admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-26T19:00:26.705992+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-26 19:00:30 +00:00
parent 6f31c4d038
commit d1aab09d70
26 changed files with 635 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
CVE-2019/CVE-2019-251xx/CVE-2019-25160.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2019-25160",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:06.930",
"lastModified": "2024-02-26T18:15:06.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetlabel: fix out-of-bounds memory accesses\n\nThere are two array out-of-bounds memory accesses, one in\ncipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both\nerrors are embarassingly simple, and the fixes are straightforward.\n\nAs a FYI for anyone backporting this patch to kernels prior to v4.8,\nyou'll want to apply the netlbl_bitmap_walk() patch to\ncipso_v4_bitmap_walk() as netlbl_bitmap_walk() doesn't exist before\nLinux v4.8."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1c973f9c7cc2b3caae93192fdc8ecb3f0b4ac000",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5578de4834fe0f2a34fedc7374be691443396d1f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/97bc3683c24999ee621d847c9348c75d2fe86272",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c61d01faa5550e06794dcf86125ccd325bfad950",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc18101f95fa6e815f426316b8b9a5cee28a334e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3713abc4248aa6bcc11173d754c418b02a62cbb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fbf9578919d6c91100ec63acf2cba641383f6c78",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fcfe700acdc1c72eab231300e82b962bac2b2b2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2019/CVE-2019-251xx/CVE-2019-25161.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2019-25161",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:06.997",
"lastModified": "2024-02-26T18:15:06.997",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: prevent memory leak\n\nIn dcn*_create_resource_pool the allocated memory should be released if\nconstruct pool fails."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/104c307147ad379617472dd91a5bcb368d72bd6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/60e1b411bf0fd9fda2d2de7f45dc3b1d9960b85e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2019/CVE-2019-251xx/CVE-2019-25162.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2019-25162",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:07.043",
"lastModified": "2024-02-26T18:15:07.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ni2c: Fix a potential use after free\n\nFree the adap structure only after we are done using it.\nThis patch just moves the put_device() down a bit to avoid the\nuse after free.\n\n[wsa: added comment to the code, added Fixes tag]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/12b0606000d0828630c033bf0c74c748464fe87d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/23a191b132cd87f746c62f3dc27da33683d85829",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/35927d7509ab9bf41896b7e44f639504eae08af7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/81cb31756888bb062e92d2dca21cd629d77a46a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/871a1e94929a27bf6e2cd99523865c840bbc2d87",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e4c72c06c367758a14f227c847f9d623f1994ecf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e6412ba3b6508bdf9c074d310bf4144afa6aec1a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e8e1a046cf87c8b1363e5de835114f2779e2aaf4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2020/CVE-2020-367xx/CVE-2020-36775.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2020-36775",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:07.103",
"lastModified": "2024-02-26T18:15:07.103",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: fix to avoid potential deadlock\n\nUsing f2fs_trylock_op() in f2fs_write_compressed_pages() to avoid potential\ndeadlock like we did in f2fs_write_single_data_page()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0478ccdc8ea016de1ebaf6fe6da0275c2b258c5b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e8542437bb4070423c9754d5ba270ffdbae8c8d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/df77fbd8c5b222c680444801ffd20e8bbc90a56e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2021/CVE-2021-469xx/CVE-2021-46906.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2021-46906",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:07.160",
"lastModified": "2024-02-26T18:15:07.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: usbhid: fix info leak in hid_submit_ctrl\n\nIn hid_submit_ctrl(), the way of calculating the report length doesn't\ntake into account that report->size can be zero. When running the\nsyzkaller reproducer, a report of size 0 causes hid_submit_ctrl) to\ncalculate transfer_buffer_length as 16384. When this urb is passed to\nthe usb core layer, KMSAN reports an info leak of 16384 bytes.\n\nTo fix this, first modify hid_report_len() to account for the zero\nreport size case by using DIV_ROUND_UP for the division. Then, call it\nfrom hid_submit_ctrl()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0e280502be1b003c3483ae03fc60dea554fcfa82",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/21883bff0fd854e07429a773ff18f1e9658f50e8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/41b1e71a2c57366b08dcca1a28b0d45ca69429ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6be388f4a35d2ce5ef7dbf635a8964a5da7f799f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7f5a4b24cdbd7372770a02f23e347d7d9a9ac8f1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8c064eece9a51856f3f275104520c7e3017fc5c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b1e3596416d74ce95cc0b7b38472329a3818f8a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c5d3c142f2d57d40c55e65d5622d319125a45366",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

