admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-12-03T03:00:48.956016+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-12-03 03:04:00 +00:00
parent 69ad79637e
commit ec7114b245
8 changed files with 293 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
CVE-2018/CVE-2018-94xx/CVE-2018-9441.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9441",
"sourceIdentifier": "security@android.com",
"published": "2024-12-03T01:15:04.697",
"lastModified": "2024-12-03T01:15:04.697",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds\u00a0read due to an incorrect bounds check. This could lead to local information\u00a0disclosure with no additional execution privileges needed. User interaction\u00a0is needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-08-01",
"source": "security@android.com"
}
]
}

21
CVE-2018/CVE-2018-94xx/CVE-2018-9449.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2018-9449",
"sourceIdentifier": "security@android.com",
"published": "2024-12-03T01:15:04.803",
"lastModified": "2024-12-03T01:15:04.803",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due\u00a0to a missing bounds check. This could lead to local information disclosure\u00a0with no additional execution privileges needed. User interaction is not\u00a0needed for exploitation."
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/docs/security/bulletin/pixel/2018-08-01",
"source": "security@android.com"
}
]
}

77
CVE-2021/CVE-2021-207xx/CVE-2021-20784.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2021-20784",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2021-07-14T02:15:07.577",
"lastModified": "2023-01-09T20:03:45.870",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-03T02:15:16.550",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspecified vectors."
"value": "HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product."
},
{
"lang": "es",
@ -23,6 +23,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +32,29 @@
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV30": [
{
"source": "vultures@jpcert.or.jp",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
@ -45,13 +67,13 @@
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"baseScore": 5.8,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.8
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
@ -66,8 +88,18 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "vultures@jpcert.or.jp",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-644"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -110,11 +142,8 @@
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN68971465/index.html",
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
"url": "https://jvn.jp/en/jp/JVN68971465/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.voidtools.com/",
@ -130,6 +159,28 @@
"Product",
"Vendor Advisory"
]
},
{
"url": "https://jvn.jp/en/jp/JVN68971465/index.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.voidtools.com/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.voidtools.com/downloads/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-87xx/CVE-2024-8748.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-8748",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-12-03T02:15:17.620",
"lastModified": "2024-12-03T02:15:17.620",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A buffer overflow vulnerability in the packet parser of the third-party library \"libclinkc\" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024",
"source": "security@zyxel.com.tw"
}
]
}

56
CVE-2024/CVE-2024-91xx/CVE-2024-9197.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-9197",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-12-03T02:15:17.773",
"lastModified": "2024-12-03T02:15:17.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication buffer overflow vulnerability in the parameter \"action\" of the CGI program in Zyxel VMG3625-T50B firmware versions through\u00a0V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024",
"source": "security@zyxel.com.tw"
}
]
}

56
CVE-2024/CVE-2024-92xx/CVE-2024-9200.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-9200",
"sourceIdentifier": "security@zyxel.com.tw",
"published": "2024-12-03T02:15:17.913",
"lastModified": "2024-12-03T02:15:17.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A post-authentication command injection vulnerability in the \"host\" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@zyxel.com.tw",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-and-post-authentication-command-injection-vulnerabilities-in-some-4g-lte-5g-nr-cpe-dsl-ethernet-cpe-fiber-onts-and-wifi-extenders-12-03-2024",
"source": "security@zyxel.com.tw"
}
]
}

