admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-10T00:55:25.999809+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-10 00:55:29 +00:00
parent e29fcb9853
commit f7dbf63706
26 changed files with 1148 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-30xx/CVE-2023-3043.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-3043",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:09.290",
"lastModified": "2024-01-09T23:15:09.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\nAMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker may\ncause a stack-based buffer overflow via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34332.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34332",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:07.817",
"lastModified": "2024-01-09T23:15:07.817",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\nAMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker\nmay cause an untrusted pointer to dereference by a local network. A successful\nexploitation of this vulnerability may lead to a loss of confidentiality,\nintegrity, and/or availability. \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-822"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
}
]
}

55
CVE-2023/CVE-2023-343xx/CVE-2023-34333.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-34333",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.223",
"lastModified": "2024-01-09T23:15:08.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\n\n\n\n\nAMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker may cause an\nuntrusted pointer to dereference via a local network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability.\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-822"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
}
]
}

55
CVE-2023/CVE-2023-372xx/CVE-2023-37293.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37293",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.413",
"lastModified": "2024-01-09T23:15:08.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "AMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker may cause a\nstack-based buffer overflow via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
}
]
}

55
CVE-2023/CVE-2023-372xx/CVE-2023-37294.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37294",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.600",
"lastModified": "2024-01-09T23:15:08.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\n\n\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a heap memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
}
]
}

55
CVE-2023/CVE-2023-372xx/CVE-2023-37295.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37295",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.770",
"lastModified": "2024-01-09T23:15:08.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a heap memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
}
]
}

55
CVE-2023/CVE-2023-372xx/CVE-2023-37296.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37296",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:08.940",
"lastModified": "2024-01-09T23:15:08.940",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a stack memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
}
]
}

55
CVE-2023/CVE-2023-372xx/CVE-2023-37297.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-37297",
"sourceIdentifier": "biossecurity@ami.com",
"published": "2024-01-09T23:15:09.110",
"lastModified": "2024-01-09T23:15:09.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a heap memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "biossecurity@ami.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf",
"source": "biossecurity@ami.com"
}
]
}

20
CVE-2023/CVE-2023-479xx/CVE-2023-47992.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47992",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T23:15:09.467",
"lastModified": "2024-01-09T23:15:09.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47992",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-479xx/CVE-2023-47993.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47993",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T23:15:09.530",
"lastModified": "2024-01-09T23:15:09.530",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47993",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-479xx/CVE-2023-47994.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47994",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T23:15:09.583",
"lastModified": "2024-01-09T23:15:09.583",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47994",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-479xx/CVE-2023-47995.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47995",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T23:15:09.637",
"lastModified": "2024-01-09T23:15:09.637",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://freeimage.sourceforge.io/",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-479xx/CVE-2023-47996.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47996",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-09T23:15:09.680",
"lastModified": "2024-01-09T23:15:09.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-479xx/CVE-2023-47997.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-47997",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-10T00:15:45.463",
"lastModified": "2024-01-10T00:15:45.463",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-486xx/CVE-2023-48655.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48655",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.640",
"lastModified": "2023-11-22T17:35:04.137",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-10T00:15:45.530",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -83,6 +83,10 @@
"Issue Tracking",
"Patch"
]
},
{
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-486xx/CVE-2023-48656.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48656",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.690",
"lastModified": "2023-11-22T17:35:26.090",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-10T00:15:45.627",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -83,6 +83,10 @@
"Issue Tracking",
"Patch"
]
},
{
"url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-486xx/CVE-2023-48657.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48657",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.740",
"lastModified": "2023-11-22T17:53:34.483",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-10T00:15:45.697",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -84,6 +84,10 @@
"Patch",
"Release Notes"
]
},
{
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-486xx/CVE-2023-48658.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48658",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.793",
"lastModified": "2023-11-22T17:54:32.743",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-10T00:15:45.780",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -84,6 +84,10 @@
"Patch",
"Release Notes"
]
},
{
"url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-486xx/CVE-2023-48659.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-48659",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-11-17T05:15:12.847",
"lastModified": "2023-11-22T17:54:40.517",
"vulnStatus": "Analyzed",
"lastModified": "2024-01-10T00:15:45.860",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -84,6 +84,10 @@
"Patch",
"Release Notes"
]
},
{
"url": "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/",
"source": "cve@mitre.org"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0349.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0349",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T23:15:09.727",
"lastModified": "2024-01-09T23:15:09.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-614"
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250117",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250117",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0350.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0350",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T23:15:09.947",
"lastModified": "2024-01-09T23:15:09.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 2.1
},
"baseSeverity": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/fckFBASJ#lffaC0xY44ri9Ln-7hrUbUtq2GTiE8roiW8guR7QeVE",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250118",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250118",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0351.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0351",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T23:15:10.180",
"lastModified": "2024-01-09T23:15:10.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250119."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.1,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 2.6
},
"baseSeverity": "LOW",
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250119",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250119",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0352.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0352",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-09T23:15:10.403",
"lastModified": "2024-01-09T23:15:10.403",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/ciwYj7QXC4sZ",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250120",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250120",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0354.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0354",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T00:15:45.950",
"lastModified": "2024-01-10T00:15:45.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-24"
}
]
}
],
"references": [
{
"url": "https://note.zhaoj.in/share/nHD5xiHQgHG0",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250121",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250121",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-03xx/CVE-2024-0355.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-0355",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-10T00:15:46.217",
"lastModified": "2024-01-10T00:15:46.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "ADJACENT_NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.2
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 5.1,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.250122",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.250122",
"source": "cna@vuldb.com"
}
]
}

