Auto-Update: 2024-02-28T13:01:05.559311+00:00

CVE-2024/CVE-2024-16xx/CVE-2024-1632.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-1632",
+  "sourceIdentifier": "security@progress.com",
+  "published": "2024-02-28T12:15:46.253",
+  "lastModified": "2024-02-28T12:15:46.253",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@progress.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@progress.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024",
+      "source": "security@progress.com"
+    },
+    {
+      "url": "https://www.progress.com/sitefinity-cms",
+      "source": "security@progress.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-16xx/CVE-2024-1636.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-1636",
+  "sourceIdentifier": "security@progress.com",
+  "published": "2024-02-28T12:15:47.097",
+  "lastModified": "2024-02-28T12:15:47.097",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Potential Cross-Site Scripting (XSS) in the page editing area."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@progress.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.0,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@progress.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024",
+      "source": "security@progress.com"
+    },
+    {
+      "url": "https://www.progress.com/sitefinity-cms",
+      "source": "security@progress.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-247xx/CVE-2024-24772.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-24772",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-02-28T12:15:47.273",
+  "lastModified": "2024-02-28T12:15:47.273",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@apache.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5",
+      "source": "security@apache.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-247xx/CVE-2024-24773.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-24773",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-02-28T12:15:47.477",
+  "lastModified": "2024-02-28T12:15:47.477",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1, which fixes the issue.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@apache.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501",
+      "source": "security@apache.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-247xx/CVE-2024-24779.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-24779",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-02-28T12:15:47.660",
+  "lastModified": "2024-02-28T12:15:47.660",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data.\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.\n\nUsers are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@apache.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.0,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq",
+      "source": "security@apache.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-260xx/CVE-2024-26016.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-26016",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-02-28T12:15:47.850",
+  "lastModified": "2024-02-28T12:15:47.850",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges.\n\nThis issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@apache.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s",
+      "source": "security@apache.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-02-28T11:08:30.242322+00:00
+2024-02-28T13:01:05.559311+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-02-28T10:15:09.650000+00:00
+2024-02-28T12:15:47.850000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,38 +29,19 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-239805
+239811
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `110`
+Recently added CVEs: `6`
 
-* [CVE-2021-47053](CVE-2021/CVE-2021-470xx/CVE-2021-47053.json) (`2024-02-28T09:15:40.607`)
-* [CVE-2023-6922](CVE-2023/CVE-2023-69xx/CVE-2023-6922.json) (`2024-02-28T09:15:40.673`)
-* [CVE-2024-0431](CVE-2024/CVE-2024-04xx/CVE-2024-0431.json) (`2024-02-28T09:15:40.863`)
-* [CVE-2024-0432](CVE-2024/CVE-2024-04xx/CVE-2024-0432.json) (`2024-02-28T09:15:41.053`)
-* [CVE-2024-0433](CVE-2024/CVE-2024-04xx/CVE-2024-0433.json) (`2024-02-28T09:15:41.240`)
-* [CVE-2024-0680](CVE-2024/CVE-2024-06xx/CVE-2024-0680.json) (`2024-02-28T09:15:41.403`)
-* [CVE-2024-0682](CVE-2024/CVE-2024-06xx/CVE-2024-0682.json) (`2024-02-28T09:15:41.573`)
-* [CVE-2024-0766](CVE-2024/CVE-2024-07xx/CVE-2024-0766.json) (`2024-02-28T09:15:41.740`)
-* [CVE-2024-0767](CVE-2024/CVE-2024-07xx/CVE-2024-0767.json) (`2024-02-28T09:15:41.903`)
-* [CVE-2024-0768](CVE-2024/CVE-2024-07xx/CVE-2024-0768.json) (`2024-02-28T09:15:42.063`)
-* [CVE-2024-0786](CVE-2024/CVE-2024-07xx/CVE-2024-0786.json) (`2024-02-28T09:15:42.217`)
-* [CVE-2024-0975](CVE-2024/CVE-2024-09xx/CVE-2024-0975.json) (`2024-02-28T09:15:42.377`)
-* [CVE-2024-1136](CVE-2024/CVE-2024-11xx/CVE-2024-1136.json) (`2024-02-28T09:15:42.530`)
-* [CVE-2024-1368](CVE-2024/CVE-2024-13xx/CVE-2024-1368.json) (`2024-02-28T09:15:42.690`)
-* [CVE-2024-1476](CVE-2024/CVE-2024-14xx/CVE-2024-1476.json) (`2024-02-28T09:15:42.850`)
-* [CVE-2024-1514](CVE-2024/CVE-2024-15xx/CVE-2024-1514.json) (`2024-02-28T09:15:43.023`)
-* [CVE-2024-1516](CVE-2024/CVE-2024-15xx/CVE-2024-1516.json) (`2024-02-28T09:15:43.200`)
-* [CVE-2024-1566](CVE-2024/CVE-2024-15xx/CVE-2024-1566.json) (`2024-02-28T09:15:43.370`)
-* [CVE-2024-1791](CVE-2024/CVE-2024-17xx/CVE-2024-1791.json) (`2024-02-28T09:15:43.530`)
-* [CVE-2024-1954](CVE-2024/CVE-2024-19xx/CVE-2024-1954.json) (`2024-02-28T09:15:43.693`)
-* [CVE-2024-22459](CVE-2024/CVE-2024-224xx/CVE-2024-22459.json) (`2024-02-28T09:15:43.877`)
-* [CVE-2024-1719](CVE-2024/CVE-2024-17xx/CVE-2024-1719.json) (`2024-02-28T10:15:09.143`)
-* [CVE-2024-1860](CVE-2024/CVE-2024-18xx/CVE-2024-1860.json) (`2024-02-28T10:15:09.320`)
-* [CVE-2024-1861](CVE-2024/CVE-2024-18xx/CVE-2024-1861.json) (`2024-02-28T10:15:09.483`)
-* [CVE-2024-27315](CVE-2024/CVE-2024-273xx/CVE-2024-27315.json) (`2024-02-28T10:15:09.650`)
+* [CVE-2024-1632](CVE-2024/CVE-2024-16xx/CVE-2024-1632.json) (`2024-02-28T12:15:46.253`)
+* [CVE-2024-1636](CVE-2024/CVE-2024-16xx/CVE-2024-1636.json) (`2024-02-28T12:15:47.097`)
+* [CVE-2024-24772](CVE-2024/CVE-2024-247xx/CVE-2024-24772.json) (`2024-02-28T12:15:47.273`)
+* [CVE-2024-24773](CVE-2024/CVE-2024-247xx/CVE-2024-24773.json) (`2024-02-28T12:15:47.477`)
+* [CVE-2024-24779](CVE-2024/CVE-2024-247xx/CVE-2024-24779.json) (`2024-02-28T12:15:47.660`)
+* [CVE-2024-26016](CVE-2024/CVE-2024-260xx/CVE-2024-26016.json) (`2024-02-28T12:15:47.850`)
 
 
 ### CVEs modified in the last Commit