Auto-Update: 2024-08-20T12:00:17.875105+00:00

2025-07-11 16:13:34 +00:00 · 2024-08-20 12:03:14 +00:00 · 2024-08-20 12:03:14 +00:00 · 47ef3da4fa
commit 47ef3da4fa
parent b8b934409d
7 changed files with 217 additions and 17 deletions
--- a/CVE-2020/CVE-2020-73xx/CVE-2020-7357.json
+++ b/CVE-2020/CVE-2020-73xx/CVE-2020-7357.json
@ -2,7 +2,7 @@
  "id": "CVE-2020-7357",
  "sourceIdentifier": "cve@rapid7.com",
  "published": "2020-08-06T16:15:13.670",
-  "lastModified": "2023-07-27T13:31:55.497",
+  "lastModified": "2024-08-20T11:54:57.010",
  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
@ -116,8 +116,8 @@
          "cpeMatch": [
            {
              "vulnerable": false,
-              "criteria": "cpe:2.3:h:cayintech:cms-se:-:*:*:*:*:*:*:*",
+              "criteria": "cpe:2.3:a:cayintech:cms-se:-:*:*:*:*:*:*:*",
-              "matchCriteriaId": "8AE249CD-C688-48F5-98ED-8F9733F316D0"
+              "matchCriteriaId": "F24E3257-5F03-4379-BF2F-C524CF5256F7"
            }
          ]
        },
@ -143,8 +143,8 @@
          "cpeMatch": [
            {
              "vulnerable": false,
-              "criteria": "cpe:2.3:h:cayintech:cms-se:-:*:*:*:*:*:*:*",
+              "criteria": "cpe:2.3:a:cayintech:cms-se:-:*:*:*:*:*:*:*",
-              "matchCriteriaId": "8AE249CD-C688-48F5-98ED-8F9733F316D0"
+              "matchCriteriaId": "F24E3257-5F03-4379-BF2F-C524CF5256F7"
            }
          ]
        },
@ -170,8 +170,8 @@
          "cpeMatch": [
            {
              "vulnerable": false,
-              "criteria": "cpe:2.3:h:cayintech:cms-se:-:*:*:*:*:*:*:*",
+              "criteria": "cpe:2.3:a:cayintech:cms-se:-:*:*:*:*:*:*:*",
-              "matchCriteriaId": "8AE249CD-C688-48F5-98ED-8F9733F316D0"
+              "matchCriteriaId": "F24E3257-5F03-4379-BF2F-C524CF5256F7"
            }
          ]
        },
--- a/CVE-2024/CVE-2024-216xx/CVE-2024-21689.json
+++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21689.json
@ -0,0 +1,48 @@
 {
  "id": "CVE-2024-21689",
  "sourceIdentifier": "security@atlassian.com",
  "published": "2024-08-20T10:15:04.103",
  "lastModified": "2024-08-20T10:15:04.103",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "This High severity RCE (Remote Code Execution) vulnerability CVE-2024-21689\u00a0 was introduced in versions 9.1.0, 9.2.0, 9.3.0, 9.4.0, 9.5.0, and 9.6.0 of Bamboo Data Center and Server.\r\n\r\nThis RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.6, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction.\r\n\r\nAtlassian recommends that Bamboo Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:\r\n Bamboo Data Center and Server 9.2: Upgrade to a release greater than or equal to 9.2.17\r\n\r\n Bamboo Data Center and Server 9.6: Upgrade to a release greater than or equal to 9.6.5\r\n\r\nSee the release notes ([https://confluence.atlassian.com/bambooreleases/bamboo-release-notes-1189793869.html]). You can download the latest version of Bamboo Data Center and Server from the download center ([https://www.atlassian.com/software/bamboo/download-archives]).\r\n\r\nThis vulnerability was reported via our Bug Bounty program."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "security@atlassian.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.6,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 6.0
      }
    ]
  },
  "references": [
    {
      "url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1431535667",
      "source": "security@atlassian.com"
    },
    {
      "url": "https://jira.atlassian.com/browse/BAM-25858",
      "source": "security@atlassian.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-288xx/CVE-2024-28829.json
+++ b/CVE-2024/CVE-2024-288xx/CVE-2024-28829.json
@ -0,0 +1,82 @@
 {
  "id": "CVE-2024-28829",
  "sourceIdentifier": "security@checkmk.com",
  "published": "2024-08-20T10:15:05.693",
  "lastModified": "2024-08-20T10:15:05.693",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0p12, 2.2.0p32, 2.1.0p47 and 2.0.0 (EOL) allows local users to escalate privileges."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "security@checkmk.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "attackRequirements": "PRESENT",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "vulnerableSystemConfidentiality": "LOW",
          "vulnerableSystemIntegrity": "LOW",
          "vulnerableSystemAvailability": "LOW",
          "subsequentSystemConfidentiality": "HIGH",
          "subsequentSystemIntegrity": "HIGH",
          "subsequentSystemAvailability": "HIGH",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED",
          "baseScore": 5.2,
          "baseSeverity": "MEDIUM"
        }
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@checkmk.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-272"
        },
        {
          "lang": "en",
          "value": "CWE-807"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://checkmk.com/werk/16249",
      "source": "security@checkmk.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-432xx/CVE-2024-43202.json
+++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43202.json
@ -9,6 +9,10 @@
    {
      "lang": "en",
      "value": "Exposure of Remote Code Execution in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue."
