Auto-Update: 2024-08-30T04:00:17.161751+00:00

CVE-2024/CVE-2024-454xx/CVE-2024-45488.json

@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-45488",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-08-30T02:15:03.757",
+  "lastModified": "2024-08-30T02:15:03.757",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "One Identity Safeguard for Privileged Passwords before 7.5.2 allows unauthorized access because of an issue related to cookies. This only affects virtual appliance installations (VMware or HyperV). The fixed versions are 7.0.5.1 LTS, 7.4.2, and 7.5.2."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://support.oneidentity.com/kb/4376740/safeguard-for-privileged-passwords-security-vulnerability-notification-defect-460620",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://support.oneidentity.com/product-notification/noti-00001628",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-454xx/CVE-2024-45490.json

@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-45490",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-08-30T03:15:03.757",
+  "lastModified": "2024-08-30T03:15:03.757",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/libexpat/libexpat/issues/887",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/libexpat/libexpat/pull/890",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-454xx/CVE-2024-45491.json

@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-45491",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-08-30T03:15:03.850",
+  "lastModified": "2024-08-30T03:15:03.850",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/libexpat/libexpat/issues/888",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/libexpat/libexpat/pull/891",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-454xx/CVE-2024-45492.json

@@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-45492",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-08-30T03:15:03.930",
+  "lastModified": "2024-08-30T03:15:03.930",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/libexpat/libexpat/issues/889",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/libexpat/libexpat/pull/892",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-83xx/CVE-2024-8327.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8327",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-08-30T03:15:04.020",
+  "lastModified": "2024-08-30T03:15:04.020",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Easy test\n\nOnline Learning and Testing Platform from\u00a0HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8032-a3d5c-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8028-360e1-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}

CVE-2024/CVE-2024-83xx/CVE-2024-8328.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8328",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-08-30T03:15:04.247",
+  "lastModified": "2024-08-30T03:15:04.247",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary JavaScript code and perform Reflected Cross-site scripting attacks."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8033-0a98f-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8028-360e1-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}

CVE-2024/CVE-2024-83xx/CVE-2024-8329.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8329",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-08-30T03:15:04.463",
+  "lastModified": "2024-08-30T03:15:04.463",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL command to read, modify, and delete database contents."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8034-657b7-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8030-e2eac-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}

CVE-2024/CVE-2024-83xx/CVE-2024-8330.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-8330",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-08-30T03:15:04.660",
+  "lastModified": "2024-08-30T03:15:04.660",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8035-53926-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8031-a2f21-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-08-30T02:00:17.356788+00:00
+2024-08-30T04:00:17.161751+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-08-30T01:15:03.797000+00:00
+2024-08-30T03:15:04.660000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,22 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-261546
+261554
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `8`
 
-- [CVE-2024-2881](CVE-2024/CVE-2024-28xx/CVE-2024-2881.json) (`2024-08-30T00:15:04.917`)
+- [CVE-2024-45488](CVE-2024/CVE-2024-454xx/CVE-2024-45488.json) (`2024-08-30T02:15:03.757`)
-- [CVE-2024-8234](CVE-2024/CVE-2024-82xx/CVE-2024-8234.json) (`2024-08-30T01:15:03.797`)
+- [CVE-2024-45490](CVE-2024/CVE-2024-454xx/CVE-2024-45490.json) (`2024-08-30T03:15:03.757`)
+- [CVE-2024-45491](CVE-2024/CVE-2024-454xx/CVE-2024-45491.json) (`2024-08-30T03:15:03.850`)
+- [CVE-2024-45492](CVE-2024/CVE-2024-454xx/CVE-2024-45492.json) (`2024-08-30T03:15:03.930`)
+- [CVE-2024-8327](CVE-2024/CVE-2024-83xx/CVE-2024-8327.json) (`2024-08-30T03:15:04.020`)
+- [CVE-2024-8328](CVE-2024/CVE-2024-83xx/CVE-2024-8328.json) (`2024-08-30T03:15:04.247`)
+- [CVE-2024-8329](CVE-2024/CVE-2024-83xx/CVE-2024-8329.json) (`2024-08-30T03:15:04.463`)
+- [CVE-2024-8330](CVE-2024/CVE-2024-83xx/CVE-2024-8330.json) (`2024-08-30T03:15:04.660`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 
-- [CVE-2024-41918](CVE-2024/CVE-2024-419xx/CVE-2024-41918.json) (`2024-08-30T00:15:05.117`)
 
