diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1221.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1221.json new file mode 100644 index 00000000000..91f3cf55c6a --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1221.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1221", + "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "published": "2024-03-14T03:15:06.607", + "lastModified": "2024-03-14T03:15:06.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1222.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1222.json new file mode 100644 index 00000000000..75b312ca5bd --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1222.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1222", + "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "published": "2024-03-14T03:15:07.090", + "lastModified": "2024-03-14T03:15:07.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1223.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1223.json new file mode 100644 index 00000000000..357a1280fe9 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1223.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1223", + "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "published": "2024-03-14T03:15:07.580", + "lastModified": "2024-03-14T03:15:07.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1654.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1654.json new file mode 100644 index 00000000000..2c3029cc229 --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1654.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1654", + "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "published": "2024-03-14T03:15:08.033", + "lastModified": "2024-03-14T03:15:08.033", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-183" + } + ] + } + ], + "references": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1882.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1882.json new file mode 100644 index 00000000000..3400cb377a0 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1882.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1882", + "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "published": "2024-03-14T04:15:08.003", + "lastModified": "2024-03-14T04:15:08.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1883.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1883.json new file mode 100644 index 00000000000..7ccb61c1941 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1883.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1883", + "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "published": "2024-03-14T04:15:08.353", + "lastModified": "2024-03-14T04:15:08.353", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1884.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1884.json new file mode 100644 index 00000000000..9779aff4ff3 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1884.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1884", + "sourceIdentifier": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "published": "2024-03-14T04:15:08.697", + "lastModified": "2024-03-14T04:15:08.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://www.papercut.com/kb/Main/Security-Bulletin-March-2024", + "source": "eb41dac7-0af8-4f84-9f6d-0272772514f4" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22396.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22396.json new file mode 100644 index 00000000000..c4d09de67b2 --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22396.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-22396", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2024-03-14T04:15:09.080", + "lastModified": "2024-03-14T04:15:09.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0004", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22397.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22397.json new file mode 100644 index 00000000000..0b306dbb64c --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22397.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-22397", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2024-03-14T04:15:09.297", + "lastModified": "2024-03-14T04:15:09.297", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22398.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22398.json new file mode 100644 index 00000000000..6d6ddd7efff --- /dev/null +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22398.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-22398", + "sourceIdentifier": "PSIRT@sonicwall.com", + "published": "2024-03-14T04:15:09.417", + "lastModified": "2024-03-14T04:15:09.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "PSIRT@sonicwall.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006", + "source": "PSIRT@sonicwall.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-24xx/CVE-2024-2400.json b/CVE-2024/CVE-2024-24xx/CVE-2024-2400.json index 556b6cc3660..42e1af178c9 100644 --- a/CVE-2024/CVE-2024-24xx/CVE-2024-2400.json +++ b/CVE-2024/CVE-2024-24xx/CVE-2024-2400.json @@ -2,7 +2,7 @@ "id": "CVE-2024-2400", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-03-13T04:15:08.040", - "lastModified": "2024-03-13T12:33:51.697", + "lastModified": "2024-03-14T03:15:09.323", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -23,6 +23,10 @@ { "url": "https://issues.chromium.org/issues/327696052", "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/", + "source": "chrome-cve-admin@google.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25649.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25649.json new file mode 100644 index 00000000000..6be206dcb60 --- /dev/null +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25649.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-25649", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-14T03:15:08.540", + "lastModified": "2024-03-14T03:15:08.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25651.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25651.json new file mode 100644 index 00000000000..6e5fcb6faa4 --- /dev/null +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25651.