diff --git a/CVE-2023/CVE-2023-251xx/CVE-2023-25199.json b/CVE-2023/CVE-2023-251xx/CVE-2023-25199.json new file mode 100644 index 00000000000..1d7ba45e960 --- /dev/null +++ b/CVE-2023/CVE-2023-251xx/CVE-2023-25199.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-25199", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-04T07:15:07.923", + "lastModified": "2024-04-04T07:15:07.923", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A reflected cross-site scripting (XSS) vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://summitinfosec.com/blog/x-ray-vision-identifying-cve-2023-25199-and-cve-2023-25200-in-manufacturing-equipment/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-252xx/CVE-2023-25200.json b/CVE-2023/CVE-2023-252xx/CVE-2023-25200.json new file mode 100644 index 00000000000..60cc443abad --- /dev/null +++ b/CVE-2023/CVE-2023-252xx/CVE-2023-25200.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-25200", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-04T07:15:08.103", + "lastModified": "2024-04-04T07:15:08.103", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An HTML injection vulnerability exists in the MT Safeline X-Ray X3310 webserver version NXG 19.05 that enables a remote attacker to render malicious HTML and obtain sensitive information in a victim's browser." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://summitinfosec.com/blog/x-ray-vision-identifying-cve-2023-25199-and-cve-2023-25200-in-manufacturing-equipment/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json b/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json index e42803dbd09..4aa458ff04d 100644 --- a/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json +++ b/CVE-2023/CVE-2023-384xx/CVE-2023-38408.json @@ -2,7 +2,7 @@ "id": "CVE-2023-38408", "sourceIdentifier": "cve@mitre.org", "published": "2023-07-20T03:15:10.170", - "lastModified": "2023-12-22T22:15:07.490", + "lastModified": "2024-04-04T06:15:08.430", "vulnStatus": "Modified", "descriptions": [ { @@ -213,6 +213,10 @@ "Exploit", "Third Party Advisory" ] + }, + { + "url": "https://www.vicarius.io/vsociety/posts/exploring-opensshs-agent-forwarding-rce-cve-2023-38408", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1418.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1418.json new file mode 100644 index 00000000000..bd8ed7c36de --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1418.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1418", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-04T06:15:08.783", + "lastModified": "2024-04-04T06:15:08.783", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The CGC Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2 via the REST API. This makes it possible for unauthenticated attackers to view protected posts via REST API even when maintenance mode is enabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/cgc-maintenance-mode/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1cd5fa89-ed3b-4ac1-9200-9f5eb26cb534?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-208xx/CVE-2024-20848.json b/CVE-2024/CVE-2024-208xx/CVE-2024-20848.json index f85e8a719dc..28b3f12e2c5 100644 --- a/CVE-2024/CVE-2024-208xx/CVE-2024-20848.json +++ b/CVE-2024/CVE-2024-208xx/CVE-2024-20848.json @@ -2,12 +2,12 @@ "id": "CVE-2024-20848", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-04-02T03:15:09.557", - "lastModified": "2024-04-02T12:50:42.233", + "lastModified": "2024-04-04T06:15:09.067", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Out-of-bound Write vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code." + "value": "Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory." }, { "lang": "es", @@ -21,20 +21,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", - "integrityImpact": "LOW", + "integrityImpact": "NONE", "availabilityImpact": "LOW", - "baseScore": 5.1, + "baseScore": 4.0, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.5, - "impactScore": 2.5 + "impactScore": 1.4 } ] }, diff --git a/CVE-2024/CVE-2024-285xx/CVE-2024-28520.json b/CVE-2024/CVE-2024-285xx/CVE-2024-28520.json new file mode 100644 index 00000000000..f9f63c1f93e --- /dev/null +++ b/CVE-2024/CVE-2024-285xx/CVE-2024-28520.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28520", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-04T06:15:09.460", + "lastModified": "2024-04-04T06:15:09.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "File Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an attacker to obtain sensitive information via the uploadfile.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/aknbg1thub/cve/blob/main/upload.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-293xx/CVE-2024-29375.json b/CVE-2024/CVE-2024-293xx/CVE-2024-29375.json new file mode 100644 index 00000000000..0a4f7599cab --- /dev/null +++ b/CVE-2024/CVE-2024-293xx/CVE-2024-29375.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-29375", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-04T07:15:08.190", + "lastModified": "2024-04-04T07:15:08.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ismailcemunver/CVE-2024-29375", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 43a243a0132..7bbbfb4ff4e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-04T06:00:38.027809+00:00 +2024-04-04T08:00:52.475629+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-04T05:15:19.010000+00:00 +2024-04-04T07:15:08.190000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -244038 +244043 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -- [CVE-2024-31025](CVE-2024/CVE-2024-310xx/CVE-2024-31025.json) (`2024-04-04T05:15:19.010`) +- [CVE-2023-25199](CVE-2023/CVE-2023-251xx/CVE-2023-25199.json) (`2024-04-04T07:15:07.923`) +- [CVE-2023-25200](CVE-2023/CVE-2023-252xx/CVE-2023-25200.json) (`2024-04-04T07:15:08.103`) +- [CVE-2024-1418](CVE-2024/CVE-2024-14xx/CVE-2024-1418.json) (`2024-04-04T06:15:08.783`) +- [CVE-2024-28520](CVE-2024/CVE-2024-285xx/CVE-2024-28520.json) (`2024-04-04T06:15:09.460`) +- [CVE-2024-29375](CVE-2024/CVE-2024-293xx/CVE-2024-29375.json) (`2024-04-04T07:15:08.190`) ### CVEs modified in the last Commit Recently modified CVEs: `2` -- [CVE-2024-3273](CVE-2024/CVE-2024-32xx/CVE-2024-3273.json) (`2024-04-04T04:15:08.763`) -- [CVE-2024-3274](CVE-2024/CVE-2024-32xx/CVE-2024-3274.json) (`2024-04-04T04:15:09.273`) +- [CVE-2023-38408](CVE-2023/CVE-2023-384xx/CVE-2023-38408.json) (`2024-04-04T06:15:08.430`) +- [CVE-2024-20848](CVE-2024/CVE-2024-208xx/CVE-2024-20848.json) (`2024-04-04T06:15:09.067`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 43f5d901793..04d057e8819 100644 --- a/_state.csv +++ b/_state.csv @@ -217726,7 +217726,9 @@ CVE-2023-25194,0,0,5439c758fa3fb561e024e651988dec569f66d723a27e32e4c5e7149b3ab42 CVE-2023-25195,0,0,1acbed03ece4c24fc9b4c3f1e0b260107070a737aef093d782a3e128cd9ca39a,2023-11-07T04:08:56.857000 CVE-2023-25196,0,0,699234895607a5f2d3804d8e95cad080ec02442067f07505d07eb52c95e8735f,2023-11-07T04:08:56.920000 CVE-2023-25197,0,0,913684f6f76b3970a5edbd4b861d3e3ba71f8a386c7cb6d51b58922e102fa9f4,2023-11-07T04:08:56.980000 +CVE-2023-25199,1,1,22f724ebe7864d4ded5535cc14af13c2177cfdc52c676880197026dfca81c2c0,2024-04-04T07:15:07.923000 CVE-2023-2520,0,0,c1bdc3a63d359e62f5a788fcccfe55d3cf2bb5383fe9701afdd36df420440179,2024-03-21T02:47:14.407000 +CVE-2023-25200,1,1,d6892a71ef6eaf90aa71e3a901fbe5dda7e97808ee3470f9f396343113da2476,2024-04-04T07:15:08.103000 CVE-2023-25201,0,0,b2956da7b7ecace4001c8e78fcd43c4f8a0aaa09eee4e6f70a0decf1ce045592,2023-07-17T18:42:15.550000 CVE-2023-25206,0,0,daa679a2f273c41c808fe00ddd18d8984c18d7cb2378f1f968de9a1e814f620f,2023-03-17T17:32:19.313000 CVE-2023-25207,0,0,8afa427842b31194eab2890fb0b1dd71a67e9ad76d0303b5b31456a95cf81e58,2023-03-15T18:52:24.190000 @@ -227291,7 +227293,7 @@ CVE-2023-38404,0,0,3dc6ba7796bd771a65b22048e59c9ab5fef46da9252fb3726f228bc9dd4b4 CVE-2023-38405,0,0,c9debfd5593845ef6520958dbc49abb74fd74ee699fbdda9849aeefe8e69acd0,2023-07-27T03:46:14.810000 CVE-2023-38406,0,0,53664c0ac92a6a642347f5a5b1cfadb2353026ad1b135845142bf4ee408ff41f,2023-11-14T20:03:32.717000 CVE-2023-38407,0,0,e6e482bbeb9b1ec4c08137dc31311a16b63901519c781f9f82a524f9167d2222,2023-11-14T17:38:10.273000 -CVE-2023-38408,0,0,fa3cee30e7248c242e0c7653cd550f1e4819602adda16069ef456aef1ac8d3fe,2023-12-22T22:15:07.490000 +CVE-2023-38408,0,1,d096ce6b1e1ae5ca92da22ae6b0e69e0a183709fb248f60799d11a2af22a33e3,2024-04-04T06:15:08.430000 CVE-2023-38409,0,0,6490e149eaf901300003e5cb5fe2beb3e6bba4dd1431a86db788223f5e63097f,2023-07-27T03:49:09.943000 CVE-2023-3841,0,0,838ab98803191909876b79ad9eae78a15ea9bd3a8aaa15183800cf74a246d706,2024-03-21T02:48:48 CVE-2023-38410,0,0,dacab55bd139fa677a3b09e8882ef5d31eb8780377d0feebcd0e9b7c3e9a7a6e,2023-08-01T19:54:15.847000 @@ -239096,6 +239098,7 @@ CVE-2024-1410,0,0,535308bfcb5b14b9cf6546577fa611ecf7473e04ab146e149a1b5e72425241 CVE-2024-1411,0,0,030f897eed6e6219f0d1c0b9b3349832bbb4c8ad1dac44c5a94f383da8f08bf9,2024-02-29T13:49:29.390000 CVE-2024-1413,0,0,6aa464349bbf11ec5072ac1ca50df93a7b461f7b0af9c0cd6b20e490ba03edbb,2024-03-13T18:15:58.530000 CVE-2024-1414,0,0,7c23a7ce5ddbf41f4f2b563f7544816af98ea31dd891fa1a4032e28edd4761e3,2024-03-13T18:15:58.530000 +CVE-2024-1418,1,1,357bb27f7840af6bddabe768850b8f379c890df4cc1ea3113390bc2ec027c5bd,2024-04-04T06:15:08.783000 CVE-2024-1419,0,0,2c70f60b0f2ce39c1fb701bf4c4f420108cacd5e876318aed7a6153508e9a501,2024-03-07T13:52:27.110000 CVE-2024-1420,0,0,63be6135cf11500708980f0eb6e023d1c00fd2eeb1aa055b1a9dd099f6d1d32a,2024-02-12T15:15:07.733000 CVE-2024-1421,0,0,f03d7f3ef1765f0f145e59552c7f2e0551f5780bf62fafd3ac0b92ab1fea1897,2024-03-13T12:33:51.697000 @@ -239759,7 +239762,7 @@ CVE-2024-20844,0,0,95f0af507d45eac6adfed828ff57bea848cc6f6a9b17eae59c428ec4d317f CVE-2024-20845,0,0,4ff492c5e5d119646490e7085e30e1b47c0d027425ae85d9449df4a607480a1b,2024-04-02T12:50:42.233000 CVE-2024-20846,0,0,2ca2db5a4ac97050385f2bcc4a9cf0fc7b9944f87fcb74481a22cc4178913c0f,2024-04-02T12:50:42.233000 CVE-2024-20847,0,0,e34623d17c59510fa0ffb1d4949bbaab2581f06b877c2f828642bcc6ea333bcf,2024-04-02T12:50:42.233000 -CVE-2024-20848,0,0,7cbcd9e495edc5250496c5b44ec4166618feb7744a85c88c8cbdb1c383ab5ead,2024-04-02T12:50:42.233000 +CVE-2024-20848,0,1,28558009806042e22975004f4d315ee4c95d0a2ccf7ebcf4fea146bbbda2976f,2024-04-04T06:15:09.067000 CVE-2024-20849,0,0,304a651418a8ce9d1a25b3ad787581695ada9ff568713c47127ce67970d5b195,2024-04-02T12:50:42.233000 CVE-2024-20850,0,0,8b24ff806adae50d98fcd86bfbc4b04fd0d38c532d1a0ae3d7a07329b240d8b4,2024-04-02T12:50:42.233000 CVE-2024-20851,0,0,297204ff3342a0021fed72f789d061868b3c384706199689d6e8354fbcf49067,2024-04-02T12:50:42.233000 @@ -243114,6 +243117,7 @@ CVE-2024-2850,0,0,18a7df7924646d54c8018dc44d3ceaaa7b16c75f99276cbe6ac98b765122f7 