40
CVE-2023/CVE-2023-524xx/CVE-2023-52474.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-52474",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T18:15:07.237",
"lastModified": "2024-02-26T18:15:07.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nIB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests\n\nhfi1 user SDMA request processing has two bugs that can cause data\ncorruption for user SDMA requests that have multiple payload iovecs\nwhere an iovec other than the tail iovec does not run up to the page\nboundary for the buffer pointed to by that iovec.a\n\nHere are the specific bugs:\n1. user_sdma_txadd() does not use struct user_sdma_iovec->iov.iov_len.\n Rather, user_sdma_txadd() will add up to PAGE_SIZE bytes from iovec\n to the packet, even if some of those bytes are past\n iovec->iov.iov_len and are thus not intended to be in the packet.\n2. user_sdma_txadd() and user_sdma_send_pkts() fail to advance to the\n next iovec in user_sdma_request->iovs when the current iovec\n is not PAGE_SIZE and does not contain enough data to complete the\n packet. The transmitted packet will contain the wrong data from the\n iovec pages.\n\nThis has not been an issue with SDMA packets from hfi1 Verbs or PSM2\nbecause they only produce iovecs that end short of PAGE_SIZE as the tail\niovec of an SDMA request.\n\nFixing these bugs exposes other bugs with the SDMA pin cache\n(struct mmu_rb_handler) that get in way of supporting user SDMA requests\nwith multiple payload iovecs whose buffers do not end at PAGE_SIZE. So\nthis commit fixes those issues as well.\n\nHere are the mmu_rb_handler bugs that non-PAGE_SIZE-end multi-iovec\npayload user SDMA requests can hit:\n1. Overlapping memory ranges in mmu_rb_handler will result in duplicate\n pinnings.\n2. When extending an existing mmu_rb_handler entry (struct mmu_rb_node),\n the mmu_rb code (1) removes the existing entry under a lock, (2)\n releases that lock, pins the new pages, (3) then reacquires the lock\n to insert the extended mmu_rb_node.\n\n If someone else comes in and inserts an overlapping entry between (2)\n and (3), insert in (3) will fail.\n\n The failure path code in this case unpins _all_ pages in either the\n original mmu_rb_node or the new mmu_rb_node that was inserted between\n (2) and (3).\n3. In hfi1_mmu_rb_remove_unless_exact(), mmu_rb_node->refcount is\n incremented outside of mmu_rb_handler->lock. As a result, mmu_rb_node\n could be evicted by another thread that gets mmu_rb_handler->lock and\n checks mmu_rb_node->refcount before mmu_rb_node->refcount is\n incremented.\n4. Related to #2 above, SDMA request submission failure path does not\n check mmu_rb_node->refcount before freeing mmu_rb_node object.\n\n If there are other SDMA requests in progress whose iovecs have\n pointers to the now-freed mmu_rb_node(s), those pointers to the\n now-freed mmu_rb nodes will be dereferenced when those SDMA requests\n complete."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/00cbce5cbf88459cd1aa1d60d0f1df15477df127",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7e6010f79b58f45b204cf18aa58f4b73c3f30adc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c4c6512d7330b743c4ffd18bd999a86ca26db0d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a2bd706ab63509793b5cd5065e685b7ef5cba678",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c76cb8f4bdf26d04cfa5485a93ce297dba5e6a80",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dce59b5443700fbd0d2433ec6e4d4cf063448844",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

2
CVE-2024/CVE-2024-218xx/CVE-2024-21802.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21802",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-26T16:27:55.550",
"lastModified": "2024-02-26T16:32:25.577",
"lastModified": "2024-02-26T18:15:07.290",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-218xx/CVE-2024-21825.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21825",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-26T16:27:55.770",
"lastModified": "2024-02-26T16:32:25.577",
"lastModified": "2024-02-26T18:15:07.390",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-218xx/CVE-2024-21836.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21836",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-26T16:27:55.990",
"lastModified": "2024-02-26T16:32:25.577",
"lastModified": "2024-02-26T18:15:07.487",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

