Auto-Update: 2024-10-15T08:00:18.035960+00:00

2025-05-08 03:27:17 +00:00 · 2024-10-15 08:03:19 +00:00 · 2024-10-15 08:03:19 +00:00 · 32b2b5eb77
commit 32b2b5eb77
parent 8236166b80
6 changed files with 263 additions and 11 deletions
--- a/CVE-2024/CVE-2024-01xx/CVE-2024-0129.json
+++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0129.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-0129",
+  "sourceIdentifier": "psirt@nvidia.com",
+  "published": "2024-10-15T06:15:02.520",
+  "lastModified": "2024-10-15T06:15:02.520",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@nvidia.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.0,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@nvidia.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5580",
+      "source": "psirt@nvidia.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-468xx/CVE-2024-46898.json
+++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46898.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-46898",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-10-15T07:15:02.267",
+  "lastModified": "2024-10-15T07:15:02.267",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "vultures@jpcert.or.jp",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "vultures@jpcert.or.jp",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/shirasagi/shirasagi/commit/5ac4685d7e4330f949f13219069107fc5d768934",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN58721679/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.ss-proj.org/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-99xx/CVE-2024-9944.json
+++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9944.json
@ -0,0 +1,68 @@
+{
+  "id": "CVE-2024-9944",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-10-15T06:15:02.967",
+  "lastModified": "2024-10-15T06:15:02.967",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@wordfence.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/woocommerce/woocommerce/pull/49370",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3115837%40woocommerce%2Ftrunk&old=3106873%40woocommerce%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://raw.githubusercontent.com/woocommerce/woocommerce/trunk/changelog.txt",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5dfe2a5-612f-4e6c-a639-4afcff2ffa4c?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-99xx/CVE-2024-9972.json
+++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9972.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-9972",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-10-15T07:15:02.750",
+  "lastModified": "2024-10-15T07:15:02.750",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8141-9b045-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8140-ee91e-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-15T06:00:17.136530+00:00
+2024-10-15T08:00:18.035960+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-15T05:15:11.530000+00:00
+2024-10-15T07:15:02.750000+00:00
 ```

 ### Last Data Feed Release
@ -33,17 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-265548
+265552
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `4`

- [CVE-2024-21535](CVE-2024/CVE-2024-215xx/CVE-2024-21535.json) (`2024-10-15T05:15:11.530`)
- [CVE-2024-9969](CVE-2024/CVE-2024-99xx/CVE-2024-9969.json) (`2024-10-15T04:15:04.413`)
- [CVE-2024-9970](CVE-2024/CVE-2024-99xx/CVE-2024-9970.json) (`2024-10-15T04:15:04.793`)
- [CVE-2024-9971](CVE-2024/CVE-2024-99xx/CVE-2024-9971.json) (`2024-10-15T04:15:05.080`)
+- [CVE-2024-0129](CVE-2024/CVE-2024-01xx/CVE-2024-0129.json) (`2024-10-15T06:15:02.520`)
+- [CVE-2024-46898](CVE-2024/CVE-2024-468xx/CVE-2024-46898.json) (`2024-10-15T07:15:02.267`)
+- [CVE-2024-9944](CVE-2024/CVE-2024-99xx/CVE-2024-9944.json) (`2024-10-15T06:15:02.967`)
+- [CVE-2024-9972](CVE-2024/CVE-2024-99xx/CVE-2024-9972.json) (`2024-10-15T07:15:02.750`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -241358,6 +241358,7 @@ CVE-2024-0116,0,0,a6cbe3db55579100922047f237b056c0420ed7fe26ca2d3a7e613c461d3443
 CVE-2024-0123,0,0,b5d565031402caa204bf1a28725c0c192ecd3daa1b8bc8f4d37470664175216b,2024-10-04T13:50:43.727000
