Auto-Update: 2024-03-31T10:00:40.034940+00:00

CVE-2017/CVE-2017-201xx/CVE-2017-20191.json

@@ -0,0 +1,92 @@
+{
+  "id": "CVE-2017-20191",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-03-31T09:15:10.280",
+  "lastModified": "2024-03-31T09:15:10.280",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Zimbra zm-admin-ajax up to 8.8.1. It has been classified as problematic. This affects the function XFormItem.prototype.setError of the file WebRoot/js/ajax/dwt/xforms/XFormItem.js of the component Form Textbox Field Error Handler. The manipulation of the argument message leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 8.8.2 is able to address this issue. The identifier of the patch is bb240ce0c71c01caabaa43eed30c78ba8d7d3591. It is recommended to upgrade the affected component. The identifier VDB-258621 was assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.0
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/Zimbra/zm-admin-ajax/commit/bb240ce0c71c01caabaa43eed30c78ba8d7d3591",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/Zimbra/zm-admin-ajax/releases/tag/8.8.2",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.258621",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.258621",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

CVE-2020/CVE-2020-368xx/CVE-2020-36828.json

@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2020-36828",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-03-31T09:15:10.730",
+  "lastModified": "2024-03-31T09:15:10.730",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 3.4-20210119 is able to address this issue. The name of the patch is 4a9673624f46f7609486778ded9653733020c567. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258612."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.0
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/codersclub/DiscuzX/commit/4a9673624f46f7609486778ded9653733020c567",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.258612",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.258612",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-03-31T08:00:38.730896+00:00
+2024-03-31T10:00:40.034940+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-03-31T06:15:07.517000+00:00
+2024-03-31T09:15:10.730000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,14 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-243448
+243450
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `2`
 
-- [CVE-2015-10131](CVE-2015/CVE-2015-101xx/CVE-2015-10131.json) (`2024-03-31T06:15:07.517`)
+- [CVE-2017-20191](CVE-2017/CVE-2017-201xx/CVE-2017-20191.json) (`2024-03-31T09:15:10.280`)
+- [CVE-2020-36828](CVE-2020/CVE-2020-368xx/CVE-2020-36828.json) (`2024-03-31T09:15:10.730`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -74565,7 +74565,7 @@ CVE-2015-10128,0,0,15bd6b8a650a6a2200ccd02e0c94ea61c311e4ee86aaeba3e2c710f81253b
 CVE-2015-10129,0,0,0c802a4fffa1be27673773609ec54ea1a2d6b37c5e92509dd9c48591b1b73a7d,2024-02-29T01:16:12.903000
 CVE-2015-1013,0,0,23f947ef2a14ceb5b694d30df996f8b07d473b30458159701da9568ed0c06853,2015-05-27T16:44:25.970000
 CVE-2015-10130,0,0,c9cd0bb1902f6b2922598f4ff9cb0b2bc2845ec1c78759c0478a96b36f83ddfe,2024-03-13T12:33:51.697000
-CVE-2015-10131,1,1,db52e282dff37480e4ef21dbe8c6c577956d3ed551e29963f72baad3a93381b5,2024-03-31T06:15:07.517000
+CVE-2015-10131,0,0,db52e282dff37480e4ef21dbe8c6c577956d3ed551e29963f72baad3a93381b5,2024-03-31T06:15:07.517000
 CVE-2015-1014,0,0,bcef1257ddc4c4f77cf21cd284e8ee72e8a135c6962181cd5a3131a49fdfdb96,2019-10-09T23:13:03.937000
 CVE-2015-1015,0,0,956792c50ce2b78cf733dec45219e1d485d14d19c9547c307372ee3a9d399d12,2015-10-06T23:49:39.873000
 CVE-2015-1026,0,0,267d1aaec4f9d9694d71557c2fea9d2ff75e1a7f8f7e8d82ae922091bfb48756,2018-10-09T19:55:41.077000
@@ -102514,6 +102514,7 @@ CVE-2017-20188,0,0,5e34d93b21fe7321c82d49a605337e6d50587ce01b2027eee936b0f098c6d
 CVE-2017-20189,0,0,ade6bda6eb375aea7e40860fb59e445e1362eb93fcbec7e5bd5fe9f30b51df83,2024-01-30T23:01:53.763000
 CVE-2017-2019,0,0,dc04a8afedb59054a87aa83702e5d1a9be8b97c84d93317a02ad5a89cce57517,2023-11-07T02:43:30.710000
 CVE-2017-20190,0,0,d6a3439746c47f94d7e43a0126133d2071cc2ffe6abcadac181840167202087c,2024-03-27T12:29:30.307000
+CVE-2017-20191,1,1,e9d05a7fefefdbcd53ce8248a6151cd1c54ec2d5cbeb7bfef833634083a7a74d,2024-03-31T09:15:10.280000
 CVE-2017-2020,0,0,1de7d9952d4ce4a083b4f5b601557cf3eac5817062c0e0c3221158b7e3633c59,2023-11-07T02:43:30.943000
 CVE-2017-2021,0,0,5561d4e26eee42c3b8d9e152476dd3066bfe2b5d26fe21ef1984c0688825c48d,2023-11-07T02:43:31.170000
 CVE-2017-2022,0,0,ffe952c9e7c702bef66315b1f42a683ab9282273d19789f2033671a028ec813d,2023-11-07T02:43:31.413000
@@ -159242,6 +159243,7 @@ CVE-2020-3682,0,0,24a4348c2423fb50a4d883ab97a98087dac9114a52e3cd5f84438c3d7a885f
 CVE-2020-36825,0,0,beef296e9ca6b0a047894781107bf88f271e5c62478ba60a13bb1190d2c6f4ab,2024-03-25T01:51:01.223000
 CVE-2020-36826,0,0,ef70df6b5da2390ae0accb834fbfb35959fe5003ceb1c6011a48c2abad7d583d,2024-03-25T13:47:14.087000
 CVE-2020-36827,0,0,a6db9cbeae6630d393296ca1c94bea7d65002751fb1c23ce04ca6f82ec820e80,2024-03-25T01:51:01.223000
+CVE-2020-36828,1,1,0760ca079b3d10ce081faf566c3a60c26e1823dfa9ad6d8bb69d77855530c16d,2024-03-31T09:15:10.730000
 CVE-2020-3684,0,0,931f112566786124f7d6fcb2bd46c9dcab315dc8e46c2a552446825ac25c83c4,2020-11-06T16:29:14.480000
 CVE-2020-3685,0,0,d53e7f1d143037625a0e7accdd772a2ca67acd945a19ee6a44795cb898b977ad,2021-01-29T23:46:03.037000
 CVE-2020-3686,0,0,2751b7fc7694785f090b1a831e3239e3ac41b203ebf4010fe60035bec637d53b,2021-01-30T00:10:19.887000