14
CVE-2024/CVE-2024-232xx/CVE-2024-23206.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23206",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:10.840",
"lastModified": "2024-02-11T07:15:07.610",
"lastModified": "2024-02-26T18:24:10.707",
"vulnStatus": "Modified",
"descriptions": [
{
@ -57,6 +57,12 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "3D6F41D4-58ED-4E0B-90B4-3EDDB7CEA240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
@ -91,12 +97,6 @@
"versionEndExcluding": "14.3",
"matchCriteriaId": "3A4823C4-3812-46DB-8295-D021C93236CC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "AF847E34-E210-4F2D-919C-772FFEC50D8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",

14
CVE-2024/CVE-2024-232xx/CVE-2024-23211.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23211",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.087",
"lastModified": "2024-01-30T17:07:02.920",
"lastModified": "2024-02-26T18:24:10.707",
"vulnStatus": "Analyzed",
"descriptions": [
{
@ -57,6 +57,12 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "3D6F41D4-58ED-4E0B-90B4-3EDDB7CEA240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
@ -92,12 +98,6 @@
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "AF847E34-E210-4F2D-919C-772FFEC50D8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",

14
CVE-2024/CVE-2024-232xx/CVE-2024-23213.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23213",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.183",
"lastModified": "2024-02-11T07:15:08.540",
"lastModified": "2024-02-26T18:24:10.707",
"vulnStatus": "Modified",
"descriptions": [
{
@ -57,6 +57,12 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "3D6F41D4-58ED-4E0B-90B4-3EDDB7CEA240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
@ -92,12 +98,6 @@
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "AF847E34-E210-4F2D-919C-772FFEC50D8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",

28
CVE-2024/CVE-2024-232xx/CVE-2024-23222.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23222",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-23T01:15:11.500",
"lastModified": "2024-02-21T07:15:53.630",
"vulnStatus": "Modified",
"lastModified": "2024-02-26T18:25:58.083",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-01-23",
"cisaActionDue": "2024-02-13",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
@ -61,6 +61,12 @@
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "3D6F41D4-58ED-4E0B-90B4-3EDDB7CEA240"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
@ -110,17 +116,17 @@
"versionEndExcluding": "14.3",
"matchCriteriaId": "79ADFEBE-99EE-4F01-9AE8-489EB41885D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "AF847E34-E210-4F2D-919C-772FFEC50D8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.3",
"matchCriteriaId": "921307BF-8419-42C7-9B2C-8DD643723E38"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.2",
"matchCriteriaId": "192B29EB-3DC2-48B9-BA87-50033A2CFF01"
}
]
}
@ -186,7 +192,11 @@
},
{
"url": "https://support.apple.com/en-us/HT214070",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

2
CVE-2024/CVE-2024-234xx/CVE-2024-23496.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23496",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-26T16:27:56.800",
"lastModified": "2024-02-26T16:32:25.577",
"lastModified": "2024-02-26T18:15:07.580",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

2
CVE-2024/CVE-2024-236xx/CVE-2024-23605.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23605",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-02-26T16:27:57.000",
"lastModified": "2024-02-26T16:32:25.577",
"lastModified": "2024-02-26T18:15:07.673",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{

20
CVE-2024/CVE-2024-244xx/CVE-2024-24401.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24401",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T17:15:10.393",
"lastModified": "2024-02-26T17:15:10.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component."
}
],
"metrics": {},
"references": [
{
"url": "https://www.nagios.com/changelog/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-244xx/CVE-2024-24402.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-24402",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T17:15:10.443",
"lastModified": "2024-02-26T17:15:10.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component."
}
],
"metrics": {},
"references": [
{
"url": "https://www.nagios.com/changelog/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-257xx/CVE-2024-25767.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25767",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T17:15:10.497",
"lastModified": "2024-02-26T17:15:10.497",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/LuMingYinDetect/nanomq_defects/blob/main/nanomq_detect_1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-257xx/CVE-2024-25768.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25768",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T18:15:07.757",
"lastModified": "2024-02-26T18:15:07.757",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/LuMingYinDetect/OpenDMARC_defects/blob/main/OpenDMARC_detect_1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-257xx/CVE-2024-25770.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25770",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T18:15:07.810",
"lastModified": "2024-02-26T18:15:07.810",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/LuMingYinDetect/libming_defects/blob/main/libming_detect_1.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-264xx/CVE-2024-26455.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-26455",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T18:15:07.863",
"lastModified": "2024-02-26T18:15:07.863",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/LuMingYinDetect/fluent-bit_defects/blob/main/fluent-bit_detect_1.md",
"source": "cve@mitre.org"
}
]
}

