From 403e27f8f38822daed5abb7925915d5c2df9fdf7 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 6 Mar 2024 03:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-03-06T03:00:25.076356+00:00 --- CVE-2021/CVE-2021-363xx/CVE-2021-36380.json | 6 ++- CVE-2023/CVE-2023-212xx/CVE-2023-21237.json | 6 ++- CVE-2023/CVE-2023-336xx/CVE-2023-33677.json | 24 +++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49971.json | 24 +++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49973.json | 24 +++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49974.json | 24 +++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49976.json | 24 +++++++++ CVE-2023/CVE-2023-499xx/CVE-2023-49977.json | 24 +++++++++ CVE-2024/CVE-2024-12xx/CVE-2024-1220.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-19xx/CVE-2024-1938.json | 6 ++- CVE-2024/CVE-2024-19xx/CVE-2024-1939.json | 6 ++- README.md | 45 +++++++---------- 12 files changed, 236 insertions(+), 32 deletions(-) create mode 100644 CVE-2023/CVE-2023-336xx/CVE-2023-33677.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49971.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49973.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49974.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49976.json create mode 100644 CVE-2023/CVE-2023-499xx/CVE-2023-49977.json create mode 100644 CVE-2024/CVE-2024-12xx/CVE-2024-1220.json diff --git a/CVE-2021/CVE-2021-363xx/CVE-2021-36380.json b/CVE-2021/CVE-2021-363xx/CVE-2021-36380.json index 6350d59e0c3..5b0f191870f 100644 --- a/CVE-2021/CVE-2021-363xx/CVE-2021-36380.json +++ b/CVE-2021/CVE-2021-363xx/CVE-2021-36380.json @@ -2,8 +2,12 @@ "id": "CVE-2021-36380", "sourceIdentifier": "cve@mitre.org", "published": "2021-08-13T16:15:07.607", - "lastModified": "2021-08-27T19:31:24.283", + "lastModified": "2024-03-06T02:00:02.077", "vulnStatus": "Analyzed", + "cisaExploitAdd": "2024-03-05", + "cisaActionDue": "2024-03-26", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Sunhillo SureLine OS Command Injection Vulnerablity", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21237.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21237.json index 6e8379ba7ad..59e0194b789 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21237.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21237.json @@ -2,8 +2,12 @@ "id": "CVE-2023-21237", "sourceIdentifier": "security@android.com", "published": "2023-06-28T18:15:16.560", - "lastModified": "2023-07-06T13:06:10.137", + "lastModified": "2024-03-06T02:00:02.080", "vulnStatus": "Analyzed", + "cisaExploitAdd": "2024-03-05", + "cisaActionDue": "2024-03-26", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Android Pixel Information Disclosure Vulnerability ", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-336xx/CVE-2023-33677.json b/CVE-2023/CVE-2023-336xx/CVE-2023-33677.json new file mode 100644 index 00000000000..10913387fb4 --- /dev/null +++ b/CVE-2023/CVE-2023-336xx/CVE-2023-33677.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-33677", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T01:15:06.960", + "lastModified": "2024-03-06T01:15:06.960", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at \"?page=items/view&id=*\"." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://wwwsourcecodestercom.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49971.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49971.json new file mode 100644 index 00000000000..b37089f5b0a --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49971.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49971", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T01:15:07.017", + "lastModified": "2024-03-06T01:15:07.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/geraldoalcantara/CVE-2023-49971", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49973.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49973.json new file mode 100644 index 00000000000..cb88391f803 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49973.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49973", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T01:15:07.063", + "lastModified": "2024-03-06T01:15:07.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/geraldoalcantara/CVE-2023-49973", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49974.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49974.json new file mode 100644 index 00000000000..484c9463c19 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49974.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49974", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T01:15:07.103", + "lastModified": "2024-03-06T01:15:07.103", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/geraldoalcantara/CVE-2023-49974", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49976.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49976.json new file mode 100644 index 00000000000..ad9b6faede1 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49976.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49976", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T01:15:07.147", + "lastModified": "2024-03-06T01:15:07.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/geraldoalcantara/CVE-2023-49976", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49977.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49977.json new file mode 100644 index 00000000000..37154e64ac7 --- /dev/null +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49977.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-49977", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-06T01:15:07.187", + "lastModified": "2024-03-06T01:15:07.187", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/geraldoalcantara/CVE-2023-49977", + "source": "cve@mitre.org" + }, + { + "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1220.