Auto-Update: 2024-02-09T23:00:24.081845+00:00

2025-05-08 11:37:26 +00:00 · 2024-02-09 23:00:27 +00:00 · 2024-02-09 23:00:27 +00:00 · 76676cb463
commit 76676cb463
parent 9f385c15a3
6 changed files with 142 additions and 36 deletions
--- a/CVE-2023/CVE-2023-457xx/CVE-2023-45716.json
+++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45716.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-45716",
+  "sourceIdentifier": "psirt@hcl.com",
+  "published": "2024-02-09T22:15:07.993",
+  "lastModified": "2024-02-09T22:15:07.993",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Sametime is impacted by sensitive information passed in URL. \n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@hcl.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 1.7,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 0.3,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082",
+      "source": "psirt@hcl.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-457xx/CVE-2023-45718.json
+++ b/CVE-2023/CVE-2023-457xx/CVE-2023-45718.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-45718",
+  "sourceIdentifier": "psirt@hcl.com",
+  "published": "2024-02-09T22:15:08.167",
+  "lastModified": "2024-02-09T22:15:08.167",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Sametime is impacted by a failure to invalidate sessions.  The application is setting sensitive cookie values in a persistent manner in Sametime Web clients. When this happens, cookie values can remain valid even after a user has closed out their session. \u00a0\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@hcl.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.9,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 0.3,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082",
+      "source": "psirt@hcl.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-503xx/CVE-2023-50349.json
+++ b/CVE-2023/CVE-2023-503xx/CVE-2023-50349.json
@ -0,0 +1,43 @@
+{
+  "id": "CVE-2023-50349",
+  "sourceIdentifier": "psirt@hcl.com",
+  "published": "2024-02-09T21:15:07.840",
+  "lastModified": "2024-02-09T21:15:07.840",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Sametime is impacted by a Cross Site Request Forgery (CSRF) vulnerability.  Some REST APIs in the Sametime Proxy application can allow an attacker to perform malicious actions on the application. \n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@hcl.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.7,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0109082",
+      "source": "psirt@hcl.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-12xx/CVE-2024-1245.json
+++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1245.json
@ -2,12 +2,12 @@
  "id": "CVE-2024-1245",
  "sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
  "published": "2024-02-09T20:15:54.370",
-  "lastModified": "2024-02-09T20:15:54.370",
+  "lastModified": "2024-02-09T22:15:08.337",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Concrete CMS\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector  AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . \n"
+      "value": "Concrete CMS\u00a0version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. \n"
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-12xx/CVE-2024-1246.json
+++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1246.json
@ -2,12 +2,12 @@
  "id": "CVE-2024-1246",
  "sourceIdentifier": "ff5b8ace-8b95-4078-9743-eac1ca5451de",
  "published": "2024-02-09T20:15:54.573",
-  "lastModified": "2024-02-09T20:15:54.573",
+  "lastModified": "2024-02-09T22:15:08.420",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
-      "value": "Concrete CMS\u00a0in version 9 before 9.2.5\u00a0is vulnerable to reflected XSS via the Image URL Import Feature due to\u00a0insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector  AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . This does not affect Concrete versions prior to version 9.\n"
