From 1c6037bb1042460d464b488ac5990d57b6f63a91 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 16 Dec 2024 11:04:13 +0000 Subject: [PATCH] Auto-Update: 2024-12-16T11:00:48.631145+00:00 --- CVE-2024/CVE-2024-123xx/CVE-2024-12362.json | 141 ++++++++++++++++++++ CVE-2024/CVE-2024-536xx/CVE-2024-53677.json | 4 +- README.md | 23 +--- _state.csv | 25 ++-- 4 files changed, 163 insertions(+), 30 deletions(-) create mode 100644 CVE-2024/CVE-2024-123xx/CVE-2024-12362.json diff --git a/CVE-2024/CVE-2024-123xx/CVE-2024-12362.json b/CVE-2024/CVE-2024-123xx/CVE-2024-12362.json new file mode 100644 index 00000000000..a8f747111a2 --- /dev/null +++ b/CVE-2024/CVE-2024-123xx/CVE-2024-12362.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12362", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-16T10:15:05.097", + "lastModified": "2024-12-16T10:15:05.097", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/InvoicePlane/InvoicePlane/pull/1127", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/InvoicePlane/InvoicePlane/releases/tag/v1.6.2-beta-1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.288537", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.288537", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.459908", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-536xx/CVE-2024-53677.json b/CVE-2024/CVE-2024-536xx/CVE-2024-53677.json index a4eba86ef32..696d04441a9 100644 --- a/CVE-2024/CVE-2024-536xx/CVE-2024-53677.json +++ b/CVE-2024/CVE-2024-536xx/CVE-2024-53677.json @@ -2,13 +2,13 @@ "id": "CVE-2024-53677", "sourceIdentifier": "security@apache.org", "published": "2024-12-11T16:15:14.593", - "lastModified": "2024-12-12T16:15:55.177", + "lastModified": "2024-12-16T10:15:06.330", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "File upload logic is flawed vulnerability in Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 6.4.0.\n\nUsers are recommended to upgrade to version 6.4.0, which fixes the issue.\n\nYou can find more details in\u00a0 https://cwiki.apache.org/confluence/display/WW/S2-067" + "value": "File upload logic is flawed vulnerability in Apache Struts.\n\nThis issue affects Apache Struts: from 2.0.0 before 6.4.0.\n\nUsers are recommended to upgrade to version 6.4.0\u00a0migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload .\n\nYou can find more details in\u00a0 https://cwiki.apache.org/confluence/display/WW/S2-067" }, { "lang": "es", diff --git a/README.md b/README.md index 21657db6619..0da6acfe068 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-16T09:00:32.963337+00:00 +2024-12-16T11:00:48.631145+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-16T08:15:05.513000+00:00 +2024-12-16T10:15:06.330000+00:00 ``` ### Last Data Feed Release @@ -33,30 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -273909 +273910 