From 3ae36099c5901cea251bbf3ebcdc7bf91dc2f95e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 7 Mar 2024 05:00:27 +0000 Subject: [PATCH] Auto-Update: 2024-03-07T05:00:24.214716+00:00 --- CVE-2023/CVE-2023-33xx/CVE-2023-3335.json | 6 +-- CVE-2023/CVE-2023-393xx/CVE-2023-39325.json | 6 ++- CVE-2024/CVE-2024-08xx/CVE-2024-0815.json | 55 +++++++++++++++++++ CVE-2024/CVE-2024-14xx/CVE-2024-1443.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-14xx/CVE-2024-1460.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-200xx/CVE-2024-20017.json | 8 ++- CVE-2024/CVE-2024-238xx/CVE-2024-23835.json | 6 ++- CVE-2024/CVE-2024-238xx/CVE-2024-23836.json | 14 ++++- CVE-2024/CVE-2024-238xx/CVE-2024-23837.json | 14 ++++- CVE-2024/CVE-2024-238xx/CVE-2024-23839.json | 14 ++++- CVE-2024/CVE-2024-245xx/CVE-2024-24568.json | 6 ++- CVE-2024/CVE-2024-280xx/CVE-2024-28094.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-280xx/CVE-2024-28095.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-280xx/CVE-2024-28096.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-280xx/CVE-2024-28097.json | 59 +++++++++++++++++++++ README.md | 45 +++++++--------- 16 files changed, 492 insertions(+), 36 deletions(-) create mode 100644 CVE-2024/CVE-2024-08xx/CVE-2024-0815.json create mode 100644 CVE-2024/CVE-2024-14xx/CVE-2024-1443.json create mode 100644 CVE-2024/CVE-2024-14xx/CVE-2024-1460.json create mode 100644 CVE-2024/CVE-2024-280xx/CVE-2024-28094.json create mode 100644 CVE-2024/CVE-2024-280xx/CVE-2024-28095.json create mode 100644 CVE-2024/CVE-2024-280xx/CVE-2024-28096.json create mode 100644 CVE-2024/CVE-2024-280xx/CVE-2024-28097.json diff --git a/CVE-2023/CVE-2023-33xx/CVE-2023-3335.json b/CVE-2023/CVE-2023-33xx/CVE-2023-3335.json index 97aa46ded85..2e1db028e3d 100644 --- a/CVE-2023/CVE-2023-33xx/CVE-2023-3335.json +++ b/CVE-2023/CVE-2023-33xx/CVE-2023-3335.json @@ -2,12 +2,12 @@ "id": "CVE-2023-3335", "sourceIdentifier": "hirt@hitachi.co.jp", "published": "2023-10-03T02:15:09.377", - "lastModified": "2023-10-04T21:01:47.887", - "vulnStatus": "Analyzed", + "lastModified": "2024-03-07T04:15:06.990", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users\u00a0 to gain sensive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.\n\n" + "value": "Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users\u00a0 to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.\n\n" }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-393xx/CVE-2023-39325.json b/CVE-2023/CVE-2023-393xx/CVE-2023-39325.json index 5daed585c37..f0d3f1755ad 100644 --- a/CVE-2023/CVE-2023-393xx/CVE-2023-39325.json +++ b/CVE-2023/CVE-2023-393xx/CVE-2023-39325.json @@ -2,7 +2,7 @@ "id": "CVE-2023-39325", "sourceIdentifier": "security@golang.org", "published": "2023-10-11T22:15:09.880", - "lastModified": "2024-03-07T02:15:51.393", + "lastModified": "2024-03-07T03:15:06.257", "vulnStatus": "Modified", "descriptions": [ { @@ -299,6 +299,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PJCUNGIQDUMZ4Z6HWVYIMR66A35F5S74/", + "source": "security@golang.org" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QF5QSYAOPDOWLY6DUHID56Q4HQFYB45I/", "source": "security@golang.org", diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0815.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0815.json new file mode 100644 index 00000000000..2d85a93c433 --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0815.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0815", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-03-07T04:15:07.143", + "lastModified": "2024-03-07T04:15:07.143", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "confirmed" + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1443.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1443.json new file mode 100644 index 00000000000..cc0a9fbbc0c --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1443.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-1443", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2024-03-07T03:15:06.403", + "lastModified": "2024-03-07T03:15:06.