Auto-Update: 2024-02-23T15:02:05.252259+00:00

CVE-2024/CVE-2024-18xx/CVE-2024-1817.json

@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2024-1817",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-02-23T14:15:44.847",
+  "lastModified": "2024-02-23T14:15:44.847",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 7.5
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-287"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://note.zhaoj.in/share/8gO8yxJ8aN51",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.254605",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.254605",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-265xx/CVE-2024-26594.json

@@ -0,0 +1,36 @@
+{
+  "id": "CVE-2024-26594",
+  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+  "published": "2024-02-23T14:15:45.150",
+  "lastModified": "2024-02-23T14:15:45.150",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: validate mech token in session setup\n\nIf client send invalid mech token in session setup request, ksmbd\nvalidate and make the error if it is invalid."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://git.kernel.org/stable/c/5e6dfec95833edc54c48605a98365a7325e5541e",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/6eb8015492bcc84e40646390e50a862b2c0529c9",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/92e470163d96df8db6c4fa0f484e4a229edb903d",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/a2b21ef1ea4cf632d19b3a7cc4d4245b8e63202a",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    },
+    {
+      "url": "https://git.kernel.org/stable/c/dd1de9268745f0eac83a430db7afc32cbd62e84b",
+      "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-02-23T13:16:34.601185+00:00
+2024-02-23T15:02:05.252259+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-02-23T12:15:46.467000+00:00
+2024-02-23T14:15:45.150000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,26 +29,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-239289
+239291
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `6`
+Recently added CVEs: `2`
 
-* [CVE-2023-24416](CVE-2023/CVE-2023-244xx/CVE-2023-24416.json) (`2024-02-23T12:15:45.990`)
-* [CVE-2024-1360](CVE-2024/CVE-2024-13xx/CVE-2024-1360.json) (`2024-02-23T11:15:08.310`)
-* [CVE-2024-1361](CVE-2024/CVE-2024-13xx/CVE-2024-1361.json) (`2024-02-23T11:15:08.567`)
-* [CVE-2024-1362](CVE-2024/CVE-2024-13xx/CVE-2024-1362.json) (`2024-02-23T11:15:08.750`)
-* [CVE-2024-25915](CVE-2024/CVE-2024-259xx/CVE-2024-25915.json) (`2024-02-23T12:15:46.263`)
-* [CVE-2024-25928](CVE-2024/CVE-2024-259xx/CVE-2024-25928.json) (`2024-02-23T12:15:46.467`)
+* [CVE-2024-1817](CVE-2024/CVE-2024-18xx/CVE-2024-1817.json) (`2024-02-23T14:15:44.847`)
+* [CVE-2024-26594](CVE-2024/CVE-2024-265xx/CVE-2024-26594.json) (`2024-02-23T14:15:45.150`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `0`
 
-* [CVE-2023-50270](CVE-2023/CVE-2023-502xx/CVE-2023-50270.json) (`2024-02-23T11:15:07.823`)
 
 
 ## Download and Usage