admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 11:07:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-13T03:00:23.830766+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-13 03:00:27 +00:00
parent ca5bda0685
commit dc9ffbb477
17 changed files with 557 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2023/CVE-2023-376xx/CVE-2023-37611.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37611",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-18T22:15:45.803",
"lastModified": "2023-09-19T21:24:44.943",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-13T01:15:07.807",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -68,6 +68,10 @@
}
],
"references": [
{
"url": "https://github.com/neos/neos-development-collection/pull/4812",
"source": "cve@mitre.org"
},
{
"url": "https://rodelllemit.medium.com/stored-xss-in-neo-cms-8-3-3-9bd1cb973c5b",
"source": "cve@mitre.org",

28
CVE-2023/CVE-2023-423xx/CVE-2023-42374.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-42374",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:07.913",
"lastModified": "2024-02-13T01:15:07.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component."
}
],
"metrics": {},
"references": [
{
"url": "https://beosin.com/resources/%22memory-bomb%22-vulnerability-causes-sui-node-to-crash?lang=en-US",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/MystenLabs/sui/commit/42d4ad103a21d23fecd7c0271453da41604e71e9",
"source": "cve@mitre.org"
},
{
"url": "https://medium.com/%40Beosin_com/memory-bomb-vulnerability-causes-sui-node-to-crash-7e8e3ef5057c",
"source": "cve@mitre.org"
}
]
}

76
CVE-2023/CVE-2023-431xx/CVE-2023-43183.json
View File

@ -2,23 +2,89 @@
"id": "CVE-2023-43183",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-03T09:15:11.050",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:57:25.583",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows read-only users to arbitrarily change the password of an admin and hijack their account."
},
{
"lang": "es",
"value": "Control de acceso incorrecto en el software de administraci\u00f3n de licencias Reprise Reprise License Manager v15.1 permite a los usuarios de solo lectura cambiar arbitrariamente la contrase\u00f1a de un administrador y secuestrar su cuenta."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reprise:license_manager:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA43898-A476-46F0-A53B-86BA25D3AB87"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/43",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/176841/Reprise-License-Manager-15.1-Privilege-Escalation-File-Write.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

6
CVE-2023/CVE-2023-437xx/CVE-2023-43770.json
View File

@ -2,8 +2,12 @@
"id": "CVE-2023-43770",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-22T06:15:10.090",
"lastModified": "2023-09-26T15:42:07.133",
"lastModified": "2024-02-13T02:00:01.627",
"vulnStatus": "Analyzed",
"cisaExploitAdd": "2024-02-12",
"cisaActionDue": "2024-03-04",
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability",
"descriptions": [
{
"lang": "en",

74
CVE-2023/CVE-2023-440xx/CVE-2023-44031.json
View File

@ -2,23 +2,87 @@
"id": "CVE-2023-44031",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-03T09:15:11.140",
"lastModified": "2024-02-05T02:09:37.420",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:57:11.897",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Incorrect access control in Reprise License Management Software Reprise License Manager v15.1 allows attackers to arbitrarily save sensitive files in insecure locations via a crafted POST request."
},
{
"lang": "es",
"value": "Control de acceso incorrecto en el software de administraci\u00f3n de licencias Reprise Reprise License Manager v15.1 permite a los atacantes guardar arbitrariamente archivos confidenciales en ubicaciones inseguras mediante una solicitud POST manipulada."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:reprise:license_manager:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA43898-A476-46F0-A53B-86BA25D3AB87"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/43",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/176841/Reprise-License-Manager-15.1-Privilege-Escalation-File-Write.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

6
CVE-2023/CVE-2023-476xx/CVE-2023-47620.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-47620",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T22:15:43.197",
"lastModified": "2023-12-20T21:27:11.537",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-13T01:15:07.983",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code. As of time of publication, no known patches are available."
"value": "Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the plugin-http.ts file via the `owner' and 'pkg` parameters. An attacker can run arbitrary JavaScript code."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-476xx/CVE-2023-47623.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-47623",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-12-13T22:15:43.417",
"lastModified": "2023-12-20T21:27:16.323",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-13T01:15:08.143",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login. As of time of publication, no known patches are available."
"value": "Scrypted is a home video integration and automation platform. In versions 0.55.0 and prior, a reflected cross-site scripting vulnerability exists in the login page via the `redirect_uri` parameter. By specifying a url with the javascript scheme (`javascript:`), an attacker can run arbitrary JavaScript code after the login."
},
{
"lang": "es",

