Auto-Update: 2024-02-09T11:00:24.454996+00:00

2025-05-08 03:27:17 +00:00 · 2024-02-09 11:00:28 +00:00 · 2024-02-09 11:00:28 +00:00 · 1ecc848fa6
commit 1ecc848fa6
parent e897d6c403
11 changed files with 274 additions and 16 deletions
--- a/CVE-2023/CVE-2023-67xx/CVE-2023-6716.json
+++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6716.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2023-6716",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2024-02-09T09:15:07.733",
+  "lastModified": "2024-02-09T09:15:07.733",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. All references and descriptions in this record have been removed to prevent accidental usage."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2024/CVE-2024-12xx/CVE-2024-1263.json
+++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1263.json
@ -2,12 +2,16 @@
  "id": "CVE-2024-1263",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-02-06T23:15:08.460",
-  "lastModified": "2024-02-07T01:11:27.753",
+  "lastModified": "2024-02-09T10:15:08.127",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad fue encontrada en Juanpao JPShop hasta 1.5.02 y clasificada como cr\u00edtica. La funci\u00f3n actionUpdate del archivo /api/controllers/merchant/shop/PosterController.php del componente API es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento pic_url conduce a una carga sin restricciones. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-253002 es el identificador asignado a esta vulnerabilidad."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-12xx/CVE-2024-1264.json
+++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1264.json
@ -2,12 +2,16 @@
  "id": "CVE-2024-1264",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-02-07T00:15:55.867",
-  "lastModified": "2024-02-07T01:11:27.753",
+  "lastModified": "2024-02-09T10:15:08.580",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003."
+    },
+    {
+      "lang": "es",
+      "value": "Una vulnerabilidad ha sido encontrada en Juanpao JPShop hasta 1.5.02 y clasificada como cr\u00edtica. La funci\u00f3n actionUpdate del archivo /api/controllers/common/UploadsController.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento imagen conduce a una carga sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-253003."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-217xx/CVE-2024-21762.json
+++ b/CVE-2024/CVE-2024-217xx/CVE-2024-21762.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-21762",
+  "sourceIdentifier": "psirt@fortinet.com",
+  "published": "2024-02-09T09:15:08.087",
+  "lastModified": "2024-02-09T09:15:08.087",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@fortinet.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@fortinet.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-787"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://fortiguard.com/psirt/FG-IR-24-015",
+      "source": "psirt@fortinet.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-221xx/CVE-2024-22119.json
+++ b/CVE-2024/CVE-2024-221xx/CVE-2024-22119.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-22119",
+  "sourceIdentifier": "security@zabbix.com",
+  "published": "2024-02-09T09:15:08.380",
+  "lastModified": "2024-02-09T09:15:08.380",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The cause of vulnerability is improper validation of form input field \u201cName\u201d on Graph page in Items section."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@zabbix.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@zabbix.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://support.zabbix.com/browse/ZBX-24070",
+      "source": "security@zabbix.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-256xx/CVE-2024-25674.json
+++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25674.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-25674",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T09:15:08.597",
+  "lastModified": "2024-02-09T09:15:08.597",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/MISP/MISP/commit/312d2d5422235235ddd211dcb6bb5bb09c07791f",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-256xx/CVE-2024-25675.json
+++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25675.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-25675",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T09:15:08.653",
+  "lastModified": "2024-02-09T09:15:08.653",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/MISP/MISP/commit/0ac2468c2896f4be4ef9219cfe02bff164411594",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-256xx/CVE-2024-25677.json
+++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25677.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-25677",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T09:15:08.717",
+  "lastModified": "2024-02-09T09:15:08.717",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/minbrowser/min/security/advisories/GHSA-4w9v-7h8h-rv8x",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-256xx/CVE-2024-25678.json
+++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25678.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2024-25678",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T10:15:08.683",
+  "lastModified": "2024-02-09T10:15:08.683",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/litespeedtech/lsquic/commit/515f453556c99d27c4dddb5424898dc1a5537708",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/litespeedtech/lsquic/releases/tag/v4.0.4",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.rfc-editor.org/rfc/rfc9001",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-256xx/CVE-2024-25679.json
+++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25679.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2024-25679",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T10:15:08.740",
+  "lastModified": "2024-02-09T10:15:08.740",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/p-quic/pquic/issues/35",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/p-quic/pquic/pull/39",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keys",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-02-09T09:00:29.872381+00:00
+2024-02-09T11:00:24.454996+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-02-09T08:15:09.037000+00:00
+2024-02-09T10:15:08.740000+00:00
 ```

 ### Last Data Feed Release
@ -29,28 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-238019
+238027
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `9`
+Recently added CVEs: `8`

-* [CVE-2023-31506](CVE-2023/CVE-2023-315xx/CVE-2023-31506.json) (`2024-02-09T07:15:59.310`)
-* [CVE-2023-39683](CVE-2023/CVE-2023-396xx/CVE-2023-39683.json) (`2024-02-09T07:15:59.960`)
-* [CVE-2023-46350](CVE-2023/CVE-2023-463xx/CVE-2023-46350.json) (`2024-02-09T08:15:08.253`)
-* [CVE-2023-50026](CVE-2023/CVE-2023-500xx/CVE-2023-50026.json) (`2024-02-09T08:15:08.460`)
-* [CVE-2024-0229](CVE-2024/CVE-2024-02xx/CVE-2024-0229.json) (`2024-02-09T07:16:00.107`)
-* [CVE-2024-23749](CVE-2024/CVE-2024-237xx/CVE-2024-23749.json) (`2024-02-09T08:15:08.530`)
-* [CVE-2024-24308](CVE-2024/CVE-2024-243xx/CVE-2024-24308.json) (`2024-02-09T08:15:08.707`)
-* [CVE-2024-25003](CVE-2024/CVE-2024-250xx/CVE-2024-25003.json) (`2024-02-09T07:16:00.807`)
-* [CVE-2024-25004](CVE-2024/CVE-2024-250xx/CVE-2024-25004.json) (`2024-02-09T07:16:00.930`)
+* [CVE-2023-6716](CVE-2023/CVE-2023-67xx/CVE-2023-6716.json) (`2024-02-09T09:15:07.733`)
+* [CVE-2024-21762](CVE-2024/CVE-2024-217xx/CVE-2024-21762.json) (`2024-02-09T09:15:08.087`)
+* [CVE-2024-22119](CVE-2024/CVE-2024-221xx/CVE-2024-22119.json) (`2024-02-09T09:15:08.380`)
+* [CVE-2024-25674](CVE-2024/CVE-2024-256xx/CVE-2024-25674.json) (`2024-02-09T09:15:08.597`)
+* [CVE-2024-25675](CVE-2024/CVE-2024-256xx/CVE-2024-25675.json) (`2024-02-09T09:15:08.653`)
+* [CVE-2024-25677](CVE-2024/CVE-2024-256xx/CVE-2024-25677.json) (`2024-02-09T09:15:08.717`)
+* [CVE-2024-25678](CVE-2024/CVE-2024-256xx/CVE-2024-25678.json) (`2024-02-09T10:15:08.683`)
+* [CVE-2024-25679](CVE-2024/CVE-2024-256xx/CVE-2024-25679.json) (`2024-02-09T10:15:08.740`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `2`

+* [CVE-2024-1263](CVE-2024/CVE-2024-12xx/CVE-2024-1263.json) (`2024-02-09T10:15:08.127`)
+* [CVE-2024-1264](CVE-2024/CVE-2024-12xx/CVE-2024-1264.json) (`2024-02-09T10:15:08.580`)


 ## Download and Usage