admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-16T02:00:17.446185+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-16 02:03:15 +00:00
parent 53836cf6e2
commit 1ad5b3ff88
3 changed files with 145 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
CVE-2024/CVE-2024-88xx/CVE-2024-8880.json Normal file
View File

@ -0,0 +1,133 @@
{
"id": "CVE-2024-8880",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-09-16T01:15:10.503",
"lastModified": "2024-09-16T01:15:10.503",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in playSMS 1.4.4/1.4.5/1.4.6/1.4.7. Affected is an unknown function of the file /playsms/index.php?app=main&inc=core_auth&route=forgot&op=forgot of the component Template Handler. The manipulation of the argument username/email/captcha leads to code injection. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. The project maintainer was informed early about the issue. Investigation shows that playSMS up to 1.4.3 contained a fix but later versions re-introduced the flaw. As long as the latest version of the playsms/tpl package is used, the software is not affected. Version >=1.4.4 shall fix this issue for sure."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "HIGH",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.277524",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.277524",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.406095",
"source": "cna@vuldb.com"
}
]
}

16
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-09-15T23:55:17.381297+00:00 2024-09-16T02:00:17.446185+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-09-15T23:15:11.100000+00:00 2024-09-16T01:15:10.503000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -27,24 +27,20 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain ```plain
2024-09-15T00:00:08.663137+00:00 2024-09-16T00:00:08.638496+00:00
``` ```
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
262908 262909
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `5` Recently added CVEs: `1`
- [CVE-2024-46938](CVE-2024/CVE-2024-469xx/CVE-2024-46938.json) (`2024-09-15T22:15:09.830`) - [CVE-2024-8880](CVE-2024/CVE-2024-88xx/CVE-2024-8880.json) (`2024-09-16T01:15:10.503`)
- [CVE-2024-46942](CVE-2024/CVE-2024-469xx/CVE-2024-46942.json) (`2024-09-15T23:15:11.033`)
- [CVE-2024-46943](CVE-2024/CVE-2024-469xx/CVE-2024-46943.json) (`2024-09-15T23:15:11.100`)
- [CVE-2024-8875](CVE-2024/CVE-2024-88xx/CVE-2024-8875.json) (`2024-09-15T22:15:09.887`)
- [CVE-2024-8876](CVE-2024/CVE-2024-88xx/CVE-2024-8876.json) (`2024-09-15T22:15:10.137`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit

11
_state.csv
View File

@ -259882,9 +259882,9 @@ CVE-2024-4688,0,0,52289ed8c0286442cd44c00a18386eec964a66f3ff263d13f6b3a47ad78257
CVE-2024-4689,0,0,a13cc88d2e9b12d452cf9b42ce57cc1735d851f3f551a07c40e7bb0f2ee113b8,2024-05-14T16:11:39.510000 CVE-2024-4689,0,0,a13cc88d2e9b12d452cf9b42ce57cc1735d851f3f551a07c40e7bb0f2ee113b8,2024-05-14T16:11:39.510000
