From 6d968b89fa391f1903e630bca5ede34729e4f5b5 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 11 Feb 2024 03:00:27 +0000 Subject: [PATCH] Auto-Update: 2024-02-11T03:00:24.185683+00:00 --- CVE-2024/CVE-2024-14xx/CVE-2024-1430.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-237xx/CVE-2024-23724.json | 28 +++++++ README.md | 15 ++-- 3 files changed, 124 insertions(+), 7 deletions(-) create mode 100644 CVE-2024/CVE-2024-14xx/CVE-2024-1430.json create mode 100644 CVE-2024/CVE-2024-237xx/CVE-2024-23724.json diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1430.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1430.json new file mode 100644 index 00000000000..7ffd166e840 --- /dev/null +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1430.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-1430", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-02-11T01:15:07.750", + "lastModified": "2024-02-11T01:15:07.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.5, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/leetsun/Hints/tree/main/R7000/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.253381", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.253381", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23724.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23724.json new file mode 100644 index 00000000000..5009840b4a0 --- /dev/null +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23724.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-23724", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-11T01:15:08.080", + "lastModified": "2024-02-11T01:15:08.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that \"The vendor does not view this as a valid vector.\"" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/TryGhost/Ghost/pull/19646", + "source": "cve@mitre.org" + }, + { + "url": "https://rhinosecuritylabs.com/blog/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 5610f589b37..8c3c73c6138 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-11T00:55:24.193384+00:00 +2024-02-11T03:00:24.185683+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-11T00:15:07.770000+00:00 +2024-02-11T01:15:08.080000+00:00 ``` ### Last Data Feed Release @@ -23,26 +23,27 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-02-10T01:00:28.246433+00:00 +2024-02-11T01:00:28.229916+00:00 ``` ### Total Number of included CVEs ```plain -238108 +238110 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `2` +* [CVE-2024-1430](CVE-2024/CVE-2024-14xx/CVE-2024-1430.json) (`2024-02-11T01:15:07.750`) +* [CVE-2024-23724](CVE-2024/CVE-2024-237xx/CVE-2024-23724.json) (`2024-02-11T01:15:08.080`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -* [CVE-2024-22859](CVE-2024/CVE-2024-228xx/CVE-2024-22859.json) (`2024-02-11T00:15:07.770`) ## Download and Usage