59
CVE-2024/CVE-2024-270xx/CVE-2024-27081.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-27081",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-26T17:15:10.550",
"lastModified": "2024-02-26T17:15:10.550",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/esphome/esphome/commit/d814ed1d4adc71fde47c4df41215bee449884513",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2p",
"source": "security-advisories@github.com"
}
]
}

15
CVE-2024/CVE-2024-270xx/CVE-2024-27084.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-27084",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-26T18:15:07.920",
"lastModified": "2024-02-26T18:15:07.920",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE is a duplicate of CVE-2024-1631."
}
],
"metrics": {},
"references": []
}

59
CVE-2024/CVE-2024-270xx/CVE-2024-27087.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-27087",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-26T17:15:10.783",
"lastModified": "2024-02-26T17:15:10.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a \"Custom\" link type for advanced use cases that don't fit any of the pre-defined link formats. As the \"Custom\" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2024/CVE-2024-270xx/CVE-2024-27088.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2024-27088",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-26T17:15:11.000",
"lastModified": "2024-02-26T17:15:11.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE"
},
"exploitabilityScore": 0.8,
"impactScore": 0.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
},
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/medikoo/es5-ext/issues/201",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h",
"source": "security-advisories@github.com"
}
]
}

85
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-26T17:04:29.752021+00:00
2024-02-26T19:00:26.705992+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-26T16:32:25.577000+00:00
2024-02-26T18:25:58.083000+00:00
```
### Last Data Feed Release
@ -29,69 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
239489
239505
```
### CVEs added in the last Commit
Recently added CVEs: `85`
Recently added CVEs: `16`
* [CVE-2024-25344](CVE-2024/CVE-2024-253xx/CVE-2024-25344.json) (`2024-02-26T16:27:58.897`)
* [CVE-2024-25410](CVE-2024/CVE-2024-254xx/CVE-2024-25410.json) (`2024-02-26T16:27:58.960`)
* [CVE-2024-25760](CVE-2024/CVE-2024-257xx/CVE-2024-25760.json) (`2024-02-26T16:27:59.017`)
* [CVE-2024-25763](CVE-2024/CVE-2024-257xx/CVE-2024-25763.json) (`2024-02-26T16:27:59.063`)
* [CVE-2024-25909](CVE-2024/CVE-2024-259xx/CVE-2024-25909.json) (`2024-02-26T16:27:59.137`)
* [CVE-2024-25913](CVE-2024/CVE-2024-259xx/CVE-2024-25913.json) (`2024-02-26T16:27:59.333`)
* [CVE-2024-25925](CVE-2024/CVE-2024-259xx/CVE-2024-25925.json) (`2024-02-26T16:27:59.530`)
* [CVE-2024-26465](CVE-2024/CVE-2024-264xx/CVE-2024-26465.json) (`2024-02-26T16:27:59.730`)
* [CVE-2024-26466](CVE-2024/CVE-2024-264xx/CVE-2024-26466.json) (`2024-02-26T16:27:59.773`)
