From 3b409592cca3778bc8fd3c9661800354e2026916 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 26 May 2024 23:58:23 +0000 Subject: [PATCH] Auto-Update: 2024-05-26T23:55:29.970342+00:00 --- CVE-2024/CVE-2024-334xx/CVE-2024-33427.json | 17 +--- CVE-2024/CVE-2024-344xx/CVE-2024-34454.json | 24 ++++++ CVE-2024/CVE-2024-360xx/CVE-2024-36054.json | 24 ++++++ CVE-2024/CVE-2024-360xx/CVE-2024-36055.json | 24 ++++++ CVE-2024/CVE-2024-360xx/CVE-2024-36056.json | 24 ++++++ CVE-2024/CVE-2024-42xx/CVE-2024-4286.json | 59 +++++++++++++ CVE-2024/CVE-2024-53xx/CVE-2024-5378.json | 92 ++++++++++++++++++++ CVE-2024/CVE-2024-53xx/CVE-2024-5379.json | 88 +++++++++++++++++++ CVE-2024/CVE-2024-53xx/CVE-2024-5380.json | 96 +++++++++++++++++++++ CVE-2024/CVE-2024-53xx/CVE-2024-5381.json | 92 ++++++++++++++++++++ CVE-2024/CVE-2024-53xx/CVE-2024-5383.json | 92 ++++++++++++++++++++ README.md | 25 ++++-- _state.csv | 20 +++-- 13 files changed, 650 insertions(+), 27 deletions(-) create mode 100644 CVE-2024/CVE-2024-344xx/CVE-2024-34454.json create mode 100644 CVE-2024/CVE-2024-360xx/CVE-2024-36054.json create mode 100644 CVE-2024/CVE-2024-360xx/CVE-2024-36055.json create mode 100644 CVE-2024/CVE-2024-360xx/CVE-2024-36056.json create mode 100644 CVE-2024/CVE-2024-42xx/CVE-2024-4286.json create mode 100644 CVE-2024/CVE-2024-53xx/CVE-2024-5378.json create mode 100644 CVE-2024/CVE-2024-53xx/CVE-2024-5379.json create mode 100644 CVE-2024/CVE-2024-53xx/CVE-2024-5380.json create mode 100644 CVE-2024/CVE-2024-53xx/CVE-2024-5381.json create mode 100644 CVE-2024/CVE-2024-53xx/CVE-2024-5383.json diff --git a/CVE-2024/CVE-2024-334xx/CVE-2024-33427.json b/CVE-2024/CVE-2024-334xx/CVE-2024-33427.json index f22a022b8bb..db5f68efaad 100644 --- a/CVE-2024/CVE-2024-334xx/CVE-2024-33427.json +++ b/CVE-2024/CVE-2024-334xx/CVE-2024-33427.json @@ -2,23 +2,14 @@ "id": "CVE-2024-33427", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-24T16:15:10.253", - "lastModified": "2024-05-24T18:09:20.027", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-05-26T22:15:08.427", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "Buffer Overflow vulnerability in Squid version before v.6.10 allows a local attacker cause a denial of service via a improper check of string in function ConfigParser::UnQuote." + "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none." } ], "metrics": {}, - "references": [ - { - "url": "http://squid.com", - "source": "cve@mitre.org" - }, - { - "url": "https://github.com/squid-cache/squid/pull/1763", - "source": "cve@mitre.org" - } - ] + "references": [] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-344xx/CVE-2024-34454.json b/CVE-2024/CVE-2024-344xx/CVE-2024-34454.json new file mode 100644 index 00000000000..5068caf48c3 --- /dev/null +++ b/CVE-2024/CVE-2024-344xx/CVE-2024-34454.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-34454", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-05-26T22:15:08.650", + "lastModified": "2024-05-26T22:15:08.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted as a Common Name)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/PretendoNetwork/SSSL", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/PretendoNetwork/SSSL-DNS", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36054.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36054.json new file mode 100644 index 00000000000..296a71f3ca7 --- /dev/null +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36054.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-36054", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-05-26T23:15:21.370", + "lastModified": "2024-05-26T23:15:21.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory (and consequently gain all privileges) via IOCTL 0x9c4064b8 (via MmMapIoSpace) and IOCTL 0x9c406490 (via ZwMapViewOfSection)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.marvintest.com/Downloads.aspx?prodId=12&search=package", + "source": "cve@mitre.org" + }, + { + "url": "https://www.marvintest.com/KnowledgeBase/KBArticle.aspx?ID=362", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36055.