From 4946c83ee0290cb578497aa77954843572d877b6 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 30 Mar 2024 11:03:28 +0000 Subject: [PATCH] Auto-Update: 2024-03-30T11:00:37.287447+00:00 --- CVE-2024/CVE-2024-24xx/CVE-2024-2491.json | 47 ++++++++++++ CVE-2024/CVE-2024-30xx/CVE-2024-3085.json | 92 +++++++++++++++++++++++ CVE-2024/CVE-2024-30xx/CVE-2024-3086.json | 92 +++++++++++++++++++++++ README.md | 18 ++--- _state.csv | 17 +++-- 5 files changed, 248 insertions(+), 18 deletions(-) create mode 100644 CVE-2024/CVE-2024-24xx/CVE-2024-2491.json create mode 100644 CVE-2024/CVE-2024-30xx/CVE-2024-3085.json create mode 100644 CVE-2024/CVE-2024-30xx/CVE-2024-3086.json diff --git a/CVE-2024/CVE-2024-24xx/CVE-2024-2491.json b/CVE-2024/CVE-2024-24xx/CVE-2024-2491.json new file mode 100644 index 00000000000..9728ae0c801 --- /dev/null +++ b/CVE-2024/CVE-2024-24xx/CVE-2024-2491.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2491", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-03-30T10:15:07.460", + "lastModified": "2024-03-30T10:15:07.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the *_html_tag* attribute of multiple widgets in all versions up to, and including, 2.7.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3053463/powerpack-lite-for-elementor", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/22c4b981-6135-4c44-aa68-f0d51704a68c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3085.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3085.json new file mode 100644 index 00000000000..1fa6e67e584 --- /dev/null +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3085.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3085", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-30T09:15:22.093", + "lastModified": "2024-03-30T09:15:22.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected is an unknown function of the file /admin/login.php of the component Admin Login Page. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-258678 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_sqli.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.258678", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.258678", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.306958", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3086.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3086.json new file mode 100644 index 00000000000..5bff902b9f2 --- /dev/null +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3086.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3086", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-30T09:15:22.367", + "lastModified": "2024-03-30T09:15:22.367", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in PHPGurukul Emergency Ambulance Hiring Portal 1.0. Affected by this vulnerability is an unknown functionality of the file ambulance-tracking.php of the component Ambulance Tracking Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258679." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dhabaleshwar/Open-Source-Vulnerabilities/blob/main/eahp_rxss.