Auto-Update: 2024-03-06T03:00:25.076356+00:00

CVE-2021/CVE-2021-363xx/CVE-2021-36380.json

@@ -2,8 +2,12 @@
   "id": "CVE-2021-36380",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2021-08-13T16:15:07.607",
-  "lastModified": "2021-08-27T19:31:24.283",
+  "lastModified": "2024-03-06T02:00:02.077",
   "vulnStatus": "Analyzed",
+  "cisaExploitAdd": "2024-03-05",
+  "cisaActionDue": "2024-03-26",
+  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+  "cisaVulnerabilityName": "Sunhillo SureLine OS Command Injection Vulnerablity",
   "descriptions": [
     {
       "lang": "en",

CVE-2023/CVE-2023-212xx/CVE-2023-21237.json

@@ -2,8 +2,12 @@
   "id": "CVE-2023-21237",
   "sourceIdentifier": "security@android.com",
   "published": "2023-06-28T18:15:16.560",
-  "lastModified": "2023-07-06T13:06:10.137",
+  "lastModified": "2024-03-06T02:00:02.080",
   "vulnStatus": "Analyzed",
+  "cisaExploitAdd": "2024-03-05",
+  "cisaActionDue": "2024-03-26",
+  "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
+  "cisaVulnerabilityName": "Android Pixel Information Disclosure Vulnerability ",
   "descriptions": [
     {
       "lang": "en",

CVE-2023/CVE-2023-336xx/CVE-2023-33677.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-33677",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-06T01:15:06.960",
+  "lastModified": "2024-03-06T01:15:06.960",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at \"?page=items/view&id=*\"."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://wwwsourcecodestercom.com",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/ASR511-OO7/CVE-2023-33677/blob/main/CVE-29",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-499xx/CVE-2023-49971.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49971",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-06T01:15:07.017",
+  "lastModified": "2024-03-06T01:15:07.017",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customer_support/index.php?page=customer_list."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49971",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-499xx/CVE-2023-49973.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49973",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-06T01:15:07.063",
+  "lastModified": "2024-03-06T01:15:07.063",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customer_support/index.php?page=customer_list."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49973",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-499xx/CVE-2023-49974.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49974",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-06T01:15:07.103",
+  "lastModified": "2024-03-06T01:15:07.103",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customer_support/index.php?page=customer_list."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49974",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-499xx/CVE-2023-49976.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49976",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-06T01:15:07.147",
+  "lastModified": "2024-03-06T01:15:07.147",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customer_support/index.php?page=new_ticket."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49976",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-499xx/CVE-2023-49977.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49977",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-06T01:15:07.187",
+  "lastModified": "2024-03-06T01:15:07.187",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A cross-site scripting (XSS) vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customer_support/index.php?page=new_customer."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49977",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-12xx/CVE-2024-1220.json

@@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-1220",
+  "sourceIdentifier": "psirt@moxa.com",
+  "published": "2024-03-06T02:15:44.810",
+  "lastModified": "2024-03-06T02:15:44.810",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service.\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@moxa.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@moxa.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.moxa.com/en/support/product-support/security-advisory/mpsa-238975-nport-w2150a-w2250a-series-web-server-stack-based-buffer-overflow-vulnerability",
+      "source": "psirt@moxa.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-19xx/CVE-2024-1938.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-1938",
   "sourceIdentifier": "chrome-cve-admin@google.com",
   "published": "2024-02-29T01:43:57.600",
-  "lastModified": "2024-03-03T02:15:49.543",
+  "lastModified": "2024-03-06T02:15:45.043",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
@@ -24,6 +24,10 @@
       "url": "https://issues.chromium.org/issues/324596281",
       "source": "chrome-cve-admin@google.com"
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/",
+      "source": "chrome-cve-admin@google.com"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/",
       "source": "chrome-cve-admin@google.com"

CVE-2024/CVE-2024-19xx/CVE-2024-1939.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-1939",
   "sourceIdentifier": "chrome-cve-admin@google.com",
   "published": "2024-02-29T01:43:57.640",
-  "lastModified": "2024-03-03T02:15:49.607",
+  "lastModified": "2024-03-06T02:15:45.113",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
@@ -24,6 +24,10 @@
       "url": "https://issues.chromium.org/issues/323694592",
       "source": "chrome-cve-admin@google.com"
     },
+    {
+      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/",
+      "source": "chrome-cve-admin@google.com"
+    },
     {
       "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/",
       "source": "chrome-cve-admin@google.com"

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-03-06T00:56:05.541367+00:00
+2024-03-06T03:00:25.076356+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-03-06T00:15:52.817000+00:00
+2024-03-06T02:15:45.113000+00:00
 ```
 
 ### Last Data Feed Release
@@ -23,47 +23,36 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
 
 ```plain
-2024-03-05T01:00:28.260527+00:00
+2024-03-06T01:00:20.248102+00:00
 ```
 
 ### Total Number of included CVEs
 
 ```plain
-240617
+240624
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `19`
+Recently added CVEs: `7`
 
