From 624295e656416f9773e7bf426e3cbecebf935047 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 30 Jun 2024 06:03:33 +0000 Subject: [PATCH] Auto-Update: 2024-06-30T06:00:39.792483+00:00 --- CVE-2024/CVE-2024-64xx/CVE-2024-6415.json | 137 ++++++++++++++++++++++ README.md | 11 +- _state.csv | 5 +- 3 files changed, 145 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-64xx/CVE-2024-6415.json diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6415.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6415.json new file mode 100644 index 00000000000..dc5603ba50e --- /dev/null +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6415.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-6415", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-06-30T04:15:02.250", + "lastModified": "2024-06-30T04:15:02.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-270001 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gentle-khaan-c53.notion.site/Self-Reflected-XSS-in-Ingenico-The-Estate-Manager-94b4c85ffe074c6b870a6454f73edaf4?pvs=4", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.270001", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.270001", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.362344", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index cf767477001..b0e2f7c6637 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-30T04:00:36.121844+00:00 +2024-06-30T06:00:39.792483+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-30T03:15:02.223000+00:00 +2024-06-30T04:15:02.250000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -255499 +255500 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-6414](CVE-2024/CVE-2024-64xx/CVE-2024-6414.json) (`2024-06-30T03:15:02.223`) +- [CVE-2024-6415](CVE-2024/CVE-2024-64xx/CVE-2024-6415.json) (`2024-06-30T04:15:02.250`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-39828](CVE-2024/CVE-2024-398xx/CVE-2024-39828.json) (`2024-06-30T02:15:02.267`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 9954fe8eec5..5593dd60cdd 100644 --- a/_state.csv +++ b/_state.csv @@ -253868,7 +253868,7 @@ CVE-2024-3974,0,0,30b94b89b01dd2c6057362330f67dc78937f3f3edffa0c5a57e7602f711f91 CVE-2024-3977,0,0,e9f44416847592725fc2cd47ffed9c743bca75989a5c2d940c73903d22d68b79,2024-06-17T12:42:04.623000 CVE-2024-3978,0,0,338ec55d360d0ecf1dfe595690a2d37e24aa4129fa5a75aae324bfa31cd2fe9a,2024-06-17T12:42:04.623000 CVE-2024-3979,0,0,4ac2126fe63098861061c1ed3772b0712449f42e64a5481492de94fd61a5b947,2024-06-06T20:15:14.127000 -CVE-2024-39828,0,1,31eb2167fecbbda5642dedf4e55fff8a0662863869bac939f242b14fecd9254f,2024-06-30T02:15:02.267000 +CVE-2024-39828,0,0,31eb2167fecbbda5642dedf4e55fff8a0662863869bac939f242b14fecd9254f,2024-06-30T02:15:02.267000 CVE-2024-3984,0,0,bee410e9bf0342c5ecf3886d76050e2314329db97e17f53f9285ff32a0d9ee8f,2024-06-20T12:44:01.637000 CVE-2024-39840,0,0,047d979b2fcf1a9830727be1cf5cfab778c9f98b8c6748424d91100231c8b67f,2024-06-29T17:15:09.857000 CVE-2024-39846,0,0,cffd1230dd7435c26d95c325c5366a1ccd985a2f9e414d529e3af68882ee9e83,2024-06-29T21:15:09.917000 @@ -255497,4 +255497,5 @@ CVE-2024-6388,0,0,e641c9d869769d4291da87145b48d15b4f200c046d6b100142bc686375a847 CVE-2024-6402,0,0,4ab71895b3368bd1544211088d3abf700d4f701c214f7ecf3c60b7d176fc2603,2024-06-28T17:15:03.810000 CVE-2024-6403,0,0,429dfb36ed402b9131ff77942437fb1a517bdb7d9c4bc0d98800d5561627779c,2024-06-28T17:15:04.140000 CVE-2024-6405,0,0,038b14279ce0315b7a8980b7821f46591d9e467d7f65f841d288ca599d5003a6,2024-06-29T02:15:02.223000 -CVE-2024-6414,1,1,70b26d50e267b67a07d9bb4b9f1c84966b1a8bfb20d759370cc1a093ba5f1259,2024-06-30T03:15:02.223000 +CVE-2024-6414,0,0,70b26d50e267b67a07d9bb4b9f1c84966b1a8bfb20d759370cc1a093ba5f1259,2024-06-30T03:15:02.223000 +CVE-2024-6415,1,1,62e9973ee32aafad192ff857247035567ab1ac1ef13febe846fa28737426c3a2,2024-06-30T04:15:02.250000