    },
    {
      "lang": "es",
      "value": "Exposici\u00f3n de la ejecuci\u00f3n remota de c\u00f3digo en Apache Dolphinscheduler. Este problema afecta a Apache DolphinScheduler: versiones anteriores a 3.2.2. Recomendamos a los usuarios que actualicen Apache DolphinScheduler a la versi\u00f3n 3.2.2, que soluciona el problema."
    }
  ],
  "metrics": {},
--- a/CVE-2024/CVE-2024-70xx/CVE-2024-7054.json
+++ b/CVE-2024/CVE-2024-70xx/CVE-2024-7054.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-7054",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-08-20T11:15:03.540",
  "lastModified": "2024-08-20T11:15:03.540",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Popup Maker \u2013 Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018close_text\u2019 parameter in all versions up to, and including, 1.19.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security@wordfence.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security@wordfence.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://plugins.trac.wordpress.org/changeset/3137126/",
      "source": "security@wordfence.com"
    },
    {
      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/73524687-7703-4912-aad5-2a31122ba9b2?source=cve",
      "source": "security@wordfence.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-08-20T10:00:17.044988+00:00
+2024-08-20T12:00:17.875105+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-08-20T08:15:05.240000+00:00
+2024-08-20T11:54:57.010000+00:00
 ```
 ### Last Data Feed Release
@ -33,21 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-260565
+260568
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `2`
+Recently added CVEs: `3`
- [CVE-2024-38808](CVE-2024/CVE-2024-388xx/CVE-2024-38808.json) (`2024-08-20T08:15:05.023`)
+- [CVE-2024-21689](CVE-2024/CVE-2024-216xx/CVE-2024-21689.json) (`2024-08-20T10:15:04.103`)
- [CVE-2024-43202](CVE-2024/CVE-2024-432xx/CVE-2024-43202.json) (`2024-08-20T08:15:05.240`)
+- [CVE-2024-28829](CVE-2024/CVE-2024-288xx/CVE-2024-28829.json) (`2024-08-20T10:15:05.693`)
 - [CVE-2024-7054](CVE-2024/CVE-2024-70xx/CVE-2024-7054.json) (`2024-08-20T11:15:03.540`)
 ### CVEs modified in the last Commit
-Recently modified CVEs: `0`
+Recently modified CVEs: `2`
 - [CVE-2020-7357](CVE-2020/CVE-2020-73xx/CVE-2020-7357.json) (`2024-08-20T11:54:57.010`)
 - [CVE-2024-43202](CVE-2024/CVE-2024-432xx/CVE-2024-43202.json) (`2024-08-20T08:15:05.240`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -162392,7 +162392,7 @@ CVE-2020-7352,0,0,afc6ee4cf18db2ed0456ede05649052adb58c120b557434e96b16354b7b1a8
 CVE-2020-7354,0,0,f598c4ab4c8e0fc6e1fa1518c897e666502a41063fa43ef22528036e255b8a0e,2020-07-02T14:16:19.047000
