admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-06T19:00:32.423200+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-06 19:00:36 +00:00
parent 51dc23fa5c
commit d5e8a94a27
33 changed files with 1241 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-501xx/CVE-2023-50167.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50167",
"sourceIdentifier": "security@pega.com",
"published": "2024-03-06T18:15:46.133",
"lastModified": "2024-03-06T18:15:46.133",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@pega.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@pega.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://support.pega.com/support-doc/pega-security-advisory-i23-vulnerability-remediation-note",
"source": "security@pega.com"
}
]
}

55
CVE-2023/CVE-2023-507xx/CVE-2023-50716.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-50716",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-06T18:15:46.360",
"lastModified": "2024-03-06T18:15:46.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "eProsima Fast DDS (formerly Fast RTPS) is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.13.0, 2.12.2, 2.11.3, 2.10.3, and 2.6.7, an invalid DATA_FRAG Submessage causes a bad-free error, and the Fast-DDS process can be remotely terminated. If an invalid Data_Frag packet is sent, the `Inline_qos, SerializedPayload` member of object `ch` will attempt to release memory without initialization, resulting in a 'bad-free' error. Versions 2.13.0, 2.12.2, 2.11.3, 2.10.2, and 2.6.7 fix this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-5m2f-hvj2-cx2h",
"source": "security-advisories@github.com"
}
]
}

50
CVE-2024/CVE-2024-17xx/CVE-2024-1714.json
View File

@ -2,14 +2,54 @@
"id": "CVE-2024-1714",
"sourceIdentifier": "psirt@sailpoint.com",
"published": "2024-02-21T17:15:09.003",
"lastModified": "2024-02-21T18:15:51.377",
"vulnStatus": "Rejected",
"lastModified": "2024-03-06T17:15:08.577",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
"value": "An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request."
}
],
"metrics": {},
"references": []
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@sailpoint.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "psirt@sailpoint.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/",
"source": "psirt@sailpoint.com"
}
]
}

55
CVE-2024/CVE-2024-202xx/CVE-2024-20292.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20292",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-03-06T17:15:08.797",
"lastModified": "2024-03-06T17:15:08.797",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. \r\n\r This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20301.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20301",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-03-06T17:15:08.987",
"lastModified": "2024-03-06T17:15:08.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. \r\n\r This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of the affected device. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permissions."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-win-bypass-pn42KKBm",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20335.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20335",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-03-06T17:15:09.193",
"lastModified": "2024-03-06T17:15:09.193",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20336.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20336",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-03-06T17:15:09.397",
"lastModified": "2024-03-06T18:15:46.553",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20337.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20337",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-03-06T17:15:09.580",
"lastModified": "2024-03-06T17:15:09.580",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-93"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20338.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20338",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-03-06T17:15:09.783",
"lastModified": "2024-03-06T17:15:09.783",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device.\r\n\r This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20345.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20345",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-03-06T17:15:09.973",
"lastModified": "2024-03-06T17:15:09.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. \r\n\r This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-26"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF",
"source": "ykramarz@cisco.com"
}
]
}

55
CVE-2024/CVE-2024-203xx/CVE-2024-20346.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20346",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-03-06T17:15:10.173",
"lastModified": "2024-03-06T17:15:10.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device.\r\n\r This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-xss-3JwqSMNT",
"source": "ykramarz@cisco.com"
}
]
}

20
CVE-2024/CVE-2024-22xx/CVE-2024-2215.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-2215",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:11.593",
"lastModified": "2024-03-06T17:15:11.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3200",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-22xx/CVE-2024-2216.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-2216",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:11.640",
"lastModified": "2024-03-06T17:15:11.640",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3200",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