52
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-09T23:00:25.204357+00:00
2024-01-10T00:55:25.999809+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-09T22:15:44.257000+00:00
2024-01-10T00:15:46.217000+00:00
```
### Last Data Feed Release
@ -29,36 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
235341
235361
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `20`
* [CVE-2023-38827](CVE-2023/CVE-2023-388xx/CVE-2023-38827.json) (`2024-01-09T22:15:43.263`)
* [CVE-2023-50136](CVE-2023/CVE-2023-501xx/CVE-2023-50136.json) (`2024-01-09T22:15:43.350`)
* [CVE-2023-5770](CVE-2023/CVE-2023-57xx/CVE-2023-5770.json) (`2024-01-09T22:15:43.400`)
* [CVE-2023-6476](CVE-2023/CVE-2023-64xx/CVE-2023-6476.json) (`2024-01-09T22:15:43.610`)
* [CVE-2024-0344](CVE-2024/CVE-2024-03xx/CVE-2024-0344.json) (`2024-01-09T21:15:08.123`)
* [CVE-2024-0345](CVE-2024/CVE-2024-03xx/CVE-2024-0345.json) (`2024-01-09T21:15:08.347`)
* [CVE-2024-0346](CVE-2024/CVE-2024-03xx/CVE-2024-0346.json) (`2024-01-09T22:15:43.800`)
* [CVE-2024-0347](CVE-2024/CVE-2024-03xx/CVE-2024-0347.json) (`2024-01-09T22:15:44.027`)
* [CVE-2024-0348](CVE-2024/CVE-2024-03xx/CVE-2024-0348.json) (`2024-01-09T22:15:44.257`)
* [CVE-2023-34332](CVE-2023/CVE-2023-343xx/CVE-2023-34332.json) (`2024-01-09T23:15:07.817`)
* [CVE-2023-34333](CVE-2023/CVE-2023-343xx/CVE-2023-34333.json) (`2024-01-09T23:15:08.223`)
* [CVE-2023-37293](CVE-2023/CVE-2023-372xx/CVE-2023-37293.json) (`2024-01-09T23:15:08.413`)
* [CVE-2023-37294](CVE-2023/CVE-2023-372xx/CVE-2023-37294.json) (`2024-01-09T23:15:08.600`)
* [CVE-2023-37295](CVE-2023/CVE-2023-372xx/CVE-2023-37295.json) (`2024-01-09T23:15:08.770`)
* [CVE-2023-37296](CVE-2023/CVE-2023-372xx/CVE-2023-37296.json) (`2024-01-09T23:15:08.940`)
* [CVE-2023-37297](CVE-2023/CVE-2023-372xx/CVE-2023-37297.json) (`2024-01-09T23:15:09.110`)
* [CVE-2023-3043](CVE-2023/CVE-2023-30xx/CVE-2023-3043.json) (`2024-01-09T23:15:09.290`)
* [CVE-2023-47992](CVE-2023/CVE-2023-479xx/CVE-2023-47992.json) (`2024-01-09T23:15:09.467`)
* [CVE-2023-47993](CVE-2023/CVE-2023-479xx/CVE-2023-47993.json) (`2024-01-09T23:15:09.530`)