* [CVE-2024-26467](CVE-2024/CVE-2024-264xx/CVE-2024-26467.json) (`2024-02-26T16:27:59.823`)
* [CVE-2024-26468](CVE-2024/CVE-2024-264xx/CVE-2024-26468.json) (`2024-02-26T16:27:59.870`)
* [CVE-2024-26600](CVE-2024/CVE-2024-266xx/CVE-2024-26600.json) (`2024-02-26T16:27:59.927`)
* [CVE-2024-26601](CVE-2024/CVE-2024-266xx/CVE-2024-26601.json) (`2024-02-26T16:27:59.987`)
* [CVE-2024-26602](CVE-2024/CVE-2024-266xx/CVE-2024-26602.json) (`2024-02-26T16:28:00.043`)
* [CVE-2024-26603](CVE-2024/CVE-2024-266xx/CVE-2024-26603.json) (`2024-02-26T16:28:00.097`)
* [CVE-2024-26604](CVE-2024/CVE-2024-266xx/CVE-2024-26604.json) (`2024-02-26T16:28:00.150`)
* [CVE-2024-26605](CVE-2024/CVE-2024-266xx/CVE-2024-26605.json) (`2024-02-26T16:28:00.207`)
* [CVE-2024-26606](CVE-2024/CVE-2024-266xx/CVE-2024-26606.json) (`2024-02-26T16:28:00.260`)
* [CVE-2024-27350](CVE-2024/CVE-2024-273xx/CVE-2024-27350.json) (`2024-02-26T16:28:00.313`)
* [CVE-2024-27359](CVE-2024/CVE-2024-273xx/CVE-2024-27359.json) (`2024-02-26T16:28:00.377`)
* [CVE-2024-27444](CVE-2024/CVE-2024-274xx/CVE-2024-27444.json) (`2024-02-26T16:28:00.430`)
* [CVE-2024-27447](CVE-2024/CVE-2024-274xx/CVE-2024-27447.json) (`2024-02-26T16:28:00.477`)
* [CVE-2024-27454](CVE-2024/CVE-2024-274xx/CVE-2024-27454.json) (`2024-02-26T16:28:00.530`)
* [CVE-2024-27455](CVE-2024/CVE-2024-274xx/CVE-2024-27455.json) (`2024-02-26T16:28:00.707`)
* [CVE-2024-27456](CVE-2024/CVE-2024-274xx/CVE-2024-27456.json) (`2024-02-26T16:28:00.760`)
* [CVE-2019-25160](CVE-2019/CVE-2019-251xx/CVE-2019-25160.json) (`2024-02-26T18:15:06.930`)
* [CVE-2019-25161](CVE-2019/CVE-2019-251xx/CVE-2019-25161.json) (`2024-02-26T18:15:06.997`)
* [CVE-2019-25162](CVE-2019/CVE-2019-251xx/CVE-2019-25162.json) (`2024-02-26T18:15:07.043`)
* [CVE-2020-36775](CVE-2020/CVE-2020-367xx/CVE-2020-36775.json) (`2024-02-26T18:15:07.103`)
* [CVE-2021-46906](CVE-2021/CVE-2021-469xx/CVE-2021-46906.json) (`2024-02-26T18:15:07.160`)
* [CVE-2023-52474](CVE-2023/CVE-2023-524xx/CVE-2023-52474.json) (`2024-02-26T18:15:07.237`)
* [CVE-2024-24401](CVE-2024/CVE-2024-244xx/CVE-2024-24401.json) (`2024-02-26T17:15:10.393`)
* [CVE-2024-24402](CVE-2024/CVE-2024-244xx/CVE-2024-24402.json) (`2024-02-26T17:15:10.443`)
* [CVE-2024-25767](CVE-2024/CVE-2024-257xx/CVE-2024-25767.json) (`2024-02-26T17:15:10.497`)
* [CVE-2024-27081](CVE-2024/CVE-2024-270xx/CVE-2024-27081.json) (`2024-02-26T17:15:10.550`)
* [CVE-2024-27087](CVE-2024/CVE-2024-270xx/CVE-2024-27087.json) (`2024-02-26T17:15:10.783`)
* [CVE-2024-27088](CVE-2024/CVE-2024-270xx/CVE-2024-27088.json) (`2024-02-26T17:15:11.000`)
* [CVE-2024-25768](CVE-2024/CVE-2024-257xx/CVE-2024-25768.json) (`2024-02-26T18:15:07.757`)
* [CVE-2024-25770](CVE-2024/CVE-2024-257xx/CVE-2024-25770.json) (`2024-02-26T18:15:07.810`)
* [CVE-2024-26455](CVE-2024/CVE-2024-264xx/CVE-2024-26455.json) (`2024-02-26T18:15:07.863`)
* [CVE-2024-27084](CVE-2024/CVE-2024-270xx/CVE-2024-27084.json) (`2024-02-26T18:15:07.920`)
### CVEs modified in the last Commit
Recently modified CVEs: `79`
Recently modified CVEs: `9`
