Auto-Update: 2024-01-18T00:55:24.807527+00:00

CVE-2023/CVE-2023-63xx/CVE-2023-6340.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-6340",
+  "sourceIdentifier": "PSIRT@sonicwall.com",
+  "published": "2024-01-18T00:15:38.080",
+  "lastModified": "2024-01-18T00:15:38.080",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SonicWall Capture Client version 3.7.10,\u00a0NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver.  The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "PSIRT@sonicwall.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0019",
+      "source": "PSIRT@sonicwall.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-06xx/CVE-2024-0648.json

@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2024-0648",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-01-17T23:15:08.197",
+  "lastModified": "2024-01-17T23:15:08.197",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251374 is the identifier assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 7.5
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://note.zhaoj.in/share/FO8AL78oAeTS",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.251374",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.251374",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-06xx/CVE-2024-0649.json

@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2024-0649",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-01-17T23:15:08.660",
+  "lastModified": "2024-01-17T23:15:08.660",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function download_network_image of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251375."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://note.zhaoj.in/share/jC6NMe5TRSys",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.251375",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.251375",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-06xx/CVE-2024-0650.json

@@ -0,0 +1,88 @@
+{
+  "id": "CVE-2024-0650",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-01-18T00:15:38.183",
+  "lastModified": "2024-01-18T00:15:38.183",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input \"><script>alert('torada')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251376."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.0
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 10.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://torada.notion.site/XSS-at-datatest-php-660aabd1437d4df7a492d19a461a1f3c?pvs=4",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.251376",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.251376",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-224xx/CVE-2024-22416.json

@@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-22416",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-01-18T00:15:38.397",
+  "lastModified": "2024-01-18T00:15:38.397",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.6,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-235xx/CVE-2024-23525.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2024-23525",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-01-18T00:15:38.590",
+  "lastModified": "2024-01-18T00:15:38.590",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-01-17T23:00:24.941485+00:00
+2024-01-18T00:55:24.807527+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-01-17T22:42:23.587000+00:00
+2024-01-18T00:15:38.590000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,48 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-236248
+236254
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `4`
+Recently added CVEs: `6`
 
-* [CVE-2023-5914](CVE-2023/CVE-2023-59xx/CVE-2023-5914.json) (`2024-01-17T21:15:11.413`)
-* [CVE-2023-6549](CVE-2023/CVE-2023-65xx/CVE-2023-6549.json) (`2024-01-17T21:15:11.690`)
-* [CVE-2024-22410](CVE-2024/CVE-2024-224xx/CVE-2024-22410.json) (`2024-01-17T21:15:11.887`)
-* [CVE-2024-22414](CVE-2024/CVE-2024-224xx/CVE-2024-22414.json) (`2024-01-17T21:15:12.100`)
+* [CVE-2023-6340](CVE-2023/CVE-2023-63xx/CVE-2023-6340.json) (`2024-01-18T00:15:38.080`)
+* [CVE-2024-0648](CVE-2024/CVE-2024-06xx/CVE-2024-0648.json) (`2024-01-17T23:15:08.197`)
+* [CVE-2024-0649](CVE-2024/CVE-2024-06xx/CVE-2024-0649.json) (`2024-01-17T23:15:08.660`)
+* [CVE-2024-0650](CVE-2024/CVE-2024-06xx/CVE-2024-0650.json) (`2024-01-18T00:15:38.183`)
+* [CVE-2024-22416](CVE-2024/CVE-2024-224xx/CVE-2024-22416.json) (`2024-01-18T00:15:38.397`)
+* [CVE-2024-23525](CVE-2024/CVE-2024-235xx/CVE-2024-23525.json) (`2024-01-18T00:15:38.590`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `32`
+Recently modified CVEs: `0`
 
-* [CVE-2023-6476](CVE-2023/CVE-2023-64xx/CVE-2023-6476.json) (`2024-01-17T21:15:11.600`)
-* [CVE-2023-42832](CVE-2023/CVE-2023-428xx/CVE-2023-42832.json) (`2024-01-17T21:16:29.277`)
-* [CVE-2023-41974](CVE-2023/CVE-2023-419xx/CVE-2023-41974.json) (`2024-01-17T21:17:26.303`)
-* [CVE-2023-6636](CVE-2023/CVE-2023-66xx/CVE-2023-6636.json) (`2024-01-17T21:20:04.423`)
-* [CVE-2023-6624](CVE-2023/CVE-2023-66xx/CVE-2023-6624.json) (`2024-01-17T21:20:31.500`)
-* [CVE-2023-42828](CVE-2023/CVE-2023-428xx/CVE-2023-42828.json) (`2024-01-17T21:22:41.863`)
-* [CVE-2023-6632](CVE-2023/CVE-2023-66xx/CVE-2023-6632.json) (`2024-01-17T21:23:56.940`)
-* [CVE-2023-6598](CVE-2023/CVE-2023-65xx/CVE-2023-6598.json) (`2024-01-17T21:24:33.233`)
-* [CVE-2023-6828](CVE-2023/CVE-2023-68xx/CVE-2023-6828.json) (`2024-01-17T21:25:53.597`)
-* [CVE-2023-41069](CVE-2023/CVE-2023-410xx/CVE-2023-41069.json) (`2024-01-17T21:26:06.237`)
-* [CVE-2023-38267](CVE-2023/CVE-2023-382xx/CVE-2023-38267.json) (`2024-01-17T21:31:49.663`)
-* [CVE-2023-37644](CVE-2023/CVE-2023-376xx/CVE-2023-37644.json) (`2024-01-17T21:39:24.333`)
-* [CVE-2023-52027](CVE-2023/CVE-2023-520xx/CVE-2023-52027.json) (`2024-01-17T21:46:49.123`)
-* [CVE-2023-4246](CVE-2023/CVE-2023-42xx/CVE-2023-4246.json) (`2024-01-17T21:47:57.160`)
-* [CVE-2023-4372](CVE-2023/CVE-2023-43xx/CVE-2023-4372.json) (`2024-01-17T21:50:15.347`)
-* [CVE-2023-4960](CVE-2023/CVE-2023-49xx/CVE-2023-4960.json) (`2024-01-17T21:53:01.497`)
-* [CVE-2023-4962](CVE-2023/CVE-2023-49xx/CVE-2023-4962.json) (`2024-01-17T21:58:45.003`)
-* [CVE-2023-6855](CVE-2023/CVE-2023-68xx/CVE-2023-6855.json) (`2024-01-17T22:11:38.840`)
-* [CVE-2023-6994](CVE-2023/CVE-2023-69xx/CVE-2023-6994.json) (`2024-01-17T22:13:52.143`)
-* [CVE-2023-51127](CVE-2023/CVE-2023-511xx/CVE-2023-51127.json) (`2024-01-17T22:16:06.427`)
-* [CVE-2023-28185](CVE-2023/CVE-2023-281xx/CVE-2023-28185.json) (`2024-01-17T22:16:44.920`)
-* [CVE-2023-7019](CVE-2023/CVE-2023-70xx/CVE-2023-7019.json) (`2024-01-17T22:28:36.323`)
-* [CVE-2023-7048](CVE-2023/CVE-2023-70xx/CVE-2023-7048.json) (`2024-01-17T22:32:55.657`)
-* [CVE-2023-7070](CVE-2023/CVE-2023-70xx/CVE-2023-7070.json) (`2024-01-17T22:40:43.227`)
-* [CVE-2024-21665](CVE-2024/CVE-2024-216xx/CVE-2024-21665.json) (`2024-01-17T22:18:50.007`)
 
 
 ## Download and Usage