19
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-12-03T00:56:04.444199+00:00
2024-12-03T03:00:48.956016+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-12-02T23:15:05.673000+00:00
2024-12-03T02:15:17.913000+00:00
```
### Last Data Feed Release
@ -27,26 +27,31 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-12-02T01:00:10.101849+00:00
2024-12-03T01:00:10.059043+00:00
```
### Total Number of included CVEs
```plain
271944
271949
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `5`
- [CVE-2024-53937](CVE-2024/CVE-2024-539xx/CVE-2024-53937.json) (`2024-12-02T23:15:05.673`)
- [CVE-2018-9441](CVE-2018/CVE-2018-94xx/CVE-2018-9441.json) (`2024-12-03T01:15:04.697`)
- [CVE-2018-9449](CVE-2018/CVE-2018-94xx/CVE-2018-9449.json) (`2024-12-03T01:15:04.803`)
- [CVE-2024-8748](CVE-2024/CVE-2024-87xx/CVE-2024-8748.json) (`2024-12-03T02:15:17.620`)
- [CVE-2024-9197](CVE-2024/CVE-2024-91xx/CVE-2024-9197.json) (`2024-12-03T02:15:17.773`)
- [CVE-2024-9200](CVE-2024/CVE-2024-92xx/CVE-2024-9200.json) (`2024-12-03T02:15:17.913`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2021-20784](CVE-2021/CVE-2021-207xx/CVE-2021-20784.json) (`2024-12-03T02:15:16.550`)
## Download and Usage

9
_state.csv
View File

@ -126970,10 +126970,12 @@ CVE-2018-9436,0,0,c8a247a24c83592bc549534ae7eaaefb20fd255e25c6b61b4321b051f8f1ed
CVE-2018-9437,0,0,2fe7c032447c4aee2d71cdb7773a63d008648862a1635a0096aea7442fa776a0,2018-12-12T21:23:38.690000
CVE-2018-9438,0,0,9dbca74422ec533040b998a41e1e9831a0ef457b53367dc472271daa39aa9ea8,2019-10-03T00:03:26.223000
CVE-2018-9440,0,0,5d528d97aa009b19faaf4b76b2810035a508f7ff2a656fcd3a5ea6d1c0d4ebd7,2024-11-22T21:30:26.993000
CVE-2018-9441,1,1,64e0ca2bcf827a0c3a213e5b6d51a206424c5243615bed13cdf55ac8ff086493,2024-12-03T01:15:04.697000
CVE-2018-9444,0,0,845df1a91dbb86e10e94c2948d2846f136bb91fcf20699ed819d25cc42061c97,2019-10-03T00:03:26.223000
CVE-2018-9445,0,0,98705da52e00a08c614b22fd78898c2cac0a1a38aa43d2cb54a22be54b025a7f,2018-12-12T21:11:21.837000
CVE-2018-9446,0,0,aade2e9dd27e08888d7772668cb279781f71a8adf195cc015d694763f350e194,2018-12-12T21:04:55.173000
CVE-2018-9448,0,0,6f09b1e98acf930f94a509976debb4b57f40d675d8c3078ca467fb9170d1e624,2018-12-12T21:02:17.877000
CVE-2018-9449,1,1,3180cc976c0636dccd35b3a0144c54d1a1cf2fda607b0f3ceb51b090085bc964,2024-12-03T01:15:04.803000
CVE-2018-9450,0,0,88a5539155afc3838696edab4f8304f63eba50f73be2aafec2b62ff10c75122f,2018-12-12T20:55:12.133000
CVE-2018-9451,0,0,129d08baf0933d3fb93461fbfc4f9a2f145f8900af6404108ecd3acb357d36b8,2018-12-12T20:48:51.673000
CVE-2018-9452,0,0,780910fe7d2739fa64e821536152992dd248be72f6bf6989ab9ade5896bbdc38,2023-11-07T03:01:36.743000
@ -167305,7 +167307,7 @@ CVE-2021-20780,0,0,034fd0ea3f66dffde8319d02f1f6ff59878838b144363eab428fe76a871fa
CVE-2021-20781,0,0,e92b0356c1a59738fab9eee23481d0b7ba73842efcd8a56472874f0500673d6e,2021-07-15T23:51:26.427000
CVE-2021-20782,0,0,055f8d7edf95bef6853a658f324088d58382e38c72033b3a5fbcd3659b4f029b,2021-07-15T23:51:01
CVE-2021-20783,0,0,aac551605ce5443319e87b63909a740bac3c0c4e882e9f94edc19119af7e45f0,2021-08-09T17:43:09.083000
CVE-2021-20784,0,0,5e614ca65097237eda897a4587879c9c02340ca8ea540adf2d15411ae2938739,2023-01-09T20:03:45.870000
CVE-2021-20784,0,1,2141e2a7573719e61083ea8ae8452c48c8c9eaed2f48b4ed766347876dd8fc1d,2024-12-03T02:15:16.550000
CVE-2021-20785,0,0,1330fc10280ca640166a3fa0933d054e6e193def77f121c41dbf9a635fa44e97,2021-08-06T12:16:27.157000