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36055.json new file mode 100644 index 00000000000..9a205330d83 --- /dev/null +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36055.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-36055", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-05-26T23:15:21.457", + "lastModified": "2024-05-26T23:15:21.457", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.marvintest.com/Downloads.aspx?prodId=12&search=package", + "source": "cve@mitre.org" + }, + { + "url": "https://www.marvintest.com/KnowledgeBase/KBArticle.aspx?ID=362", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36056.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36056.json new file mode 100644 index 00000000000..34e91365fab --- /dev/null +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36056.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-36056", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-05-26T23:15:21.520", + "lastModified": "2024-05-26T23:15:21.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\\SYSTEM privilege escalation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.marvintest.com/Downloads.aspx?prodId=12&search=package", + "source": "cve@mitre.org" + }, + { + "url": "https://www.marvintest.com/KnowledgeBase/KBArticle.aspx?ID=362", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4286.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4286.json new file mode 100644 index 00000000000..a0ffb5c6510 --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4286.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-4286", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-05-26T23:15:21.600", + "lastModified": "2024-05-26T23:15:21.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id `57984fa85c31988b2eff429adfc654c46e0c342a`. The vulnerability arises from the application's handling of user modifications by managers or admins, allowing for the modification of all existing attributes of the `user` database entity without proper checks or sanitization. This flaw can be exploited to delete user threads, denying users access to their previously submitted data, or to inject fake threads and/or chat history for social engineering attacks." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-917" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mintplex-labs/anything-llm/commit/1b35bcbeab10b77e6dbd263cceecf1b965a40789", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/a72d2923-297c-455f-af90-715e83b3da2b", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5378.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5378.json new file mode 100644 index 00000000000..2a9f9792734 --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5378.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-5378", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-26T22:15:08.747", + "lastModified": "2024-05-26T22:15:08.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester School Intramurals Student Attendance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage_sy.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-266290 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/GAO-UNO/cve/blob/main/sql2.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.266290", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.266290", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.344411", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5379.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5379.json new file mode 100644 index 00000000000..39c54a221fd --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5379.