admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-30 02:00:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-04T11:00:58.007071+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-04 11:01:01 +00:00
parent 68459f6938
commit fa3fae46cd
13 changed files with 176 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2023/CVE-2023-425xx/CVE-2023-42536.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-42536",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-11-07T08:15:18.313",
"lastModified": "2023-11-13T18:12:16.523",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-04T09:15:37.057",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write."
"value": "An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write."
},
{
"lang": "es",
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4
"impactScore": 5.9
}
]
},

20
CVE-2023/CVE-2023-425xx/CVE-2023-42537.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-42537",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-11-07T08:15:18.843",
"lastModified": "2023-11-13T18:12:44.767",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-04T09:15:37.360",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write."
"value": "An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write."
},
{
"lang": "es",
@ -41,20 +41,20 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4
"impactScore": 5.9
}
]
},

6
CVE-2023/CVE-2023-425xx/CVE-2023-42538.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-42538",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2023-11-07T08:15:19.090",
"lastModified": "2023-11-13T18:12:31.947",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-04T09:15:37.553",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write."
"value": "An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write."
},
{
"lang": "es",

32
CVE-2023/CVE-2023-61xx/CVE-2023-6143.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-6143",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-03-04T10:15:08.807",
"lastModified": "2024-03-04T10:15:08.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Use After Free vulnerability in Arm Ltd Midgard GPU Kernel Driver, Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to exploit a software race condition to perform improper memory processing operations. If the system\u2019s memory is carefully prepared by the user and the system is under heavy load, then this in turn cause a use-after-free.This issue affects Midgard GPU Kernel Driver: from r13p0 through r32p0; Bifrost GPU Kernel Driver: from r1p0 through r18p0; Valhall GPU Kernel Driver: from r37p0 through r46p0; Arm 5th Gen GPU Architecture Kernel Driver: from r41p0 through r46p0.\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "arm-security@arm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
}
]
}

14
CVE-2024/CVE-2024-15xx/CVE-2024-1546.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1546",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.477",
"lastModified": "2024-02-20T20:15:08.167",
"lastModified": "2024-03-04T09:15:37.650",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."
},
{
"lang": "es",
"value": "Al almacenar y volver a acceder a datos en un canal de red, es posible que se haya confundido la longitud de los bufferse, lo que resulta en una lectura de memoria fuera de los l\u00edmites. Esta vulnerabilidad afecta a Firefox &lt; 123, Firefox ESR &lt; 115.8 y Thunderbird &lt; 115.8."
}
],
"metrics": {},
@ -16,6 +20,14 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1843752",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"

14
CVE-2024/CVE-2024-15xx/CVE-2024-1547.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1547",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.547",
"lastModified": "2024-02-20T20:15:08.220",
"lastModified": "2024-03-04T09:15:37.740",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."
},
{
"lang": "es",
"value": "A trav\u00e9s de una serie de llamadas API y redireccionamientos, se podr\u00eda haber mostrado un cuadro de di\u00e1logo de alerta controlado por el atacante en otro sitio web (con la URL del sitio web de la v\u00edctima mostrada). Esta vulnerabilidad afecta a Firefox &lt; 123, Firefox ESR &lt; 115.8 y Thunderbird &lt; 115.8."
}
],
"metrics": {},
@ -16,6 +20,14 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1877879",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"

14
CVE-2024/CVE-2024-15xx/CVE-2024-1548.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1548",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.603",
"lastModified": "2024-02-20T20:15:08.267",
"lastModified": "2024-03-04T09:15:37.787",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."
},
{
"lang": "es",
"value": "Un sitio web podr\u00eda haber oscurecido la notificaci\u00f3n de pantalla completa mediante el uso de un elemento de entrada de selecci\u00f3n desplegable. Esto podr\u00eda haber generado confusi\u00f3n en los usuarios y posibles ataques de suplantaci\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox &lt; 123, Firefox ESR &lt; 115.8 y Thunderbird &lt; 115.8."
}
],
"metrics": {},
@ -16,6 +20,14 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1832627",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"