CVE-2024-2851,0,0,9a668cf4331e419a65111b1e6f8abf3e27bc0fce212b623cd8a47fdd549e170b,2024-03-26T03:15:36.833000 CVE-2024-28515,0,0,a2f38351769a80f01f300fd8c83038fe9060fc0b0320f8b6c711930dd11ec84b,2024-04-03T12:38:04.840000 CVE-2024-2852,0,0,d7c0051b0398ed6771fdd69c5942366e1b233545fdf7340abf88db5b663c134a,2024-03-26T03:15:47.310000 +CVE-2024-28520,1,1,f10d79a71f5de370059e8dae45369e2bbc199a75425906dec16beba39bcb8e0e,2024-04-04T06:15:09.460000 CVE-2024-28521,0,0,8ab5b6bd1cc025dda03cab07eeddd7e1f81756c34e55025f1870bf6a0feb8a5b,2024-03-22T12:45:36.130000 CVE-2024-2853,0,0,e510059736f729514b8634c28eabbedda89b99502b90c04b4a57c0f56252c1ab,2024-03-26T03:15:50.793000 CVE-2024-28535,0,0,174c70ce71a26af929a40c7b6a103a5242ac3321f34f35a982d598e918b67152,2024-03-21T20:58:46.217000 @@ -243397,6 +243401,7 @@ CVE-2024-2935,0,0,9598fcd68e01ecba7444a707189fa4b4b4ef241167bfeef7a3068949307f2a CVE-2024-2936,0,0,950f133afd27a35b983b84ccf28c6c243f93c3bc3f8164a88ae2811823762a38,2024-03-29T12:45:02.937000 CVE-2024-29366,0,0,970a4db6ccd44fa8fff843a083b23c4276fdabe942805276e1033f4579523e8f,2024-03-22T19:02:10.300000 CVE-2024-29374,0,0,f8a146770d52182e0c10b15b21ebc5da7e22091690385e976078b28de6736be7,2024-03-21T19:47:03.943000 +CVE-2024-29375,1,1,416b8d1ecd3fcaede2474824b2ac028e88219f6d46c677c4bec20e3597648fc3,2024-04-04T07:15:08.190000 CVE-2024-2938,0,0,74cee8ddd44bab6f9e56f6f66215742d85b488aeba84c862b69365829e2e81e5,2024-03-27T12:29:30.307000 CVE-2024-29385,0,0,77dce7c3f8675f81eb6a00c8f1d149f72619312873eb8bb6e829225e587309f5,2024-03-22T19:02:10.300000 CVE-2024-2939,0,0,da1b78713b2ffab9e788aedae3466ad09fc771d3ff8f225a843c9a7dc25c77cd,2024-03-27T12:29:30.307000 @@ -243925,7 +243930,7 @@ CVE-2024-31010,0,0,22d3a5a8802df0899a91f29c1da59c9756b041e238b139f6c5446937f944e CVE-2024-31011,0,0,e280dc2325f8c749d256893287e9934a0b438d76a624897891275e16b92e2305,2024-04-03T12:38:04.840000 CVE-2024-31012,0,0,59265fe10316d43a2acb459ea9de60f6a264c8b6d13bc4dae0d363d3b5d71397,2024-04-03T12:38:04.840000 CVE-2024-31013,0,0,137ba39b03bbaab20823954557195167ac08df3fa32a6782dd4080f1d723f338,2024-04-03T12:38:04.840000 -CVE-2024-31025,1,1,5ccf5f11a750a35e7effb30b7cf68d9d2ea1ccdaaabe136a76897db0de69e918,2024-04-04T05:15:19.010000 +CVE-2024-31025,0,0,5ccf5f11a750a35e7effb30b7cf68d9d2ea1ccdaaabe136a76897db0de69e918,2024-04-04T05:15:19.010000 CVE-2024-31032,0,0,c23457a1b61188b806e7f7013717ab2174a595288e28b36b486645ce08e16035,2024-04-01T01:12:59.077000 CVE-2024-31033,0,0,897cdecff344b121550f3f8e1b3cb821fdde5689eabf8f2834a81266f3e9da87,2024-04-03T03:15:10.670000 CVE-2024-31061,0,0,3a611478260a969dc7c268c913c4f396b21e3b4ebcb9a4cb4b0ae2a352b58da0,2024-03-28T20:53:20.813000 @@ -244035,5 +244040,5 @@ CVE-2024-3258,0,0,16d450bc3554c2a319117adc94d8a7dcb1f68b8821fc173e15562a1ba48b30 CVE-2024-3259,0,0,59128ca045cd2f7fbe88d58e11ffcce19ef1d2f5d6abea61087e98d65d4fd821,2024-04-03T17:24:18.150000 CVE-2024-3270,0,0,ee7ab86f7bf43358544c245654b91101b254fc6f7c652d1821c4b3bc289b1731,2024-04-03T23:15:13.650000 CVE-2024-3272,0,0,ec957dadeec43e12f55685313ce87fc6f1845369f9e4bed1d35809970a1013da,2024-04-04T01:15:50.123000 -CVE-2024-3273,0,1,8f6b35ec9da3c04c04de1c010b3b6aa0772cd3407f505a2ed48fc8f40699399d,2024-04-04T04:15:08.763000 -CVE-2024-3274,0,1,32f206f5d47657ec51c93682e19fe774d99f54a5c66292b062cd9d87bb3be3fe,2024-04-04T04:15:09.273000 +CVE-2024-3273,0,0,8f6b35ec9da3c04c04de1c010b3b6aa0772cd3407f505a2ed48fc8f40699399d,2024-04-04T04:15:08.763000 +CVE-2024-3274,0,0,32f206f5d47657ec51c93682e19fe774d99f54a5c66292b062cd9d87bb3be3fe,2024-04-04T04:15:09.273000