diff --git a/CVE-2022/CVE-2022-460xx/CVE-2022-46089.json b/CVE-2022/CVE-2022-460xx/CVE-2022-46089.json new file mode 100644 index 00000000000..6aa6f520366 --- /dev/null +++ b/CVE-2022/CVE-2022-460xx/CVE-2022-46089.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-46089", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T02:15:51.337", + "lastModified": "2024-03-07T02:15:51.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability in the add-airline form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/ASR511-OO7/CVE-2022-46089/blob/main/CVE-35", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39325.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39325.json index 97ff1bca6a9..5daed585c37 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39325.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39325.json @@ -2,8 +2,8 @@ "id": "CVE-2023-39325", "sourceIdentifier": "security@golang.org", "published": "2023-10-11T22:15:09.880", - "lastModified": "2024-01-21T02:02:56.727", - "vulnStatus": "Analyzed", + "lastModified": "2024-03-07T02:15:51.393", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -347,6 +347,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W2LZSWTV4NV4SNQARNXG5T6LRHP26EW2/", + "source": "security@golang.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WCNCBYKZXLDFGAJUB7ZP5VLC3YTHJNVH/", "source": "security@golang.org", diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47415.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47415.json new file mode 100644 index 00000000000..562766410ca --- /dev/null +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47415.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-47415", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T01:15:51.850", + "lastModified": "2024-03-07T01:15:51.850", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cypress Solutions CTM-200 v2.7.1.5600 and below was discovered to contain an OS command injection vulnerability via the cli_text parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://ctm-200.com", + "source": "cve@mitre.org" + }, + { + "url": "http://cypress.com", + "source": "cve@mitre.org" + }, + { + "url": "https://gitlab.com/loudmouth-security/vulnerability-disclosures/cve-2023-47415", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49986.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49986.json new file mode 100644 index 00000000000..af01b375be2 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49986.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49986", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T01:15:51.923", + "lastModified": "2024-03-07T01:15:51.923", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in the component /admin/parent of School Fees Management System 1.0 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/geraldoalcantara/CVE-2023-49986", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49987.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49987.json new file mode 100644 index 00000000000..d6b9dae6bbc --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49987.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49987", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T01:15:51.980", + "lastModified": "2024-03-07T01:15:51.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in the component /management/term of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the tname parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/geraldoalcantara/CVE-2023-49987", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/15697/school-fees-management-system-project-php-and-codeigniter-free-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49988.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49988.json new file mode 100644 index 00000000000..673de936ec6 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49988.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49988", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T01:15:52.027", + "lastModified": "2024-03-07T01:15:52.027", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the npss parameter at rooms.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/geraldoalcantara/CVE-2023-49988", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/pratham-jaiswal/HotelBookingManagement", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49989.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49989.json new file mode 100644 index 00000000000..cf9e875565f --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49989.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49989", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T01:15:52.083", + "lastModified": "2024-03-07T01:15:52.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hotel Booking Management v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at update.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/geraldoalcantara/CVE-2023-49989", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/pratham-jaiswal/HotelBookingManagement", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-512xx/CVE-2023-51281.json b/CVE-2023/CVE-2023-512xx/CVE-2023-51281.json new file mode 100644 index 00000000000..e6099c8193d --- /dev/null +++ b/CVE-2023/CVE-2023-512xx/CVE-2023-51281.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-51281", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T01:15:52.133", + "lastModified": "2024-03-07T01:15:52.133", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Customer Support System v.1.0 allows a remote attacker to escalate privileges via a crafted script firstname, \"lastname\", \"middlename\", \"contact\" and address parameters." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/geraldoalcantara/CVE-2023-51281", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-517xx/CVE-2023-51786.json b/CVE-2023/CVE-2023-517xx/CVE-2023-51786.json new file mode 100644 index 00000000000..e973be9759d --- /dev/null +++ b/CVE-2023/CVE-2023-517xx/CVE-2023-51786.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-51786", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T01:15:52.180", + "lastModified": "2024-03-07T01:15:52.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0199.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0199.json new file mode 100644 index 00000000000..8e319fc85b7 --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0199.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-0199", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-03-07T01:15:52.233", + "lastModified": "2024-03-07T01:15:52.233", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/", + "source": "cve@gitlab.com" + }, + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/436977", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2295423", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0817.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0817.json new file mode 100644 index 00000000000..b210084e41f --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0817.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0817", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-03-07T02:15:51.660", + "lastModified": "2024-03-07T02:15:51.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "confirmed" + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1299.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1299.json new file mode 100644 index 00000000000..d3660ce2752 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1299.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-1299", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-03-07T01:15:52.443", + "lastModified": "2024-03-07T01:15:52.443", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/", + "source": "cve@gitlab.com" + }, + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/440745", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2356976", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-228xx/CVE-2024-22857.json b/CVE-2024/CVE-2024-228xx/CVE-2024-22857.json new file mode 100644 index 00000000000..738bf4146ec --- /dev/null +++ b/CVE-2024/CVE-2024-228xx/CVE-2024-22857.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-22857", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T01:15:52.640", + "lastModified": "2024-03-07T01:15:52.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "zlog 1.2.16 has a heap-based buffer overflow in struct zlog_rule_s while creating a new rule that is already defined in the provided configuration file. A regular user can achieve arbitrary code execution." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/HardySimpson/zlog/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/HardySimpson/zlog/blob/1a7b1a6fb956b92a4079ccc91f30da21f34ca063/src/rule.h#L30", + "source": "cve@mitre.org" + }, + { + "url": "https://www.cybersecurity-help.cz/vdb/SB2024022842", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23225.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23225.json index 2d54d65b3cb..c52e9acda56 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23225.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23225.json @@ -2,8 +2,12 @@ "id": "CVE-2024-23225", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-05T20:16:01.370", - "lastModified": "2024-03-06T15:18:08.093", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-07T02:00:02.283", + "vulnStatus": "Undergoing Analysis", + "cisaExploitAdd": "2024-03-06", + "cisaActionDue": "2024-03-27", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Apple iOS and iPadOS Memory Corruption Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23296.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23296.json index 44cd620cbd3..11985a867e5 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23296.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23296.json @@ -2,8 +2,12 @@ "id": "CVE-2024-23296", "sourceIdentifier": "product-security@apple.com", "published": "2024-03-05T20:16:01.553", - "lastModified": "2024-03-06T15:18:08.093", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-03-07T02:00:02.283", + "vulnStatus": "Undergoing Analysis", + "cisaExploitAdd": "2024-03-06", + "cisaActionDue": "2024-03-27", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Apple iOS and iPadOS Memory Corruption Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23835.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23835.json index 7a41305f80e..77c15f04be1 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23835.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23835.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23835", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-26T16:27:57.417", - "lastModified": "2024-02-26T16:32:25.577", + "lastModified": "2024-03-07T02:15:51.880", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser." + }, + { + "lang": "es", + "value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de la versi\u00f3n 7.0.3, el uso excesivo de memoria durante el an\u00e1lisis de pgsql pod\u00eda provocar fallos relacionados con OOM. Esta vulnerabilidad est\u00e1 parcheada en 7.0.3. Como workaround, los usuarios pueden desactivar el analizador de capa de aplicaci\u00f3n pgsql." } ], "metrics": { @@ -63,6 +67,10 @@ "url": "https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc", "source": "security-advisories@github.