diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12883.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12883.json new file mode 100644 index 00000000000..14d70055554 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12883.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12883", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-21T13:15:05.613", + "lastModified": "2024-12-21T13:15:05.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "baseScore": 5.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/su-co/cve/blob/main/xss-su-co.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289141", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289141", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.466393", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-128xx/CVE-2024-12884.json b/CVE-2024/CVE-2024-128xx/CVE-2024-12884.json new file mode 100644 index 00000000000..098f980eaa5 --- /dev/null +++ b/CVE-2024/CVE-2024-128xx/CVE-2024-12884.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12884", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-21T14:15:21.063", + "lastModified": "2024-12-21T14:15:21.063", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://geochen.medium.com/sqli-in-login-php-of-e-commerce-website-using-php-1abacb5e2ccd", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289142", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289142", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.466519", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51463.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51463.json new file mode 100644 index 00000000000..cb409918a0c --- /dev/null +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51463.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-51463", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-12-21T14:15:21.453", + "lastModified": "2024-12-21T14:15:21.453", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM i 7.3, 7.4, and 7.5 \n\nis vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7179509", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51464.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51464.json new file mode 100644 index 00000000000..ff643e5b834 --- /dev/null +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51464.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-51464", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-12-21T14:15:21.627", + "lastModified": "2024-12-21T14:15:21.627", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-644" + } + ] + } + ], + "references": [ + { + "url": "https://www.ibm.com/support/pages/node/7179509", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 61d41d099a6..8447b483187 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-21T13:00:19.036634+00:00 +2024-12-21T15:00:19.834382+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-21T12:15:20.910000+00:00 +2024-12-21T14:15:21.627000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -274537 +274541 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `4` -- [CVE-2024-12875](CVE-2024/CVE-2024-128xx/CVE-2024-12875.json) (`2024-12-21T12:15:20.910`) +- [CVE-2024-12883](CVE-2024/CVE-2024-128xx/CVE-2024-12883.json) (`2024-12-21T13:15:05.613`) +- [CVE-2024-12884](CVE-2024/CVE-2024-128xx/CVE-2024-12884.json) (`2024-12-21T14:15:21.063`) +- [CVE-2024-51463](CVE-2024/CVE-2024-514xx/CVE-2024-51463.json) (`2024-12-21T14:15:21.453`) +- [CVE-2024-51464](CVE-2024/CVE-2024-514xx/CVE-2024-51464.json) (`2024-12-21T14:15:21.627`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index aede5d8a7d1..94bc98b2d04 100644 --- a/_state.csv +++ b/_state.csv @@ -245056,8 +245056,10 @@ CVE-2024-1285,0,0,d0ab2f865f2e59a6fecad2e70eefd338b3054451b5a20bdd27d60569b43e4f CVE-2024-1286,0,0,3a37afba636befcbf537a255eb60a76fe80040636283609c3669d2692aee914a,2024-11-21T08:50:14.037000 CVE-2024-12867,0,0,01e49ed64d6e9cd55a7b69c5d48fb82a0f55b6ea873444ea934a92cdc9c1bea1,2024-12-20T20:15:22.740000 CVE-2024-1287,0,0,86cfcf8ed68830eef8991c1cc47e2012e7e4c97ca8a27598ab8fa2741ba6d8b0,2024-11-21T08:50:14.227000 -CVE-2024-12875,1,1,ee4bf98b78016953207e90ab1c1e1367a08d0d85e025d7e25b88e0372fa04581,2024-12-21T12:15:20.910000 +CVE-2024-12875,0,0,ee4bf98b78016953207e90ab1c1e1367a08d0d85e025d7e25b88e0372fa04581,2024-12-21T12:15:20.910000 CVE-2024-1288,0,0,395f2de724425f73212a7bc39e91c09ee4289c7b4882341dd1ed370b6c884fd8,2024-11-21T08:50:14.440000 +CVE-2024-12883,1,1,0aa6b94784eb025896882814202fa04e9e4a7816349ae85e5172dbeb18285a66,2024-12-21T13:15:05.613000 +CVE-2024-12884,1,1,543f1871079a56956cadcd381356178e485931e988c0c8b4f5476339a04576ed,2024-12-21T14:15:21.063000 CVE-2024-1289,0,0,e65e8e4dfe8200c9b56fed0852a43d923fc5ad73370ce2516cb730a4df84b5f1,2024-11-21T08:50:14.563000 CVE-2024-1290,0,0,7c95f47c5c3e77faa57d4558ce65f60c9fa0ea7551f118126af89c59b8448f97,2024-11-21T08:50:14.680000 CVE-2024-1291,0,0,52c4840726a3cf584db63abe3d1006ff575604ba403c25fca89470816948ce5e,2024-11-21T08:50:14.863000 @@ -268484,6 +268486,8 @@ CVE-2024-51434,0,0,fd0f2e493c6557b3a7b75698795afa3b125b8838b7989d6283ab019561701 CVE-2024-5144,0,0,6bbfaf13c1764c4fefc00893d80de8b864d8af9b05653210d129c904ab48e8ed,2024-05-31T18:15:13.217000 CVE-2024-5145,0,0,1ce6a725d120216d833ed23f25099d9f4810ecb9d4c63ffcf11012cbf68534d1,2024-11-21T09:47:03.920000 CVE-2024-51460,0,0,5ed8cb0bc6e7264a024f4fdc6bea49f8d819c03171033b2027328a825c325cb4,2024-12-11T13:15:06.510000 +CVE-2024-51463,1,1,c10145e6070215d7c0984525084a5c3afdf7565c93303fbc3fb7373df154d225,2024-12-21T14:15:21.453000 +CVE-2024-51464,1,1,69f5d546a83bdd7683722d0859a88a640e895a1b44c51270e757af6904b8f33c,2024-12-21T14:15:21.627000 CVE-2024-51465,0,0,b984a1f47331a027471db6ecd22c9db67a7b4679236a111706732d4e42cb3082,2024-12-04T14:15:20.223000 CVE-2024-51466,0,0,f8d3d47f89339e1c49e199d4d29061c3398d8045235700eb4ff399548ec59171,2024-12-20T14:15:24.250000 CVE-2024-5147,0,0,b4fda03873bf91b8aee1014c1d03851aae8f0afeab0edb3aed7529ff221065c3,2024-11-21T09:47:04.057000