* [CVE-2023-47994](CVE-2023/CVE-2023-479xx/CVE-2023-47994.json) (`2024-01-09T23:15:09.583`)
* [CVE-2023-47995](CVE-2023/CVE-2023-479xx/CVE-2023-47995.json) (`2024-01-09T23:15:09.637`)
* [CVE-2023-47996](CVE-2023/CVE-2023-479xx/CVE-2023-47996.json) (`2024-01-09T23:15:09.680`)
* [CVE-2023-47997](CVE-2023/CVE-2023-479xx/CVE-2023-47997.json) (`2024-01-10T00:15:45.463`)
* [CVE-2024-0349](CVE-2024/CVE-2024-03xx/CVE-2024-0349.json) (`2024-01-09T23:15:09.727`)
* [CVE-2024-0350](CVE-2024/CVE-2024-03xx/CVE-2024-0350.json) (`2024-01-09T23:15:09.947`)
* [CVE-2024-0351](CVE-2024/CVE-2024-03xx/CVE-2024-0351.json) (`2024-01-09T23:15:10.180`)
* [CVE-2024-0352](CVE-2024/CVE-2024-03xx/CVE-2024-0352.json) (`2024-01-09T23:15:10.403`)
* [CVE-2024-0354](CVE-2024/CVE-2024-03xx/CVE-2024-0354.json) (`2024-01-10T00:15:45.950`)
* [CVE-2024-0355](CVE-2024/CVE-2024-03xx/CVE-2024-0355.json) (`2024-01-10T00:15:46.217`)
### CVEs modified in the last Commit
Recently modified CVEs: `8`
Recently modified CVEs: `5`
* [CVE-2023-6600](CVE-2023/CVE-2023-66xx/CVE-2023-6600.json) (`2024-01-09T21:01:53.373`)
* [CVE-2023-6524](CVE-2023/CVE-2023-65xx/CVE-2023-6524.json) (`2024-01-09T21:07:07.617`)
* [CVE-2023-52266](CVE-2023/CVE-2023-522xx/CVE-2023-52266.json) (`2024-01-09T21:08:23.073`)
* [CVE-2023-6927](CVE-2023/CVE-2023-69xx/CVE-2023-6927.json) (`2024-01-09T21:15:07.990`)
* [CVE-2023-50090](CVE-2023/CVE-2023-500xx/CVE-2023-50090.json) (`2024-01-09T21:18:46.207`)
* [CVE-2023-52267](CVE-2023/CVE-2023-522xx/CVE-2023-52267.json) (`2024-01-09T21:19:32.343`)
* [CVE-2023-52262](CVE-2023/CVE-2023-522xx/CVE-2023-52262.json) (`2024-01-09T21:20:26.513`)
* [CVE-2023-52263](CVE-2023/CVE-2023-522xx/CVE-2023-52263.json) (`2024-01-09T21:37:09.483`)
* [CVE-2023-48655](CVE-2023/CVE-2023-486xx/CVE-2023-48655.json) (`2024-01-10T00:15:45.530`)
* [CVE-2023-48656](CVE-2023/CVE-2023-486xx/CVE-2023-48656.json) (`2024-01-10T00:15:45.627`)
* [CVE-2023-48657](CVE-2023/CVE-2023-486xx/CVE-2023-48657.json) (`2024-01-10T00:15:45.697`)
* [CVE-2023-48658](CVE-2023/CVE-2023-486xx/CVE-2023-48658.json) (`2024-01-10T00:15:45.780`)
* [CVE-2023-48659](CVE-2023/CVE-2023-486xx/CVE-2023-48659.json) (`2024-01-10T00:15:45.860`)
## Download and Usage