+      "value": "Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user\u2019s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.\n"
    }
  ],
  "metrics": {
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-02-09T21:00:25.541900+00:00
+2024-02-09T23:00:24.081845+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-02-09T20:23:01.477000+00:00
+2024-02-09T22:15:08.420000+00:00
 ```

 ### Last Data Feed Release
@ -29,47 +29,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-238065
+238068
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `3`

-* [CVE-2024-1245](CVE-2024/CVE-2024-12xx/CVE-2024-1245.json) (`2024-02-09T20:15:54.370`)
-* [CVE-2024-1246](CVE-2024/CVE-2024-12xx/CVE-2024-1246.json) (`2024-02-09T20:15:54.573`)
-* [CVE-2024-1247](CVE-2024/CVE-2024-12xx/CVE-2024-1247.json) (`2024-02-09T19:15:24.183`)
+* [CVE-2023-50349](CVE-2023/CVE-2023-503xx/CVE-2023-50349.json) (`2024-02-09T21:15:07.840`)
+* [CVE-2023-45716](CVE-2023/CVE-2023-457xx/CVE-2023-45716.json) (`2024-02-09T22:15:07.993`)
+* [CVE-2023-45718](CVE-2023/CVE-2023-457xx/CVE-2023-45718.json) (`2024-02-09T22:15:08.167`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `172`
+Recently modified CVEs: `2`

-* [CVE-2024-24756](CVE-2024/CVE-2024-247xx/CVE-2024-24756.json) (`2024-02-09T19:47:10.213`)
-* [CVE-2024-24755](CVE-2024/CVE-2024-247xx/CVE-2024-24755.json) (`2024-02-09T19:47:59.967`)
-* [CVE-2024-0325](CVE-2024/CVE-2024-03xx/CVE-2024-0325.json) (`2024-02-09T19:48:49.967`)
-* [CVE-2024-0269](CVE-2024/CVE-2024-02xx/CVE-2024-0269.json) (`2024-02-09T19:56:14.050`)
-* [CVE-2024-24569](CVE-2024/CVE-2024-245xx/CVE-2024-24569.json) (`2024-02-09T20:15:06.707`)
-* [CVE-2024-1113](CVE-2024/CVE-2024-11xx/CVE-2024-1113.json) (`2024-02-09T20:15:53.813`)
-* [CVE-2024-1114](CVE-2024/CVE-2024-11xx/CVE-2024-1114.json) (`2024-02-09T20:15:53.917`)
-* [CVE-2024-1116](CVE-2024/CVE-2024-11xx/CVE-2024-1116.json) (`2024-02-09T20:15:54.017`)
-* [CVE-2024-1117](CVE-2024/CVE-2024-11xx/CVE-2024-1117.json) (`2024-02-09T20:15:54.117`)
-* [CVE-2024-1198](CVE-2024/CVE-2024-11xx/CVE-2024-1198.json) (`2024-02-09T20:15:54.207`)
-* [CVE-2024-1225](CVE-2024/CVE-2024-12xx/CVE-2024-1225.json) (`2024-02-09T20:15:54.290`)
-* [CVE-2024-1258](CVE-2024/CVE-2024-12xx/CVE-2024-1258.json) (`2024-02-09T20:15:54.857`)
-* [CVE-2024-1259](CVE-2024/CVE-2024-12xx/CVE-2024-1259.json) (`2024-02-09T20:15:54.943`)
-* [CVE-2024-1260](CVE-2024/CVE-2024-12xx/CVE-2024-1260.json) (`2024-02-09T20:15:55.030`)
-* [CVE-2024-1261](CVE-2024/CVE-2024-12xx/CVE-2024-1261.json) (`2024-02-09T20:15:55.113`)
-* [CVE-2024-1262](CVE-2024/CVE-2024-12xx/CVE-2024-1262.json) (`2024-02-09T20:15:55.190`)
-* [CVE-2024-1263](CVE-2024/CVE-2024-12xx/CVE-2024-1263.json) (`2024-02-09T20:15:55.277`)
-* [CVE-2024-1264](CVE-2024/CVE-2024-12xx/CVE-2024-1264.json) (`2024-02-09T20:15:55.367`)
-* [CVE-2024-1167](CVE-2024/CVE-2024-11xx/CVE-2024-1167.json) (`2024-02-09T20:20:51.900`)
-* [CVE-2024-24570](CVE-2024/CVE-2024-245xx/CVE-2024-24570.json) (`2024-02-09T20:21:06.250`)
-* [CVE-2024-24561](CVE-2024/CVE-2024-245xx/CVE-2024-24561.json) (`2024-02-09T20:21:23.980`)
-* [CVE-2024-24557](CVE-2024/CVE-2024-245xx/CVE-2024-24557.json) (`2024-02-09T20:21:32.970`)
-* [CVE-2024-23832](CVE-2024/CVE-2024-238xx/CVE-2024-23832.json) (`2024-02-09T20:21:45.317`)
-* [CVE-2024-1141](CVE-2024/CVE-2024-11xx/CVE-2024-1141.json) (`2024-02-09T20:22:03.893`)
-* [CVE-2024-0935](CVE-2024/CVE-2024-09xx/CVE-2024-0935.json) (`2024-02-09T20:22:43.297`)
+* [CVE-2024-1245](CVE-2024/CVE-2024-12xx/CVE-2024-1245.json) (`2024-02-09T22:15:08.337`)
+* [CVE-2024-1246](CVE-2024/CVE-2024-12xx/CVE-2024-1246.json) (`2024-02-09T22:15:08.420`)


 ## Download and Usage