admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-03T17:00:25.062796+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-03 17:00:28 +00:00
parent 827287d994
commit e1ef50bbf0
13 changed files with 683 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2023/CVE-2023-306xx/CVE-2023-30617.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-30617",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T16:15:08.117",
"lastModified": "2024-01-03T16:15:08.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kruise provides automated management of large-scale applications on Kubernetes. Starting in version 0.8.0 and prior to versions 1.3.1, 1.4.1, and 1.5.2, an attacker who has gained root privilege of the node that kruise-daemon run can leverage the kruise-daemon pod to list all secrets in the entire cluster. After that, the attacker can leverage the \"captured\" secrets (e.g. the kruise-manager service account token) to gain extra privileges such as pod modification. Versions 1.3.1, 1.4.1, and 1.5.2 fix this issue. A workaround is available. For users that do not require imagepulljob functions, they can modify kruise-daemon-role to drop the cluster level secret get/list privilege."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-250"
},
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://github.com/openkruise/kruise/security/advisories/GHSA-437m-7hj5-9mpw",
"source": "security-advisories@github.com"
}
]
}

65
CVE-2023/CVE-2023-400xx/CVE-2023-40058.json
View File

@ -2,19 +2,43 @@
"id": "CVE-2023-40058",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2023-12-21T17:15:07.763",
"lastModified": "2023-12-21T18:15:28.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T15:08:28.433",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Sensitive data was added to our public-facing knowledgebase that, if exploited, could be used to access components of Access Rights Manager (ARM) if the threat actor is in the same environment. \n\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "Se agregaron datos confidenciales a nuestra base de conocimiento p\u00fablica que, si se explotan, podr\u00edan usarse para acceder a componentes de Access Rights Manager (ARM) si el actor de la amenaza se encuentra en el mismo entorno."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
@ -36,8 +60,18 @@
},
"weaknesses": [
{
"source": "psirt@solarwinds.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@solarwinds.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +80,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:solarwinds:access_rights_manager:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023.2.1",
"matchCriteriaId": "6285B061-B997-46F8-817E-8485E00E4FD9"
}
]
}
]
}
],
"references": [
{
"url": "https://www.solarwinds.com/trust-center/security-advisories/CVE-2023-40058",
"source": "psirt@solarwinds.com"
"source": "psirt@solarwinds.com",
"tags": [
"Vendor Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-455xx/CVE-2023-45559.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2023-45559",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-03T15:15:09.670",
"lastModified": "2024-01-03T15:15:09.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue in Tamaki_hamanoki Line v.13.6.1 allows attackers to send crafted notifications via leakage of the channel access token."
}
],
"metrics": {},
"references": [
{
"url": "http://tamakihamanoki.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/syz913/CVE-reports/blob/main/CVE-2023-45559.md",
"source": "cve@mitre.org"
}
]
}

59
CVE-2023/CVE-2023-467xx/CVE-2023-46738.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2023-46738",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-03T16:15:08.470",
"lastModified": "2024-01-03T16:15:08.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause was improper handling of incoming HTTP requests that could allow an attacker to control the ammount of memory that the ObjectNode would allocate. A malicious request could make the ObjectNode allocate more memory that the machine had available, and the attacker could exhaust memory by way of a single malicious request. An attacker would need to be authenticated in order to invoke the vulnerable code with their malicious request and have permissions to delete objects. In addition, the attacker would need to know the names of existing buckets of the CubeFS deployment - otherwise the request would be rejected before it reached the vulnerable code. As such, the most likely attacker is an inside user or an attacker that has breached the account of an existing user in the cluster. The issue has been patched in v3.3.1. There is no other mitigation besides upgrading."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/cubefs/cubefs/commit/dd46c24873c8f3df48d0a598b704ef9bd24b1ec1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/cubefs/cubefs/security/advisories/GHSA-qc6v-g3xw-grmx",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4911",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T18:15:10.463",
"lastModified": "2023-12-21T15:15:09.890",
"lastModified": "2024-01-03T15:15:09.770",
"vulnStatus": "Undergoing Analysis",
"cisaExploitAdd": "2023-11-21",
"cisaActionDue": "2023-12-12",
@ -229,6 +229,10 @@
"url": "https://access.redhat.com/errata/RHSA-2023:5476",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0033",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-4911",
"source": "secalert@redhat.com",