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-5379", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-26T22:15:09.020", + "lastModified": "2024-05-26T22:15:09.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in JFinalCMS up to 20240111. It has been rated as problematic. This issue affects some unknown processing of the file /admin/template. The manipulation of the argument directory leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266291." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/heyewei/JFinalcms/issues/I8VHGR", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.266291", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.266291", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5380.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5380.json new file mode 100644 index 00000000000..ab3a55332ca --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5380.json @@ -0,0 +1,96 @@ +{ + "id": "CVE-2024-5380", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-26T23:15:21.887", + "lastModified": "2024-05-26T23:15:21.887", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in jsy-1 short-url 1.0.0. Affected is an unknown function of the file admin.php. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 2.0.0 is able to address this issue. The name of the patch is 35c790897d6979392bc6f60707fc32da13a98b63. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-266292." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/jsy-1/short-url/commit/35c790897d6979392bc6f60707fc32da13a98b63", + "source": "cna@vuldb.com" + }, + { + "url": "https://gitee.com/jsy-1/short-url/issues/I8UP2A", + "source": "cna@vuldb.com" + }, + { + "url": "https://gitee.com/jsy-1/short-url/releases/tag/v2.0.0", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.266292", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.266292", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5381.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5381.json new file mode 100644 index 00000000000..76d04276e4f --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5381.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-5381", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-26T23:15:22.150", + "lastModified": "2024-05-26T23:15:22.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in itsourcecode Student Information Management System 1.0. Affected by this vulnerability is an unknown functionality of the file view.php. The manipulation of the argument studentId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266293 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Lanxiy7th/lx_CVE_report-/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.266293", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.266293", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.344447", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5383.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5383.json new file mode 100644 index 00000000000..81b6f581dc8 --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5383.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-5383", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-26T23:15:22.423", + "lastModified": "2024-05-26T23:15:22.423", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in lakernote EasyAdmin up to 20240324. This affects an unknown part of the file /sys/file/upload. The manipulation of the argument file leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The identifier of the patch is 9c8a836ace17a93c45e5ad52a2340788b7795030. It is recommended to apply a patch to fix this issue. The identifier VDB-266301 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/lakernote/easy-admin/commit/9c8a836ace17a93c45e5ad52a2340788b7795030", + "source": "cna@vuldb.com" + }, + { + "url": "https://gitee.com/lakernote/easy-admin/issues/I9B58I", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.266301", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.266301", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 