 
 ## Download and Usage

_state.csv

@@ -248992,7 +248992,7 @@ CVE-2024-2880,0,0,c617aabe27a476530f11dd1aff9d0e70b8bc9314c3647a1cac79a81958f4d9
 CVE-2024-28804,0,0,f7e3d6c3e14215e831a96b931ea15f5f72cb16cc7bfabd09d8b34530beca586f,2024-08-01T13:49:18.607000
 CVE-2024-28805,0,0,57ffe0c5396b469d1d6aea3771a149218b95fafbad9b52c6f522fc5113787118,2024-08-01T13:49:19.450000
 CVE-2024-28806,0,0,b0870c92c612bc52e55ac5da958c74e320d7e205346206836a7ae598363f9d27,2024-08-05T11:35:01.757000
-CVE-2024-2881,1,1,e6c51e03c2b104cbf3c1d65d2bb90dbc45ec74b035cbd4e96428c3e93ccca37d,2024-08-30T00:15:04.917000
+CVE-2024-2881,0,0,e6c51e03c2b104cbf3c1d65d2bb90dbc45ec74b035cbd4e96428c3e93ccca37d,2024-08-30T00:15:04.917000
 CVE-2024-28815,0,0,a66a592511ffd5b563fa083295811494fe79ce7c34bc79ae02ae7f38cd9af9c2,2024-08-01T13:49:20.227000
 CVE-2024-28816,0,0,6ee14c0c184476ced399e15a2ac6d0162b81cd21899a98e17bebc5eeaa09e33f,2024-03-11T12:47:42.653000
 CVE-2024-28818,0,0,553ea080520e3ef7d7c194b1130a084d77d8e937a2b2bb8942609e2870cc98f5,2024-06-27T16:43:48.633000
@@ -257490,7 +257490,7 @@ CVE-2024-41913,0,0,c6ad0a1fb279b7b6cd3ae0202ead0c310e4163291803f6da39ff84b133ebe
 CVE-2024-41914,0,0,cbc550b915270d7e2f2879c2f4d0216e7f6bd6d1cd3a3c180c2f13327702487c,2024-08-01T13:59:14.250000
 CVE-2024-41915,0,0,79e27d81a466e27de33128fccf775ada519c090b73b4d198c18c4a0be866e968,2024-08-01T13:59:14.947000
 CVE-2024-41916,0,0,a0fecd8d5dfc5244c3f03c29349b89d02348a331ee6a39e9fbc76610f4f83ad0,2024-07-31T12:57:02.300000
-CVE-2024-41918,0,1,ff1e1fb0cfcc6b97a7cea1317502d0a3e9967697061e2f0c48808799a7489efd,2024-08-30T00:15:05.117000
+CVE-2024-41918,0,0,ff1e1fb0cfcc6b97a7cea1317502d0a3e9967697061e2f0c48808799a7489efd,2024-08-30T00:15:05.117000
 CVE-2024-4192,0,0,0768e429bccaed861e82d220deefd437e5feb26a94e95c7a121626318970662c,2024-05-01T13:02:20.750000
 CVE-2024-41924,0,0,06cc2d8c551d8fd39f4e2ff31447bb4070ddde2d992cf8f0c8cb1b0035280973,2024-08-01T13:59:15.743000
 CVE-2024-41926,0,0,13c43cd281b4a9b74f2496b8daab80f10df1e7e6bc024b50c3c661b49018ccc2,2024-08-01T16:45:25.400000
@@ -258840,7 +258840,11 @@ CVE-2024-4545,0,0,864a22773c6eaa7a20fdb4cf4c4b7a2709a2c8e64cfe98132d05364d67e97a
 CVE-2024-4546,0,0,da973c82a9042d639d29e7a0c2ffb48d440dea200e6df21027887041c43a68db,2024-05-16T13:03:05.353000
 CVE-2024-4547,0,0,e03413ba2a3d643e986abd6a70d4989a4412faae98e55cc280c4859673ba647d,2024-05-06T16:00:59.253000
 CVE-2024-4548,0,0,c312b0154ade9cb7e93b29cf6468875ea09abcdae811bc20c1f6b28cb1f08ef2,2024-05-06T16:00:59.253000
+CVE-2024-45488,1,1,b6833839b11a081ee7798b1dc7df8d13e8eae9284ac2d6cfdf272e7b163099ae,2024-08-30T02:15:03.757000
