From 59ebb40fccaa1113f5f088459dfe57402e52c69d Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 12 Oct 2024 23:58:18 +0000 Subject: [PATCH] Auto-Update: 2024-10-12T23:55:17.366296+00:00 --- CVE-2024/CVE-2024-99xx/CVE-2024-9903.json | 137 ++++++++++++++++++++++ README.md | 8 +- _state.csv | 3 +- 3 files changed, 143 insertions(+), 5 deletions(-) create mode 100644 CVE-2024/CVE-2024-99xx/CVE-2024-9903.json diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9903.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9903.json new file mode 100644 index 00000000000..0e8bc867723 --- /dev/null +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9903.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-9903", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-12T23:15:11.027", + "lastModified": "2024-10-12T23:15:11.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.2.0. This affects the function fileUpload of the file /admin/File/fileUpload. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The affected product is known with different names like 07FLYCMS, 07FLY-CMS, and 07FlyCRM. It was not possible to reach out to the vendor before assigning a CVE due to a not working mail address." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/DeepMountains/Mirage/blob/main/CVE19-1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280179", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280179", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.421685", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e06ad831bdd..97f495bff67 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-12T16:00:17.161345+00:00 +2024-10-12T23:55:17.366296+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-12T14:15:02.753000+00:00 +2024-10-12T23:15:11.027000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -265441 +265442 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-49193](CVE-2024/CVE-2024-491xx/CVE-2024-49193.json) (`2024-10-12T14:15:02.753`) +- [CVE-2024-9903](CVE-2024/CVE-2024-99xx/CVE-2024-9903.json) (`2024-10-12T23:15:11.027`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index fd2ec036130..5b4824d2d9d 100644 --- a/_state.csv +++ b/_state.csv @@ -261883,7 +261883,7 @@ CVE-2024-4916,0,0,7f9c97d60056af6520ce5e52312d7e3a0a1a6112ce8355fa197ec22854a966 CVE-2024-4917,0,0,6cef1f1b9c67b0bba74556ced18fc262fe370a97a734fa36d53272fcc01b0da0,2024-06-04T19:20:53.527000 CVE-2024-4918,0,0,d46f8a4fb764a0404096a5c058a93218c921ca6c4bf015a8f26430856edda636,2024-05-17T02:40:42.037000 CVE-2024-4919,0,0,c726f606173904c8377395d864d6d1f0bfcdbe8df42cdb4cc2d61ca12557d877,2024-06-04T19:20:53.633000 -CVE-2024-49193,1,1,2851afa7c225e08bb86128aa4f7b999842e89112e2dd59d18a0e218abc776b3b,2024-10-12T14:15:02.753000 +CVE-2024-49193,0,0,2851afa7c225e08bb86128aa4f7b999842e89112e2dd59d18a0e218abc776b3b,2024-10-12T14:15:02.753000 CVE-2024-4920,0,0,fb11a98a98fcee227749c982e12efa14a4a4b18da858cef87f2552ce91a0c62d,2024-05-17T02:40:42.227000 CVE-2024-4921,0,0,1060b5013f8dc8547f0f33cabd337061fb69f6fcf324e5387138007cbeb6a9c1,2024-06-04T19:20:53.730000 CVE-2024-4922,0,0,692b7adcf322621580a484f8f9b29edc18ffd7d0d7aa81554818742dd70afb00,2024-06-20T20:15:20.020000 @@ -265440,3 +265440,4 @@ CVE-2024-9859,0,0,4c2e27e83d096af209ad8d4a7ba60ec60caaadb1032a58969905b29c3c0c3d CVE-2024-9860,0,0,9c9c6a59ce227b8b9c92f258ea8c8577b19c36b99b060db27cd4697c8991bf8d,2024-10-12T03:15:02.757000 CVE-2024-9869,0,0,2195387ef9aab560e210893ad1e9f3295c5808c9d50c0ada4fa1d17778d3d1ae,2024-10-11T15:15:06.500000 CVE-2024-9894,0,0,e4e640fa9b528f08dc5c5d33be8f6b79ae250b3934762a705b5583518e0f59c7,2024-10-12T13:15:13.737000 +CVE-2024-9903,1,1,58f302b12a47dd7ead8fa1f9333271cdf28eca910f8797ea587621aaa127ff01,2024-10-12T23:15:11.027000