admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-01-26T13:00:25.097940+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-01-26 13:00:28 +00:00
parent 767f924bd9
commit 0d55a750df
7 changed files with 365 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2024/CVE-2024-238xx/CVE-2024-23890.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23890",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T11:15:08.053",
"lastModified": "2024-01-26T11:15:08.053",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/itempopup.php, en el par\u00e1metro de description. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23891.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23891",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T11:15:08.707",
"lastModified": "2024-01-26T11:15:08.707",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/itemcreate.php, en el par\u00e1metro itemid. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23892.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23892",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T11:15:08.970",
"lastModified": "2024-01-26T11:15:08.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/costcentercreate.php, en el par\u00e1metro costcenterid. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23893.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23893",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T11:15:09.223",
"lastModified": "2024-01-26T11:15:09.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid\u00a0parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que resulta en una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/costcentermodify.php, en el par\u00e1metro costcenterid. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23894.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23894",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T11:15:09.477",
"lastModified": "2024-01-26T11:15:09.477",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stockissuancecreate.php, en el par\u00e1metro issuancedate. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy",
"source": "cve-coordination@incibe.es"
}
]
}

59
CVE-2024/CVE-2024-238xx/CVE-2024-23896.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-23896",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-01-26T11:15:09.747",
"lastModified": "2024-01-26T11:15:09.747",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials."
},
{
"lang": "es",
"value": "Se ha informado de una vulnerabilidad en Cups Easy (Purchase & Inventory), versi\u00f3n 1.0, por la cual las entradas controladas por el usuario no est\u00e1n suficientemente codificadas, lo que genera una vulnerabilidad de Cross-Site Scripting (XSS) a trav\u00e9s de /cupseasylive/stock.php, en el par\u00e1metro batchno. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir a un atacante remoto enviar una URL especialmente manipulada a un usuario autenticado y robar sus credenciales de cookies de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy",
"source": "cve-coordination@incibe.es"
}
]
}

44
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-01-26T11:00:25.747478+00:00 2024-01-26T13:00:25.097940+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-01-26T10:15:12.953000+00:00 2024-01-26T11:15:09.747000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -29,47 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
236908 236914
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `39` Recently added CVEs: `6`
* [CVE-2024-23865](CVE-2024/CVE-2024-238xx/CVE-2024-23865.json) (`2024-01-26T10:15:08.223`) * [CVE-2024-23890](CVE-2024/CVE-2024-238xx/CVE-2024-23890.json) (`2024-01-26T11:15:08.053`)
* [CVE-2024-23866](CVE-2024/CVE-2024-238xx/CVE-2024-23866.json) (`2024-01-26T10:15:08.420`) * [CVE-2024-23891](CVE-2024/CVE-2024-238xx/CVE-2024-23891.json) (`2024-01-26T11:15:08.707`)
* [CVE-2024-23867](CVE-2024/CVE-2024-238xx/CVE-2024-23867.json) (`2024-01-26T10:15:08.640`) * [CVE-2024-23892](CVE-2024/CVE-2024-238xx/CVE-2024-23892.json) (`2024-01-26T11:15:08.970`)
* [CVE-2024-23868](CVE-2024/CVE-2024-238xx/CVE-2024-23868.json) (`2024-01-26T10:15:08.840`) * [CVE-2024-23893](CVE-2024/CVE-2024-238xx/CVE-2024-23893.json) (`2024-01-26T11:15:09.223`)
* [CVE-2024-23869](CVE-2024/CVE-2024-238xx/CVE-2024-23869.json) (`2024-01-26T10:15:09.047`) * [CVE-2024-23894](CVE-2024/CVE-2024-238xx/CVE-2024-23894.json) (`2024-01-26T11:15:09.477`)
* [CVE-2024-23870](CVE-2024/CVE-2024-238xx/CVE-2024-23870.json) (`2024-01-26T10:15:09.243`) * [CVE-2024-23896](CVE-2024/CVE-2024-238xx/CVE-2024-23896.json) (`2024-01-26T11:15:09.747`)
* [CVE-2024-23871](CVE-2024/CVE-2024-238xx/CVE-2024-23871.json) (`2024-01-26T10:15:09.437`)
* [CVE-2024-23872](CVE-2024/CVE-2024-238xx/CVE-2024-23872.json) (`2024-01-26T10:15:09.637`)
* [CVE-2024-23873](CVE-2024/CVE-2024-238xx/CVE-2024-23873.json) (`2024-01-26T10:15:09.830`)
* [CVE-2024-23874](CVE-2024/CVE-2024-238xx/CVE-2024-23874.json) (`2024-01-26T10:15:10.023`)
* [CVE-2024-23875](CVE-2024/CVE-2024-238xx/CVE-2024-23875.json) (`2024-01-26T10:15:10.213`)
* [CVE-2024-23876](CVE-2024/CVE-2024-238xx/CVE-2024-23876.json) (`2024-01-26T10:15:10.410`)
* [CVE-2024-23877](CVE-2024/CVE-2024-238xx/CVE-2024-23877.json) (`2024-01-26T10:15:10.597`)
* [CVE-2024-23878](CVE-2024/CVE-2024-238xx/CVE-2024-23878.json) (`2024-01-26T10:15:10.803`)
* [CVE-2024-23879](CVE-2024/CVE-2024-238xx/CVE-2024-23879.json) (`2024-01-26T10:15:10.997`)
* [CVE-2024-23880](CVE-2024/CVE-2024-238xx/CVE-2024-23880.json) (`2024-01-26T10:15:11.203`)
* [CVE-2024-23881](CVE-2024/CVE-2024-238xx/CVE-2024-23881.json) (`2024-01-26T10:15:11.410`)
* [CVE-2024-23882](CVE-2024/CVE-2024-238xx/CVE-2024-23882.json) (`2024-01-26T10:15:11.600`)
* [CVE-2024-23883](CVE-2024/CVE-2024-238xx/CVE-2024-23883.json) (`2024-01-26T10:15:11.800`)
* [CVE-2024-23884](CVE-2024/CVE-2024-238xx/CVE-2024-23884.json) (`2024-01-26T10:15:11.993`)
* [CVE-2024-23885](CVE-2024/CVE-2024-238xx/CVE-2024-23885.json) (`2024-01-26T10:15:12.180`)
* [CVE-2024-23886](CVE-2024/CVE-2024-238xx/CVE-2024-23886.json) (`2024-01-26T10:15:12.370`)
* [CVE-2024-23887](CVE-2024/CVE-2024-238xx/CVE-2024-23887.json) (`2024-01-26T10:15:12.570`)
* [CVE-2024-23888](CVE-2024/CVE-2024-238xx/CVE-2024-23888.json) (`2024-01-26T10:15:12.760`)
* [CVE-2024-23889](CVE-2024/CVE-2024-238xx/CVE-2024-23889.json) (`2024-01-26T10:15:12.953`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `3` Recently modified CVEs: `0`
* [CVE-2021-33630](CVE-2021/CVE-2021-336xx/CVE-2021-33630.json) (`2024-01-26T09:15:07.277`)
* [CVE-2021-33631](CVE-2021/CVE-2021-336xx/CVE-2021-33631.json) (`2024-01-26T09:15:07.457`)
* [CVE-2024-23855](CVE-2024/CVE-2024-238xx/CVE-2024-23855.json) (`2024-01-26T09:15:08.527`)
## Download and Usage ## Download and Usage