diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0129.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0129.json new file mode 100644 index 00000000000..15a39061686 --- /dev/null +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0129.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-0129", + "sourceIdentifier": "psirt@nvidia.com", + "published": "2024-10-15T06:15:02.520", + "lastModified": "2024-10-15T06:15:02.520", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "NVIDIA NeMo contains a vulnerability in SaveRestoreConnector where a user may cause a path traversal issue via an unsafe .tar file extraction. A successful exploit of this vulnerability may lead to code execution and data tampering." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.0, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@nvidia.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5580", + "source": "psirt@nvidia.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46898.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46898.json new file mode 100644 index 00000000000..6f768de09d1 --- /dev/null +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46898.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-46898", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-10-15T07:15:02.267", + "lastModified": "2024-10-15T07:15:02.267", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SHIRASAGI prior to v1.19.1 processes URLs in HTTP requests improperly, resulting in a path traversal vulnerability. If this vulnerability is exploited, arbitrary files on the server may be retrieved when processing crafted HTTP requests." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "vultures@jpcert.or.jp", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/shirasagi/shirasagi/commit/5ac4685d7e4330f949f13219069107fc5d768934", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN58721679/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://www.ss-proj.org/", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9944.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9944.json new file mode 100644 index 00000000000..43ac2d8a13f --- /dev/null +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9944.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-9944", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-10-15T06:15:02.967", + "lastModified": "2024-10-15T06:15:02.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 9.0.2. This is due to the plugin not properly neutralizing HTML elements from submitted order forms. This makes it possible for unauthenticated attackers to inject arbitrary HTML that will render when the administrator views order form submissions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/woocommerce/woocommerce/pull/49370", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3115837%40woocommerce%2Ftrunk&old=3106873%40woocommerce%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://raw.githubusercontent.com/woocommerce/woocommerce/trunk/changelog.txt", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b5dfe2a5-612f-4e6c-a639-4afcff2ffa4c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9972.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9972.json new file mode 100644 index 00000000000..5e5c75676c3 --- /dev/null +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9972.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9972", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-10-15T07:15:02.750", + "lastModified": "2024-10-15T07:15:02.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/cp-139-8141-9b045-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-8140-ee91e-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3fc3329097e..a1310c96f37 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-15T06:00:17.136530+00:00 +2024-10-15T08:00:18.035960+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-15T05:15:11.530000+00:00 +2024-10-15T07:15:02.750000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -265548 +265552 ``` ### CVEs added in the last Commit Recently added CVEs: `4` -- [CVE-2024-21535](CVE-2024/CVE-2024-215xx/CVE-2024-21535.json) (`2024-10-15T05:15:11.530`) -- [CVE-2024-9969](CVE-2024/CVE-2024-99xx/CVE-2024-9969.json) (`2024-10-15T04:15:04.413`) -- [CVE-2024-9970](CVE-2024/CVE-2024-99xx/CVE-2024-9970.json) (`2024-10-15T04:15:04.793`) -- [CVE-2024-9971](CVE-2024/CVE-2024-99xx/CVE-2024-9971.json) (`2024-10-15T04:15:05.080`) +- [CVE-2024-0129](CVE-2024/CVE-2024-01xx/CVE-2024-0129.json) (`2024-10-15T06:15:02.520`) +- [CVE-2024-46898](CVE-2024/CVE-2024-468xx/CVE-2024-46898.json) (`2024-10-15T07:15:02.267`) +- [CVE-2024-9944](CVE-2024/CVE-2024-99xx/CVE-2024-9944.json) (`2024-10-15T06:15:02.967`) +- [CVE-2024-9972](CVE-2024/CVE-2024-99xx/CVE-2024-9972.json) (`2024-10-15T07:15:02.750`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 