 CVE-2020-7355,0,0,21678348c6ab54bd647cb0adf24cbadf80a4e86307a0a93ab682f4751f2d3e81,2020-07-06T18:00:10.870000
 CVE-2020-7356,0,0,c475bcad58cc418896a927dd04fbc402403e3108dc4ff2f5ff0e24a52b9866e9,2020-08-12T13:39:55.297000
-CVE-2020-7357,0,0,b288897b35b6f9f944081380107bc57c623119bd3f9e1f213c1f591f53b2c5ff,2023-07-27T13:31:55.497000
+CVE-2020-7357,0,1,bac4a7276d9f5d71ccc44054da41226cd390aff37577fe9ff7d3f99d691228a5,2024-08-20T11:54:57.010000
 CVE-2020-7358,0,0,d4d7bfd2ece7759444149b05a38b24ed8fd0f90837ce8c52cd20acf0eb7d49a6,2020-09-28T18:36:41.360000
 CVE-2020-7360,0,0,5aa402d7a3007a8bc874c17b9213c25200a862b036297cf2dce435e8b34f5b8f,2020-08-19T21:26:02.727000
 CVE-2020-7361,0,0,714be09efee1b86a48a42c5d0d463785915953295001fd0dd7eec0a6eec0925f,2020-08-10T16:57:02.577000
@ -243934,6 +243934,7 @@ CVE-2024-21684,0,0,59f12a4b04761da303d7e3a40c8e6edc45c41d4945c065d5a0ffea7371041
 CVE-2024-21685,0,0,5660fcc85eb1dde5c65259d6d6205ae74624ad923dcf6470bb4f3577f99d7f00,2024-06-20T12:44:01.637000
 CVE-2024-21686,0,0,4a77c3c56e7b5b00a78de09ce573bf8e0630b6f60379d0ccdce9209c8559bd43,2024-07-17T13:34:20.520000
 CVE-2024-21687,0,0,376ba9a42cfc804d783dd58059d1accf85ade36be58bc6e24e95588c80302a09,2024-08-01T13:46:48.050000
 CVE-2024-21689,1,1,f0f6270ad75f42f9e86f2978ae6cfad32cfccffa4225a56d905159e7cada06df,2024-08-20T10:15:04.103000
 CVE-2024-2169,0,0,25fcbf8b9d7008ea9954a41615969f4d36543f4a604eb878bcc8b4c5c18a9fe0,2024-08-02T17:35:41.760000
 CVE-2024-2170,0,0,758d6332b5fccd657d38a7eddcc769e16fb72e0c1b6514443e29b8614302434a,2024-03-26T12:55:05.010000
 CVE-2024-2171,0,0,e9c79cd9676afcf55166b18cc4887c5a70983811183f36611429f962ee8d8a26,2024-06-07T14:56:05.647000
@ -248838,6 +248839,7 @@ CVE-2024-28825,0,0,2060c8862968982d4a6159b0b62313dec95ecc020293b85f137ce41396383
 CVE-2024-28826,0,0,ccabc68ae1502fb496d2010a22f66c953a12ff1a849372d7235937980a01c570,2024-05-29T13:02:09.280000
 CVE-2024-28827,0,0,30d6d403e5c79dbab459dc4233554203969c32826737ea25dceb545e947896f1,2024-07-11T13:05:54.930000
 CVE-2024-28828,0,0,f569edfaae2cfaafb15d4f5e29614839e3689bfe76be347c8b67efdf6d0be50b,2024-08-07T17:57:38.413000
 CVE-2024-28829,1,1,a7fa399c45c4b30b83fa5874f8d0009a31e3673b80cb4e5fb7a82b85175ff469,2024-08-20T10:15:05.693000
 CVE-2024-2883,0,0,4414164b8fa79ba498c6ddbb6ab7a825d3f0a39397b4604f63f00efe5e5aaa16,2024-07-03T01:53:37.420000
 CVE-2024-28830,0,0,49bb68528483eea32fe70c10feda0199ddfef50b4330a9b74a5779b200dbf298,2024-06-26T12:44:29.693000
 CVE-2024-28831,0,0,8b0cc22b019b2f22717d4926d7f18f8c0f1245da30fda97cee3d4dd670ef131d,2024-06-25T12:24:17.873000
@ -255680,7 +255682,7 @@ CVE-2024-3879,0,0,a6db760401fb215a79d8f48992cc838e1a5c23839a86defd39dd342ef1c5f8
 CVE-2024-38791,0,0,5a7109970d4cb90cfbe2865705276e5511d9a261f6cba475b72302a204ad6517,2024-08-02T12:59:43.990000