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/", + "source": "security-advisories@github.com" + }, { "url": "https://redmine.openinfosecfoundation.org/issues/6411", "source": "security-advisories@github.com" diff --git a/CVE-2024/CVE-2024-243xx/CVE-2024-24375.json b/CVE-2024/CVE-2024-243xx/CVE-2024-24375.json new file mode 100644 index 00000000000..97abef77c3a --- /dev/null +++ b/CVE-2024/CVE-2024-243xx/CVE-2024-24375.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-24375", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T01:15:52.707", + "lastModified": "2024-03-07T01:15:52.707", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/RiverGone/records/blob/main/JFinalcms-admin-admin-name.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-243xx/CVE-2024-24389.json b/CVE-2024/CVE-2024-243xx/CVE-2024-24389.json new file mode 100644 index 00000000000..d193c48488d --- /dev/null +++ b/CVE-2024/CVE-2024-243xx/CVE-2024-24389.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-24389", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T02:15:51.970", + "lastModified": "2024-03-07T02:15:51.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://j11zuc9f0h2.feishu.cn/docx/TXRmdIcH3ocn1WxuEQBcNPpjnLe", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24568.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24568.json index ab0773ae3ab..05dde40614e 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24568.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24568.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24568", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-26T16:27:58.293", - "lastModified": "2024-02-26T16:32:25.577", + "lastModified": "2024-03-07T02:15:52.017", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3." + }, + { + "lang": "es", + "value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de 7.0.3, el tr\u00e1fico manipulado pod\u00eda eludir las reglas que inspeccionaban los encabezados HTTP2. La vulnerabilidad ha sido parcheada en 7.0.3." } ], "metrics": { @@ -55,6 +59,10 @@ "url": "https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c", "source": "security-advisories@github.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/", + "source": "security-advisories@github.com" + }, { "url": "https://redmine.openinfosecfoundation.org/issues/6717", "source": "security-advisories@github.com" diff --git a/CVE-2024/CVE-2024-265xx/CVE-2024-26566.json b/CVE-2024/CVE-2024-265xx/CVE-2024-26566.json new file mode 100644 index 00000000000..a1277d50e2e --- /dev/null +++ b/CVE-2024/CVE-2024-265xx/CVE-2024-26566.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-26566", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-07T01:15:52.757", + "lastModified": "2024-03-07T01:15:52.757", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://cute.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/GZLDL/CVE/blob/main/CVE-2024-26566/CVE-2024-26566%20English.md", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/GZLDL/CVE/tree/main/Cute%20Http%20File%20Server%20JWT", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index eabb3e0c1f2..3622ecbc496 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-07T00:55:32.827523+00:00 +2024-03-07T03:00:24.414771+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-06T23:15:07.363000+00:00 +2024-03-07T02:15:52.017000+00:00 ``` ### Last Data Feed Release @@ -23,28 +23,45 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-03-06T01:00:20.248102+00:00 +2024-03-07T01:00:28.284195+00:00 ``` ### Total Number of included CVEs ```plain -240715 +240730 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `15` +* [CVE-2022-46089](CVE-2022/CVE-2022-460xx/CVE-2022-46089.json) (`2024-03-07T02:15:51.337`) +* [CVE-2023-47415](CVE-2023/CVE-2023-474xx/CVE-2023-47415.json) (`2024-03-07T01:15:51.850`) +* [CVE-2023-49986](CVE-2023/CVE-2023-499xx/CVE-2023-49986.json) (`2024-03-07T01:15:51.923`) +* [CVE-2023-49987](CVE-2023/CVE-2023-499xx/CVE-2023-49987.json) (`2024-03-07T01:15:51.980`) +* [CVE-2023-49988](CVE-2023/CVE-2023-499xx/CVE-2023-49988.json) (`2024-03-07T01:15:52.027`) +* [CVE-2023-49989](CVE-2023/CVE-2023-499xx/CVE-2023-49989.json) (`2024-03-07T01:15:52.083`) +* [CVE-2023-51281](CVE-2023/CVE-2023-512xx/CVE-2023-51281.json) (`2024-03-07T01:15:52.133`) +* [CVE-2023-51786](CVE-2023/CVE-2023-517xx/CVE-2023-51786.json) (`2024-03-07T01:15:52.180`) +* [CVE-2024-0199](CVE-2024/CVE-2024-01xx/CVE-2024-0199.json) (`2024-03-07T01:15:52.233`) +* [CVE-2024-1299](CVE-2024/CVE-2024-12xx/CVE-2024-1299.json) (`2024-03-07T01:15:52.443`) +* [CVE-2024-22857](CVE-2024/CVE-2024-228xx/CVE-2024-22857.json) (`2024-03-07T01:15:52.640`) +* [CVE-2024-24375](CVE-2024/CVE-2024-243xx/CVE-2024-24375.json) (`2024-03-07T01:15:52.707`) +* [CVE-2024-26566](CVE-2024/CVE-2024-265xx/CVE-2024-26566.json) (`2024-03-07T01:15:52.757`) +* [CVE-2024-0817](CVE-2024/CVE-2024-08xx/CVE-2024-0817.json) (`2024-03-07T02:15:51.660`) +* [CVE-2024-24389](CVE-2024/CVE-2024-243xx/CVE-2024-24389.json) (`2024-03-07T02:15:51.970`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `5` -* [CVE-2019-1020001](CVE-2019/CVE-2019-10200xx/CVE-2019-1020001.json) (`2024-03-06T23:15:07.103`) -* [CVE-2024-26621](CVE-2024/CVE-2024-266xx/CVE-2024-26621.json) (`2024-03-06T23:15:07.297`) -* [CVE-2024-27285](CVE-2024/CVE-2024-272xx/CVE-2024-27285.json) (`2024-03-06T23:15:07.363`) +* [CVE-2023-39325](CVE-2023/CVE-2023-393xx/CVE-2023-39325.json) (`2024-03-07T02:15:51.393`) +* [CVE-2024-23225](CVE-2024/CVE-2024-232xx/CVE-2024-23225.json) (`2024-03-07T02:00:02.283`) +* [CVE-2024-23296](CVE-2024/CVE-2024-232xx/CVE-2024-23296.json) (`2024-03-07T02:00:02.283`) +* [CVE-2024-23835](CVE-2024/CVE-2024-238xx/CVE-2024-23835.json) (`2024-03-07T02:15:51.880`) +* [CVE-2024-24568](CVE-2024/CVE-2024-245xx/CVE-2024-24568.json) (`2024-03-07T02:15:52.017`) ## Download and Usage