-* [CVE-2023-45289](CVE-2023/CVE-2023-452xx/CVE-2023-45289.json) (`2024-03-05T23:15:07.137`)
-* [CVE-2023-45290](CVE-2023/CVE-2023-452xx/CVE-2023-45290.json) (`2024-03-05T23:15:07.210`)
-* [CVE-2023-48644](CVE-2023/CVE-2023-486xx/CVE-2023-48644.json) (`2024-03-05T23:15:07.260`)
-* [CVE-2023-38944](CVE-2023/CVE-2023-389xx/CVE-2023-38944.json) (`2024-03-06T00:15:52.143`)
-* [CVE-2023-38945](CVE-2023/CVE-2023-389xx/CVE-2023-38945.json) (`2024-03-06T00:15:52.247`)
-* [CVE-2023-38946](CVE-2023/CVE-2023-389xx/CVE-2023-38946.json) (`2024-03-06T00:15:52.300`)
-* [CVE-2023-43318](CVE-2023/CVE-2023-433xx/CVE-2023-43318.json) (`2024-03-06T00:15:52.347`)
-* [CVE-2024-24275](CVE-2024/CVE-2024-242xx/CVE-2024-24275.json) (`2024-03-05T23:15:07.520`)
-* [CVE-2024-24276](CVE-2024/CVE-2024-242xx/CVE-2024-24276.json) (`2024-03-05T23:15:07.583`)
-* [CVE-2024-24278](CVE-2024/CVE-2024-242xx/CVE-2024-24278.json) (`2024-03-05T23:15:07.633`)
-* [CVE-2024-24783](CVE-2024/CVE-2024-247xx/CVE-2024-24783.json) (`2024-03-05T23:15:07.683`)
-* [CVE-2024-24784](CVE-2024/CVE-2024-247xx/CVE-2024-24784.json) (`2024-03-05T23:15:07.733`)
-* [CVE-2024-24785](CVE-2024/CVE-2024-247xx/CVE-2024-24785.json) (`2024-03-05T23:15:07.777`)
-* [CVE-2024-24786](CVE-2024/CVE-2024-247xx/CVE-2024-24786.json) (`2024-03-05T23:15:07.820`)
-* [CVE-2024-27764](CVE-2024/CVE-2024-277xx/CVE-2024-27764.json) (`2024-03-05T23:15:07.993`)
-* [CVE-2024-27765](CVE-2024/CVE-2024-277xx/CVE-2024-27765.json) (`2024-03-05T23:15:08.050`)
-* [CVE-2024-22889](CVE-2024/CVE-2024-228xx/CVE-2024-22889.json) (`2024-03-06T00:15:52.633`)
-* [CVE-2024-25817](CVE-2024/CVE-2024-258xx/CVE-2024-25817.json) (`2024-03-06T00:15:52.703`)
-* [CVE-2024-27278](CVE-2024/CVE-2024-272xx/CVE-2024-27278.json) (`2024-03-06T00:15:52.817`)
+* [CVE-2023-33677](CVE-2023/CVE-2023-336xx/CVE-2023-33677.json) (`2024-03-06T01:15:06.960`)
+* [CVE-2023-49971](CVE-2023/CVE-2023-499xx/CVE-2023-49971.json) (`2024-03-06T01:15:07.017`)
+* [CVE-2023-49973](CVE-2023/CVE-2023-499xx/CVE-2023-49973.json) (`2024-03-06T01:15:07.063`)
+* [CVE-2023-49974](CVE-2023/CVE-2023-499xx/CVE-2023-49974.json) (`2024-03-06T01:15:07.103`)
+* [CVE-2023-49976](CVE-2023/CVE-2023-499xx/CVE-2023-49976.json) (`2024-03-06T01:15:07.147`)
+* [CVE-2023-49977](CVE-2023/CVE-2023-499xx/CVE-2023-49977.json) (`2024-03-06T01:15:07.187`)
+* [CVE-2024-1220](CVE-2024/CVE-2024-12xx/CVE-2024-1220.json) (`2024-03-06T02:15:44.810`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `3`
+Recently modified CVEs: `4`
 
-* [CVE-2023-52521](CVE-2023/CVE-2023-525xx/CVE-2023-52521.json) (`2024-03-05T23:15:07.310`)
-* [CVE-2023-44186](CVE-2023/CVE-2023-441xx/CVE-2023-44186.json) (`2024-03-06T00:15:52.390`)
-* [CVE-2024-24806](CVE-2024/CVE-2024-248xx/CVE-2024-24806.json) (`2024-03-05T23:15:07.867`)
+* [CVE-2021-36380](CVE-2021/CVE-2021-363xx/CVE-2021-36380.json) (`2024-03-06T02:00:02.077`)
+* [CVE-2023-21237](CVE-2023/CVE-2023-212xx/CVE-2023-21237.json) (`2024-03-06T02:00:02.080`)
+* [CVE-2024-1938](CVE-2024/CVE-2024-19xx/CVE-2024-1938.json) (`2024-03-06T02:15:45.043`)
+* [CVE-2024-1939](CVE-2024/CVE-2024-19xx/CVE-2024-1939.json) (`2024-03-06T02:15:45.113`)
 
 
 ## Download and Usage