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.258679", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.258679", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.306960", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6a9e0543264..c52205be990 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-30T09:00:37.795791+00:00 +2024-03-30T11:00:37.287447+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-30T08:15:07.510000+00:00 +2024-03-30T10:15:07.460000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -243433 +243436 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `3` -- [CVE-2024-2140](CVE-2024/CVE-2024-21xx/CVE-2024-2140.json) (`2024-03-30T07:15:08.893`) -- [CVE-2024-2141](CVE-2024/CVE-2024-21xx/CVE-2024-2141.json) (`2024-03-30T07:15:09.203`) -- [CVE-2024-2142](CVE-2024/CVE-2024-21xx/CVE-2024-2142.json) (`2024-03-30T07:15:09.513`) -- [CVE-2024-2143](CVE-2024/CVE-2024-21xx/CVE-2024-2143.json) (`2024-03-30T07:15:09.997`) -- [CVE-2024-2144](CVE-2024/CVE-2024-21xx/CVE-2024-2144.json) (`2024-03-30T07:15:10.497`) -- [CVE-2024-2948](CVE-2024/CVE-2024-29xx/CVE-2024-2948.json) (`2024-03-30T08:15:07.330`) -- [CVE-2024-3084](CVE-2024/CVE-2024-30xx/CVE-2024-3084.json) (`2024-03-30T08:15:07.510`) +- [CVE-2024-2491](CVE-2024/CVE-2024-24xx/CVE-2024-2491.json) (`2024-03-30T10:15:07.460`) +- [CVE-2024-3085](CVE-2024/CVE-2024-30xx/CVE-2024-3085.json) (`2024-03-30T09:15:22.093`) +- [CVE-2024-3086](CVE-2024/CVE-2024-30xx/CVE-2024-3086.json) (`2024-03-30T09:15:22.367`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index a5ac0cb2a92..8b9036c345a 100644 --- a/_state.csv +++ b/_state.csv @@ -239838,7 +239838,7 @@ CVE-2024-21395,0,0,f1993dcc4aa6b30f8100a014aabe16306e5164d7170173d986fa0305ec479 CVE-2024-21396,0,0,89247a83900398acb67f829665b4596d2292eee6f6859844049c54511236f48b,2024-02-23T17:41:27.623000 CVE-2024-21397,0,0,513c417ad39d9a2066a289680b245c01e1ceeae2b0ee83f69db302cf1dfa050d,2024-02-23T17:47:25.600000 CVE-2024-21399,0,0,481cce32c9e9a83e040ae50a7ae1201df812aadb50eba52c79fdd8a16608ba2c,2024-02-09T03:00:47.227000 -CVE-2024-2140,1,1,00c3e2168a7c47eb1826eb294f188731562727cf9d049d1cb71be48665026ae2,2024-03-30T07:15:08.893000 +CVE-2024-2140,0,0,00c3e2168a7c47eb1826eb294f188731562727cf9d049d1cb71be48665026ae2,2024-03-30T07:15:08.893000 CVE-2024-21400,0,0,b652fe8c0b6abbaa87372d3f18128a0d3ba6de315b5c8ae76a9b6fb5a5c4dd18,2024-03-12T17:46:17.273000 CVE-2024-21401,0,0,169936f9e80ab8f68930febaec3b03620bcee4c9e21a4a75d7bfbfb87d28264c,2024-02-23T21:06:05.783000 CVE-2024-21402,0,0,3dc7f77c0dcdfcbea6de1ddb879c655a9bcdc8aea8cb1ca9e0fd0e2f41a79092,2024-02-22T18:38:54.443000 @@ -239848,21 +239848,21 @@ CVE-2024-21405,0,0,7b2bcd85f8b75e36055a51e8d6e50e620fbb5da00673d7a82956b2dcc3d7e CVE-2024-21406,0,0,4926f610f67020e143f717a8966dfc594abc79953c895df1691f78cfff880f19,2024-03-01T22:57:15.940000 CVE-2024-21407,0,0,13806882df1727e3bbc8e26b8c7dd4da4315e03da171f9dbf0647863a4d47218,2024-03-21T21:06:06.530000 CVE-2024-21408,0,0,5325218009ff3c8f10a3b9269e4b1c5ec312eb3ea56b73f6a728479c1bad3635,2024-03-21T21:06:09.543000 -CVE-2024-2141,1,1,6ffc21259396265e873a86547783a6cdb4f662061372bc1c4dbf3645578deea3,2024-03-30T07:15:09.203000 +CVE-2024-2141,0,0,6ffc21259396265e873a86547783a6cdb4f662061372bc1c4dbf3645578deea3,2024-03-30T07:15:09.203000 CVE-2024-21410,0,0,bd862af63cde79d77d3d96c08b20eb8ee12ef6b46d7738e8f98c5d9c8af65aee,2024-02-26T21:10:38.713000 CVE-2024-21411,0,0,752b3d730293c266885035a1f030073e3f7456710c29851319bdadbb6794b6d6,2024-03-12T17:46:17.273000 CVE-2024-21412,0,0,6df500642ad441e157d67f1fe17b6dc5155211f5565d89e1eed7797770fe5407,2024-03-07T17:48:58.173000 CVE-2024-21413,0,0,e8b53a5cd4bd3cc4178f808efd349017a89b016f9da30aa2b26e33753aaea59b,2024-02-23T21:04:05.710000 CVE-2024-21418,0,0,ef663b9214de74ab8b1eda2c85169dc13f12218d87536de8a5f4de5236a43541,2024-03-12T17:46:17.273000 CVE-2024-21419,0,0,2b2cb4db09da9495fc2ecf8fae18cde53ce11b6d772c946de837373d3f835c9d,2024-03-12T17:46:17.273000 -CVE-2024-2142,1,1,2baa1be14ea87a7ce70e0e3e17dfb569e87ae981e3997dfc9470e8fa34c8ded6,2024-03-30T07:15:09.513000 +CVE-2024-2142,0,0,2baa1be14ea87a7ce70e0e3e17dfb569e87ae981e3997dfc9470e8fa34c8ded6,2024-03-30T07:15:09.513000 CVE-2024-21420,0,0,4a89fb64b6e21ff3e8e62b1263c75efc47583308c96cfb26d691252d4777d2ed,2024-02-13T18:22:43.577000 CVE-2024-21421,0,0,7f3d201054cbde03fea298b3b62f09a5835e6858ea20c6e60673b54188a987a6,2024-03-12T17:46:17.273000 CVE-2024-21423,0,0,bdd3e5505bf37095cf28502668c3363668037784f8adcb8492701fb6ce5eb572,2024-02-26T13:42:22.567000 CVE-2024-21426,0,0,d393d657fa9631ae4a7e338940f17c59c22b9a1c79406ce6c198e0e929a7ae1b,2024-03-12T17:46:17.273000 CVE-2024-21427,0,0,f2592991e7304b29003b372e68d3f0a5c7232d5b37eb13a43127f77590c861e8,2024-03-12T17:46:17.273000 CVE-2024-21429,0,0,432d3834c625233c5a21b7d14e6b2d92ea43b60981cfe0a7c1e3f6363d4b8242,2024-03-12T17:46:17.273000 -CVE-2024-2143,1,1,8a3b02b64ed809034af3eb8399c73ec5024d4cbd3eb660ceef73c1ce395e0221,2024-03-30T07:15:09.997000 +CVE-2024-2143,0,0,8a3b02b64ed809034af3eb8399c73ec5024d4cbd3eb660ceef73c1ce395e0221,2024-03-30T07:15:09.997000 CVE-2024-21430,0,0,f0323e656bba17b2c286d5c2f562080f05bce6bcbf944452b18cf9b643e389d2,2024-03-12T17:46:17.273000 CVE-2024-21431,0,0,26c4452850a50cb1240e5475bc72713eb6853df62e53111991ad8917b98a91ea,2024-03-12T17:46:17.273000 CVE-2024-21432,0,0,fab8d7290e99771982b5f8cadee12a7229e54e95365bb6c52ca3b2240ad66917,2024-03-12T17:46:17.273000 @@ -239873,7 +239873,7 @@ CVE-2024-21436,0,0,0dd87189c7353c26efcd8b4c46b990b4f91e29fa2912a735a2fd44ab16c87 CVE-2024-21437,0,0,d68d1284ce344470b1e7d6e7ec437e6a811301e250b1bf82bd56ca2589342e67,2024-03-12T17:46:17.273000 CVE-2024-21438,0,0,0984d49fe88902a08e3f8bcc7e2245bb23fd280e9382fbcf6192c69efb734310,2024-03-12T17:46:17.273000 CVE-2024-21439,0,0,27307394f1ffff04a4b85c5411a75da570619f8a3ad6f4da08c2e001914244e1,2024-03-12T17:46:17.273000 -CVE-2024-2144,1,1,f64c0f9437d43b93b69b19c4a347cc382ba1e5cb79a3b9c75bcc71d3c3b01060,2024-03-30T07:15:10.497000 +CVE-2024-2144,0,0,f64c0f9437d43b93b69b19c4a347cc382ba1e5cb79a3b9c75bcc71d3c3b01060,2024-03-30T07:15:10.497000 CVE-2024-21440,0,0,6f61fd68e9deac86867c494212547f54aa54ff0eb7ab6436113da9b0d1135d3e,2024-03-12T17:46:17.273000 CVE-2024-21441,0,0,60ec7a64913922ceeff946bffca3a156dc2df936ff37cc69f9b4248e6770163b,2024-03-12T17:46:17.273000 CVE-2024-21442,0,0,e32988f4a6f4e8b33b6e29cea1f1a0ef77e96b7daa729f5981a98fdcb7c815e2,2024-03-12T17:46:17.273000 @@ -241421,6 +241421,7 @@ CVE-2024-24904,0,0,78ac0ecc337c1c3cf6e2760caf67e88b6e00a19c5576326a3f49c9a71b975 CVE-2024-24905,0,0,0364517ab894b73bf8c30cbe20b80273a93d4e9e263ab05b98b6931e08025cbd,2024-03-01T15:23:36.177000 CVE-2024-24906,0,0,b228b1520570950c7c3e86ac4523299ab67e1d327a9c2256213093954d2009dd,2024-03-01T14:04:04.827000 CVE-2024-24907,0,0,10281c2cdefacd19bcde83af128428b7182a3d780a05c7b0d1630f2ada3f8271,2024-03-01T15:23:36.177000 +CVE-2024-2491,1,1,3a2cac36f3611f311c24b6e56ab4a32260a4f518dc4c29962fdd8b96ee6c7d9f,2024-03-30T10:15:07.460000 CVE-2024-24920,0,0,0c6e0a299c3dcb3e2c9c47cd3391320c9c9126b8fcb7683d54f65bff941cba09,2024-02-13T14:01:00.987000 CVE-2024-24921,0,0,2756f13f54e6771800d4e52f7442498e73a8fe2b3f97e730b1c320dbcf7f624d,2024-02-13T14:01:00.987000 CVE-2024-24922,0,0,680b15f3fa23668c58f8fb97e1903f0bb50dd4180870bdd41f68c0313884ae2b,2024-02-13T14:01:00.987000 @@ -243047,7 +243048,7 @@ CVE-2024-29471,0,0,82d45a5ffd79414ce139218b143945b76a967fb1502a8005b616153a32c45 CVE-2024-29472,0,0,8914457096a81cfec257e1932986907f8b2f25a966f10c0d7629905ec24b0f86,2024-03-21T12:58:51.093000 CVE-2024-29473,0,0,2dcbe7e94767e08f46a9353b62d8f30da500a221f5affb32fc9ef958cfff985b,2024-03-21T12:58:51.093000 CVE-2024-29474,0,0,cd74b93fedbacc13ab911c0f2a2b89e07d9e578953f3b262ce40503b72930e98,2024-03-21T12:58:51.093000 -CVE-2024-2948,1,1,a4fcee96ac543a16a7c4648e47d99e7d01a8481e14063944ded2893728590958,2024-03-30T08:15:07.330000 +CVE-2024-2948,0,0,a4fcee96ac543a16a7c4648e47d99e7d01a8481e14063944ded2893728590958,2024-03-30T08:15:07.330000 CVE-2024-29489,0,0,b53e28436eacd43712154645616899ea4ad86f89638685c2d1c1f1bd71a439fa,2024-03-29T12:45:02.937000 CVE-2024-29499,0,0,bc8db29a97bf5517e5213278d0d5f5ecdec4b51f00adea3262848d25f6e735bc,2024-03-22T19:02:10.300000 CVE-2024-2951,0,0,7025f71f619ebfb5f00b29e3d72fe62bb5f0ea0dbfe92a58b33e63352aa0779c,2024-03-27T12:29:41.530000 @@ -243417,7 +243418,9 @@ CVE-2024-30645,0,0,88b4c3396d5e0adacc93f28d39da5928d08265f1211f6c05c1d8690fd0f03 CVE-2024-3077,0,0,764729ebf4e3dc3c20da54caae721047879db4db5e2887f4d077635ba39ad95a,2024-03-29T12:45:02.937000 CVE-2024-3078,0,0,07ca6090eecfc88a41afb186ab370517deca7caa0d1280cb8ed031f58d59e15a,2024-03-29T13:28:22.880000 CVE-2024-3081,0,0,dffc68d1388aac08d9d9a9d84e2f2854f24235b2dd8bd2e907a0a195e3c85f14,2024-03-29T15:15:14.657000 -CVE-2024-3084,1,1,feb04b6812a124315d1816b70ccdcdd41a89f3d42f26905fef1bc9732a4ee86a,2024-03-30T08:15:07.510000 +CVE-2024-3084,0,0,feb04b6812a124315d1816b70ccdcdd41a89f3d42f26905fef1bc9732a4ee86a,2024-03-30T08:15:07.510000 +CVE-2024-3085,1,1,f189393abcf3f39030a0b0c96f6cb9307d0bf6deb0ef88912d8e876c4692bd1c,2024-03-30T09:15:22.093000 +CVE-2024-3086,1,1,cc5a01ab88ce423f04c8e499fc5c4ae76ca65b66c37b46eb53fe666ff0b26be5,2024-03-30T09:15:22.367000 CVE-2024-3094,0,0,c6fffd56cf4a81476425ca638ec856baec49e7641b48e65fcf99476d7346527a,2024-03-29T19:15:41.947000 CVE-2024-31032,0,0,f6232fe0ef0534ba6d6e20ea0777fd8892cbb87efba42355deb8d8634b00d21e,2024-03-29T17:15:20.993000 CVE-2024-31061,0,0,3a611478260a969dc7c268c913c4f396b21e3b4ebcb9a4cb4b0ae2a352b58da0,2024-03-28T20:53:20.813000