admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-13T22:00:16.899394+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-13 22:03:18 +00:00
parent 1c5c3d7e2e
commit 4a1fa4c805
6 changed files with 405 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
CVE-2024/CVE-2024-70xx/CVE-2024-7099.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-7099",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-13T21:15:10.957",
"lastModified": "2024-10-13T21:15:10.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "netease-youdao/qanything version 1.4.1 contains a vulnerability where unsafe data obtained from user input is concatenated in SQL queries, leading to SQL injection. The affected functions include `get_knowledge_base_name`, `from_status_to_status`, `delete_files`, and `get_file_by_status`. An attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially stealing information from the database. The issue is fixed in version 1.4.2."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/netease-youdao/qanything/commit/a87354f09d93e95350fb45eb343dc75454387554",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/bc98983e-06cc-4a4b-be01-67e5010cb2c1",
"source": "security@huntr.dev"
}
]
}

56
CVE-2024/CVE-2024-80xx/CVE-2024-8070.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-8070",
"sourceIdentifier": "cybersecurity@se.com",
"published": "2024-10-13T20:15:03.360",
"lastModified": "2024-10-13T20:15:03.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test\ncredentials in the firmware binary"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cybersecurity@se.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "cybersecurity@se.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-04&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-04.pdf",
"source": "cybersecurity@se.com"
}
]
}

137
CVE-2024/CVE-2024-99xx/CVE-2024-9917.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-9917",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-13T20:15:03.593",
"lastModified": "2024-10-13T20:15:03.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in HuangDou UTCMS V9. This affects an unknown part of the file app/modules/ut-template/admin/template_creat.php. The manipulation of the argument content leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://github.com/DeepMountains/zzz/blob/main/CVE5-2.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.280245",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.280245",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.418749",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2024/CVE-2024-99xx/CVE-2024-9918.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-9918",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-13T20:15:03.853",
"lastModified": "2024-10-13T20:15:03.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in HuangDou UTCMS V9 and classified as critical. This vulnerability affects the function RunSql of the file app/modules/ut-data/admin/sql.php. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/DeepMountains/zzz/blob/main/CVE5-3.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.280246",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.280246",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.418750",
"source": "cna@vuldb.com"
}
]
}

14
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-10-13T20:00:17.036047+00:00
2024-10-13T22:00:16.899394+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-10-13T19:15:11.240000+00:00
2024-10-13T21:15:10.957000+00:00
```
### Last Data Feed Release
@ -33,17 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
265456
265460
```
### CVEs added in the last Commit
Recently added CVEs: `4`
- [CVE-2024-9913](CVE-2024/CVE-2024-99xx/CVE-2024-9913.json) (`2024-10-13T18:15:02.807`)
- [CVE-2024-9914](CVE-2024/CVE-2024-99xx/CVE-2024-9914.json) (`2024-10-13T18:15:03.090`)
- [CVE-2024-9915](CVE-2024/CVE-2024-99xx/CVE-2024-9915.json) (`2024-10-13T19:15:10.963`)
- [CVE-2024-9916](CVE-2024/CVE-2024-99xx/CVE-2024-9916.json) (`2024-10-13T19:15:11.240`)
- [CVE-2024-7099](CVE-2024/CVE-2024-70xx/CVE-2024-7099.json) (`2024-10-13T21:15:10.957`)
- [CVE-2024-8070](CVE-2024/CVE-2024-80xx/CVE-2024-8070.json) (`2024-10-13T20:15:03.360`)
- [CVE-2024-9917](CVE-2024/CVE-2024-99xx/CVE-2024-9917.json) (`2024-10-13T20:15:03.593`)
- [CVE-2024-9918](CVE-2024/CVE-2024-99xx/CVE-2024-9918.json) (`2024-10-13T20:15:03.853`)
### CVEs modified in the last Commit

