVE-2024-1748](CVE-2024/CVE-2024-17xx/CVE-2024-1748.json) (`2024-02-22T20:15:56.090`)
* [CVE-2024-1749](CVE-2024/CVE-2024-17xx/CVE-2024-1749.json) (`2024-02-22T20:15:56.403`)
* [CVE-2024-1750](CVE-2024/CVE-2024-17xx/CVE-2024-1750.json) (`2024-02-22T20:15:56.643`)
* [CVE-2024-25369](CVE-2024/CVE-2024-253xx/CVE-2024-25369.json) (`2024-02-22T20:15:56.880`)
* [CVE-2022-25377](CVE-2022/CVE-2022-253xx/CVE-2022-25377.json) (`2024-02-22T22:15:47.170`)
* [CVE-2024-25746](CVE-2024/CVE-2024-257xx/CVE-2024-25746.json) (`2024-02-22T22:15:47.253`)
* [CVE-2024-26152](CVE-2024/CVE-2024-261xx/CVE-2024-26152.json) (`2024-02-22T22:15:47.310`)
### CVEs modified in the last Commit
Recently modified CVEs: `239`
Recently modified CVEs: `0`
* [CVE-2024-26136](CVE-2024/CVE-2024-261xx/CVE-2024-26136.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-26140](CVE-2024/CVE-2024-261xx/CVE-2024-26140.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-23758](CVE-2024/CVE-2024-237xx/CVE-2024-23758.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-0407](CVE-2024/CVE-2024-04xx/CVE-2024-0407.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-25147](CVE-2024/CVE-2024-251xx/CVE-2024-25147.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-25152](CVE-2024/CVE-2024-251xx/CVE-2024-25152.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-25601](CVE-2024/CVE-2024-256xx/CVE-2024-25601.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-25602](CVE-2024/CVE-2024-256xx/CVE-2024-25602.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1108](CVE-2024/CVE-2024-11xx/CVE-2024-1108.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1631](CVE-2024/CVE-2024-16xx/CVE-2024-1631.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-25603](CVE-2024/CVE-2024-256xx/CVE-2024-25603.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-26266](CVE-2024/CVE-2024-262xx/CVE-2024-26266.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-26269](CVE-2024/CVE-2024-262xx/CVE-2024-26269.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1501](CVE-2024/CVE-2024-15xx/CVE-2024-1501.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1562](CVE-2024/CVE-2024-15xx/CVE-2024-1562.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1669](CVE-2024/CVE-2024-16xx/CVE-2024-1669.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1670](CVE-2024/CVE-2024-16xx/CVE-2024-1670.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1671](CVE-2024/CVE-2024-16xx/CVE-2024-1671.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1672](CVE-2024/CVE-2024-16xx/CVE-2024-1672.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1673](CVE-2024/CVE-2024-16xx/CVE-2024-1673.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1674](CVE-2024/CVE-2024-16xx/CVE-2024-1674.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1675](CVE-2024/CVE-2024-16xx/CVE-2024-1675.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-1676](CVE-2024/CVE-2024-16xx/CVE-2024-1676.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-25151](CVE-2024/CVE-2024-251xx/CVE-2024-25151.json) (`2024-02-22T19:07:37.840`)
* [CVE-2024-22235](CVE-2024/CVE-2024-222xx/CVE-2024-22235.json) (`2024-02-22T19:07:37.840`)
## Download and Usage