From 0b121e03809ca1f8ae862cc72a0240489516046f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 17 Mar 2024 17:03:25 +0000 Subject: [PATCH] Auto-Update: 2024-03-17T17:00:38.003515+00:00 --- CVE-2024/CVE-2024-248xx/CVE-2024-24867.json | 55 +++++++++++++ CVE-2024/CVE-2024-259xx/CVE-2024-25933.json | 55 +++++++++++++ CVE-2024/CVE-2024-25xx/CVE-2024-2565.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-25xx/CVE-2024-2566.json | 88 +++++++++++++++++++++ README.md | 13 +-- _state.csv | 6 +- 6 files changed, 299 insertions(+), 6 deletions(-) create mode 100644 CVE-2024/CVE-2024-248xx/CVE-2024-24867.json create mode 100644 CVE-2024/CVE-2024-259xx/CVE-2024-25933.json create mode 100644 CVE-2024/CVE-2024-25xx/CVE-2024-2565.json create mode 100644 CVE-2024/CVE-2024-25xx/CVE-2024-2566.json diff --git a/CVE-2024/CVE-2024-248xx/CVE-2024-24867.json b/CVE-2024/CVE-2024-248xx/CVE-2024-24867.json new file mode 100644 index 00000000000..322a1da5933 --- /dev/null +++ b/CVE-2024/CVE-2024-248xx/CVE-2024-24867.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-24867", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-03-17T16:15:08.157", + "lastModified": "2024-03-17T16:15:08.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-stats-manager/wordpress-wp-stats-manager-plugin-6-9-4-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25933.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25933.json new file mode 100644 index 00000000000..510e65ed1b0 --- /dev/null +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25933.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-25933", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-03-17T16:15:08.390", + "lastModified": "2024-03-17T16:15:08.390", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/pepro-ultimate-invoice/wordpress-peprodev-ultimate-invoice-plugin-1-9-7-sensitive-data-exposure-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-25xx/CVE-2024-2565.json b/CVE-2024/CVE-2024-25xx/CVE-2024-2565.json new file mode 100644 index 00000000000..4ded598b120 --- /dev/null +++ b/CVE-2024/CVE-2024-25xx/CVE-2024-2565.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-2565", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-17T15:15:07.187", + "lastModified": "2024-03-17T15:15:07.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257064." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/PandaXGO/PandaX/issues/5", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.257064", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.257064", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-25xx/CVE-2024-2566.json b/CVE-2024/CVE-2024-25xx/CVE-2024-2566.json new file mode 100644 index 00000000000..29b783bdd71 --- /dev/null +++ b/CVE-2024/CVE-2024-25xx/CVE-2024-2566.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-2566", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-17T15:15:07.420", + "lastModified": "2024-03-17T15:15:07.420", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/get_extension_yl.php. The manipulation of the argument imei leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257065 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-get_extension_yl.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.257065", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.257065", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 1fa0b1659ef..0e29addd9b3 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-17T15:00:38.042037+00:00 +2024-03-17T17:00:38.003515+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-17T14:15:06.973000+00:00 +2024-03-17T16:15:08.390000+00:00 ``` ### Last Data Feed Release @@ -29,14 +29,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -241731 +241735 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `4` -* [CVE-2024-2564](CVE-2024/CVE-2024-25xx/CVE-2024-2564.json) (`2024-03-17T14:15:06.973`) +* [CVE-2024-24867](CVE-2024/CVE-2024-248xx/CVE-2024-24867.json) (`2024-03-17T16:15:08.157`) +* [CVE-2024-2565](CVE-2024/CVE-2024-25xx/CVE-2024-2565.json) (`2024-03-17T15:15:07.187`) +* [CVE-2024-2566](CVE-2024/CVE-2024-25xx/CVE-2024-2566.json) (`2024-03-17T15:15:07.420`) +* [CVE-2024-25933](CVE-2024/CVE-2024-259xx/CVE-2024-25933.json) (`2024-03-17T16:15:08.390`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index