134
CVE-2023/CVE-2023-65xx/CVE-2023-6546.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6546",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T20:15:08.260",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T15:20:36.160",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -50,18 +80,112 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.5",
"matchCriteriaId": "98C491C7-598A-4D36-BA4F-3505A5727ED1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0B3E6E4D-E24E-4630-B00C-8C9901C597B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E4A01A71-0F09-4DB2-A02F-7EFFBE27C98D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F5608371-157A-4318-8A2E-4104C3467EA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc4:*:*:*:*:*:*",
"matchCriteriaId": "2226A776-DF8C-49E0-A030-0A7853BB018A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc5:*:*:*:*:*:*",
"matchCriteriaId": "6F15C659-DF06-455A-9765-0E6DE920F29A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.5:rc6:*:*:*:*:*:*",
"matchCriteriaId": "5B1C14ED-ABC4-41D3-8D9C-D38C6A65B4DE"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6546",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255498",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/torvalds/linux/commit/3c4f8333b582487a2d1e02171f1465531cde53e3",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Patch"
]
}
]
}

84
CVE-2023/CVE-2023-70xx/CVE-2023-7039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-7039",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-12-21T19:15:13.170",
"lastModified": "2023-12-22T12:18:32.690",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-01-03T15:03:23.020",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -65,8 +85,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -75,18 +105,60 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:byzoro:smart_s210_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2023-12-10",
"matchCriteriaId": "D78C978B-B7C2-4DEF-BADF-D2BF98EE8C98"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:byzoro:smart_s210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7DEFD8CA-AA67-4F4F-BF94-96ADEDF2AE44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Stitch3612/cve/blob/main/rce.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.248688",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?id.248688",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-219xx/CVE-2024-21907.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-21907",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:08.793",
"lastModified": "2024-01-03T16:15:08.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition.\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://alephsecurity.com/2018/10/22/StackOverflowException/",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://alephsecurity.com/vulns/aleph-2018004",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/JamesNK/Newtonsoft.Json/issues/2457",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/JamesNK/Newtonsoft.Json/pull/2462",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/advisories/GHSA-5crp-9r3c-p9vr",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr",
"source": "disclosure@vulncheck.com"
}
]
}

44
CVE-2024/CVE-2024-219xx/CVE-2024-21908.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-21908",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:08.913",
"lastModified": "2024-01-03T16:15:08.913",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nTinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser.\n\n\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-5h9g-x5rv-25wg",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes",
"source": "disclosure@vulncheck.com"
}
]
}

48
CVE-2024/CVE-2024-219xx/CVE-2024-21909.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-21909",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:09.003",
"lastModified": "2024-01-03T16:15:09.003",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of \nservice vulnerability. An attacker may trigger the denial of service \ncondition by providing crafted data to the DecodeFromBytes or other \ndecoding mechanisms in PeterO.Cbor. Depending on the usage of the \nlibrary, an unauthenticated and remote attacker may be able to cause the\n denial of service condition.\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-407"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-6r92-cgxc-r5fg",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg",
"source": "disclosure@vulncheck.com"
}
]
}

52
CVE-2024/CVE-2024-219xx/CVE-2024-21910.json Normal file
View File

@ -0,0 +1,52 @@
{
"id": "CVE-2024-21910",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:09.090",
"lastModified": "2024-01-03T16:15:09.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser.\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-r8hm-w5f7-wj39",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/jazzband/django-tinymce/issues/366",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/jazzband/django-tinymce/releases/tag/3.4.0",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://pypi.org/project/django-tinymce/3.4.0/",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39",
"source": "disclosure@vulncheck.com"
}
]
}

48
CVE-2024/CVE-2024-219xx/CVE-2024-21911.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-21911",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-01-03T16:15:09.170",
"lastModified": "2024-01-03T16:15:09.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser."
}
],
"metrics": {},
"weaknesses": [
{
"source": "disclosure@vulncheck.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/advisories/GHSA-w7jx-j77m-wp65",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://www.npmjs.com/package/tinymce",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes",
"source": "disclosure@vulncheck.com"
}
]
}