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver.\u00a0The handle to the driver can only be obtained from a high integrity process." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/coltrane/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.msi.com/Landing/afterburner/graphics-cards", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1460.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1460.json new file mode 100644 index 00000000000..182613ecb3a --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1460.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-1460", + "sourceIdentifier": "help@fluidattacks.com", + "published": "2024-03-07T03:15:06.653", + "lastModified": "2024-03-07T03:15:06.653", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver.\u00a0The handle to the driver can only be obtained from a high integrity process." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "help@fluidattacks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://fluidattacks.com/advisories/mingus/", + "source": "help@fluidattacks.com" + }, + { + "url": "https://www.msi.com/Landing/afterburner/graphics-cards", + "source": "help@fluidattacks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-200xx/CVE-2024-20017.json b/CVE-2024/CVE-2024-200xx/CVE-2024-20017.json index dcd6b748718..068670f8044 100644 --- a/CVE-2024/CVE-2024-200xx/CVE-2024-20017.json +++ b/CVE-2024/CVE-2024-200xx/CVE-2024-20017.json @@ -2,12 +2,16 @@ "id": "CVE-2024-20017", "sourceIdentifier": "security@mediatek.com", "published": "2024-03-04T03:15:06.970", - "lastModified": "2024-03-04T13:58:23.447", + "lastModified": "2024-03-07T03:15:06.853", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132." + "value": "In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132." + }, + { + "lang": "es", + "value": "En el servicio WLAN, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: WCNCR00350938; ID del problema: MSV-1132." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23835.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23835.json index 77c15f04be1..9ab1e4c5c40 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23835.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23835.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23835", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-26T16:27:57.417", - "lastModified": "2024-03-07T02:15:51.880", + "lastModified": "2024-03-07T03:15:06.900", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -71,6 +71,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/", "source": "security-advisories@github.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/", + "source": "security-advisories@github.com" + }, { "url": "https://redmine.openinfosecfoundation.org/issues/6411", "source": "security-advisories@github.com" diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23836.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23836.json index eae0c4a3e74..54ec6ed2fa4 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23836.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23836.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23836", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-26T16:27:57.693", - "lastModified": "2024-02-26T16:32:25.577", + "lastModified": "2024-03-07T03:15:06.987", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue." + }, + { + "lang": "es", + "value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de las versiones 6.0.16 y 7.0.3, un atacante pod\u00eda manipular el tr\u00e1fico para hacer que Suricata utilizara mucha m\u00e1s CPU y memoria de la necesaria para procesar el tr\u00e1fico, lo que puede provocar ralentizaciones extremas y denegaci\u00f3n de servicio. Esta vulnerabilidad est\u00e1 parcheada en 6.0.16 o 7.0.3. Los workarounds incluyen deshabilitar el analizador de la capa de aplicaci\u00f3n del protocolo afectado en el yaml y reducir el valor `stream.reassembly. Depth` ayuda a reducir la gravedad del problema." } ], "metrics": { @@ -91,6 +95,14 @@ "url": "https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc", "source": "security-advisories@github.