From 76676cb463207ec9ab53bcb97cdb8f792af92829 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 9 Feb 2024 23:00:27 +0000 Subject: [PATCH] Auto-Update: 2024-02-09T23:00:24.081845+00:00 --- CVE-2023/CVE-2023-457xx/CVE-2023-45716.json | 43 +++++++++++++++++++++ CVE-2023/CVE-2023-457xx/CVE-2023-45718.json | 43 +++++++++++++++++++++ CVE-2023/CVE-2023-503xx/CVE-2023-50349.json | 43 +++++++++++++++++++++ CVE-2024/CVE-2024-12xx/CVE-2024-1245.json | 4 +- CVE-2024/CVE-2024-12xx/CVE-2024-1246.json | 4 +- README.md | 41 +++++--------------- 6 files changed, 142 insertions(+), 36 deletions(-) create mode 100644 CVE-2023/CVE-2023-457xx/CVE-2023-45716.json create mode 100644 CVE-2023/CVE-2023-457xx/CVE-2023-45718.json create mode 100644 CVE-2023/CVE-2023-503xx/CVE-2023-50349.json diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45716.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45716.json new file mode 100644 index 00000000000..5b9c8e12442 --- /dev/null +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45716.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-45716", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-02-09T22:15:07.993", + "lastModified": "2024-02-09T22:15:07.993", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sametime is impacted by sensitive information passed in URL. \n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 1.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.3, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-457xx/CVE-2023-45718.json b/CVE-2023/CVE-2023-457xx/CVE-2023-45718.json new file mode 100644 index 00000000000..e2517c4e989 --- /dev/null +++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45718.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-45718", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-02-09T22:15:08.167", + "lastModified": "2024-02-09T22:15:08.167", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sametime is impacted by a failure to invalidate sessions. The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session. \u00a0\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.9, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.3, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-503xx/CVE-2023-50349.json b/CVE-2023/CVE-2023-503xx/CVE-2023-50349.json new file mode 100644 index 00000000000..c5fb8c1b646 --- /dev/null +++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50349.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2023-50349", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-02-09T21:15:07.840", + "lastModified": "2024-02-09T21:15:07.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability. Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. \n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1245.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1245.json index 634ffed403a..592c4bdd946 100644 --- a/CVE-2024/CVE-2024-12xx/CVE-2024-1245.json +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1245.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1245", "sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "published": "2024-02-09T20:15:54.370", - "lastModified": "2024-02-09T20:15:54.370", + "lastModified": "2024-02-09T22:15:08.337", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "Concrete CMS\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . \n" + "value": "Concrete CMS\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. \n" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1246.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1246.json index 894311657dd..aac6d068586 100644 --- a/CVE-2024/CVE-2024-12xx/CVE-2024-1246.json +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1246.