424a4570e03..aff4966c57d 100644 --- a/_state.csv +++ b/_state.csv @@ -241358,6 +241358,7 @@ CVE-2024-0116,0,0,a6cbe3db55579100922047f237b056c0420ed7fe26ca2d3a7e613c461d3443 CVE-2024-0123,0,0,b5d565031402caa204bf1a28725c0c192ecd3daa1b8bc8f4d37470664175216b,2024-10-04T13:50:43.727000 CVE-2024-0124,0,0,65a7ca3fa08b021f3ead82c3260c63de7cee799b77a5f239ccc73202de671521,2024-10-04T13:50:43.727000 CVE-2024-0125,0,0,4cf16bcca0b2fb9dbeaeffe86943f72316182719c400fbcdf4c939215efb61c9,2024-10-04T13:50:43.727000 +CVE-2024-0129,1,1,da878527e9e40edb8030b6db6ee4f28c62b9b6081e68ec42ac4928a9b65112dc,2024-10-15T06:15:02.520000 CVE-2024-0132,0,0,f1d27ee91d38f95f18265c56576359c7b74449c09c2448ac9270cfde0a145c24,2024-10-02T14:45:36.160000 CVE-2024-0133,0,0,1869d101f5a07bee8a308ca6354c7bbc691223866612cf3986da3052ed18f6e1,2024-10-02T14:43:22.433000 CVE-2024-0151,0,0,e688008e47f7f2b2995cf15f9fce74bb525b3898f5e47db0ad5b6ce2aa86a255,2024-08-09T19:35:02.910000 @@ -244252,7 +244253,7 @@ CVE-2024-21531,0,0,556b4244c50c270222e18b4d703d3656d63fc81c95a1cab5391fb75a68df3 CVE-2024-21532,0,0,a24d27f47c5298fab706ab72282873a260fc61d5e510f460d432a2b7b9c38bac,2024-10-10T12:57:21.987000 CVE-2024-21533,0,0,b6d94b5290ee8a666e06ea3154c21a82f3a037332835b4cbc04bf2409f97ee11,2024-10-10T12:57:21.987000 CVE-2024-21534,0,0,7edd88deeb19b219ecc2b90a3976d54902d3b9e86766a1e32c231ec19796b637,2024-10-11T21:36:23.557000 -CVE-2024-21535,1,1,77b63b874e7db44dae4667146b1a652bfb8aaf69315a52aade7762c8e795542c,2024-10-15T05:15:11.530000 +CVE-2024-21535,0,0,77b63b874e7db44dae4667146b1a652bfb8aaf69315a52aade7762c8e795542c,2024-10-15T05:15:11.530000 CVE-2024-2154,0,0,ab5f0b39bb38e5c25606bad964d563e0edda059ff34db22b99ca2b3670b021ff,2024-05-17T02:38:04.970000 CVE-2024-21545,0,0,614ed901d7a98204a096c9331020afa9e58729de6a0c722ccca7898674ea9a4d,2024-09-26T13:32:02.803000 CVE-2024-2155,0,0,499612150b3a1be829ef430bb3388eb54a55d7bb52271f37f2a76ceb8af6c56f,2024-05-17T02:38:05.063000 @@ -261271,6 +261272,7 @@ CVE-2024-4688,0,0,52289ed8c0286442cd44c00a18386eec964a66f3ff263d13f6b3a47ad78257 CVE-2024-46886,0,0,a928062ae00bc94e4a7abf511f66b23a1126250ea4d99006bdee4b18a22b92db,2024-10-10T12:56:30.817000 CVE-2024-46887,0,0,b7a0812e4d4a8d09f6eb4da630d645c25b0d554f80d4c4a4c7b07d79f22299bd,2024-10-10T12:56:30.817000 CVE-2024-4689,0,0,a13cc88d2e9b12d452cf9b42ce57cc1735d851f3f551a07c40e7bb0f2ee113b8,2024-05-14T16:11:39.510000 +CVE-2024-46898,1,1,090feab6ab67318cf45d1da40d0b0a4cc89bf6e9bd659fd8b09f201f565aa04f,2024-10-15T07:15:02.267000 CVE-2024-46911,0,0,c13f8d0102a83918280aa942c5da64550069a7b55c4abc0be81f9b5adedd122a,2024-10-14T09:15:04.297000 CVE-2024-46918,0,0,bb2eeb1c2eb1e1757cf1750044772f91012857866544e10c0b718da276cf0057,2024-09-20T18:14:23.897000 CVE-2024-4693,0,0,e3d9266511ed640ea0a2750bbbe8d9b8b25eda5f77b693324e75ee95f4a7a307,2024-05-14T16:11:39.510000 @@ -265541,9 +265543,11 @@ CVE-2024-9922,0,0,38a9a769415efbcfedd53b122b48fa65b5e1f382fdf217a030bbaee2ce3081 CVE-2024-9923,0,0,54d0eb71a24239c4cf72f6c8d2d43f40cc27d7ae4dae943f2db0568ffd629c72,2024-10-14T04:15:06.070000 CVE-2024-9924,0,0,5d7f89079afc3d9ca8548ebb3725e799ef08b64b7b5fd0fc7f3c47978b6a83d8,2024-10-14T04:15:06.353000 CVE-2024-9936,0,0,84f1422b67bbaa43c4b2b921a0bd24fe5cb86e5da956c7f811c06ae275078cda,2024-10-14T14:15:12.553000 +CVE-2024-9944,1,1,6b29c411c0e11286ac8186be38395b8b416c0e9124d101cf44b19765cc980b19,2024-10-15T06:15:02.967000 CVE-2024-9952,0,0,6c9b73a8e4b10cb99cb5c164ba7fa12c94692c23e6d970a37d505df0c13bbb91,2024-10-15T02:15:03.403000 CVE-2024-9953,0,0,4a504a26518c946bdd00df6aaba3929049f6fb7ebb2fe638799eca1ccb235ae3,2024-10-14T22:15:03.957000 CVE-2024-9968,0,0,717d3c358e767369a770843606e1e4d5483d80687e292f6016fca8579965de7a,2024-10-15T03:15:02.360000 -CVE-2024-9969,1,1,cecfd308ad2e03f71dc5b9d4ea26ee57ff6f453836fcfce8973e360b5170dab6,2024-10-15T04:15:04.413000 -CVE-2024-9970,1,1,da32accfb2d25120b84c063f3a64982453a9afe6c85fcc9f83f58303dcf83157,2024-10-15T04:15:04.793000 -CVE-2024-9971,1,1,9e45feb9165a3cb00f61704141ebcf4fcf4e2bd7aeaf74a94f0ef43cd5d8b449,2024-10-15T04:15:05.080000 +CVE-2024-9969,0,0,cecfd308ad2e03f71dc5b9d4ea26ee57ff6f453836fcfce8973e360b5170dab6,2024-10-15T04:15:04.413000 +CVE-2024-9970,0,0,da32accfb2d25120b84c063f3a64982453a9afe6c85fcc9f83f58303dcf83157,2024-10-15T04:15:04.793000 +CVE-2024-9971,0,0,9e45feb9165a3cb00f61704141ebcf4fcf4e2bd7aeaf74a94f0ef43cd5d8b449,2024-10-15T04:15:05.080000 +CVE-2024-9972,1,1,b9b1dcedc769cf07af2b8c5d428605d09e4263e66eab68f5743c47b89c5a9cf1,2024-10-15T07:15:02.750000