24
CVE-2023/CVE-2023-493xx/CVE-2023-49339.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-49339",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:08.287",
"lastModified": "2024-02-13T01:15:08.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/3zizme/CVE-2023-49339/",
"source": "cve@mitre.org"
},
{
"url": "https://www.ellucian.com/solutions/ellucian-banner",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-520xx/CVE-2023-52059.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52059",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:08.353",
"lastModified": "2024-02-13T01:15:08.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Gestsup v3.2.46 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description text field."
}
],
"metrics": {},
"references": [
{
"url": "https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.46&type=patch",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2023-52059/README.md",
"source": "cve@mitre.org"
}
]
}

24
CVE-2023/CVE-2023-520xx/CVE-2023-52060.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-52060",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:08.413",
"lastModified": "2024-02-13T01:15:08.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) in Gestsup v3.2.46 allows attackers to arbitrarily edit user profile information via a crafted request."
}
],
"metrics": {},
"references": [
{
"url": "https://gestsup.fr/index.php?page=download&channel=beta&version=3.2.46&type=patch",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Tanguy-Boisset/CVE/blob/master/CVE-2023-52060/README.md",
"source": "cve@mitre.org"
}
]
}

10
CVE-2024/CVE-2024-202xx/CVE-2024-20290.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-20290",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-02-07T17:15:10.517",
"lastModified": "2024-02-07T17:38:33.990",
"lastModified": "2024-02-13T02:15:07.987",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources.\r\n\r For a description of this vulnerability, see the ClamAV blog ."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el analizador de formato de archivo OLE2 de ClamAV podr\u00eda permitir que un atacante remoto no autenticado provoque una condici\u00f3n de denegaci\u00f3n de servicio (DoS) en un dispositivo afectado. Esta vulnerabilidad se debe a una comprobaci\u00f3n incorrecta de los valores de fin de cadena durante el an\u00e1lisis, lo que puede provocar una sobrelectura del b\u00fafer de almacenamiento din\u00e1mico. Un atacante podr\u00eda aprovechar esta vulnerabilidad enviando un archivo manipulado que contenga contenido OLE2 para que ClamAV lo analice en un dispositivo afectado. Un exploit exitoso podr\u00eda permitir al atacante provocar que finalice el proceso de escaneo de ClamAV, lo que resultar\u00eda en una condici\u00f3n DoS en el software afectado y consumir\u00eda los recursos disponibles del sistema. Para obtener una descripci\u00f3n de esta vulnerabilidad, consulte el blog de ClamAV."
}
],
"metrics": {
@ -47,6 +51,10 @@
}
],
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t",
"source": "ykramarz@cisco.com"

59
CVE-2024/CVE-2024-221xx/CVE-2024-22126.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22126",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T02:15:08.107",
"lastModified": "2024-02-13T02:15:08.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes\u00a0the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3417627",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

59
CVE-2024/CVE-2024-221xx/CVE-2024-22128.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-22128",
"sourceIdentifier": "cna@sap.com",
"published": "2024-02-13T02:15:08.323",
"lastModified": "2024-02-13T02:15:08.323",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@sap.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "cna@sap.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3396109",
"source": "cna@sap.com"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
"source": "cna@sap.com"
}
]
}

47
CVE-2024/CVE-2024-222xx/CVE-2024-22290.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22290",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-01-31T12:16:05.580",
"lastModified": "2024-01-31T14:05:19.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:57:51.120",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -50,10 +70,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:custom_dashboard_widgets_project:custom_dashboard_widgets:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.1",
"matchCriteriaId": "49781F71-73B8-43E0-A488-126A2C23A35E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/custom-dashboard-widgets/wordpress-custom-dashboard-widgets-plugin-1-3-1-csrf-to-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