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1246", "sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de", "published": "2024-02-09T20:15:54.573", - "lastModified": "2024-02-09T20:15:54.573", + "lastModified": "2024-02-09T22:15:08.420", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "Concrete CMS\u00a0in version 9 before 9.2.5\u00a0is vulnerable to reflected XSS via the Image URL Import Feature due to\u00a0insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . This does not affect Concrete versions prior to version 9.\n" + "value": "Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.\n" } ], "metrics": { diff --git a/README.md b/README.md index 8f62c66f76a..8ca005f2700 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-09T21:00:25.541900+00:00 +2024-02-09T23:00:24.081845+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-09T20:23:01.477000+00:00 +2024-02-09T22:15:08.420000+00:00 ``` ### Last Data Feed Release @@ -29,47 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -238065 +238068 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -* [CVE-2024-1245](CVE-2024/CVE-2024-12xx/CVE-2024-1245.json) (`2024-02-09T20:15:54.370`) -* [CVE-2024-1246](CVE-2024/CVE-2024-12xx/CVE-2024-1246.json) (`2024-02-09T20:15:54.573`) -* [CVE-2024-1247](CVE-2024/CVE-2024-12xx/CVE-2024-1247.json) (`2024-02-09T19:15:24.183`) +* [CVE-2023-50349](CVE-2023/CVE-2023-503xx/CVE-2023-50349.json) (`2024-02-09T21:15:07.840`) +* [CVE-2023-45716](CVE-2023/CVE-2023-457xx/CVE-2023-45716.json) (`2024-02-09T22:15:07.993`) +* [CVE-2023-45718](CVE-2023/CVE-2023-457xx/CVE-2023-45718.json) (`2024-02-09T22:15:08.167`) ### CVEs modified in the last Commit -Recently modified CVEs: `172` +Recently modified CVEs: `2` -* [CVE-2024-24756](CVE-2024/CVE-2024-247xx/CVE-2024-24756.json) (`2024-02-09T19:47:10.213`) -* [CVE-2024-24755](CVE-2024/CVE-2024-247xx/CVE-2024-24755.json) (`2024-02-09T19:47:59.967`) -* [CVE-2024-0325](CVE-2024/CVE-2024-03xx/CVE-2024-0325.json) (`2024-02-09T19:48:49.967`) -* [CVE-2024-0269](CVE-2024/CVE-2024-02xx/CVE-2024-0269.json) (`2024-02-09T19:56:14.050`) -* [CVE-2024-24569](CVE-2024/CVE-2024-245xx/CVE-2024-24569.json) (`2024-02-09T20:15:06.707`) -* [CVE-2024-1113](CVE-2024/CVE-2024-11xx/CVE-2024-1113.json) (`2024-02-09T20:15:53.813`) -* [CVE-2024-1114](CVE-2024/CVE-2024-11xx/CVE-2024-1114.json) (`2024-02-09T20:15:53.917`) -* [CVE-2024-1116](CVE-2024/CVE-2024-11xx/CVE-2024-1116.json) (`2024-02-09T20:15:54.017`) -* [CVE-2024-1117](CVE-2024/CVE-2024-11xx/CVE-2024-1117.json) (`2024-02-09T20:15:54.117`) -* [CVE-2024-1198](CVE-2024/CVE-2024-11xx/CVE-2024-1198.json) (`2024-02-09T20:15:54.207`) -* [CVE-2024-1225](CVE-2024/CVE-2024-12xx/CVE-2024-1225.json) (`2024-02-09T20:15:54.290`) -* [CVE-2024-1258](CVE-2024/CVE-2024-12xx/CVE-2024-1258.json) (`2024-02-09T20:15:54.857`) -* [CVE-2024-1259](CVE-2024/CVE-2024-12xx/CVE-2024-1259.json) (`2024-02-09T20:15:54.943`) -* [CVE-2024-1260](CVE-2024/CVE-2024-12xx/CVE-2024-1260.json) (`2024-02-09T20:15:55.030`) -* [CVE-2024-1261](CVE-2024/CVE-2024-12xx/CVE-2024-1261.json) (`2024-02-09T20:15:55.113`) -* [CVE-2024-1262](CVE-2024/CVE-2024-12xx/CVE-2024-1262.json) (`2024-02-09T20:15:55.190`) -* [CVE-2024-1263](CVE-2024/CVE-2024-12xx/CVE-2024-1263.json) (`2024-02-09T20:15:55.277`) -* [CVE-2024-1264](CVE-2024/CVE-2024-12xx/CVE-2024-1264.json) (`2024-02-09T20:15:55.367`) -* [CVE-2024-1167](CVE-2024/CVE-2024-11xx/CVE-2024-1167.json) (`2024-02-09T20:20:51.900`) -* [CVE-2024-24570](CVE-2024/CVE-2024-245xx/CVE-2024-24570.json) (`2024-02-09T20:21:06.250`) -* [CVE-2024-24561](CVE-2024/CVE-2024-245xx/CVE-2024-24561.json) (`2024-02-09T20:21:23.980`) -* [CVE-2024-24557](CVE-2024/CVE-2024-245xx/CVE-2024-24557.json) (`2024-02-09T20:21:32.970`) -* [CVE-2024-23832](CVE-2024/CVE-2024-238xx/CVE-2024-23832.json) (`2024-02-09T20:21:45.317`) -* [CVE-2024-1141](CVE-2024/CVE-2024-11xx/CVE-2024-1141.json) (`2024-02-09T20:22:03.893`) -* [CVE-2024-0935](CVE-2024/CVE-2024-09xx/CVE-2024-0935.json) (`2024-02-09T20:22:43.297`) +* [CVE-2024-1245](CVE-2024/CVE-2024-12xx/CVE-2024-1245.json) (`2024-02-09T22:15:08.337`) +* [CVE-2024-1246](CVE-2024/CVE-2024-12xx/CVE-2024-1246.json) (`2024-02-09T22:15:08.420`) ## Download and Usage