14
CVE-2024/CVE-2024-15xx/CVE-2024-1549.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1549",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.683",
"lastModified": "2024-02-20T20:15:08.317",
"lastModified": "2024-03-04T09:15:37.830",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."
},
{
"lang": "es",
"value": "Si un sitio web configura un cursor personalizado grande, partes del cursor podr\u00edan haberse superpuesto con el cuadro de di\u00e1logo de permisos, lo que podr\u00eda generar confusi\u00f3n en el usuario y permisos concedidos inesperados. Esta vulnerabilidad afecta a Firefox &lt; 123, Firefox ESR &lt; 115.8 y Thunderbird &lt; 115.8."
}
],
"metrics": {},
@ -16,6 +20,14 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1833814",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"

14
CVE-2024/CVE-2024-15xx/CVE-2024-1550.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1550",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.733",
"lastModified": "2024-02-20T20:15:08.370",
"lastModified": "2024-03-04T09:15:37.870",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."
},
{
"lang": "es",
"value": "Un sitio web malicioso podr\u00eda haber utilizado una combinaci\u00f3n de salir del modo de pantalla completa y `requestPointerLock` para provocar que el mouse del usuario se reposicionara inesperadamente, lo que podr\u00eda haber llevado a confusi\u00f3n al usuario y haber otorgado permisos sin darse cuenta que no ten\u00eda intenci\u00f3n de otorgar. Esta vulnerabilidad afecta a Firefox &lt; 123, Firefox ESR &lt; 115.8 y Thunderbird &lt; 115.8."
}
],
"metrics": {},
@ -16,6 +20,14 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1860065",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"

14
CVE-2024/CVE-2024-15xx/CVE-2024-1551.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1551",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.790",
"lastModified": "2024-02-20T20:15:08.413",
"lastModified": "2024-03-04T09:15:37.913",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."
},
{
"lang": "es",
"value": "Los encabezados de respuesta Set-Cookie se respetaban incorrectamente en las respuestas HTTP de varias partes. Si un atacante pudiera controlar el encabezado de respuesta Content-Type, as\u00ed como controlar parte del cuerpo de la respuesta, podr\u00eda inyectar encabezados de respuesta Set-Cookie que el navegador habr\u00eda respetado. Esta vulnerabilidad afecta a Firefox &lt; 123, Firefox ESR &lt; 115.8 y Thunderbird &lt; 115.8."
}
],
"metrics": {},
@ -16,6 +20,14 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864385",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"

14
CVE-2024/CVE-2024-15xx/CVE-2024-1552.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1552",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.840",
"lastModified": "2024-02-20T20:15:08.460",
"lastModified": "2024-03-04T09:15:37.957",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."
},
{
"lang": "es",
"value": "La generaci\u00f3n incorrecta de c\u00f3digo podr\u00eda haber provocado conversiones num\u00e9ricas inesperadas y un posible comportamiento indefinido.*Nota:* Este problema solo afecta a los dispositivos ARM de 32 bits. Esta vulnerabilidad afecta a Firefox &lt; 123, Firefox ESR &lt; 115.8 y Thunderbird &lt; 115.8."
}
],
"metrics": {},
@ -16,6 +20,14 @@
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1874502",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"