90
CVE-2024/CVE-2024-235xx/CVE-2024-23550.json
View File

@ -2,16 +2,40 @@
"id": "CVE-2024-23550",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-02-03T06:15:48.290",
"lastModified": "2024-02-05T02:09:43.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-02-13T00:57:33.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent.\n"
},
{
"lang": "es",
"value": "HCL DevOps Deploy/HCL Launch (UCD) podr\u00eda revelar informaci\u00f3n confidencial del usuario al instalar el agente de Windows."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -34,10 +58,70 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_devops_deploy:8.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C5CDAE7-67EF-441C-9364-01F57401ABA6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0.0",
"versionEndExcluding": "7.0.5.20",
"matchCriteriaId": "F46E5B0F-66AB-4E51-8614-373294B31CEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0.0",
"versionEndExcluding": "7.1.2.16",
"matchCriteriaId": "D093121F-1C5F-4CDE-9B92-38501C66AE2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0.0",
"versionEndExcluding": "7.2.3.9",
"matchCriteriaId": "A065445B-13F4-4400-BC39-8E1D5B93D39B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltechsw:hcl_launch:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3.0.0",
"versionEndExcluding": "7.3.2.4",
"matchCriteriaId": "8CD0DB1A-F26E-4D5A-BA6B-3B38F8F1811D"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110334",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-254xx/CVE-2024-25407.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-25407",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T01:15:08.470",
"lastModified": "2024-02-13T01:15:08.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/steve-community/steve/issues/1296",
"source": "cve@mitre.org"
}
]
}

