diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4961.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4961.json new file mode 100644 index 00000000000..37c58bd86a6 --- /dev/null +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4961.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2022-4961", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-12T05:15:09.263", + "lastModified": "2024-01-12T05:15:09.263", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\\src\\main\\resources\\com\\platform\\dao\\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/fuyang_lipengjun/platform/issues/I5XC79", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250243", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250243", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-505xx/CVE-2023-50570.json b/CVE-2023/CVE-2023-505xx/CVE-2023-50570.json index df65e3e9016..b22a50374b7 100644 --- a/CVE-2023/CVE-2023-505xx/CVE-2023-50570.json +++ b/CVE-2023/CVE-2023-505xx/CVE-2023-50570.json @@ -2,12 +2,12 @@ "id": "CVE-2023-50570", "sourceIdentifier": "cve@mitre.org", "published": "2023-12-29T15:15:09.927", - "lastModified": "2024-01-05T18:18:13.037", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-12T06:15:46.980", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop." + "value": "An issue in the component IPAddressBitsDivision of IPAddress v5.1.0 leads to an infinite loop. This is disputed because an infinite loop occurs only for cases in which the developer supplies invalid arguments. The product is not intended to always halt for contrived inputs." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0393.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0393.json new file mode 100644 index 00000000000..6ee1b42409c --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0393.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2024-0393", + "sourceIdentifier": "cve@rapid7.con", + "published": "2024-01-12T06:15:47.157", + "lastModified": "2024-01-12T06:15:47.157", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: This CVE ID was unused by the CNA." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23171.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23171.json new file mode 100644 index 00000000000..788d31b4faf --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23171.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-23171", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-12T05:15:10.033", + "lastModified": "2024-01-12T05:15:10.033", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6", + "source": "cve@mitre.org" + }, + { + "url": "https://phabricator.wikimedia.org/T348343", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23172.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23172.json new file mode 100644 index 00000000000..3a7c882470b --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23172.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-23172", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-12T05:15:10.187", + "lastModified": "2024-01-12T05:15:10.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179", + "source": "cve@mitre.org" + }, + { + "url": "https://phabricator.wikimedia.org/T347708", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23173.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23173.json new file mode 100644 index 00000000000..a90eb7e1af8 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23173.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-23173", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-12T05:15:10.237", + "lastModified": "2024-01-12T05:15:10.237", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214", + "source": "cve@mitre.org" + }, + { + "url": "https://phabricator.wikimedia.org/T348687", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23174.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23174.json new file mode 100644 index 00000000000..98f30d679c1 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23174.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-23174", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-12T05:15:10.387", + "lastModified": "2024-01-12T05:15:10.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177", + "source": "cve@mitre.org" + }, + { + "url": "https://phabricator.wikimedia.org/T347704", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23177.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23177.json new file mode 100644 index 00000000000..740b33c7dbb --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23177.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-23177", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-12T06:15:47.297", + "lastModified": "2024-01-12T06:15:47.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/", + "source": "cve@mitre.org" + }, + { + "url": "https://phabricator.wikimedia.org/T348979", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23178.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23178.json new file mode 100644 index 00000000000..8b9df6b8f07 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23178.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-23178", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-12T06:15:47.337", + "lastModified": "2024-01-12T06:15:47.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/", + "source": "cve@mitre.org" + }, + { + "url": "https://phabricator.wikimedia.org/T349312", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23179.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23179.json new file mode 100644 index 00000000000..2dfd0129f62 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23179.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-23179", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-12T06:15:47.383", + "lastModified": "2024-01-12T06:15:47.383", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce%40lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/", + "source": "cve@mitre.org" + }, + { + "url": "https://phabricator.wikimedia.org/T347746", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 5912da783c5..25b06121adb 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-12T05:00:24.610868+00:00 +2024-01-12T07:00:24.235912+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-12T04:15:08.123000+00:00 +2024-01-12T06:15:47.383000+00:00 ``` ### Last Data Feed Release @@ -29,27 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235716 +235725 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `9` -* [CVE-2016-20021](CVE-2016/CVE-2016-200xx/CVE-2016-20021.json) (`2024-01-12T03:15:08.410`) -* [CVE-2022-48619](CVE-2022/CVE-2022-486xx/CVE-2022-48619.json) (`2024-01-12T03:15:08.633`) -* [CVE-2022-4960](CVE-2022/CVE-2022-49xx/CVE-2022-4960.json) (`2024-01-12T03:15:08.683`) -* [CVE-2022-48620](CVE-2022/CVE-2022-486xx/CVE-2022-48620.json) (`2024-01-12T04:15:08.123`) +* [CVE-2022-4961](CVE-2022/CVE-2022-49xx/CVE-2022-4961.json) (`2024-01-12T05:15:09.263`) +* [CVE-2024-23171](CVE-2024/CVE-2024-231xx/CVE-2024-23171.json) (`2024-01-12T05:15:10.033`) +* [CVE-2024-23172](CVE-2024/CVE-2024-231xx/CVE-2024-23172.json) (`2024-01-12T05:15:10.187`) +* [CVE-2024-23173](CVE-2024/CVE-2024-231xx/CVE-2024-23173.json) (`2024-01-12T05:15:10.237`) +* [CVE-2024-23174](CVE-2024/CVE-2024-231xx/CVE-2024-23174.json) (`2024-01-12T05:15:10.387`) +* [CVE-2024-0393](CVE-2024/CVE-2024-03xx/CVE-2024-0393.json) (`2024-01-12T06:15:47.157`) +* [CVE-2024-23177](CVE-2024/CVE-2024-231xx/CVE-2024-23177.json) (`2024-01-12T06:15:47.297`) +* [CVE-2024-23178](CVE-2024/CVE-2024-231xx/CVE-2024-23178.json) (`2024-01-12T06:15:47.337`) +* [CVE-2024-23179](CVE-2024/CVE-2024-231xx/CVE-2024-23179.json) (`2024-01-12T06:15:47.383`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `1` -* [CVE-2021-42260](CVE-2021/CVE-2021-422xx/CVE-2021-42260.json) (`2024-01-12T03:15:08.540`) -* [CVE-2023-34194](CVE-2023/CVE-2023-341xx/CVE-2023-34194.json) (`2024-01-12T03:15:08.950`) -* [CVE-2023-51766](CVE-2023/CVE-2023-517xx/CVE-2023-51766.json) (`2024-01-12T03:15:09.037`) -* [CVE-2023-6040](CVE-2023/CVE-2023-60xx/CVE-2023-6040.json) (`2024-01-12T03:15:09.153`) +* [CVE-2023-50570](CVE-2023/CVE-2023-505xx/CVE-2023-50570.json) (`2024-01-12T06:15:46.980`) ## Download and Usage