14
CVE-2024/CVE-2024-15xx/CVE-2024-1553.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1553",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.903",
"lastModified": "2024-02-20T20:15:08.510",
"lastModified": "2024-03-04T09:15:37.997",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8."
},
{
"lang": "es",
"value": "Errores de seguridad de la memoria presentes en Firefox 122, Firefox ESR 115.7 y Thunderbird 115.7. Algunos de estos errores mostraron evidencia de corrupci\u00f3n de memoria y suponemos que con suficiente esfuerzo algunos de ellos podr\u00edan haberse aprovechado para ejecutar c\u00f3digo arbitrario. Esta vulnerabilidad afecta a Firefox &lt; 123, Firefox ESR &lt; 115.8 y Thunderbird &lt; 115.8."
}
],
"metrics": {},
@ -16,6 +20,14 @@
"url": "https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855686%2C1867982%2C1871498%2C1872296%2C1873521%2C1873577%2C1873597%2C1873866%2C1874080%2C1874740%2C1875795%2C1875906%2C1876425%2C1878211%2C1878286",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html",
"source": "security@mozilla.org"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html",
"source": "security@mozilla.org"
},
{
"url": "https://www.mozilla.org/security/advisories/mfsa2024-05/",
"source": "security@mozilla.org"

29
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-04T09:08:31.672135+00:00
2024-03-04T11:00:58.007071+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-04T08:15:08.160000+00:00
2024-03-04T10:15:08.807000+00:00
```
### Last Data Feed Release
@ -29,26 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240420
240421
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `1`
* [CVE-2023-25176](CVE-2023/CVE-2023-251xx/CVE-2023-25176.json) (`2024-03-04T07:15:06.387`)
* [CVE-2023-46708](CVE-2023/CVE-2023-467xx/CVE-2023-46708.json) (`2024-03-04T07:15:08.100`)
* [CVE-2023-49602](CVE-2023/CVE-2023-496xx/CVE-2023-49602.json) (`2024-03-04T07:15:08.780`)
* [CVE-2023-4479](CVE-2023/CVE-2023-44xx/CVE-2023-4479.json) (`2024-03-04T08:15:08.160`)
* [CVE-2024-21816](CVE-2024/CVE-2024-218xx/CVE-2024-21816.json) (`2024-03-04T07:15:09.743`)
* [CVE-2024-21826](CVE-2024/CVE-2024-218xx/CVE-2024-21826.json) (`2024-03-04T07:15:10.380`)
* [CVE-2024-26622](CVE-2024/CVE-2024-266xx/CVE-2024-26622.json) (`2024-03-04T07:15:11.063`)
* [CVE-2023-6143](CVE-2023/CVE-2023-61xx/CVE-2023-6143.json) (`2024-03-04T10:15:08.807`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `11`
* [CVE-2023-42536](CVE-2023/CVE-2023-425xx/CVE-2023-42536.json) (`2024-03-04T09:15:37.057`)
* [CVE-2023-42537](CVE-2023/CVE-2023-425xx/CVE-2023-42537.json) (`2024-03-04T09:15:37.360`)
* [CVE-2023-42538](CVE-2023/CVE-2023-425xx/CVE-2023-42538.json) (`2024-03-04T09:15:37.553`)
* [CVE-2024-1546](CVE-2024/CVE-2024-15xx/CVE-2024-1546.json) (`2024-03-04T09:15:37.650`)
* [CVE-2024-1547](CVE-2024/CVE-2024-15xx/CVE-2024-1547.json) (`2024-03-04T09:15:37.740`)
* [CVE-2024-1548](CVE-2024/CVE-2024-15xx/CVE-2024-1548.json) (`2024-03-04T09:15:37.787`)
* [CVE-2024-1549](CVE-2024/CVE-2024-15xx/CVE-2024-1549.json) (`2024-03-04T09:15:37.830`)
* [CVE-2024-1550](CVE-2024/CVE-2024-15xx/CVE-2024-1550.json) (`2024-03-04T09:15:37.870`)
* [CVE-2024-1551](CVE-2024/CVE-2024-15xx/CVE-2024-1551.json) (`2024-03-04T09:15:37.913`)
* [CVE-2024-1552](CVE-2024/CVE-2024-15xx/CVE-2024-1552.json) (`2024-03-04T09:15:37.957`)
* [CVE-2024-1553](CVE-2024/CVE-2024-15xx/CVE-2024-1553.json) (`2024-03-04T09:15:37.997`)
## Download and Usage