 CVE-2024-4549,0,0,e09f9cdaebb6118867e13a9d3ab643eb98c9f9e356cd137ad04d5c4afde15796,2024-07-03T02:07:44.057000
+CVE-2024-45490,1,1,30c02a7cca485c5f9f2e123c0645028fd28b4fc2ecfcd5b30d129538918a741f,2024-08-30T03:15:03.757000
+CVE-2024-45491,1,1,f9b581127f217577a4fc4f6caa8fe231d7103e603aa5da01406fcb54b1682c8e,2024-08-30T03:15:03.850000
+CVE-2024-45492,1,1,ed3a5f569d44caf9ed9d825b7f31bf35707aec4fa485e2387e36bde9b7da3410,2024-08-30T03:15:03.930000
 CVE-2024-4551,0,0,5eadeaa2a7f21f0b3297f45277617c137a52e984170b931f9145e745d378c040,2024-06-17T12:42:04.623000
 CVE-2024-4552,0,0,a910e848f992d4848b5a9057809234cfe8833a167abb01396097dc34db4ca3d3,2024-06-04T16:57:41.053000
 CVE-2024-4553,0,0,a1e8f5bd1acd4a97b93bbbe85c146f94099965137fad1ebd49acd106c4b8e00a,2024-05-21T12:37:59.687000
@@ -261534,7 +261538,7 @@ CVE-2024-8228,0,0,93a2ed289eaee58adcb93cda42520d2efec521ebb9601fd9e70d3a991a36c9
 CVE-2024-8229,0,0,b4e82f248689c551a8c2d56510132af8816aa6c16d8f7b5aa18c38850899c5a7,2024-08-29T00:10:09.807000
 CVE-2024-8230,0,0,51972d3a01eef60d4ec2fcebcc43d9f517d40a0a396b61ca7c24bdef0d5fcb4e,2024-08-29T00:08:24.643000
 CVE-2024-8231,0,0,19b769716e3fff898a72bf0ee7d68779b61ab99af63bed31a0498759613ebd4e,2024-08-28T12:57:27.610000
-CVE-2024-8234,1,1,290e4041e30647c7017bfce2cac67467b8960db0d5aa1cca3923a45a345893af,2024-08-30T01:15:03.797000
+CVE-2024-8234,0,0,290e4041e30647c7017bfce2cac67467b8960db0d5aa1cca3923a45a345893af,2024-08-30T01:15:03.797000
 CVE-2024-8250,0,0,74fb86f8fe2035c18dd497ff04e870378212b13108551159d2a1c3008bad35b8,2024-08-29T13:25:27.537000
 CVE-2024-8255,0,0,1ba22686992caf6d2b849b6835a0bffed1e0c071f8e2f2d7d811361b36c158e5,2024-08-29T16:15:10.140000
 CVE-2024-8294,0,0,4dbc4ed3db14d85852b6f7a6aa39a58fb9813e3a468ce2496730622a4e7e8e20,2024-08-29T13:25:27.537000
@@ -261545,3 +261549,7 @@ CVE-2024-8301,0,0,a320b86a1c6d3602618f46f60fc09d8dff020322bb7a7b0e43fc9a496aef7f
 CVE-2024-8302,0,0,6aa1d8b6c4a0f124c66574ced2f9e480e232ca912559bf0084d593981c6213c1,2024-08-29T14:15:09.530000
 CVE-2024-8303,0,0,df216f6ed6991ebfcd8d04a527576b3dbc34dfc62eb0afc850512e7710171894,2024-08-29T15:15:34.783000
 CVE-2024-8304,0,0,0b11e3bd31707139d665525dc7f3be4c5c9aa682a3f15d2ded6c49c9b5d9a51b,2024-08-29T15:15:35.070000
+CVE-2024-8327,1,1,b3f1d55df9565148f9d1e1c8a655cde008cdfa7e182f7f35e153adec04e41b9f,2024-08-30T03:15:04.020000
+CVE-2024-8328,1,1,0eb65cb2bcbd94bffb10237fcb7b3578eb984f706ec3178c6a33aac4e483cc9d,2024-08-30T03:15:04.247000
+CVE-2024-8329,1,1,068d1da5d1f1460669ff4f0ddfb5ea97052d6609fbd555280053755d29a78999,2024-08-30T03:15:04.463000
+CVE-2024-8330,1,1,1d2f05a979d6309da597cf83ec43a159e1f5852252ed8cb59dfc8d12f376ce8c,2024-08-30T03:15:04.660000