59
CVE-2024/CVE-2024-247xx/CVE-2024-24761.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-24761",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-06T18:15:46.620",
"lastModified": "2024-03-06T18:15:46.620",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to everyone. Version 1.0.2 fixes this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/galette/galette/commit/a5c18bb9819b8da1b3ef58f3e79577083c657fbb",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/galette/galette/security/advisories/GHSA-jrqg-mpwv-pxpv",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-247xx/CVE-2024-24765.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24765",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-06T18:15:46.807",
"lastModified": "2024-03-06T18:15:46.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-247xx/CVE-2024-24767.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-24767",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-06T18:15:46.983",
"lastModified": "2024-03-06T18:15:46.983",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://github.com/IceWhaleTech/CasaOS-UserService/commit/62006f61b55951048dbace4ebd9e483274838699",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44x",
"source": "security-advisories@github.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28149.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28149",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.450",
"lastModified": "2024-03-06T17:15:10.450",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28150.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28150",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.510",
"lastModified": "2024-03-06T17:15:10.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3302",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28151.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28151",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.570",
"lastModified": "2024-03-06T17:15:10.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3303",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28152.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28152",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.637",
"lastModified": "2024-03-06T17:15:10.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy \"Forks in the same account\" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3300",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28153.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28153",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.687",
"lastModified": "2024-03-06T17:15:10.687",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28154.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28154",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.733",
"lastModified": "2024-03-06T17:15:10.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3180",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28155.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28155",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.787",
"lastModified": "2024-03-06T17:15:10.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3144",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28156.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28156",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.837",
"lastModified": "2024-03-06T17:15:10.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3280",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28157.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28157",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.890",
"lastModified": "2024-03-06T17:15:10.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3249",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28158.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28158",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.940",
"lastModified": "2024-03-06T17:15:10.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3325",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28159.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28159",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.987",
"lastModified": "2024-03-06T17:15:10.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3325",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28160.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28160",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:11.040",
"lastModified": "2024-03-06T17:15:11.040",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3248",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28161.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28161",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:11.090",
"lastModified": "2024-03-06T17:15:11.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3215",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

20
CVE-2024/CVE-2024-281xx/CVE-2024-28162.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-28162",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:11.140",
"lastModified": "2024-03-06T17:15:11.140",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation."
}
],
"metrics": {},
"references": [
{
"url": "https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3330",
"source": "jenkinsci-cert@googlegroups.com"
}
]
}

55
CVE-2024/CVE-2024-281xx/CVE-2024-28173.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-28173",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-03-06T17:15:11.190",
"lastModified": "2024-03-06T17:15:11.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the \"password\" type could be disclosed"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-201"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
}
]
}

55
CVE-2024/CVE-2024-281xx/CVE-2024-28174.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-28174",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-03-06T17:15:11.397",
"lastModified": "2024-03-06T17:15:11.397",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "cve@jetbrains.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.jetbrains.com/privacy-security/issues-fixed/",
"source": "cve@jetbrains.com"
}
]
}

