From 2aece3c1ee46dc9bd8783b21e38e779b1511903b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 18 Aug 2024 14:03:13 +0000 Subject: [PATCH] Auto-Update: 2024-08-18T14:00:17.232605+00:00 --- CVE-2024/CVE-2024-433xx/CVE-2024-43353.json | 56 ++++++++ CVE-2024/CVE-2024-79xx/CVE-2024-7905.json | 137 ++++++++++++++++++++ README.md | 14 +- _state.csv | 6 +- 4 files changed, 204 insertions(+), 9 deletions(-) create mode 100644 CVE-2024/CVE-2024-433xx/CVE-2024-43353.json create mode 100644 CVE-2024/CVE-2024-79xx/CVE-2024-7905.json diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43353.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43353.json new file mode 100644 index 00000000000..24f473c3d30 --- /dev/null +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43353.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-43353", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-08-18T13:15:03.637", + "lastModified": "2024-08-18T13:15:03.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in myCred allows Stored XSS.This issue affects myCred: from n/a through 2.7.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/mycred/wordpress-mycred-plugin-2-7-2-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7905.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7905.json new file mode 100644 index 00000000000..dd6d10a4bc7 --- /dev/null +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7905.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-7905", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-18T12:15:04.397", + "lastModified": "2024-08-18T12:15:04.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in DedeBIZ 6.3.0. This affects the function AdminUpload of the file admin/archives_do.php. The manipulation of the argument litpic leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE17-3.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275031", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275031", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.388362", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 96afaefbcec..d2f42729473 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-18T10:00:17.455366+00:00 +2024-08-18T14:00:17.232605+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-18T09:15:04.973000+00:00 +2024-08-18T13:15:03.637000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -260393 +260395 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2024-7904](CVE-2024/CVE-2024-79xx/CVE-2024-7904.json) (`2024-08-18T09:15:04.973`) +- [CVE-2024-43353](CVE-2024/CVE-2024-433xx/CVE-2024-43353.json) (`2024-08-18T13:15:03.637`) +- [CVE-2024-7905](CVE-2024/CVE-2024-79xx/CVE-2024-7905.json) (`2024-08-18T12:15:04.397`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-42318](CVE-2024/CVE-2024-423xx/CVE-2024-42318.json) (`2024-08-18T09:15:04.670`) ## Download and Usage diff --git a/_state.csv b/_state.csv index af5e291a8a0..2e6c10e98d9 100644 --- a/_state.csv +++ b/_state.csv @@ -257453,7 +257453,7 @@ CVE-2024-42314,0,0,fae79bc6a62aebb94341bd0a34a4ffafb0c7b9e0b8c9de278d5a78cf72fd6 CVE-2024-42315,0,0,90ee9ee787d775411337eb3e919a718f1333926233a58c375d402d02c9e4c0c9,2024-08-17T09:15:11.470000 CVE-2024-42316,0,0,0316f29b9e5674024065f15a396c2f0f43f9d0fd7a88eb256049471822787f1c,2024-08-17T09:15:11.547000 CVE-2024-42317,0,0,a165dce7f440276c020fbc7ed30fbfa07302c8b51e501fa3b5401c398a7adb57,2024-08-17T09:15:11.633000 -CVE-2024-42318,0,1,996d55fb911226f84a145e43759425c82039d6e9c3f6b043a29c842c7ecd2cd6,2024-08-18T09:15:04.670000 +CVE-2024-42318,0,0,996d55fb911226f84a145e43759425c82039d6e9c3f6b043a29c842c7ecd2cd6,2024-08-18T09:15:04.670000 CVE-2024-42319,0,0,97b1d3ea5f63680e439731ebd74b0ad556f44f1414e1d4d3c15cefe3c1a3ca43,2024-08-17T09:15:11.767000 CVE-2024-4232,0,0,d86181ca34c980ccca9d603012d25d1fd9d02a5c899c7483f16d67878d54942c,2024-07-03T02:07:15.740000 CVE-2024-42320,0,0,96d235ed83f196d3f890c63e30dba1ba25169caa48eb2246ebc6d5c788ad4506,2024-08-17T09:15:11.833000 @@ -257762,6 +257762,7 @@ CVE-2024-4332,0,0,229e2a44f62342d9fecf4d77bd1ae1368633da9c89a437515cafc4b1ffcbd9 CVE-2024-4333,0,0,640575820e0b30891814a5a9385bc808a4cb1fa6f8846116192c877d2f9953e9,2024-05-14T19:17:55.627000 CVE-2024-4334,0,0,0bbc9e9de57a0c229384d6d19ec0f1942ba088838a67e65a09daa4455a2054dd,2024-05-02T18:00:37.360000 CVE-2024-4335,0,0,0ca058a6a5d3d4471e4538114fc6d3ccf52ed0e69923cf2c5461b8aef31c87bc,2024-05-14T16:11:39.510000 +CVE-2024-43353,1,1,b36e57f698bbcecaaa53e730e555a16c07221c30e4dda17b92fa02b775f2b264,2024-08-18T13:15:03.637000 CVE-2024-43357,0,0,5dc27b73f336cd5e6c70fedf39032f4547faea9efaaa946c66076ebffd733738,2024-08-15T19:15:20.107000 CVE-2024-43358,0,0,fbf8fe905c3ca9abb9115b42cc5614eccd0cebf28f3e14adb9347834e27ffc3a,2024-08-13T12:58:25.437000 CVE-2024-43359,0,0,65d4fabedd6480e45a35d791ca8acdefa39599f7f2c5dac0d8096fc11d685101,2024-08-13T12:58:25.437000 @@ -260391,4 +260392,5 @@ CVE-2024-7900,0,0,854584c170ab28081d54315529d53510804f522211e9a4a31ffb01a22fa746 CVE-2024-7901,0,0,618a2039f51cbbbc0d5c3ddaa5027b5967637dce6171bdd0d5691af36c86bc29,2024-08-17T21:15:03.773000 CVE-2024-7902,0,0,cbd573e84ca67ff2b53cf8a42d7d83afc92757983fa6b70e4db7dd6cd063dfb8,2024-08-17T22:15:04.190000 CVE-2024-7903,0,0,8d7843d16187b57c0ec430196d9a14825eadb602191eca2998b1f5041ce037b8,2024-08-18T07:15:03.763000 -CVE-2024-7904,1,1,c57b9b0a7afe4ddf2b389d6f0877116812f1d85f16981e375bb4bc54849ca0fc,2024-08-18T09:15:04.973000 +CVE-2024-7904,0,0,c57b9b0a7afe4ddf2b389d6f0877116812f1d85f16981e375bb4bc54849ca0fc,2024-08-18T09:15:04.973000 +CVE-2024-7905,1,1,83bd74ff7f9a0d327aa4b77d2021933a8729049dacae0baa5dce168c40c2a131,2024-08-18T12:15:04.397000