diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13135.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13135.json new file mode 100644 index 00000000000..b3486db9e3e --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13135.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13135", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T09:15:05.240", + "lastModified": "2025-01-05T09:15:05.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/twitter.php of the component Subpage Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/emlog/emlog/issues/311", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/emlog/emlog/issues/311#issue-2755404584", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290209", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290209", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.467929", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13136.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13136.json new file mode 100644 index 00000000000..028cf91a660 --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13136.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13136", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T09:15:06.320", + "lastModified": "2025-01-05T09:15:06.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + }, + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wangl1989/mysiteforme/issues/52", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wangl1989/mysiteforme/issues/52#issue-2757682365", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290210", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290210", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.468391", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13137.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13137.json new file mode 100644 index 00000000000..8c177f2d188 --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13137.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13137", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T10:15:06.707", + "lastModified": "2025-01-05T10:15:06.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 2.4, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "baseScore": 3.3, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wangl1989/mysiteforme/issues/54", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wangl1989/mysiteforme/issues/54#issue-2757765372", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290211", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290211", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.468473", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 821417b5fc8..00f511d40c2 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-05T09:00:19.806563+00:00 +2025-01-05T11:00:19.488012+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-05T08:15:05.443000+00:00 +2025-01-05T10:15:06.707000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275723 +275726 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2024-13134](CVE-2024/CVE-2024-131xx/CVE-2024-13134.json) (`2025-01-05T08:15:05.443`) +- [CVE-2024-13135](CVE-2024/CVE-2024-131xx/CVE-2024-13135.json) (`2025-01-05T09:15:05.240`) +- [CVE-2024-13136](CVE-2024/CVE-2024-131xx/CVE-2024-13136.json) (`2025-01-05T09:15:06.320`) +- [CVE-2024-13137](CVE-2024/CVE-2024-131xx/CVE-2024-13137.json) (`2025-01-05T10:15:06.707`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-53241](CVE-2024/CVE-2024-532xx/CVE-2024-53241.json) (`2025-01-05T07:15:05.377`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 0ef7c92ff3b..13e16cbf530 100644 --- a/_state.csv +++ b/_state.csv @@ -245451,7 +245451,10 @@ CVE-2024-13130,0,0,77c4ccc7f4b52a1e0f4e96b60ad35b6a7aa5cc495dbe174abb9f74b15bedf CVE-2024-13131,0,0,95b9a2d6a08f93879d932e041b311c499d3f0e154f510b263af670d8e3f4e617,2025-01-05T03:15:05.690000 CVE-2024-13132,0,0,21d2d0a056783edb04baa7102838e18985529312e228439b1f29de893d6c8fa8,2025-01-05T05:15:06.400000 CVE-2024-13133,0,0,9785e69379d6a0c25057df0e85fe2b0fda922cd10a604d201c02ee6ff38b912f,2025-01-05T05:15:07.507000 -CVE-2024-13134,1,1,bf32841e8233339434384501225db38253b29750f711b67f74a58aecb9e0610e,2025-01-05T08:15:05.443000 +CVE-2024-13134,0,0,bf32841e8233339434384501225db38253b29750f711b67f74a58aecb9e0610e,2025-01-05T08:15:05.443000 +CVE-2024-13135,1,1,9a43452518638b8d25c8090b95d8a1fcf70738bb2886554ca1f52e4a4a6a3c1f,2025-01-05T09:15:05.240000 +CVE-2024-13136,1,1,6a249d76ffb3f851877c6526a17a3f8cb75c7d4e6c345db37f81d84beb0f5b88,2025-01-05T09:15:06.320000 +CVE-2024-13137,1,1,a706682410d196acd863ad5b1cfb7824e74d6ba58ecdb615df00dfd743ce1392,2025-01-05T10:15:06.707000 CVE-2024-1315,0,0,e1f16e3b2be06db6b65befc45bb21c6efb290182d3477c01a71033b0effe0c2a,2024-11-21T08:50:18.373000 CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa7d,2024-11-21T08:50:19.090000 CVE-2024-1317,0,0,a1d296c91e245cb27c998bff4f84250fb1101a61ebac429b7ce35a2ceb239c73,2024-12-31T16:57:11.080000 @@ -270368,7 +270371,7 @@ CVE-2024-53238,0,0,6610e7d3aafebef8985c1159594be7c64b8219149820bb4d4db18a3c87d26 CVE-2024-53239,0,0,2dbcea6108cac685093598ea95a7534dbbbaa2209a1d006a3b3659a533297412,2024-12-27T14:15:32.373000 CVE-2024-5324,0,0,616d1ba80af339308061f2c79fb4da68886ab2b91b97eb35403d14df6efb4acc,2024-11-21T09:47:25.537000 CVE-2024-53240,0,0,9b22f872478d25b1b8d5510910ebb2d032d63f29cc9ff7aa44552f79bec6df78,2024-12-24T10:15:06.460000 -CVE-2024-53241,0,1,a7e121cbe6737ad10ede045c0fde5c0fb585d55680124447ad43e1c369544bc7,2025-01-05T07:15:05.377000 +CVE-2024-53241,0,0,a7e121cbe6737ad10ede045c0fde5c0fb585d55680124447ad43e1c369544bc7,2025-01-05T07:15:05.377000 CVE-2024-53242,0,0,bfcd83cfb5068348e4b0b254067e4992bd35af5c9120fcbf4b785e99c4fb6a44,2024-12-10T14:30:46.700000 CVE-2024-53243,0,0,0055f373ee76668c96d6bfcf8a6f00835a4bd98d186934410e0656653ee7c808,2024-12-10T18:15:41.093000 CVE-2024-53244,0,0,314d52ddee68b7d194db67c48301dcf21a10bd6aaea8b99e26bb6f18d015b1d7,2024-12-10T18:15:41.243000