61
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-06T17:01:01.900139+00:00
2024-03-06T19:00:32.423200+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-06T15:26:34.817000+00:00
2024-03-06T18:15:46.983000+00:00
```
### Last Data Feed Release
@ -29,44 +29,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240665
240696
```
### CVEs added in the last Commit
Recently added CVEs: `0`
Recently added CVEs: `31`
* [CVE-2024-20338](CVE-2024/CVE-2024-203xx/CVE-2024-20338.json) (`2024-03-06T17:15:09.783`)
* [CVE-2024-20345](CVE-2024/CVE-2024-203xx/CVE-2024-20345.json) (`2024-03-06T17:15:09.973`)
* [CVE-2024-20346](CVE-2024/CVE-2024-203xx/CVE-2024-20346.json) (`2024-03-06T17:15:10.173`)
* [CVE-2024-28149](CVE-2024/CVE-2024-281xx/CVE-2024-28149.json) (`2024-03-06T17:15:10.450`)
* [CVE-2024-28150](CVE-2024/CVE-2024-281xx/CVE-2024-28150.json) (`2024-03-06T17:15:10.510`)
* [CVE-2024-28151](CVE-2024/CVE-2024-281xx/CVE-2024-28151.json) (`2024-03-06T17:15:10.570`)
* [CVE-2024-28152](CVE-2024/CVE-2024-281xx/CVE-2024-28152.json) (`2024-03-06T17:15:10.637`)
* [CVE-2024-28153](CVE-2024/CVE-2024-281xx/CVE-2024-28153.json) (`2024-03-06T17:15:10.687`)
* [CVE-2024-28154](CVE-2024/CVE-2024-281xx/CVE-2024-28154.json) (`2024-03-06T17:15:10.733`)
* [CVE-2024-28155](CVE-2024/CVE-2024-281xx/CVE-2024-28155.json) (`2024-03-06T17:15:10.787`)
* [CVE-2024-28156](CVE-2024/CVE-2024-281xx/CVE-2024-28156.json) (`2024-03-06T17:15:10.837`)
* [CVE-2024-28157](CVE-2024/CVE-2024-281xx/CVE-2024-28157.json) (`2024-03-06T17:15:10.890`)
* [CVE-2024-28158](CVE-2024/CVE-2024-281xx/CVE-2024-28158.json) (`2024-03-06T17:15:10.940`)
* [CVE-2024-28159](CVE-2024/CVE-2024-281xx/CVE-2024-28159.json) (`2024-03-06T17:15:10.987`)
* [CVE-2024-28160](CVE-2024/CVE-2024-281xx/CVE-2024-28160.json) (`2024-03-06T17:15:11.040`)
* [CVE-2024-28161](CVE-2024/CVE-2024-281xx/CVE-2024-28161.json) (`2024-03-06T17:15:11.090`)
* [CVE-2024-28162](CVE-2024/CVE-2024-281xx/CVE-2024-28162.json) (`2024-03-06T17:15:11.140`)
* [CVE-2024-28173](CVE-2024/CVE-2024-281xx/CVE-2024-28173.json) (`2024-03-06T17:15:11.190`)
* [CVE-2024-28174](CVE-2024/CVE-2024-281xx/CVE-2024-28174.json) (`2024-03-06T17:15:11.397`)
* [CVE-2024-2215](CVE-2024/CVE-2024-22xx/CVE-2024-2215.json) (`2024-03-06T17:15:11.593`)
* [CVE-2024-2216](CVE-2024/CVE-2024-22xx/CVE-2024-2216.json) (`2024-03-06T17:15:11.640`)
* [CVE-2024-20336](CVE-2024/CVE-2024-203xx/CVE-2024-20336.json) (`2024-03-06T17:15:09.397`)
* [CVE-2024-24761](CVE-2024/CVE-2024-247xx/CVE-2024-24761.json) (`2024-03-06T18:15:46.620`)
* [CVE-2024-24765](CVE-2024/CVE-2024-247xx/CVE-2024-24765.json) (`2024-03-06T18:15:46.807`)
* [CVE-2024-24767](CVE-2024/CVE-2024-247xx/CVE-2024-24767.json) (`2024-03-06T18:15:46.983`)
### CVEs modified in the last Commit
Recently modified CVEs: `96`
Recently modified CVEs: `1`
* [CVE-2024-24784](CVE-2024/CVE-2024-247xx/CVE-2024-24784.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-24785](CVE-2024/CVE-2024-247xx/CVE-2024-24785.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-24786](CVE-2024/CVE-2024-247xx/CVE-2024-24786.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-27764](CVE-2024/CVE-2024-277xx/CVE-2024-27764.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-27765](CVE-2024/CVE-2024-277xx/CVE-2024-27765.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-22889](CVE-2024/CVE-2024-228xx/CVE-2024-22889.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-25817](CVE-2024/CVE-2024-258xx/CVE-2024-25817.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-27278](CVE-2024/CVE-2024-272xx/CVE-2024-27278.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-1220](CVE-2024/CVE-2024-12xx/CVE-2024-1220.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-1760](CVE-2024/CVE-2024-17xx/CVE-2024-1760.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-1771](CVE-2024/CVE-2024-17xx/CVE-2024-1771.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-1989](CVE-2024/CVE-2024-19xx/CVE-2024-1989.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-26623](CVE-2024/CVE-2024-266xx/CVE-2024-26623.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-26624](CVE-2024/CVE-2024-266xx/CVE-2024-26624.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-26625](CVE-2024/CVE-2024-266xx/CVE-2024-26625.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-26626](CVE-2024/CVE-2024-266xx/CVE-2024-26626.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-26627](CVE-2024/CVE-2024-266xx/CVE-2024-26627.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-26628](CVE-2024/CVE-2024-266xx/CVE-2024-26628.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-2211](CVE-2024/CVE-2024-22xx/CVE-2024-2211.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-1224](CVE-2024/CVE-2024-12xx/CVE-2024-1224.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-25102](CVE-2024/CVE-2024-251xx/CVE-2024-25102.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-25103](CVE-2024/CVE-2024-251xx/CVE-2024-25103.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-26580](CVE-2024/CVE-2024-265xx/CVE-2024-26580.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-2005](CVE-2024/CVE-2024-20xx/CVE-2024-2005.json) (`2024-03-06T15:18:08.093`)
* [CVE-2024-1374](CVE-2024/CVE-2024-13xx/CVE-2024-1374.json) (`2024-03-06T15:26:34.817`)
* [CVE-2024-1714](CVE-2024/CVE-2024-17xx/CVE-2024-1714.json) (`2024-03-06T17:15:08.577`)
## Download and Usage