52
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-03T15:00:26.203185+00:00
2024-01-03T17:00:25.062796+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-03T14:35:15.607000+00:00
2024-01-03T16:15:09.170000+00:00
```
### Last Data Feed Release
@ -29,49 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
234796
234804
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `8`
* [CVE-2023-37608](CVE-2023/CVE-2023-376xx/CVE-2023-37608.json) (`2024-01-03T13:15:08.393`)
* [CVE-2023-39655](CVE-2023/CVE-2023-396xx/CVE-2023-39655.json) (`2024-01-03T13:15:08.467`)
* [CVE-2023-50092](CVE-2023/CVE-2023-500xx/CVE-2023-50092.json) (`2024-01-03T13:15:08.523`)
* [CVE-2023-37607](CVE-2023/CVE-2023-376xx/CVE-2023-37607.json) (`2024-01-03T14:15:08.747`)
* [CVE-2023-50093](CVE-2023/CVE-2023-500xx/CVE-2023-50093.json) (`2024-01-03T14:15:08.840`)
* [CVE-2023-45559](CVE-2023/CVE-2023-455xx/CVE-2023-45559.json) (`2024-01-03T15:15:09.670`)
* [CVE-2023-30617](CVE-2023/CVE-2023-306xx/CVE-2023-30617.json) (`2024-01-03T16:15:08.117`)
* [CVE-2023-46738](CVE-2023/CVE-2023-467xx/CVE-2023-46738.json) (`2024-01-03T16:15:08.470`)
* [CVE-2024-21907](CVE-2024/CVE-2024-219xx/CVE-2024-21907.json) (`2024-01-03T16:15:08.793`)
* [CVE-2024-21908](CVE-2024/CVE-2024-219xx/CVE-2024-21908.json) (`2024-01-03T16:15:08.913`)
* [CVE-2024-21909](CVE-2024/CVE-2024-219xx/CVE-2024-21909.json) (`2024-01-03T16:15:09.003`)
* [CVE-2024-21910](CVE-2024/CVE-2024-219xx/CVE-2024-21910.json) (`2024-01-03T16:15:09.090`)
* [CVE-2024-21911](CVE-2024/CVE-2024-219xx/CVE-2024-21911.json) (`2024-01-03T16:15:09.170`)
### CVEs modified in the last Commit
Recently modified CVEs: `95`
Recently modified CVEs: `4`
* [CVE-2023-52314](CVE-2023/CVE-2023-523xx/CVE-2023-52314.json) (`2024-01-03T13:48:00.677`)
* [CVE-2023-6621](CVE-2023/CVE-2023-66xx/CVE-2023-6621.json) (`2024-01-03T13:48:00.677`)
* [CVE-2023-6747](CVE-2023/CVE-2023-67xx/CVE-2023-6747.json) (`2024-01-03T13:48:00.677`)
* [CVE-2023-6984](CVE-2023/CVE-2023-69xx/CVE-2023-6984.json) (`2024-01-03T13:48:00.677`)
* [CVE-2023-7068](CVE-2023/CVE-2023-70xx/CVE-2023-7068.json) (`2024-01-03T13:48:00.677`)
* [CVE-2023-51784](CVE-2023/CVE-2023-517xx/CVE-2023-51784.json) (`2024-01-03T13:48:00.677`)
* [CVE-2023-51785](CVE-2023/CVE-2023-517xx/CVE-2023-51785.json) (`2024-01-03T13:48:00.677`)
* [CVE-2023-49792](CVE-2023/CVE-2023-497xx/CVE-2023-49792.json) (`2024-01-03T14:29:18.610`)
* [CVE-2023-49791](CVE-2023/CVE-2023-497xx/CVE-2023-49791.json) (`2024-01-03T14:35:15.607`)
* [CVE-2024-0191](CVE-2024/CVE-2024-01xx/CVE-2024-0191.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-0192](CVE-2024/CVE-2024-01xx/CVE-2024-0192.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-0194](CVE-2024/CVE-2024-01xx/CVE-2024-0194.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-0195](CVE-2024/CVE-2024-01xx/CVE-2024-0195.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-21623](CVE-2024/CVE-2024-216xx/CVE-2024-21623.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-21627](CVE-2024/CVE-2024-216xx/CVE-2024-21627.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-0196](CVE-2024/CVE-2024-01xx/CVE-2024-0196.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-21628](CVE-2024/CVE-2024-216xx/CVE-2024-21628.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-21629](CVE-2024/CVE-2024-216xx/CVE-2024-21629.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-21632](CVE-2024/CVE-2024-216xx/CVE-2024-21632.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-0207](CVE-2024/CVE-2024-02xx/CVE-2024-0207.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-0208](CVE-2024/CVE-2024-02xx/CVE-2024-0208.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-0209](CVE-2024/CVE-2024-02xx/CVE-2024-0209.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-0210](CVE-2024/CVE-2024-02xx/CVE-2024-0210.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-0211](CVE-2024/CVE-2024-02xx/CVE-2024-0211.json) (`2024-01-03T13:48:00.677`)
* [CVE-2024-0201](CVE-2024/CVE-2024-02xx/CVE-2024-0201.json) (`2024-01-03T13:48:00.677`)
* [CVE-2023-7039](CVE-2023/CVE-2023-70xx/CVE-2023-7039.json) (`2024-01-03T15:03:23.020`)
* [CVE-2023-40058](CVE-2023/CVE-2023-400xx/CVE-2023-40058.json) (`2024-01-03T15:08:28.433`)
* [CVE-2023-4911](CVE-2023/CVE-2023-49xx/CVE-2023-4911.json) (`2024-01-03T15:15:09.770`)
* [CVE-2023-6546](CVE-2023/CVE-2023-65xx/CVE-2023-6546.json) (`2024-01-03T15:20:36.160`)
## Download and Usage