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `1` -- [CVE-2024-12641](CVE-2024/CVE-2024-126xx/CVE-2024-12641.json) (`2024-12-16T07:15:05.787`) -- [CVE-2024-12642](CVE-2024/CVE-2024-126xx/CVE-2024-12642.json) (`2024-12-16T07:15:06.023`) -- [CVE-2024-12643](CVE-2024/CVE-2024-126xx/CVE-2024-12643.json) (`2024-12-16T07:15:06.217`) -- [CVE-2024-12644](CVE-2024/CVE-2024-126xx/CVE-2024-12644.json) (`2024-12-16T07:15:06.387`) -- [CVE-2024-12645](CVE-2024/CVE-2024-126xx/CVE-2024-12645.json) (`2024-12-16T07:15:06.560`) -- [CVE-2024-12646](CVE-2024/CVE-2024-126xx/CVE-2024-12646.json) (`2024-12-16T07:15:06.737`) -- [CVE-2024-48872](CVE-2024/CVE-2024-488xx/CVE-2024-48872.json) (`2024-12-16T08:15:04.950`) -- [CVE-2024-54083](CVE-2024/CVE-2024-540xx/CVE-2024-54083.json) (`2024-12-16T08:15:05.317`) -- [CVE-2024-54682](CVE-2024/CVE-2024-546xx/CVE-2024-54682.json) (`2024-12-16T08:15:05.513`) -- [CVE-2024-9678](CVE-2024/CVE-2024-96xx/CVE-2024-9678.json) (`2024-12-16T07:15:06.917`) -- [CVE-2024-9679](CVE-2024/CVE-2024-96xx/CVE-2024-9679.json) (`2024-12-16T07:15:07.107`) +- [CVE-2024-12362](CVE-2024/CVE-2024-123xx/CVE-2024-12362.json) (`2024-12-16T10:15:05.097`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-53677](CVE-2024/CVE-2024-536xx/CVE-2024-53677.json) (`2024-12-16T10:15:06.330`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 5d0253c467d..c772207935b 100644 --- a/_state.csv +++ b/_state.csv @@ -244704,6 +244704,7 @@ CVE-2024-12358,0,0,c693e0849f917c8e8b82ecbabaa009531cb87832861cfd247370c207501db CVE-2024-12359,0,0,c89d1a1aa75e792ebb41728457dc48f1f26a200ebabc2671ae04aee3d706d446,2024-12-10T23:34:02.110000 CVE-2024-1236,0,0,98cf8c8d0d2027d41420e47ce0e54a62c55b6c82b55779fb1975380b5e094f29,2024-11-21T08:50:07.797000 CVE-2024-12360,0,0,9c92ce0fa75af6038fb90116f61bca41613e1dcad55daccb6d63b1c2c6eac745,2024-12-10T23:33:47.773000 +CVE-2024-12362,1,1,96e15c2faa2bd6e0d657897006f5afbf531e277c4e36a7600a72ca925ed55ef4,2024-12-16T10:15:05.097000 CVE-2024-12363,0,0,8bf95d170f6881f24ef42d227f38a0cf0a0a8682e2906a9aa2aaa1e3f316a356,2024-12-11T10:15:07.260000 CVE-2024-12369,0,0,5b7cc273eb06dd7ee2a2ae3818321c32759b57238bbfe6b2aea54c3bd6ee2b32,2024-12-09T21:15:08.203000 CVE-2024-1237,0,0,7608b762d209f55f10a23dbde634d086adad1d6240344714ec7de5c458d836b6,2024-11-21T08:50:07.910000 @@ -244787,12 +244788,12 @@ CVE-2024-12628,0,0,ac808889130fae56b4e45ff31e222138f9e55a8e7c6187e647f824762405f CVE-2024-1263,0,0,1ded99eb7dd7c25043d30fb557b1a5799a79150045deb56dc782cc48f4b0c898,2024-11-21T08:50:11.303000 CVE-2024-12632,0,0,b2981d9ae0d79f88557270498f7d8919df56f26fc08631dba371165f9d0f4233,2024-12-13T21:15:09.317000 CVE-2024-1264,0,0,0a400b50d7c5417af4540851d66c40fe9607cfb1bbd030ca37354551feca3778,2024-11-21T08:50:11.460000 -CVE-2024-12641,1,1,3ec4149ab7d3a9d03454ba86a1540a2777a6b2dc13331b9db9f83518d1b987fe,2024-12-16T07:15:05.787000 -CVE-2024-12642,1,1,5808efc466dd9e76a6b2fdd56acc2b4a99ac312a55996200c5393be689fe27de,2024-12-16T07:15:06.023000 -CVE-2024-12643,1,1,acf4cd766d01c6cf5b9b6a3307ecbdbdd1fb53520f0548c5600f3a769f431ead,2024-12-16T07:15:06.217000 -CVE-2024-12644,1,1,4fe46a77976cb26c8db1a8817f8d60588d7d627c677def113b1f0c3da34da101,2024-12-16T07:15:06.387000 -CVE-2024-12645,1,1,e2bf7e02fc7f9b197fb94f8f3f7739958eb1e7eb714f268785ecfdf27c30d30a,2024-12-16T07:15:06.560000 -CVE-2024-12646,1,1,edf55cca2f63c5514783a7adeb1b585499807b56f798173f78bff573d5a90371,2024-12-16T07:15:06.737000 +CVE-2024-12641,0,0,3ec4149ab7d3a9d03454ba86a1540a2777a6b2dc13331b9db9f83518d1b987fe,2024-12-16T07:15:05.787000 +CVE-2024-12642,0,0,5808efc466dd9e76a6b2fdd56acc2b4a99ac312a55996200c5393be689fe27de,2024-12-16T07:15:06.023000 +CVE-2024-12643,0,0,acf4cd766d01c6cf5b9b6a3307ecbdbdd1fb53520f0548c5600f3a769f431ead,2024-12-16T07:15:06.217000 +CVE-2024-12644,0,0,4fe46a77976cb26c8db1a8817f8d60588d7d627c677def113b1f0c3da34da101,2024-12-16T07:15:06.387000 +CVE-2024-12645,0,0,e2bf7e02fc7f9b197fb94f8f3f7739958eb1e7eb714f268785ecfdf27c30d30a,2024-12-16T07:15:06.560000 +CVE-2024-12646,0,0,edf55cca2f63c5514783a7adeb1b585499807b56f798173f78bff573d5a90371,2024-12-16T07:15:06.737000 CVE-2024-1265,0,0,b39c324e3936d2b2eba136bb9fb37e8f905e9dd3fbb95d7d724d951e7512509f,2024-11-21T08:50:11.610000 CVE-2024-1266,0,0,2a4a1a9a97982898c100d9d9cb94e7da9ed50410ea3a8e686081520943168bc9,2024-11-21T08:50:11.767000 CVE-2024-1267,0,0,0747778ead3832a4ca40a6166ab0347567f6883def83eef1d70067a8b72b33c4,2024-11-21T08:50:11.937000 @@ -266406,7 +266407,7 @@ CVE-2024-48868,0,0,2782ecb1470a758e28d05381e05356f80014eb1b4f591b7ba18f186159928 CVE-2024-4887,0,0,a0d0f9a8fb046d1d64dccc572def5193a849cd711291225c860f9ae76aeae91c,2024-11-21T09:43:47.697000 CVE-2024-48870,0,0,18a307d8f6128cb29a6984af9c786b2a3f86ad0eb48edcca47ed5bd77f7947c8,2024-11-05T19:34:38.287000 CVE-2024-48871,0,0,5d5a01d36a9cf590d21015dc1fb8d88b484f6420693898fd35b4436407272623,2024-12-06T18:15:25.267000 -CVE-2024-48872,1,1,e0488ddfbbc97cfa53cf7ce570cabf334ccaf2abe7ec833ab649dfba44be6406,2024-12-16T08:15:04.950000 +CVE-2024-48872,0,0,e0488ddfbbc97cfa53cf7ce570cabf334ccaf2abe7ec833ab649dfba44be6406,2024-12-16T08:15:04.950000 CVE-2024-48874,0,0,d4dab0701d320c08fdb5c4d13166c7fa76f47b4f8118adcdce9e1ede30e7393e,2024-12-10T19:44:16.093000 CVE-2024-48878,0,0,61df8c716ea1a9423d8f98d007fe741d86381fb579c3442ef6d827deee3b213c,2024-11-05T19:44:58.650000 CVE-2024-4888,0,0,133d57bae18b01966145fd4e4ce13e18e7959193dbb6b4323cb9d35593035efb,2024-11-21T09:43:47.830000 @@ -269443,7 +269444,7 @@ CVE-2024-53673,0,0,998c285a4fe0e35cbecbdb698279013b408c1bb4163a1e69369fac314d145 CVE-2024-53674,0,0,f555b7f03d33cd061d1493d8fc99309d52915e66d5ae0672802dcf1d36a50f32,2024-12-12T19:49:49.800000 CVE-2024-53675,0,0,1183b1bd94841ad73311a268c8a0b2c37f3657514fc74825a9481690ca681ab0,2024-12-12T19:48:48.443000 CVE-2024-53676,0,0,9e5335d7636e62fb7cc2e79040736f3f5e3856b52ef7bfb0006141b3e5724acd,2024-12-11T16:49:45.783000 -CVE-2024-53677,0,0,083151106e56d9fcc3b3875c7e2c6bbfb2ed7c011ac1692a0a8b085e71eb6ff7,2024-12-12T16:15:55.177000 +CVE-2024-53677,0,1,b609243c036f17eeee5716ce5982790964aead13c9071ef1069dc5264f78d358,2024-12-16T10:15:06.330000 CVE-2024-5368,0,0,0267b73ce86fd5c42a4c0cf503f4bdead8427924f402a3554f435c1bc916f416,2024-11-21T09:47:30.877000 CVE-2024-5369,0,0,14abdfed4d5003ff16a96b2708e00658833baa1f8166ee56f5ba2dba896b20f5,2024-11-21T09:47:31.020000 CVE-2024-53691,0,0,09846e368cf7a07a1d919202728e77d0589572ed56c2c2f1bb03db07c3ec7fb0,2024-12-06T17:15:10.520000 @@ -269703,7 +269704,7 @@ CVE-2024-54051,0,0,0b1f5c4d6a6660f6eca551d294b306144268ea170824a2e433c9ff96bee16 