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1220.json new file mode 100644 index 00000000000..e686ee70d49 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1220.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1220", + "sourceIdentifier": "psirt@moxa.com", + "published": "2024-03-06T02:15:44.810", + "lastModified": "2024-03-06T02:15:44.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@moxa.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@moxa.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-238975-nport-w2150a-w2250a-series-web-server-stack-based-buffer-overflow-vulnerability", + "source": "psirt@moxa.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1938.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1938.json index 4dc8c1f4e8e..090b57ca897 100644 --- a/CVE-2024/CVE-2024-19xx/CVE-2024-1938.json +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1938.json @@ -2,7 +2,7 @@ "id": "CVE-2024-1938", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-02-29T01:43:57.600", - "lastModified": "2024-03-03T02:15:49.543", + "lastModified": "2024-03-06T02:15:45.043", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -24,6 +24,10 @@ "url": "https://issues.chromium.org/issues/324596281", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1939.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1939.json index 03192c7da5e..2ed85148a7a 100644 --- a/CVE-2024/CVE-2024-19xx/CVE-2024-1939.json +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1939.json @@ -2,7 +2,7 @@ "id": "CVE-2024-1939", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-02-29T01:43:57.640", - "lastModified": "2024-03-03T02:15:49.607", + "lastModified": "2024-03-06T02:15:45.113", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -24,6 +24,10 @@ "url": "https://issues.chromium.org/issues/323694592", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/", "source": "chrome-cve-admin@google.com" diff --git a/README.md b/README.md index 44392ff7532..769d650a179 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-06T00:56:05.541367+00:00 +2024-03-06T03:00:25.076356+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-06T00:15:52.817000+00:00 +2024-03-06T02:15:45.113000+00:00 ``` ### Last Data Feed Release @@ -23,47 +23,36 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-03-05T01:00:28.260527+00:00 +2024-03-06T01:00:20.248102+00:00 ``` ### Total Number of included CVEs ```plain -240617 +240624 ``` ### CVEs added in the last Commit -Recently added CVEs: `19` +Recently added CVEs: `7` -* [CVE-2023-45289](CVE-2023/CVE-2023-452xx/CVE-2023-45289.json) (`2024-03-05T23:15:07.137`) -* [CVE-2023-45290](CVE-2023/CVE-2023-452xx/CVE-2023-45290.json) (`2024-03-05T23:15:07.210`) -* [CVE-2023-48644](CVE-2023/CVE-2023-486xx/CVE-2023-48644.json) (`2024-03-05T23:15:07.260`) -* [CVE-2023-38944](CVE-2023/CVE-2023-389xx/CVE-2023-38944.json) (`2024-03-06T00:15:52.143`) -* [CVE-2023-38945](CVE-2023/CVE-2023-389xx/CVE-2023-38945.json) (`2024-03-06T00:15:52.247`) -* [CVE-2023-38946](CVE-2023/CVE-2023-389xx/CVE-2023-38946.json) (`2024-03-06T00:15:52.300`) -* [CVE-2023-43318](CVE-2023/CVE-2023-433xx/CVE-2023-43318.json) (`2024-03-06T00:15:52.347`) -* [CVE-2024-24275](CVE-2024/CVE-2024-242xx/CVE-2024-24275.json) (`2024-03-05T23:15:07.520`) -* [CVE-2024-24276](CVE-2024/CVE-2024-242xx/CVE-2024-24276.json) (`2024-03-05T23:15:07.583`) -* [CVE-2024-24278](CVE-2024/CVE-2024-242xx/CVE-2024-24278.json) (`2024-03-05T23:15:07.633`) -* [CVE-2024-24783](CVE-2024/CVE-2024-247xx/CVE-2024-24783.json) (`2024-03-05T23:15:07.683`) -* [CVE-2024-24784](CVE-2024/CVE-2024-247xx/CVE-2024-24784.json) (`2024-03-05T23:15:07.733`) -* [CVE-2024-24785](CVE-2024/CVE-2024-247xx/CVE-2024-24785.json) (`2024-03-05T23:15:07.777`) -* [CVE-2024-24786](CVE-2024/CVE-2024-247xx/CVE-2024-24786.json) (`2024-03-05T23:15:07.820`) -* [CVE-2024-27764](CVE-2024/CVE-2024-277xx/CVE-2024-27764.json) (`2024-03-05T23:15:07.993`) -* [CVE-2024-27765](CVE-2024/CVE-2024-277xx/CVE-2024-27765.json) (`2024-03-05T23:15:08.050`) -* [CVE-2024-22889](CVE-2024/CVE-2024-228xx/CVE-2024-22889.json) (`2024-03-06T00:15:52.633`) -* [CVE-2024-25817](CVE-2024/CVE-2024-258xx/CVE-2024-25817.json) (`2024-03-06T00:15:52.703`) -* [CVE-2024-27278](CVE-2024/CVE-2024-272xx/CVE-2024-27278.json) (`2024-03-06T00:15:52.817`) +* [CVE-2023-33677](CVE-2023/CVE-2023-336xx/CVE-2023-33677.json) (`2024-03-06T01:15:06.960`) +* [CVE-2023-49971](CVE-2023/CVE-2023-499xx/CVE-2023-49971.json) (`2024-03-06T01:15:07.017`) +* [CVE-2023-49973](CVE-2023/CVE-2023-499xx/CVE-2023-49973.json) (`2024-03-06T01:15:07.063`) +* [CVE-2023-49974](CVE-2023/CVE-2023-499xx/CVE-2023-49974.json) (`2024-03-06T01:15:07.103`) +* [CVE-2023-49976](CVE-2023/CVE-2023-499xx/CVE-2023-49976.json) (`2024-03-06T01:15:07.147`) +* [CVE-2023-49977](CVE-2023/CVE-2023-499xx/CVE-2023-49977.json) (`2024-03-06T01:15:07.187`) +* [CVE-2024-1220](CVE-2024/CVE-2024-12xx/CVE-2024-1220.json) (`2024-03-06T02:15:44.810`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `4` -* [CVE-2023-52521](CVE-2023/CVE-2023-525xx/CVE-2023-52521.json) (`2024-03-05T23:15:07.310`) -* [CVE-2023-44186](CVE-2023/CVE-2023-441xx/CVE-2023-44186.json) (`2024-03-06T00:15:52.390`) -* [CVE-2024-24806](CVE-2024/CVE-2024-248xx/CVE-2024-24806.json) (`2024-03-05T23:15:07.867`) +* [CVE-2021-36380](CVE-2021/CVE-2021-363xx/CVE-2021-36380.json) (`2024-03-06T02:00:02.077`) +* [CVE-2023-21237](CVE-2023/CVE-2023-212xx/CVE-2023-21237.json) (`2024-03-06T02:00:02.080`) +* [CVE-2024-1938](CVE-2024/CVE-2024-19xx/CVE-2024-1938.json) (`2024-03-06T02:15:45.043`) +* [CVE-2024-1939](CVE-2024/CVE-2024-19xx/CVE-2024-1939.json) (`2024-03-06T02:15:45.113`) ## Download and Usage