18233e2a1fa..ecb81811c5b 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-26T22:00:30.068057+00:00 +2024-05-26T23:55:29.970342+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-26T21:15:08.673000+00:00 +2024-05-26T23:15:22.423000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -251816 +251826 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `10` -- [CVE-2024-5374](CVE-2024/CVE-2024-53xx/CVE-2024-5374.json) (`2024-05-26T20:15:08.317`) -- [CVE-2024-5375](CVE-2024/CVE-2024-53xx/CVE-2024-5375.json) (`2024-05-26T20:15:08.600`) -- [CVE-2024-5376](CVE-2024/CVE-2024-53xx/CVE-2024-5376.json) (`2024-05-26T21:15:08.383`) -- [CVE-2024-5377](CVE-2024/CVE-2024-53xx/CVE-2024-5377.json) (`2024-05-26T21:15:08.673`) +- [CVE-2024-34454](CVE-2024/CVE-2024-344xx/CVE-2024-34454.json) (`2024-05-26T22:15:08.650`) +- [CVE-2024-36054](CVE-2024/CVE-2024-360xx/CVE-2024-36054.json) (`2024-05-26T23:15:21.370`) +- [CVE-2024-36055](CVE-2024/CVE-2024-360xx/CVE-2024-36055.json) (`2024-05-26T23:15:21.457`) +- [CVE-2024-36056](CVE-2024/CVE-2024-360xx/CVE-2024-36056.json) (`2024-05-26T23:15:21.520`) +- [CVE-2024-4286](CVE-2024/CVE-2024-42xx/CVE-2024-4286.json) (`2024-05-26T23:15:21.600`) +- [CVE-2024-5378](CVE-2024/CVE-2024-53xx/CVE-2024-5378.json) (`2024-05-26T22:15:08.747`) +- [CVE-2024-5379](CVE-2024/CVE-2024-53xx/CVE-2024-5379.json) (`2024-05-26T22:15:09.020`) +- [CVE-2024-5380](CVE-2024/CVE-2024-53xx/CVE-2024-5380.json) (`2024-05-26T23:15:21.887`) +- [CVE-2024-5381](CVE-2024/CVE-2024-53xx/CVE-2024-5381.json) (`2024-05-26T23:15:22.150`) +- [CVE-2024-5383](CVE-2024/CVE-2024-53xx/CVE-2024-5383.json) (`2024-05-26T23:15:22.423`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-33427](CVE-2024/CVE-2024-334xx/CVE-2024-33427.json) (`2024-05-26T22:15:08.427`) ## Download and Usage diff --git a/_state.csv b/_state.csv index b92419368c8..0e95f55a38f 100644 --- a/_state.csv +++ b/_state.csv @@ -249620,7 +249620,7 @@ CVE-2024-33411,0,0,e5bc355b8080ec9331df6160965a62e9fcb33bc746eac8017085df54dac9b CVE-2024-3342,0,0,2c3ca8d5c3061bb507c26662d038cd059db385c42ff804757be4b5dbd68c1d0b,2024-04-29T12:42:03.667000 CVE-2024-33423,0,0,8f1fa788450514658e193af05941c337fea69ba60eb865ed38aa69b9043ad774,2024-05-02T13:27:25.103000 CVE-2024-33424,0,0,f9f5a67bdb9ba9357f3c3d02a83c0c0f74287739a2e767e9629394effd459f52,2024-05-01T19:50:25.633000 -CVE-2024-33427,0,0,d3469e5255e4501a30c17ab7797f1d2ace7bf82bf058bf2135cf57fbf5d09304,2024-05-24T18:09:20.027000 +CVE-2024-33427,0,1,9476c5f9c8988b26166fe9f7a357839b1651ce10bb12a768ec8d4e52b65e45a2,2024-05-26T22:15:08.427000 CVE-2024-33428,0,0,405c7d4470f1c4c6a9da4790ad16769be5bbee6bc7cbd31bcf2800f3281bb40b,2024-05-01T19:50:25.633000 CVE-2024-33429,0,0,a8c998123b524ea49b295a5500fc8c6d4ba14ca4f9af69ccfbc5cd4926bf1c96,2024-05-01T19:50:25.633000 CVE-2024-3343,0,0,c7ada54a8973c3f80fc415b1484b0c0d7aeb75e458012c05cd3c69dcc6f0e33f,2024-04-11T12:47:44.137000 @@ -250164,6 +250164,7 @@ CVE-2024-34448,0,0,2ee47d576d9de678e8b37edc8c4fb672f63b76bc5fc5740404718a42f40a4 CVE-2024-34449,0,0,28da5cfb8215143a3847fc37f7163047e3e2e183b8d6abcf511553c3cec5bb16,2024-05-17T02:39:35.457000 CVE-2024-3445,0,0,2031eee497e177f244890449ab10d2f196dd08d103f846fc9b20779b1f74d465,2024-05-17T02:39:56.830000 CVE-2024-34453,0,0,9363deaf6a5ec68194d671cadb0973a2ba23402d3e2800c4f9eea6dbd677c5cd,2024-05-06T12:44:56.377000 +CVE-2024-34454,1,1,d9d2c5475f68dc1f08844d29c96bd5cf1b31e2fa0f4c8685dccad604ffef3f53,2024-05-26T22:15:08.650000 CVE-2024-34455,0,0,cf6832f7361884f15470d2143d9f538281f7bb0657fc697433a93775fe331b3f,2024-05-07T18:15:08.417000 CVE-2024-34459,0,0,b45ed88b76afaef9cbd4911e21faf8d189bfb9c8f6ba422504b06e12e3f2ae4c,2024-05-14T16:12:23.490000 CVE-2024-3446,0,0,d41b6ff09ba21a5a975268b5a0441447c6b2bcfd6bedfe0914b9c96867cd290f,2024-04-18T08:15:38.340000 @@ -250773,6 +250774,9 @@ CVE-2024-36049,0,0,d511d3e9dcb3e3f3c67c3b19b4715aae92e771d6a1271dee36aaa0460f656 CVE-2024-36050,0,0,4c307008c713c918a6e3b84da1e5e49b2b2247354b7102850872f2f1076c6edc,2024-05-22T16:15:10.777000 CVE-2024-36052,0,0,8db219128822e3b435341a720fec4da51967df08eb27bb5fb0af45f420ce346c,2024-05-22T12:46:53.887000 CVE-2024-36053,0,0,672a3b34a9bdb19210396687438a3a5963248f4f357ce5db05db5d249614922b,2024-05-20T13:00:04.957000 +CVE-2024-36054,1,1,6400a2883cdde6c0a3fd8d204fc488efe33be1eb564d7d5968a1db346212affb,2024-05-26T23:15:21.370000 +CVE-2024-36055,1,1,3ed3958f5e6d6cc7b9fca16c82b960bbee873db440bf413f4b8bb4446aea24a4,2024-05-26T23:15:21.457000 +CVE-2024-36056,1,1,1ddcb1f3d533fe81222569791e7c6f87f5666060a8987be878285ea0267eeef5,2024-05-26T23:15:21.520000 CVE-2024-3606,0,0,aad549bdf5ff1831d91b9701456650bb1ccc1938c3f938f0c7eb426394ab8356,2024-05-02T18:00:37.360000 CVE-2024-3607,0,0,af4721086df8378a380a0243b924575fce7196863af6b8319186a0a7c6039e9f,2024-05-02T18:00:37.360000 CVE-2024-36070,0,0,eb4d689c0fd52dc71530686149db340f07354ff188ce53f7ebe9b94f9b8be928,2024-05-20T13:00:04.957000 @@ -251228,6 +251232,7 @@ CVE-2024-4279,0,0,d3b17e17d1b5650487c2ef2a762ae7d90400bd6e48ec29863d7d603500f64a CVE-2024-4280,0,0,822fb2b67d813f28d851bea5074e022fd3fb44cbbe8e0abea23d2c25f8583cfd,2024-05-14T16:11:39.510000 CVE-2024-4281,0,0,f2f6c94941e4ed7f1c98ab6351686f1d868a8657bf9b3ff2bb73d7d016e69d14,2024-05-08T13:15:00.690000 CVE-2024-4284,0,0,28d78a67b7d6c9b0a1827199abde0e8a6df7d8ad9cc9c4d0f1befa23f8062d5f,2024-05-20T13:00:04.957000 +CVE-2024-4286,1,1,3d6b3a3af2b729ad9d87c6ecde6ba858682d36369219dcb6bdc160e2f4d7ff57,2024-05-26T23:15:21.600000 CVE-2024-4287,0,0,048bae39f58d60d42f1a986a979513f5c9cfb08eeca89126761e78c7c68ed3b9,2024-05-20T15:17:54.513000 CVE-2024-4288,0,0,9367649ffe77365cb201f95bc69986ffb5e481ba50542c3f0953c5f2e0eb0d2a,2024-05-16T13:03:05.353000 CVE-2024-4289,0,0,76ba9be3eab9b673a4fa73a49b34a9d170f584667b3b959e9ff27923d52b8ed4,2024-05-21T12:37:59.687000 @@ -251811,7 +251816,12 @@ CVE-2024-5370,0,0,14c7da2672eebae3d0b6cc8f462bf25de07a9cdd18132cb75ccf40464a389f CVE-2024-5371,0,0,9be98f02c5bebf424f04dde153f2a2e0e5c2fe8e37ffcd67c91789c7cb6596ff,2024-05-26T18:15:08.840000 CVE-2024-5372,0,0,5700614e120a534fc657827564720978aa920a95dad497630c378bb58fd2314e,2024-05-26T19:15:08.167000 CVE-2024-5373,0,0,bcdbc2e3e8e68c792329b221d0cb16965d0e8233638979f1406ed5c709c008a7,2024-05-26T19:15:08.447000 -CVE-2024-5374,1,1,9d0065534d8f28e9f95cc9b288a36b0fef6c4b6e4f9eadc9d4bcf7d5cd9e3a54,2024-05-26T20:15:08.317000 -CVE-2024-5375,1,1,22a41a52f8127cf77fc020e1d70df40b755fd718f0ea7badc1f1a2263c1c56df,2024-05-26T20:15:08.600000 -CVE-2024-5376,1,1,62e4bc8dd75ff4cdd6ef1f13aab45fd1bcdcb1cf5634972b5ef9a9151eb8f9c4,2024-05-26T21:15:08.383000 -CVE-2024-5377,1,1,b1ce75d7f9d5fb37a90a7deae75307c4f1b1b656098d91fdd5e339c026682071,2024-05-26T21:15:08.673000 +CVE-2024-5374,0,0,9d0065534d8f28e9f95cc9b288a36b0fef6c4b6e4f9eadc9d4bcf7d5cd9e3a54,2024-05-26T20:15:08.317000 +CVE-2024-5375,0,0,22a41a52f8127cf77fc020e1d70df40b755fd718f0ea7badc1f1a2263c1c56df,2024-05-26T20:15:08.600000 +CVE-2024-5376,0,0,62e4bc8dd75ff4cdd6ef1f13aab45fd1bcdcb1cf5634972b5ef9a9151eb8f9c4,2024-05-26T21:15:08.383000 +CVE-2024-5377,0,0,b1ce75d7f9d5fb37a90a7deae75307c4f1b1b656098d91fdd5e339c026682071,2024-05-26T21:15:08.673000 +CVE-2024-5378,1,1,5e852526d0a01069edb00140f01f6ec019ea67bd59f9e967913307f04621acff,2024-05-26T22:15:08.747000 +CVE-2024-5379,1,1,522e2119af5cb6f07c118846e82f6889b87257a924542dbdeb3410e4fff96e20,2024-05-26T22:15:09.020000 +CVE-2024-5380,1,1,ed9f85a2572bd3d07fcdeaee478915fac7bf969771e7e2c8ffcdcc8187fb26ec,2024-05-26T23:15:21.887000 +CVE-2024-5381,1,1,0194906d6ece10623fd40ce03db1e61d961ba4d26cd48d03482977224791ed14,2024-05-26T23:15:22.150000 +CVE-2024-5383,1,1,ad9f0aefef03acc764aab5a53e033c9ccb4535ae2cb48604a1b9d4c8e9a604d0,2024-05-26T23:15:22.423000