CVE-2024-5406,0,0,5db0f501f7c712d4bcce798425460b3472165eeef82fd225689429d234120e5b,2024-11-21T09:47:35.457000 CVE-2024-5407,0,0,e082637321598f3dc8c3c9e1760b81a1e1197c4d13cd58fed3245c37f0bb71c9,2024-11-21T09:47:35.567000 CVE-2024-5408,0,0,0b23a712a85d13fef48f02294d854672174790bd624dfee1416450ccef66434a,2024-11-21T09:47:35.690000 -CVE-2024-54083,1,1,ab0c3e93b93d6d1fcd800037fd4adff6300f06f95c7d5b0be5ef071070f048c0,2024-12-16T08:15:05.317000 +CVE-2024-54083,0,0,ab0c3e93b93d6d1fcd800037fd4adff6300f06f95c7d5b0be5ef071070f048c0,2024-12-16T08:15:05.317000 CVE-2024-5409,0,0,f7df79bf8c405f523130badde3800a80499e2a2f05cefac143617aad785ef5de,2024-11-21T09:47:35.810000 CVE-2024-54091,0,0,dc5c73da9eed4ea1b769bbbff881c5fabd4f746f0337a6f741715e6c55e58677,2024-12-12T14:15:22.953000 CVE-2024-54093,0,0,9b4c9fb3253eae2faddaa5bce4d624f7927535a01dc9c7aeeb4d509f723ada4e,2024-12-10T14:30:47.350000 @@ -269992,7 +269993,7 @@ CVE-2024-54674,0,0,545e92efc26fab029b2ecd902e6764f6f53f740b5b32d49c4c8440f2592a5 CVE-2024-54675,0,0,14b4e742326580d47a2a009f3e3f65a46d84415cc785ea77b3a28630132c9018,2024-12-05T19:15:09.100000 CVE-2024-54679,0,0,381ad7e6890c67d9b6c47b47a43cd175dd5b1319ea7d6b78a90445a532dafd14,2024-12-06T15:15:09.693000 CVE-2024-5468,0,0,83f1a353a5b95b83c36aafd7fb0e880d8454855ef6bbd816a181cff50dcb4279,2024-11-21T09:47:44.527000 -CVE-2024-54682,1,1,47c1e4bea5a44559550e8b3ac687261daadaa3d8113a6cea9c496aa4796df1ff,2024-12-16T08:15:05.513000 +CVE-2024-54682,0,0,47c1e4bea5a44559550e8b3ac687261daadaa3d8113a6cea9c496aa4796df1ff,2024-12-16T08:15:05.513000 CVE-2024-5469,0,0,0593227e51e97383649ced684c68d7aaf013a250af5a8e55d437662843299556,2024-11-21T09:47:44.633000 CVE-2024-5470,0,0,b70339f8a022f56de8d4eb030bd8f5d3563ba0fc9c1634fd55ea697aee92ede9,2024-11-21T09:47:44.787000 CVE-2024-5471,0,0,631b7a50303d6f9a193814092037f29379ca6ca2282e0b67207306f8abcc9ba4,2024-11-21T09:47:44.903000 @@ -273633,8 +273634,8 @@ CVE-2024-9674,0,0,dcc152f68b1f7c703678ea1798dc92c1fa87e3588d3559438d5c688c6e83e0 CVE-2024-9675,0,0,00d4dc2f1e7706c2dbe94ebff288188d87800560d2f4c32185d599f287de35c6,2024-12-13T18:15:22.507000 CVE-2024-9676,0,0,55ce7f789aec5de504d954da5f65516dc9f8543012f990f377ddbe582f64b41d,2024-11-26T09:15:06.820000 CVE-2024-9677,0,0,8ac7fd75efed77835a38e0d5d30fbebdcc1b6d67032d9bfdfc464e20115a7f11,2024-12-05T22:11:15.217000 -CVE-2024-9678,1,1,fa6d086fd6e95da26cac32b6aa9f339d75c5064b7a3a161a053f194207e49135,2024-12-16T07:15:06.917000 -CVE-2024-9679,1,1,97094acf2404026f659d9cc4cf6adeb9c62fac3d50ff539d7ace5622e4a33ea1,2024-12-16T07:15:07.107000 +CVE-2024-9678,0,0,fa6d086fd6e95da26cac32b6aa9f339d75c5064b7a3a161a053f194207e49135,2024-12-16T07:15:06.917000 +CVE-2024-9679,0,0,97094acf2404026f659d9cc4cf6adeb9c62fac3d50ff539d7ace5622e4a33ea1,2024-12-16T07:15:07.107000 CVE-2024-9680,0,0,b270ebb58405bce82b545a9823e949fa4790116b7a4834e574606834227d9216,2024-11-26T19:53:56.537000 CVE-2024-9681,0,0,2ae771a08ca769f211d8d385c4480401b1a952b5ea57b2588c5b5f84fbd4b358,2024-12-13T14:15:22.953000 CVE-2024-9682,0,0,6d690df5e8c227b34e224cce5647fb45a6c1d80990a723f81ebd7b281b388f5b,2024-11-19T15:47:07.517000