CVE-2021-20786,0,0,1c4c03ddf89e26e9068ee12848162e0793f0e13bac0f0da74f8f482cd9671373,2021-08-06T19:32:48.483000
CVE-2021-20787,0,0,5305ab0160b3f29fefae35c8de5fd2e7e93d96a3a48ee42ce17906bbe967ca73,2021-08-06T12:42:19.363000
@ -268097,7 +268099,7 @@ CVE-2024-5392,0,0,b24872fec717fdd1d01c0a9d16cd8dae85d0db85954b236e74ba95a5e5c835
CVE-2024-53920,0,0,a291ce56b664f688b2d6f36f512bf0b737cf558f95f0af0d70bd1b3310ba1ecf,2024-12-02T17:15:13.913000
CVE-2024-5393,0,0,295d4f9eb57788d71849a73c0b5d6c4f89e92a1e7613c6c16abcfeb4329f6a42,2024-06-04T19:21:08.420000
CVE-2024-53930,0,0,1076c24462100197e38bce4bb3bb1d95bc12e583ba6e6f216b5c96e80fcd4c47,2024-11-26T16:15:21.150000
CVE-2024-53937,1,1,b25de77736c9e3f417d080678e39d183775a1e387806a300f481aa2e7cce50d5,2024-12-02T23:15:05.673000
CVE-2024-53937,0,0,b25de77736c9e3f417d080678e39d183775a1e387806a300f481aa2e7cce50d5,2024-12-02T23:15:05.673000
CVE-2024-53938,0,0,00aded0375d391a087a15db921a447eed8670e453691bf728d3fae98e66e6100,2024-12-02T22:15:10.633000
CVE-2024-53939,0,0,e7320e3797895c63e43c4a9ec5307dd5f614a377bc9de5971ce6aab8c2f2f12b,2024-12-02T22:15:10.757000
CVE-2024-5394,0,0,aaadf9a58796777f85dc2107a816ebb5c0ae4c9d890d2d8c3ab15382290e4f66,2024-06-04T19:21:08.527000
@ -270989,6 +270991,7 @@ CVE-2024-8742,0,0,22ad08a64cc55234113e83ee811bd639e6d0a7f5c2878d141833012213ce63
CVE-2024-8743,0,0,65920323e1d664fd8f354bc76b73276103c2d19a537eecec01fa5cc8c5638d58,2024-10-07T17:48:28.117000
CVE-2024-8746,0,0,9b12bf69372f6b3575fc1d522f2243a86d48c59565605043b626c3c9ab06c3c5,2024-10-17T18:22:18.277000
CVE-2024-8747,0,0,c8071dd8d89406610db13dc6a04dbbb98461ebd7257641ae31a11de6b1ad5c9f,2024-09-26T19:23:12.477000
CVE-2024-8748,1,1,7e9a9661b345923000c3e16436413f72dc529d15366faac99b1e5d2458a88011,2024-12-03T02:15:17.620000
CVE-2024-8749,0,0,dc7dd50ec6adedb45c385a82f706a7ab45f55e506e70a64a626b0d8f521f6289,2024-09-18T18:53:54.860000
CVE-2024-8750,0,0,6aa000b45a0c694359dda91e7e992492dcd4e93d6e7b8c131ee0a86fa36b5620,2024-09-18T20:38:42.123000
CVE-2024-8751,0,0,dd4f77422f5dc981129a2e765da3e243ee86648b85be15172cd0c4e6601f992a,2024-09-13T14:06:04.777000
@ -271327,8 +271330,10 @@ CVE-2024-9189,0,0,589dc859bd1b4dfe4aefe62d286159acb6f430185a125dd81b1568310ee1bb
CVE-2024-9191,0,0,ee6dfe1b0c94de0c4973c32fd9b929e1fce6c45c7ed6900711a578d548548d42,2024-11-05T17:06:41.363000
CVE-2024-9192,0,0,6b4f5a1acbf9a7dc210d7032de22d145ff71455a06b1f810943596d74d74ef04,2024-11-18T17:11:17.393000
CVE-2024-9194,0,0,94d0f5f267ad180c0cf40bc9b87cc59bf3002f59241057e5b89ba1ec25bacf82,2024-10-04T13:51:25.567000
CVE-2024-9197,1,1,2dd7b024fb584d944b0189015d8405b30144aa1b82f47648a2753c31c3accff7,2024-12-03T02:15:17.773000
CVE-2024-9198,0,0,f43e7cbf5ad8264654a856d8df5069cea0145a66becd85052219123b3f2b7d6c,2024-10-02T14:33:52.780000
CVE-2024-9199,0,0,0d70434db3b8e5067294d8da03c36e695141f2bf7d8322fbb68a3bc3177abf45,2024-10-02T14:33:54.607000
CVE-2024-9200,1,1,81943866d94dfb8fa311510c35ffc3da0ab252799cab24090b4d96c4fbcc2d6f,2024-12-03T02:15:17.913000
CVE-2024-9201,0,0,043f6236f1ae15d80746e8fc0b7abf34a1eabf9fc134bbb1f48cfb27d8617ff9,2024-10-16T16:55:44.817000
CVE-2024-9202,0,0,808b8091e3582386849f2f7767feb40805cba585b6581ba135c1d621ab219188,2024-09-30T12:46:20.237000
CVE-2024-9203,0,0,e6eb6874bd83da6550f594261cd60c3d082a0ed5dbc17d4c1b083dd114dee5d8,2024-09-30T12:46:20.237000

Can't render this file because it is too large.