 CVE-2024-0124,0,0,65a7ca3fa08b021f3ead82c3260c63de7cee799b77a5f239ccc73202de671521,2024-10-04T13:50:43.727000
 CVE-2024-0125,0,0,4cf16bcca0b2fb9dbeaeffe86943f72316182719c400fbcdf4c939215efb61c9,2024-10-04T13:50:43.727000
+CVE-2024-0129,1,1,da878527e9e40edb8030b6db6ee4f28c62b9b6081e68ec42ac4928a9b65112dc,2024-10-15T06:15:02.520000
 CVE-2024-0132,0,0,f1d27ee91d38f95f18265c56576359c7b74449c09c2448ac9270cfde0a145c24,2024-10-02T14:45:36.160000
 CVE-2024-0133,0,0,1869d101f5a07bee8a308ca6354c7bbc691223866612cf3986da3052ed18f6e1,2024-10-02T14:43:22.433000
 CVE-2024-0151,0,0,e688008e47f7f2b2995cf15f9fce74bb525b3898f5e47db0ad5b6ce2aa86a255,2024-08-09T19:35:02.910000
@ -244252,7 +244253,7 @@ CVE-2024-21531,0,0,556b4244c50c270222e18b4d703d3656d63fc81c95a1cab5391fb75a68df3
 CVE-2024-21532,0,0,a24d27f47c5298fab706ab72282873a260fc61d5e510f460d432a2b7b9c38bac,2024-10-10T12:57:21.987000
 CVE-2024-21533,0,0,b6d94b5290ee8a666e06ea3154c21a82f3a037332835b4cbc04bf2409f97ee11,2024-10-10T12:57:21.987000
 CVE-2024-21534,0,0,7edd88deeb19b219ecc2b90a3976d54902d3b9e86766a1e32c231ec19796b637,2024-10-11T21:36:23.557000
-CVE-2024-21535,1,1,77b63b874e7db44dae4667146b1a652bfb8aaf69315a52aade7762c8e795542c,2024-10-15T05:15:11.530000
+CVE-2024-21535,0,0,77b63b874e7db44dae4667146b1a652bfb8aaf69315a52aade7762c8e795542c,2024-10-15T05:15:11.530000
 CVE-2024-2154,0,0,ab5f0b39bb38e5c25606bad964d563e0edda059ff34db22b99ca2b3670b021ff,2024-05-17T02:38:04.970000
 CVE-2024-21545,0,0,614ed901d7a98204a096c9331020afa9e58729de6a0c722ccca7898674ea9a4d,2024-09-26T13:32:02.803000
 CVE-2024-2155,0,0,499612150b3a1be829ef430bb3388eb54a55d7bb52271f37f2a76ceb8af6c56f,2024-05-17T02:38:05.063000
@ -261271,6 +261272,7 @@ CVE-2024-4688,0,0,52289ed8c0286442cd44c00a18386eec964a66f3ff263d13f6b3a47ad78257
 CVE-2024-46886,0,0,a928062ae00bc94e4a7abf511f66b23a1126250ea4d99006bdee4b18a22b92db,2024-10-10T12:56:30.817000
 CVE-2024-46887,0,0,b7a0812e4d4a8d09f6eb4da630d645c25b0d554f80d4c4a4c7b07d79f22299bd,2024-10-10T12:56:30.817000
 CVE-2024-4689,0,0,a13cc88d2e9b12d452cf9b42ce57cc1735d851f3f551a07c40e7bb0f2ee113b8,2024-05-14T16:11:39.510000
+CVE-2024-46898,1,1,090feab6ab67318cf45d1da40d0b0a4cc89bf6e9bd659fd8b09f201f565aa04f,2024-10-15T07:15:02.267000
 CVE-2024-46911,0,0,c13f8d0102a83918280aa942c5da64550069a7b55c4abc0be81f9b5adedd122a,2024-10-14T09:15:04.297000
 CVE-2024-46918,0,0,bb2eeb1c2eb1e1757cf1750044772f91012857866544e10c0b718da276cf0057,2024-09-20T18:14:23.897000
 CVE-2024-4693,0,0,e3d9266511ed640ea0a2750bbbe8d9b8b25eda5f77b693324e75ee95f4a7a307,2024-05-14T16:11:39.510000
@ -265541,9 +265543,11 @@ CVE-2024-9922,0,0,38a9a769415efbcfedd53b122b48fa65b5e1f382fdf217a030bbaee2ce3081
 CVE-2024-9923,0,0,54d0eb71a24239c4cf72f6c8d2d43f40cc27d7ae4dae943f2db0568ffd629c72,2024-10-14T04:15:06.070000
 CVE-2024-9924,0,0,5d7f89079afc3d9ca8548ebb3725e799ef08b64b7b5fd0fc7f3c47978b6a83d8,2024-10-14T04:15:06.353000
 CVE-2024-9936,0,0,84f1422b67bbaa43c4b2b921a0bd24fe5cb86e5da956c7f811c06ae275078cda,2024-10-14T14:15:12.553000
+CVE-2024-9944,1,1,6b29c411c0e11286ac8186be38395b8b416c0e9124d101cf44b19765cc980b19,2024-10-15T06:15:02.967000
 CVE-2024-9952,0,0,6c9b73a8e4b10cb99cb5c164ba7fa12c94692c23e6d970a37d505df0c13bbb91,2024-10-15T02:15:03.403000
 CVE-2024-9953,0,0,4a504a26518c946bdd00df6aaba3929049f6fb7ebb2fe638799eca1ccb235ae3,2024-10-14T22:15:03.957000
 CVE-2024-9968,0,0,717d3c358e767369a770843606e1e4d5483d80687e292f6016fca8579965de7a,2024-10-15T03:15:02.360000
-CVE-2024-9969,1,1,cecfd308ad2e03f71dc5b9d4ea26ee57ff6f453836fcfce8973e360b5170dab6,2024-10-15T04:15:04.413000
-CVE-2024-9970,1,1,da32accfb2d25120b84c063f3a64982453a9afe6c85fcc9f83f58303dcf83157,2024-10-15T04:15:04.793000
-CVE-2024-9971,1,1,9e45feb9165a3cb00f61704141ebcf4fcf4e2bd7aeaf74a94f0ef43cd5d8b449,2024-10-15T04:15:05.080000
+CVE-2024-9969,0,0,cecfd308ad2e03f71dc5b9d4ea26ee57ff6f453836fcfce8973e360b5170dab6,2024-10-15T04:15:04.413000
+CVE-2024-9970,0,0,da32accfb2d25120b84c063f3a64982453a9afe6c85fcc9f83f58303dcf83157,2024-10-15T04:15:04.793000
+CVE-2024-9971,0,0,9e45feb9165a3cb00f61704141ebcf4fcf4e2bd7aeaf74a94f0ef43cd5d8b449,2024-10-15T04:15:05.080000
+CVE-2024-9972,1,1,b9b1dcedc769cf07af2b8c5d428605d09e4263e66eab68f5743c47b89c5a9cf1,2024-10-15T07:15:02.750000