diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6415.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6415.json new file mode 100644 index 00000000000..dc5603ba50e --- /dev/null +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6415.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-6415", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-06-30T04:15:02.250", + "lastModified": "2024-06-30T04:15:02.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gentle-khaan-c53.notion.site/Self-Reflected-XSS-in-Ingenico-The-Estate-Manager-94b4c85ffe074c6b870a6454f73edaf4?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.270001", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.270001", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.362344", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index cf767477001..b0e2f7c6637 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-30T04:00:36.121844+00:00 +2024-06-30T06:00:39.792483+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-30T03:15:02.223000+00:00 +2024-06-30T04:15:02.250000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -255499 +255500 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-6414](CVE-2024/CVE-2024-64xx/CVE-2024-6414.json) (`2024-06-30T03:15:02.223`) +- [CVE-2024-6415](CVE-2024/CVE-2024-64xx/CVE-2024-6415.json) (`2024-06-30T04:15:02.250`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-39828](CVE-2024/CVE-2024-398xx/CVE-2024-39828.json) (`2024-06-30T02:15:02.267`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 9954fe8eec5..5593dd60cdd 100644 --- a/_state.csv +++ b/_state.csv @@ -253868,7 +253868,7 @@ CVE-2024-3974,0,0,30b94b89b01dd2c6057362330f67dc78937f3f3edffa0c5a57e7602f711f91 CVE-2024-3977,0,0,e9f44416847592725fc2cd47ffed9c743bca75989a5c2d940c73903d22d68b79,2024-06-17T12:42:04.623000 CVE-2024-3978,0,0,338ec55d360d0ecf1dfe595690a2d37e24aa4129fa5a75aae324bfa31cd2fe9a,2024-06-17T12:42:04.623000 CVE-2024-3979,0,0,4ac2126fe63098861061c1ed3772b0712449f42e64a5481492de94fd61a5b947,2024-06-06T20:15:14.127000 -CVE-2024-39828,0,1,31eb2167fecbbda5642dedf4e55fff8a0662863869bac939f242b14fecd9254f,2024-06-30T02:15:02.267000 +CVE-2024-39828,0,0,31eb2167fecbbda5642dedf4e55fff8a0662863869bac939f242b14fecd9254f,2024-06-30T02:15:02.267000 CVE-2024-3984,0,0,bee410e9bf0342c5ecf3886d76050e2314329db97e17f53f9285ff32a0d9ee8f,2024-06-20T12:44:01.637000 CVE-2024-39840,0,0,047d979b2fcf1a9830727be1cf5cfab778c9f98b8c6748424d91100231c8b67f,2024-06-29T17:15:09.857000 CVE-2024-39846,0,0,cffd1230dd7435c26d95c325c5366a1ccd985a2f9e414d529e3af68882ee9e83,2024-06-29T21:15:09.917000 @@ -255497,4 +255497,5 @@ CVE-2024-6388,0,0,e641c9d869769d4291da87145b48d15b4f200c046d6b100142bc686375a847 CVE-2024-6402,0,0,4ab71895b3368bd1544211088d3abf700d4f701c214f7ecf3c60b7d176fc2603,2024-06-28T17:15:03.810000 CVE-2024-6403,0,0,429dfb36ed402b9131ff77942437fb1a517bdb7d9c4bc0d98800d5561627779c,2024-06-28T17:15:04.140000 CVE-2024-6405,0,0,038b14279ce0315b7a8980b7821f46591d9e467d7f65f841d288ca599d5003a6,2024-06-29T02:15:02.223000 -CVE-2024-6414,1,1,70b26d50e267b67a07d9bb4b9f1c84966b1a8bfb20d759370cc1a093ba5f1259,2024-06-30T03:15:02.223000 +CVE-2024-6414,0,0,70b26d50e267b67a07d9bb4b9f1c84966b1a8bfb20d759370cc1a093ba5f1259,2024-06-30T03:15:02.223000 +CVE-2024-6415,1,1,62e9973ee32aafad192ff857247035567ab1ac1ef13febe846fa28737426c3a2,2024-06-30T04:15:02.250000