fff5034149e..72f87522deb 100644 --- a/_state.csv +++ b/_state.csv @@ -240780,6 +240780,7 @@ CVE-2024-24861,0,0,6b40afdcfeaef4379ad19505bbc3196ca9bd79cff347b2f5b0473b639a002 CVE-2024-24864,0,0,cb2feb3346fb11cc5b4be9ff84c56cdf4de4a5045cdc4255bc9349b2b8259736,2024-02-10T04:05:22.843000 CVE-2024-24865,0,0,69d1d9e6b7dcdc1a41fcca26c5c38135753d56b8f5d02ca0d16d1408ab64d3a6,2024-02-07T23:30:50.313000 CVE-2024-24866,0,0,7234eb10c2179098475da368126463933a93e4c44ee1e87fac56ce5cbea64b85,2024-02-13T19:48:45.207000 +CVE-2024-24867,1,1,d02bce7c277904138b788c066bcad1d13e3a0e013e95636c243e6971e42b21a1,2024-03-17T16:15:08.157000 CVE-2024-24868,0,0,e7f14abb86f06eb8a849fd232ff7f12dc608d17b75bfc6f64f2c0bbfd51ed1c7,2024-02-28T14:06:45.783000 CVE-2024-2487,0,0,4ca5472da55e03928f48be008f61a5daee2051808522c475d1ce22687edd2999,2024-03-15T12:53:06.423000 CVE-2024-24870,0,0,b39acdcce0711487a9081cc9665d4882378e31aa9603afc2ce7a407d6eacb9c6,2024-02-13T19:48:35.953000 @@ -241100,17 +241101,19 @@ CVE-2024-25631,0,0,c8bdaced4c0d5563bd57b345057b4e4f59369a45b7c12f5563c1a08a0da6b CVE-2024-25634,0,0,c1510e3ab0b733f2989d621c241e546f656e3e790b7a0232e637470ddb569500,2024-02-20T19:50:53.960000 CVE-2024-25635,0,0,02f92a5a9bdf152263c68c7161477865d30fa40fbd763157286667e134fdd120,2024-02-20T19:50:53.960000 CVE-2024-25636,0,0,25ca08d2d7942010a89cee168f33ec13089ab5d688be0f620a303dd1bdaf78e7,2024-02-20T19:50:53.960000 -CVE-2024-2564,1,1,20c5f4f1c2679e3f384ad4559d078395b49d5e5aee769ccefe30e3301a8d3204,2024-03-17T14:15:06.973000 +CVE-2024-2564,0,0,20c5f4f1c2679e3f384ad4559d078395b49d5e5aee769ccefe30e3301a8d3204,2024-03-17T14:15:06.973000 CVE-2024-25640,0,0,e7a5a66e06481c463ef3267e2ad9b6391b00223315aeb71281eb8d63b041ce79,2024-02-20T19:50:53.960000 CVE-2024-25642,0,0,bf91eeb1502dedca60fe6c035b93d7dfc5a440bc6932322c6ae4d128b4c7c145,2024-02-13T14:01:40.577000 CVE-2024-25643,0,0,08f3e6c0d454841d4e4dc84aae81812246ffbd96bb71cc2e9e4566cd4077e910,2024-02-13T14:01:07.747000 CVE-2024-25644,0,0,cad748db94c87605f745ac8efbb54ef36e9bf866e1bcdbdf96bff9a05dfcf738,2024-03-12T12:40:13.500000 CVE-2024-25645,0,0,611af6391fb4617a6b65e5d2ff91bac5a4003873b65f133d0cd2495d911bd094,2024-03-12T12:40:13.500000 CVE-2024-25649,0,0,ff4005c5bc448d78f7be592b75e982f7bf99b3c972c3f93072e448020f36c7cd,2024-03-14T12:52:09.877000 +CVE-2024-2565,1,1,bd3c624874ffd2ed7cfdce46a424723ffe46928b98908fbb1c72f6299559aeec,2024-03-17T15:15:07.187000 CVE-2024-25650,0,0,86db7f9cd2961887ed39c6b63b2949a71fabae22076ac99000118f6e3ecf601e,2024-03-14T12:52:16.723000 CVE-2024-25651,0,0,4935c44deda83694ae7a33c550d78c8ec02d262dfb7e7f44dbd503c93d5109ae,2024-03-14T12:52:09.877000 CVE-2024-25652,0,0,1684edbbe6a032e904cd3d9da8c2e3b5d162c7d94708a30170c5b1a8fdc4de06,2024-03-14T12:52:09.877000 CVE-2024-25653,0,0,cf0ab93d3f68bfc65ae7a6e2836e0f599b295638c5107d23ca26fba04d235e4d,2024-03-14T12:52:09.877000 +CVE-2024-2566,1,1,445585f1cd08efde7542890fc279dbf8691de9ca80bbe4da90217abd121415cc,2024-03-17T15:15:07.420000 CVE-2024-25674,0,0,880844ace2ad9fa6a214f1eff7f46e3beaded8f86ef202dfc09585e1e07ca21c,2024-02-12T14:30:40.343000 CVE-2024-25675,0,0,7eb120f8543ce89181641a0a8c791e82666c8e07d23577075c360f9dbf73d233,2024-02-12T14:30:28.640000 CVE-2024-25677,0,0,1d7f4f51208daa48b27418602ba1484337c537523201080701287445cfed0006,2024-02-15T19:43:24.983000 @@ -241201,6 +241204,7 @@ CVE-2024-25928,0,0,a6060327df403c3c616b275f710271564f7f2534d45ed96b3571c5b2e5121 CVE-2024-25930,0,0,0ab8711195d4ca59bae23faf5b938c4832c53808527b8c4f0842867494c69bd3,2024-02-29T13:49:29.390000 CVE-2024-25931,0,0,cced732a62b8661206eb106d5ae979a2d16189f2911f7eaa9ca025496e8df531,2024-02-29T13:49:29.390000 CVE-2024-25932,0,0,b47ba5ecf2a19427a2d0c7404d84cf9b82c7d738bc913534568255e83139261d,2024-02-29T13:49:29.390000 +CVE-2024-25933,1,1,9a19a70e8ccf2de812b06af79bef2fea24d149ddfc7ffcadd406cea0f3ab65f3,2024-03-17T16:15:08.390000 CVE-2024-25934,0,0,abf29b2c8bd2941b97b5a50ee19174b7389e9c0ccc1df25f4fdb8e591190b306,2024-03-15T16:26:49.320000 CVE-2024-25936,0,0,8effd82663b8db2d960ef33e023d14a22fda9a759a9ee34ebfd84341bfced171,2024-03-15T16:26:49.320000 CVE-2024-25940,0,0,81faf8084be28ad3443bfad1349de788b40c215e318cb61e901b3079aac1c24e,2024-02-15T06:23:39.303000