CVE-2024-46918,0,0,c81638d5ca63c19490f644512349dd49baf06add9619db431c68631e601d23e2,2024-09-15T20:15:02.390000 CVE-2024-46918,0,0,c81638d5ca63c19490f644512349dd49baf06add9619db431c68631e601d23e2,2024-09-15T20:15:02.390000
CVE-2024-4693,0,0,e3d9266511ed640ea0a2750bbbe8d9b8b25eda5f77b693324e75ee95f4a7a307,2024-05-14T16:11:39.510000 CVE-2024-4693,0,0,e3d9266511ed640ea0a2750bbbe8d9b8b25eda5f77b693324e75ee95f4a7a307,2024-05-14T16:11:39.510000
CVE-2024-46938,1,1,a5c9e90ab7d92d7718c097193345a29e65c16e9e9d7ee02386aee1371e9ab85a,2024-09-15T22:15:09.830000 CVE-2024-46938,0,0,a5c9e90ab7d92d7718c097193345a29e65c16e9e9d7ee02386aee1371e9ab85a,2024-09-15T22:15:09.830000
CVE-2024-46942,1,1,6b93d00b6dfeb694fcbe84011b71090f470c3492de64daa71f84a4174e08c3a6,2024-09-15T23:15:11.033000 CVE-2024-46942,0,0,6b93d00b6dfeb694fcbe84011b71090f470c3492de64daa71f84a4174e08c3a6,2024-09-15T23:15:11.033000
CVE-2024-46943,1,1,6c5e76688d51eaeb0396635653b39855a3726df8877ff6ebb136df51868058d7,2024-09-15T23:15:11.100000 CVE-2024-46943,0,0,6c5e76688d51eaeb0396635653b39855a3726df8877ff6ebb136df51868058d7,2024-09-15T23:15:11.100000
CVE-2024-4695,0,0,aa253f1bdce79ef626aa7622c4e367006f6b60359a6a2b0af989b23a6e81f980,2024-05-21T12:37:59.687000 CVE-2024-4695,0,0,aa253f1bdce79ef626aa7622c4e367006f6b60359a6a2b0af989b23a6e81f980,2024-05-21T12:37:59.687000
CVE-2024-4696,0,0,b8ce6d89da084f88972905e9878372f109e48889eae7d9f95b30ecbbc63816ed,2024-06-17T12:43:31.090000 CVE-2024-4696,0,0,b8ce6d89da084f88972905e9878372f109e48889eae7d9f95b30ecbbc63816ed,2024-06-17T12:43:31.090000
CVE-2024-4697,0,0,3bc62a9bb9952d026af8ecd13a98f81fa60290945109a2f6023ef384956822fe,2024-06-04T16:57:41.053000 CVE-2024-4697,0,0,3bc62a9bb9952d026af8ecd13a98f81fa60290945109a2f6023ef384956822fe,2024-06-04T16:57:41.053000
@ -262905,5 +262905,6 @@ CVE-2024-8866,0,0,31ba295c4f71cde54a98742cdc5d78078f4e8b948563abaa4e1dbb696b00e6
CVE-2024-8867,0,0,dd10831ef551fea3afb47529263b42e62dd84766cc54a4058c7ce2170e3f8ac1,2024-09-15T03:15:01.840000 CVE-2024-8867,0,0,dd10831ef551fea3afb47529263b42e62dd84766cc54a4058c7ce2170e3f8ac1,2024-09-15T03:15:01.840000
CVE-2024-8868,0,0,4c0844b52c07af19f806d758bc94eea8b81aa10285bf079a34c6dd0100e86840,2024-09-15T03:15:02.153000 CVE-2024-8868,0,0,4c0844b52c07af19f806d758bc94eea8b81aa10285bf079a34c6dd0100e86840,2024-09-15T03:15:02.153000
CVE-2024-8869,0,0,aa2af33ef0f85ca181820a682c28077f17b530186dae9e309043b826e1006c37,2024-09-15T11:15:13.323000 CVE-2024-8869,0,0,aa2af33ef0f85ca181820a682c28077f17b530186dae9e309043b826e1006c37,2024-09-15T11:15:13.323000
CVE-2024-8875,1,1,937273052af9299e71e0685f90ca034fa7f2bd3ffa6091954cfb7a5dfe7f4026,2024-09-15T22:15:09.887000 CVE-2024-8875,0,0,937273052af9299e71e0685f90ca034fa7f2bd3ffa6091954cfb7a5dfe7f4026,2024-09-15T22:15:09.887000
CVE-2024-8876,1,1,d3897a0bd9305e7aad53374b9f2867f9079d8de81ad1c651393ba929b723325f,2024-09-15T22:15:10.137000 CVE-2024-8876,0,0,d3897a0bd9305e7aad53374b9f2867f9079d8de81ad1c651393ba929b723325f,2024-09-15T22:15:10.137000
CVE-2024-8880,1,1,782096ab277276fb13986f51774bd3d399c3e53220651fdda32cd67f07a2a71a,2024-09-16T01:15:10.503000

Can't render this file because it is too large.