* [CVE-2023-27043](CVE-2023/CVE-2023-270xx/CVE-2023-27043.json) (`2024-02-26T16:27:45.780`)
* [CVE-2023-36258](CVE-2023/CVE-2023-362xx/CVE-2023-36258.json) (`2024-02-26T16:27:46.537`)
* [CVE-2023-44467](CVE-2023/CVE-2023-444xx/CVE-2023-44467.json) (`2024-02-26T16:27:47.113`)
* [CVE-2023-4408](CVE-2023/CVE-2023-44xx/CVE-2023-4408.json) (`2024-02-26T16:27:47.427`)
* [CVE-2023-50387](CVE-2023/CVE-2023-503xx/CVE-2023-50387.json) (`2024-02-26T16:27:47.550`)
* [CVE-2023-50781](CVE-2023/CVE-2023-507xx/CVE-2023-50781.json) (`2024-02-26T16:27:47.760`)
* [CVE-2023-50782](CVE-2023/CVE-2023-507xx/CVE-2023-50782.json) (`2024-02-26T16:27:48.080`)
* [CVE-2023-50868](CVE-2023/CVE-2023-508xx/CVE-2023-50868.json) (`2024-02-26T16:27:48.293`)
* [CVE-2023-52425](CVE-2023/CVE-2023-524xx/CVE-2023-52425.json) (`2024-02-26T16:27:48.367`)
* [CVE-2023-52426](CVE-2023/CVE-2023-524xx/CVE-2023-52426.json) (`2024-02-26T16:27:48.450`)
* [CVE-2023-5517](CVE-2023/CVE-2023-55xx/CVE-2023-5517.json) (`2024-02-26T16:27:49.033`)
* [CVE-2023-5679](CVE-2023/CVE-2023-56xx/CVE-2023-5679.json) (`2024-02-26T16:27:49.143`)
* [CVE-2023-5841](CVE-2023/CVE-2023-58xx/CVE-2023-5841.json) (`2024-02-26T16:27:49.420`)
* [CVE-2023-5992](CVE-2023/CVE-2023-59xx/CVE-2023-5992.json) (`2024-02-26T16:27:49.530`)
* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-02-26T16:27:51.353`)
* [CVE-2024-1669](CVE-2024/CVE-2024-16xx/CVE-2024-1669.json) (`2024-02-26T16:27:52.577`)
* [CVE-2024-1670](CVE-2024/CVE-2024-16xx/CVE-2024-1670.json) (`2024-02-26T16:27:52.643`)
* [CVE-2024-1671](CVE-2024/CVE-2024-16xx/CVE-2024-1671.json) (`2024-02-26T16:27:52.697`)
* [CVE-2024-1672](CVE-2024/CVE-2024-16xx/CVE-2024-1672.json) (`2024-02-26T16:27:52.740`)
* [CVE-2024-1673](CVE-2024/CVE-2024-16xx/CVE-2024-1673.json) (`2024-02-26T16:27:52.780`)
* [CVE-2024-1674](CVE-2024/CVE-2024-16xx/CVE-2024-1674.json) (`2024-02-26T16:27:52.823`)
* [CVE-2024-1675](CVE-2024/CVE-2024-16xx/CVE-2024-1675.json) (`2024-02-26T16:27:52.870`)
* [CVE-2024-1676](CVE-2024/CVE-2024-16xx/CVE-2024-1676.json) (`2024-02-26T16:27:52.910`)
* [CVE-2024-23738](CVE-2024/CVE-2024-237xx/CVE-2024-23738.json) (`2024-02-26T16:27:57.290`)
* [CVE-2024-25189](CVE-2024/CVE-2024-251xx/CVE-2024-25189.json) (`2024-02-26T16:27:58.813`)
* [CVE-2024-21802](CVE-2024/CVE-2024-218xx/CVE-2024-21802.json) (`2024-02-26T18:15:07.290`)
* [CVE-2024-21825](CVE-2024/CVE-2024-218xx/CVE-2024-21825.json) (`2024-02-26T18:15:07.390`)
* [CVE-2024-21836](CVE-2024/CVE-2024-218xx/CVE-2024-21836.json) (`2024-02-26T18:15:07.487`)
* [CVE-2024-23496](CVE-2024/CVE-2024-234xx/CVE-2024-23496.json) (`2024-02-26T18:15:07.580`)
* [CVE-2024-23605](CVE-2024/CVE-2024-236xx/CVE-2024-23605.json) (`2024-02-26T18:15:07.673`)
* [CVE-2024-23206](CVE-2024/CVE-2024-232xx/CVE-2024-23206.json) (`2024-02-26T18:24:10.707`)
* [CVE-2024-23211](CVE-2024/CVE-2024-232xx/CVE-2024-23211.json) (`2024-02-26T18:24:10.707`)
* [CVE-2024-23213](CVE-2024/CVE-2024-232xx/CVE-2024-23213.json) (`2024-02-26T18:24:10.707`)
* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-02-26T18:25:58.083`)
## Download and Usage