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/", + "source": "security-advisories@github.com" + }, { "url": "https://redmine.openinfosecfoundation.org/issues/6531", "source": "security-advisories@github.com" diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23837.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23837.json index f139ba26a6e..dbb9a77f9c2 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23837.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23837.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23837", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-26T16:27:57.897", - "lastModified": "2024-02-26T16:32:25.577", + "lastModified": "2024-03-07T03:15:07.090", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46." + }, + { + "lang": "es", + "value": "LibHTP es un analizador consciente de la seguridad para el protocolo HTTP. El tr\u00e1fico manipulado puede provocar un tiempo de procesamiento excesivo de los encabezados HTTP, lo que lleva a la denegaci\u00f3n de servicio. Este problema se aborda en 0.5.46." } ], "metrics": { @@ -55,6 +59,14 @@ "url": "https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m", "source": "security-advisories@github.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/", + "source": "security-advisories@github.com" + }, { "url": "https://redmine.openinfosecfoundation.org/issues/6444", "source": "security-advisories@github.com" diff --git a/CVE-2024/CVE-2024-238xx/CVE-2024-23839.json b/CVE-2024/CVE-2024-238xx/CVE-2024-23839.json index 580c41c0491..ccb1efc4f9f 100644 --- a/CVE-2024/CVE-2024-238xx/CVE-2024-23839.json +++ b/CVE-2024/CVE-2024-238xx/CVE-2024-23839.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23839", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-26T16:27:58.090", - "lastModified": "2024-02-26T16:32:25.577", + "lastModified": "2024-03-07T03:15:07.167", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords." + }, + { + "lang": "es", + "value": "Suricata es un sistema de detecci\u00f3n de intrusiones en la red, un sistema de prevenci\u00f3n de intrusiones y un motor de monitoreo de seguridad de la red. Antes de 7.0.3, el tr\u00e1fico especialmente manipulado puede provocar heap use after free si el conjunto de reglas utiliza la palabra clave http.request_header o http.response_header. La vulnerabilidad ha sido parcheada en 7.0.3. Para solucionar la vulnerabilidad, evite las palabras clave http.request_header y http.response_header." } ], "metrics": { @@ -55,6 +59,14 @@ "url": "https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7", "source": "security-advisories@github.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/", + "source": "security-advisories@github.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/", + "source": "security-advisories@github.com" + }, { "url": "https://redmine.openinfosecfoundation.org/issues/6657", "source": "security-advisories@github.com" diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24568.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24568.json index 05dde40614e..73c3e91ad41 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24568.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24568.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24568", "sourceIdentifier": "security-advisories@github.com", "published": "2024-02-26T16:27:58.293", - "lastModified": "2024-03-07T02:15:52.017", + "lastModified": "2024-03-07T03:15:07.247", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -63,6 +63,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/", "source": "security-advisories@github.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/", + "source": "security-advisories@github.com" + }, { "url": "https://redmine.openinfosecfoundation.org/issues/6717", "source": "security-advisories@github.com" diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28094.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28094.json new file mode 100644 index 00000000000..f22ca79f24a --- /dev/null +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28094.