 CVE-2024-3880,0,0,6dd5da57a8412b823038a64a32d07af4547e4dfdd637b54b90b4556bfd34431d,2024-06-04T19:20:26
 CVE-2024-38806,0,0,aa1ff0885d521aab036aaf6506258a484aa869322b524482869e0e1df3ac4a48,2024-07-19T13:01:44.567000
-CVE-2024-38808,1,1,bb0e6b8344eeed7e26d70817f6d4edf7cb31c986018adba6a163f9247ea03ce1,2024-08-20T08:15:05.023000
+CVE-2024-38808,0,0,bb0e6b8344eeed7e26d70817f6d4edf7cb31c986018adba6a163f9247ea03ce1,2024-08-20T08:15:05.023000
 CVE-2024-3881,0,0,3699310594a82ce285b52bf9c21755fa8173160a66408c76064512e538b3fcc8,2024-05-17T02:40:10.360000
 CVE-2024-38810,0,0,a603a78d398d7cf9548f67c3689d42cf7b8c56de9aeed74307fe9000f806a658,2024-08-20T04:15:07.993000
 CVE-2024-3882,0,0,8cf286ca42c3a62eccb821d9ac0678dabad594eee248c127390ddaf169987d46,2024-05-17T02:40:10.457000
@ -257759,7 +257761,7 @@ CVE-2024-4318,0,0,7b0a62dc8691f5e6f2210e7e19a78c6d4d5c9f053f662e7593a96cdc8c097a
 CVE-2024-4319,0,0,7ca0245a01df3d5ced472265b32f90c6f6a22a37af3715d5589379ecac1f6a24,2024-06-11T13:54:12.057000
 CVE-2024-43199,0,0,94150f8459e19abf18625a946d8a507867275817cd3d9928084030fcb7fa8330,2024-08-12T12:59:48.253000
 CVE-2024-4320,0,0,f21f873c3bfeb896c071276000f6bbe2ae4420d2f2c3184178334c98a666705b,2024-06-07T14:56:05.647000
-CVE-2024-43202,1,1,4cf9bfa865550a52f74779e98db41652bb1dd380f1d824e207021d345fe4b972,2024-08-20T08:15:05.240000
+CVE-2024-43202,0,1,403cde958a51af9acc480f0f95630c40baab10f0bbf6cb2b53237e18afff9101,2024-08-20T08:15:05.240000
 CVE-2024-43207,0,0,e22c5710770b6cfc075b06ecdaad97a6d82c458382d84efdd62d5cddbde66f6b,2024-08-19T12:59:59.177000
 CVE-2024-4321,0,0,9cab2a859d144dd765da27aaa03d49bb12083c0b11abfa900a9b065f4ea718e1,2024-05-16T13:03:05.353000
 CVE-2024-43210,0,0,38b1ddd569737ddf84a414c75c09c54bffe5570d779b3b2b7d84160c7c88ff6c,2024-08-13T12:58:25.437000
@ -260045,6 +260047,7 @@ CVE-2024-7029,0,0,5175bec03cf7f2378284f608514536d153bc0fcc9978511b168a2887b7029c
 CVE-2024-7031,0,0,4808703a4cd0b97f67a773c5f222b01d69a2fff387801423358b3ea99670c83a,2024-08-05T12:41:45.957000
 CVE-2024-7047,0,0,c626b8092c8533dfe4198c51e8e35d5946df1ed097b6fb1d01ca755685dc1b0d,2024-07-25T12:36:39.947000
 CVE-2024-7050,0,0,f402c0a89ba2917236fe6639793bd54ee4751807250eba7a4dde84d4a362ffd7,2024-07-29T14:12:08.783000
 CVE-2024-7054,1,1,43918e4682eea2254587dd6be24c57fd33f0a630b01e2ccb4238160b7399ff51,2024-08-20T11:15:03.540000
 CVE-2024-7055,0,0,b0e8b0793ccc61abbc70699af6d91421241877ab1f640f57d490cff121ecbcd0,2024-08-06T16:30:24.547000
 CVE-2024-7057,0,0,e86292da776d8c2eee12db885a241ac453174252cdfea8e6058f6d373bd4dc19,2024-07-25T12:36:39.947000
 CVE-2024-7060,0,0,2e0c92013c1ddde1bca0ad9e62aa50d23e69e1a598796a2170f54fccf61e7f4b,2024-07-25T12:36:39.947000