admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-22T07:00:24.465481+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-22 07:00:28 +00:00
parent 85433ada00
commit fb53f81621
8 changed files with 210 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
CVE-2017/CVE-2017-201xx/CVE-2017-20189.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2017-20189",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T06:15:07.563",
"lastModified": "2024-01-22T06:15:07.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Clojure before 1.9.0, classes can be used to construct a serialized object that executes arbitrary code upon deserialization. This is relevant if a server deserializes untrusted objects."
}
],
"metrics": {},
"references": [
{
"url": "https://clojure.atlassian.net/browse/CLJ-2204",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/clojure/clojure/commit/271674c9b484d798484d134a5ac40a6df15d3ac3",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/frohoff/ysoserial/pull/68/files",
"source": "cve@mitre.org"
},
{
"url": "https://hackmd.io/%40fe1w0/HyefvRQKp",
"source": "cve@mitre.org"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGCLOJURE-5740378",
"source": "cve@mitre.org"
}
]
}

32
CVE-2023/CVE-2023-473xx/CVE-2023-47352.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2023-47352",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T05:15:08.307",
"lastModified": "2024-01-22T05:15:08.307",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Technicolor TC8715D devices have predictable default WPA2 security passwords. An attacker who scans for SSID and BSSID values may be able to predict these passwords."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/actuator/Technicolor/blob/main/TC8715D.png",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/actuator/cve/blob/main/Technicolor/CVE-2023-47352",
"source": "cve@mitre.org"
},
{
"url": "https://i.ebayimg.com/images/g/d4EAAOSwV01kEM26/s-l1600.jpg",
"source": "cve@mitre.org"
},
{
"url": "https://i.ebayimg.com/images/g/zp8AAOSwbNpkEM26/s-l1600.jpg",
"source": "cve@mitre.org"
}
]
}

20
CVE-2023/CVE-2023-523xx/CVE-2023-52354.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2023-52354",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-22T06:15:07.780",
"lastModified": "2024-01-22T06:15:07.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "chasquid before 1.13 allows SMTP smuggling because LF-terminated lines are accepted."
}
],
"metrics": {},
"references": [
{
"url": "https://blitiri.com.ar/p/chasquid/relnotes/#113-2023-12-24",
"source": "cve@mitre.org"
}
]
}

6
CVE-2023/CVE-2023-70xx/CVE-2023-7042.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-7042",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-21T20:15:09.267",
"lastModified": "2024-01-22T03:15:07.900",
"lastModified": "2024-01-22T05:15:08.547",
"vulnStatus": "Modified",
"descriptions": [
{
@ -118,6 +118,10 @@
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/54PLF5J33IRSLSR4UU6LQSMXX6FI5AOQ/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C25BK2YH5MZ6VNQXKF2NAJBTGXVEPKGC/",
"source": "secalert@redhat.com"
},
{
"url": "https://patchwork.kernel.org/project/linux-wireless/patch/20231208043433.271449-1-hdthky0@gmail.com/",
"source": "secalert@redhat.com",

8
CVE-2024/CVE-2024-06xx/CVE-2024-0647.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0647",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-17T19:15:08.480",
"lastModified": "2024-01-17T19:22:17.977",
"lastModified": "2024-01-22T06:15:07.860",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability."
},
{
"lang": "es",
"value": "Una vulnerabilidad clasificada como problem\u00e1tica fue encontrada en Sparksuite SimpleMDE hasta 1.11.2. Una parte desconocida del componente iFrame Handler afecta a una parte desconocida. La manipulaci\u00f3n conduce a cross site scripting. Es posible iniciar el ataque de forma remota. La explotaci\u00f3n ha sido divulgada al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-251373."
}
],
"metrics": {
@ -81,7 +85,7 @@
"source": "cna@vuldb.com"
},
{
"url": "https://youtu.be/t-mDofraMcc",
"url": "https://www.youtube.com/watch?v=KtDjoJlrpAc",
"source": "cna@vuldb.com"
}
]

75
CVE-2024/CVE-2024-214xx/CVE-2024-21484.json Normal file
View File

@ -0,0 +1,75 @@
{
"id": "CVE-2024-21484",
"sourceIdentifier": "report@snyk.io",
"published": "2024-01-22T05:15:08.720",
"lastModified": "2024-01-22T05:15:08.720",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting this vulnerability. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key.\r\r Workaround \r\rThis vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "report@snyk.io",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "report@snyk.io",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://github.com/kjur/jsrsasign/issues/598",
"source": "report@snyk.io"
},
{
"url": "https://github.com/kjur/jsrsasign/releases/tag/11.0.0",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732",
"source": "report@snyk.io"
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731",
"source": "report@snyk.io"
}
]
}

24
CVE-2024/CVE-2024-221xx/CVE-2024-22113.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-22113",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-01-22T05:15:09.050",
"lastModified": "2024-01-22T05:15:09.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL."
}
],
"metrics": {},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN73587943/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://www.anglers-net.com/anlog/update/",
"source": "vultures@jpcert.or.jp"
}
]
}

24
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-01-22T05:00:24.314078+00:00
2024-01-22T07:00:24.465481+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-01-22T04:15:07.723000+00:00
2024-01-22T06:15:07.860000+00:00
```
### Last Data Feed Release
@ -29,26 +29,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
236490
236495
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `5`
* [CVE-2024-23768](CVE-2024/CVE-2024-237xx/CVE-2024-23768.json) (`2024-01-22T03:15:08.203`)
* [CVE-2024-23770](CVE-2024/CVE-2024-237xx/CVE-2024-23770.json) (`2024-01-22T04:15:07.670`)
* [CVE-2024-23771](CVE-2024/CVE-2024-237xx/CVE-2024-23771.json) (`2024-01-22T04:15:07.723`)
* [CVE-2017-20189](CVE-2017/CVE-2017-201xx/CVE-2017-20189.json) (`2024-01-22T06:15:07.563`)
* [CVE-2023-47352](CVE-2023/CVE-2023-473xx/CVE-2023-47352.json) (`2024-01-22T05:15:08.307`)
* [CVE-2023-52354](CVE-2023/CVE-2023-523xx/CVE-2023-52354.json) (`2024-01-22T06:15:07.780`)
* [CVE-2024-21484](CVE-2024/CVE-2024-214xx/CVE-2024-21484.json) (`2024-01-22T05:15:08.720`)
* [CVE-2024-22113](CVE-2024/CVE-2024-221xx/CVE-2024-22113.json) (`2024-01-22T05:15:09.050`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
Recently modified CVEs: `2`
* [CVE-2023-6816](CVE-2023/CVE-2023-68xx/CVE-2023-6816.json) (`2024-01-22T03:15:07.800`)
* [CVE-2023-7042](CVE-2023/CVE-2023-70xx/CVE-2023-7042.json) (`2024-01-22T03:15:07.900`)
* [CVE-2024-0408](CVE-2024/CVE-2024-04xx/CVE-2024-0408.json) (`2024-01-22T03:15:08.023`)
* [CVE-2024-0409](CVE-2024/CVE-2024-04xx/CVE-2024-0409.json) (`2024-01-22T03:15:08.120`)
* [CVE-2023-7042](CVE-2023/CVE-2023-70xx/CVE-2023-7042.json) (`2024-01-22T05:15:08.547`)
* [CVE-2024-0647](CVE-2024/CVE-2024-06xx/CVE-2024-0647.json) (`2024-01-22T06:15:07.860`)
## Download and Usage