51
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-13T00:55:25.285972+00:00
2024-02-13T03:00:23.830766+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-13T00:42:06.777000+00:00
2024-02-13T02:15:08.323000+00:00
```
### Last Data Feed Release
@ -23,48 +23,41 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-02-12T01:00:28.269914+00:00
2024-02-13T01:00:28.283503+00:00
```
### Total Number of included CVEs
```plain
238215
238222
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `7`
* [CVE-2023-28018](CVE-2023/CVE-2023-280xx/CVE-2023-28018.json) (`2024-02-12T23:15:08.100`)
* [CVE-2023-52430](CVE-2023/CVE-2023-524xx/CVE-2023-52430.json) (`2024-02-12T23:15:08.353`)
* [CVE-2024-1454](CVE-2024/CVE-2024-14xx/CVE-2024-1454.json) (`2024-02-12T23:15:08.410`)
* [CVE-2024-24826](CVE-2024/CVE-2024-248xx/CVE-2024-24826.json) (`2024-02-12T23:15:08.643`)
* [CVE-2024-25112](CVE-2024/CVE-2024-251xx/CVE-2024-25112.json) (`2024-02-12T23:15:08.853`)
* [CVE-2023-42374](CVE-2023/CVE-2023-423xx/CVE-2023-42374.json) (`2024-02-13T01:15:07.913`)
* [CVE-2023-49339](CVE-2023/CVE-2023-493xx/CVE-2023-49339.json) (`2024-02-13T01:15:08.287`)
* [CVE-2023-52059](CVE-2023/CVE-2023-520xx/CVE-2023-52059.json) (`2024-02-13T01:15:08.353`)
* [CVE-2023-52060](CVE-2023/CVE-2023-520xx/CVE-2023-52060.json) (`2024-02-13T01:15:08.413`)
* [CVE-2024-25407](CVE-2024/CVE-2024-254xx/CVE-2024-25407.json) (`2024-02-13T01:15:08.470`)
* [CVE-2024-22126](CVE-2024/CVE-2024-221xx/CVE-2024-22126.json) (`2024-02-13T02:15:08.107`)
* [CVE-2024-22128](CVE-2024/CVE-2024-221xx/CVE-2024-22128.json) (`2024-02-13T02:15:08.323`)
### CVEs modified in the last Commit
Recently modified CVEs: `18`
Recently modified CVEs: `9`
* [CVE-2018-25098](CVE-2018/CVE-2018-250xx/CVE-2018-25098.json) (`2024-02-13T00:39:20.100`)
* [CVE-2020-36773](CVE-2020/CVE-2020-367xx/CVE-2020-36773.json) (`2024-02-13T00:39:04.533`)
* [CVE-2021-46903](CVE-2021/CVE-2021-469xx/CVE-2021-46903.json) (`2024-02-13T00:38:22.293`)
* [CVE-2021-46902](CVE-2021/CVE-2021-469xx/CVE-2021-46902.json) (`2024-02-13T00:38:32.413`)
* [CVE-2021-4435](CVE-2021/CVE-2021-44xx/CVE-2021-4435.json) (`2024-02-13T00:38:56.303`)
* [CVE-2023-7216](CVE-2023/CVE-2023-72xx/CVE-2023-7216.json) (`2024-02-13T00:37:01.273`)
* [CVE-2023-52138](CVE-2023/CVE-2023-521xx/CVE-2023-52138.json) (`2024-02-13T00:37:13.493`)
* [CVE-2023-5643](CVE-2023/CVE-2023-56xx/CVE-2023-5643.json) (`2024-02-13T00:37:21.967`)
* [CVE-2023-5249](CVE-2023/CVE-2023-52xx/CVE-2023-5249.json) (`2024-02-13T00:37:35.327`)
* [CVE-2023-5800](CVE-2023/CVE-2023-58xx/CVE-2023-5800.json) (`2024-02-13T00:37:47.070`)
* [CVE-2023-5677](CVE-2023/CVE-2023-56xx/CVE-2023-5677.json) (`2024-02-13T00:38:00.893`)
* [CVE-2023-6240](CVE-2023/CVE-2023-62xx/CVE-2023-6240.json) (`2024-02-13T00:40:57.653`)
* [CVE-2023-49950](CVE-2023/CVE-2023-499xx/CVE-2023-49950.json) (`2024-02-13T00:42:06.777`)
* [CVE-2024-24768](CVE-2024/CVE-2024-247xx/CVE-2024-24768.json) (`2024-02-13T00:36:30.397`)
* [CVE-2024-24762](CVE-2024/CVE-2024-247xx/CVE-2024-24762.json) (`2024-02-13T00:36:41.277`)
* [CVE-2024-25089](CVE-2024/CVE-2024-250xx/CVE-2024-25089.json) (`2024-02-13T00:38:12.137`)
* [CVE-2024-25062](CVE-2024/CVE-2024-250xx/CVE-2024-25062.json) (`2024-02-13T00:40:40.503`)
* [CVE-2024-0853](CVE-2024/CVE-2024-08xx/CVE-2024-0853.json) (`2024-02-13T00:41:15.597`)
* [CVE-2023-44031](CVE-2023/CVE-2023-440xx/CVE-2023-44031.json) (`2024-02-13T00:57:11.897`)
* [CVE-2023-43183](CVE-2023/CVE-2023-431xx/CVE-2023-43183.json) (`2024-02-13T00:57:25.583`)
* [CVE-2023-37611](CVE-2023/CVE-2023-376xx/CVE-2023-37611.json) (`2024-02-13T01:15:07.807`)
* [CVE-2023-47620](CVE-2023/CVE-2023-476xx/CVE-2023-47620.json) (`2024-02-13T01:15:07.983`)
* [CVE-2023-47623](CVE-2023/CVE-2023-476xx/CVE-2023-47623.json) (`2024-02-13T01:15:08.143`)
* [CVE-2023-43770](CVE-2023/CVE-2023-437xx/CVE-2023-43770.json) (`2024-02-13T02:00:01.627`)
* [CVE-2024-23550](CVE-2024/CVE-2024-235xx/CVE-2024-23550.json) (`2024-02-13T00:57:33.613`)
* [CVE-2024-22290](CVE-2024/CVE-2024-222xx/CVE-2024-22290.json) (`2024-02-13T00:57:51.120`)
* [CVE-2024-20290](CVE-2024/CVE-2024-202xx/CVE-2024-20290.json) (`2024-02-13T02:15:07.987`)
## Download and Usage