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28094", + "sourceIdentifier": "vdp@themissinglink.com.au", + "published": "2024-03-07T04:15:07.333", + "lastModified": "2024-03-07T04:15:07.333", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Chat functionality in Schoolbox application before\n version 23.1.3 is vulnerable to blind SQL Injection enabling the \nauthenticated attackers to read, modify, and delete database records." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdp@themissinglink.com.au", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "vdp@themissinglink.com.au", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://schoolbox.education/", + "source": "vdp@themissinglink.com.au" + }, + { + "url": "https://www.themissinglink.com.au/security-advisories/cve-2024-28094", + "source": "vdp@themissinglink.com.au" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28095.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28095.json new file mode 100644 index 00000000000..0d016a441e4 --- /dev/null +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28095.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28095", + "sourceIdentifier": "vdp@themissinglink.com.au", + "published": "2024-03-07T04:15:07.527", + "lastModified": "2024-03-07T04:15:07.527", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "News functionality in Schoolbox application before\n version 23.1.3 is vulnerable to stored cross-site scripting allowing \nauthenticated attacker to perform security actions in the context of the\n affected users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdp@themissinglink.com.au", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "vdp@themissinglink.com.au", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://schoolbox.education/", + "source": "vdp@themissinglink.com.au" + }, + { + "url": "https://www.themissinglink.com.au/security-advisories/cve-2024-28095", + "source": "vdp@themissinglink.com.au" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28096.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28096.json new file mode 100644 index 00000000000..39f594df6de --- /dev/null +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28096.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28096", + "sourceIdentifier": "vdp@themissinglink.com.au", + "published": "2024-03-07T04:15:07.703", + "lastModified": "2024-03-07T04:15:07.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Class functionality in Schoolbox application \nbefore version 23.1.3 is vulnerable to stored cross-site scripting \nallowing authenticated attacker to perform security actions in the \ncontext of the affected users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdp@themissinglink.com.au", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "vdp@themissinglink.com.au", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://schoolbox.education/", + "source": "vdp@themissinglink.com.au" + }, + { + "url": "https://www.themissinglink.com.au/security-advisories/cve-2024-28096", + "source": "vdp@themissinglink.com.au" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28097.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28097.json new file mode 100644 index 00000000000..4e59e530a20 --- /dev/null +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28097.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28097", + "sourceIdentifier": "vdp@themissinglink.com.au", + "published": "2024-03-07T04:15:07.897", + "lastModified": "2024-03-07T04:15:07.