12
_state.csv
View File

@ -263727,6 +263727,7 @@ CVE-2024-7092,0,0,e9e7e1c22eeddb38238cff178e26d1e84cd16a1ecd7c31190a29d77a32325d
CVE-2024-7093,0,0,2af97c55d7ffe283d233de8149da5391663d6c7f2b6f21acff51e16815034b7f,2024-08-02T12:59:43.990000
CVE-2024-7094,0,0,d8ce6991dc787cf1fc8f383d7f348b0cc8c833a282f09c60355b50a58a302aa6,2024-08-13T12:58:25.437000
CVE-2024-7098,0,0,a1c49ab120800ed86f2025110e68f50c456d030c99d6739576f8a1d2cc80570d,2024-09-20T17:14:53.063000
CVE-2024-7099,1,1,3531347402be51141d70d05f6ed07e94b7e707e80ba342b6bf8e71aa90601930,2024-10-13T21:15:10.957000
CVE-2024-7100,0,0,dcfec02e0ae4a6f64f97ae0297c66dfbc0aebe11e663bfc596e9b5b147ad741e,2024-07-30T13:32:45.943000
CVE-2024-7101,0,0,5454c1208509de59c11b3527ed3914e0b9b453785a2425c8a2e412da33d0d539,2024-07-26T12:38:41.683000
CVE-2024-7104,0,0,65dfc462223ed34264e8700eb7e9171b84ef85c656f444224981a91d9956a19c,2024-09-20T14:44:18.010000
@ -264483,6 +264484,7 @@ CVE-2024-8056,0,0,7d94e922f5f6064358baece439e000bb5b536e03070693d567d210e7b17a44
CVE-2024-8059,0,0,bdae740e9708e98c12d1deb7f7b4958a4e9e21cc3d70a47ecc6f19d9246061d0,2024-09-14T11:47:14.677000
CVE-2024-8064,0,0,9afbec42e91ccdf5ae5f9527bb691367cd47bbf3ee2caa0cb5423b43e5fdd860,2024-08-30T16:15:11.120000
CVE-2024-8067,0,0,21c0729ad9dc772677b9fbf75bb24db3bcf4512001a88b1eef9d39bf31f69153,2024-09-26T13:32:02.803000
CVE-2024-8070,1,1,8e18dcc720d55046523b0c48e01e92ac7c82ee71efe03b21badf0f17db57f3fe,2024-10-13T20:15:03.360000
CVE-2024-8071,0,0,ac7c2c7e7df896f6bfe7f17a6e74f8de236e5ec843865384cdf53fde1e533098,2024-08-23T15:34:53.913000
CVE-2024-8072,0,0,08fafb0bed7b0568fefcb8938e0e01cf4acf3cb153d4b847bc3e1d9427344a62,2024-08-22T14:35:18.797000
CVE-2024-8073,0,0,10b7625a2313189ee3b842662d1479fc9c76da034a2ab4b4a904df4cf34a67e5,2024-09-12T20:58:56.413000
@ -265451,7 +265453,9 @@ CVE-2024-9909,0,0,0117d9c3dc8af32fc2bcfba3e6cfeae13b61897a2bc0d83e07f7c55dd96fb7
CVE-2024-9910,0,0,1b159cab4596ebaa2f06d61d8a9081dad9c3a47f61a028b021f4e0d66d7e78a9,2024-10-13T15:15:11.117000
CVE-2024-9911,0,0,ab75a1eaef30299e1437abd4303183b5eceeb1baff2d9cebda9182d534c97c61,2024-10-13T16:15:02.867000
CVE-2024-9912,0,0,c4032b4d1ddb0723ca86b6a33784bf5cebe979dd1cb167b412605db560fa1198,2024-10-13T17:15:10.813000
CVE-2024-9913,1,1,20e6ca337decc94903b1507523437ff803e6ad6ee9098ed5951397a6bec9b500,2024-10-13T18:15:02.807000
CVE-2024-9914,1,1,f6508c276c77826bdc97b76b6e45ac8127da088a72c46c39cf02d074f3026ff0,2024-10-13T18:15:03.090000
CVE-2024-9915,1,1,63e26bd6dda529bb1b35cb19ae962b0ed45afa7922ddadd06d2d3fbacf9244f0,2024-10-13T19:15:10.963000
CVE-2024-9916,1,1,a730a2f771d7ff99d35c7fab951eb613504b99ec32a2fa78db351f9ebbb4bc4a,2024-10-13T19:15:11.240000
CVE-2024-9913,0,0,20e6ca337decc94903b1507523437ff803e6ad6ee9098ed5951397a6bec9b500,2024-10-13T18:15:02.807000
CVE-2024-9914,0,0,f6508c276c77826bdc97b76b6e45ac8127da088a72c46c39cf02d074f3026ff0,2024-10-13T18:15:03.090000
CVE-2024-9915,0,0,63e26bd6dda529bb1b35cb19ae962b0ed45afa7922ddadd06d2d3fbacf9244f0,2024-10-13T19:15:10.963000
CVE-2024-9916,0,0,a730a2f771d7ff99d35c7fab951eb613504b99ec32a2fa78db351f9ebbb4bc4a,2024-10-13T19:15:11.240000
CVE-2024-9917,1,1,b95369e739f1d0e87281f665b0fbe602b511bf4da9ce5a03247e979a67c869de,2024-10-13T20:15:03.593000
CVE-2024-9918,1,1,3b1543a1bc4f2002f8c314cc6d23e587e4e37abb46c87f452c1a1b708c0d1212,2024-10-13T20:15:03.853000

Can't render this file because it is too large.