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Calendar functionality in Schoolbox application \nbefore version 23.1.3 is vulnerable to stored cross-site scripting \nallowing authenticated attacker to perform security actions in the \ncontext of the affected users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "vdp@themissinglink.com.au", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "vdp@themissinglink.com.au", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://schoolbox.education/", + "source": "vdp@themissinglink.com.au" + }, + { + "url": "https://www.themissinglink.com.au/security-advisories/cve-2024-28097", + "source": "vdp@themissinglink.com.au" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3622ecbc496..f0d38c33dc3 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-07T03:00:24.414771+00:00 +2024-03-07T05:00:24.214716+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-07T02:15:52.017000+00:00 +2024-03-07T04:15:07.897000+00:00 ``` ### Last Data Feed Release @@ -29,39 +29,34 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -240730 +240737 ``` ### CVEs added in the last Commit -Recently added CVEs: `15` +Recently added CVEs: `7` -* [CVE-2022-46089](CVE-2022/CVE-2022-460xx/CVE-2022-46089.json) (`2024-03-07T02:15:51.337`) -* [CVE-2023-47415](CVE-2023/CVE-2023-474xx/CVE-2023-47415.json) (`2024-03-07T01:15:51.850`) -* [CVE-2023-49986](CVE-2023/CVE-2023-499xx/CVE-2023-49986.json) (`2024-03-07T01:15:51.923`) -* [CVE-2023-49987](CVE-2023/CVE-2023-499xx/CVE-2023-49987.json) (`2024-03-07T01:15:51.980`) -* [CVE-2023-49988](CVE-2023/CVE-2023-499xx/CVE-2023-49988.json) (`2024-03-07T01:15:52.027`) -* [CVE-2023-49989](CVE-2023/CVE-2023-499xx/CVE-2023-49989.json) (`2024-03-07T01:15:52.083`) -* [CVE-2023-51281](CVE-2023/CVE-2023-512xx/CVE-2023-51281.json) (`2024-03-07T01:15:52.133`) -* [CVE-2023-51786](CVE-2023/CVE-2023-517xx/CVE-2023-51786.json) (`2024-03-07T01:15:52.180`) -* [CVE-2024-0199](CVE-2024/CVE-2024-01xx/CVE-2024-0199.json) (`2024-03-07T01:15:52.233`) -* [CVE-2024-1299](CVE-2024/CVE-2024-12xx/CVE-2024-1299.json) (`2024-03-07T01:15:52.443`) -* [CVE-2024-22857](CVE-2024/CVE-2024-228xx/CVE-2024-22857.json) (`2024-03-07T01:15:52.640`) -* [CVE-2024-24375](CVE-2024/CVE-2024-243xx/CVE-2024-24375.json) (`2024-03-07T01:15:52.707`) -* [CVE-2024-26566](CVE-2024/CVE-2024-265xx/CVE-2024-26566.json) (`2024-03-07T01:15:52.757`) -* [CVE-2024-0817](CVE-2024/CVE-2024-08xx/CVE-2024-0817.json) (`2024-03-07T02:15:51.660`) -* [CVE-2024-24389](CVE-2024/CVE-2024-243xx/CVE-2024-24389.json) (`2024-03-07T02:15:51.970`) +* [CVE-2024-1443](CVE-2024/CVE-2024-14xx/CVE-2024-1443.json) (`2024-03-07T03:15:06.403`) +* [CVE-2024-1460](CVE-2024/CVE-2024-14xx/CVE-2024-1460.json) (`2024-03-07T03:15:06.653`) +* [CVE-2024-0815](CVE-2024/CVE-2024-08xx/CVE-2024-0815.json) (`2024-03-07T04:15:07.143`) +* [CVE-2024-28094](CVE-2024/CVE-2024-280xx/CVE-2024-28094.json) (`2024-03-07T04:15:07.333`) +* [CVE-2024-28095](CVE-2024/CVE-2024-280xx/CVE-2024-28095.json) (`2024-03-07T04:15:07.527`) +* [CVE-2024-28096](CVE-2024/CVE-2024-280xx/CVE-2024-28096.json) (`2024-03-07T04:15:07.703`) +* [CVE-2024-28097](CVE-2024/CVE-2024-280xx/CVE-2024-28097.json) (`2024-03-07T04:15:07.897`) ### CVEs modified in the last Commit -Recently modified CVEs: `5` +Recently modified CVEs: `8` -* [CVE-2023-39325](CVE-2023/CVE-2023-393xx/CVE-2023-39325.json) (`2024-03-07T02:15:51.393`) -* [CVE-2024-23225](CVE-2024/CVE-2024-232xx/CVE-2024-23225.json) (`2024-03-07T02:00:02.283`) -* [CVE-2024-23296](CVE-2024/CVE-2024-232xx/CVE-2024-23296.json) (`2024-03-07T02:00:02.283`) -* [CVE-2024-23835](CVE-2024/CVE-2024-238xx/CVE-2024-23835.json) (`2024-03-07T02:15:51.880`) -* [CVE-2024-24568](CVE-2024/CVE-2024-245xx/CVE-2024-24568.json) (`2024-03-07T02:15:52.017`) +* [CVE-2023-39325](CVE-2023/CVE-2023-393xx/CVE-2023-39325.json) (`2024-03-07T03:15:06.257`) +* [CVE-2023-3335](CVE-2023/CVE-2023-33xx/CVE-2023-3335.json) (`2024-03-07T04:15:06.990`) +* [CVE-2024-20017](CVE-2024/CVE-2024-200xx/CVE-2024-20017.json) (`2024-03-07T03:15:06.853`) +* [CVE-2024-23835](CVE-2024/CVE-2024-238xx/CVE-2024-23835.json) (`2024-03-07T03:15:06.900`) +* [CVE-2024-23836](CVE-2024/CVE-2024-238xx/CVE-2024-23836.json) (`2024-03-07T03:15:06.987`) +* [CVE-2024-23837](CVE-2024/CVE-2024-238xx/CVE-2024-23837.json) (`2024-03-07T03:15:07.090`) +* [CVE-2024-23839](CVE-2024/CVE-2024-238xx/CVE-2024-23839.json) (`2024-03-07T03:15:07.167`) +* [CVE-2024-24568](CVE-2024/CVE-2024-245xx/CVE-2024-24568.json) (`2024-03-07T03:15:07.247`) ## Download and Usage