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-25651", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-14T03:15:08.727", + "lastModified": "2024-03-14T03:15:08.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25652.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25652.json new file mode 100644 index 00000000000..408546dfebe --- /dev/null +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25652.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-25652", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-14T03:15:08.877", + "lastModified": "2024-03-14T03:15:08.877", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-256xx/CVE-2024-25653.json b/CVE-2024/CVE-2024-256xx/CVE-2024-25653.json new file mode 100644 index 00000000000..432556e0073 --- /dev/null +++ b/CVE-2024/CVE-2024-256xx/CVE-2024-25653.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-25653", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-14T03:15:09.017", + "lastModified": "2024-03-14T03:15:09.017", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-283xx/CVE-2024-28388.json b/CVE-2024/CVE-2024-283xx/CVE-2024-28388.json new file mode 100644 index 00000000000..c139a43c543 --- /dev/null +++ b/CVE-2024/CVE-2024-283xx/CVE-2024-28388.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28388", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-14T03:15:09.173", + "lastModified": "2024-03-14T03:15:09.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-283xx/CVE-2024-28390.json b/CVE-2024/CVE-2024-283xx/CVE-2024-28390.json new file mode 100644 index 00000000000..2fcc85159ca --- /dev/null +++ b/CVE-2024/CVE-2024-283xx/CVE-2024-28390.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28390", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-14T04:15:09.640", + "lastModified": "2024-03-14T04:15:09.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-283xx/CVE-2024-28391.json b/CVE-2024/CVE-2024-283xx/CVE-2024-28391.json new file mode 100644 index 00000000000..6b6b2da1246 --- /dev/null +++ b/CVE-2024/CVE-2024-283xx/CVE-2024-28391.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-28391", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-14T04:15:09.697", + "lastModified": "2024-03-14T04:15:09.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index ad6280f9cf2..aa0f2ed0bf4 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-14T03:00:34.524620+00:00 +2024-03-14T05:00:37.756523+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-14T02:15:50.690000+00:00 +2024-03-14T04:15:09.697000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -241469 +241486 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `17` -* [CVE-2024-25228](CVE-2024/CVE-2024-252xx/CVE-2024-25228.json) (`2024-03-14T02:15:50.613`) -* [CVE-2024-25650](CVE-2024/CVE-2024-256xx/CVE-2024-25650.json) (`2024-03-14T02:15:50.690`) +* [CVE-2024-1221](CVE-2024/CVE-2024-12xx/CVE-2024-1221.json) (`2024-03-14T03:15:06.607`) +* [CVE-2024-1222](CVE-2024/CVE-2024-12xx/CVE-2024-1222.json) (`2024-03-14T03:15:07.090`) +* [CVE-2024-1223](CVE-2024/CVE-2024-12xx/CVE-2024-1223.json) (`2024-03-14T03:15:07.580`) +* [CVE-2024-1654](CVE-2024/CVE-2024-16xx/CVE-2024-1654.json) (`2024-03-14T03:15:08.033`) +* [CVE-2024-1882](CVE-2024/CVE-2024-18xx/CVE-2024-1882.json) (`2024-03-14T04:15:08.003`) +* [CVE-2024-1883](CVE-2024/CVE-2024-18xx/CVE-2024-1883.json) (`2024-03-14T04:15:08.353`) +* [CVE-2024-1884](CVE-2024/CVE-2024-18xx/CVE-2024-1884.json) (`2024-03-14T04:15:08.697`) +* [CVE-2024-22396](CVE-2024/CVE-2024-223xx/CVE-2024-22396.json) (`2024-03-14T04:15:09.080`) +* [CVE-2024-22397](CVE-2024/CVE-2024-223xx/CVE-2024-22397.json) (`2024-03-14T04:15:09.297`) +* [CVE-2024-22398](CVE-2024/CVE-2024-223xx/CVE-2024-22398.json) (`2024-03-14T04:15:09.417`) +* [CVE-2024-25649](CVE-2024/CVE-2024-256xx/CVE-2024-25649.json) (`2024-03-14T03:15:08.540`) +* [CVE-2024-25651](CVE-2024/CVE-2024-256xx/CVE-2024-25651.json) (`2024-03-14T03:15:08.727`) +* [CVE-2024-25652](CVE-2024/CVE-2024-256xx/CVE-2024-25652.json) (`2024-03-14T03:15:08.877`) +* [CVE-2024-25653](CVE-2024/CVE-2024-256xx/CVE-2024-25653.json) (`2024-03-14T03:15:09.017`) +* [CVE-2024-28388](CVE-2024/CVE-2024-283xx/CVE-2024-28388.json) (`2024-03-14T03:15:09.173`) +* [CVE-2024-28390](CVE-2024/CVE-2024-283xx/CVE-2024-28390.json) (`2024-03-14T04:15:09.640`) +* [CVE-2024-28391](CVE-2024/CVE-2024-283xx/CVE-2024-28391.json) (`2024-03-14T04:15:09.697`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2024-2400](CVE-2024/CVE-2024-24xx/CVE-2024-2400.json) (`2024-03-14T03:15:09.323`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8e46ee7e47d..4fbf5202683 100644 --- a/_state.csv +++ b/_state.csv @@ -238467,6 +238467,9 @@ CVE-2024-1216,0,0,cf8cbc681fab31a82a726030cd7e5b2697f90ed7fc6fe37a66dad5c3cedfca CVE-2024-1217,0,0,2f3a9888a6fbf53051bf3e1d713109419f2670877e27546924b2618e93987f41,2024-02-29T13:49:29.390000 CVE-2024-1218,0,0,f7a43c3097a98a76412fe9c1af1feb423b6a534d59f1a1be753dd55ce0e5155c,2024-02-29T13:49:29.390000 CVE-2024-1220,0,0,7fc61962f6d2075b07bb030435da96def1b153ddab02d3c5264f2409e74faa58,2024-03-06T15:18:08.093000 +CVE-2024-1221,1,1,72683792ce9c283255541d5ac660fa78f64a38a1637cf2ed82ea089144c05781,2024-03-14T03:15:06.607000 +CVE-2024-1222,1,1,5b097491b98908ff7e6db3da1f90d0bc5e62019a19484337138401f19c65b843,2024-03-14T03:15:07.090000 +CVE-2024-1223,1,1,bcce03f069a230840b65a318aed8fc83e8f3977b6a931636a215c3e057bb8175,2024-03-14T03:15:07.580000 CVE-2024-1224,0,0,f5377a59802b4c28898eed36128680d24ab17fb508c502610abb50cb4d44c2e5,2024-03-06T15:18:08.093000 CVE-2024-1225,0,0,48e8aaacf87c1f1ce817a462226bd45c66b45e1434a262109b41e4c91072a987,2024-02-29T01:43:44.277000 CVE-2024-1226,0,0,866d071ad8625704064a7fde58b7b8a2a90c5873a4eb7f372776142f1a28cf32,2024-03-12T16:02:33.900000 @@ -238713,6 +238716,7 @@ CVE-2024-1650,0,0,3020ece11ffdddeeec0030da948830348e1867089b2578f18d2a470b71bf8a CVE-2024-1651,0,0,b5a1bc561b4d7ae4d1ca2ccf7f79068fb2afa7b09c9ad49805a75edae57e0400,2024-02-20T19:50:53.960000 CVE-2024-1652,0,0,713b08425ff0d91e3a1f6c5fcc742628e562c3c90970b08c1ec718d504f2db3c,2024-02-27T14:19:41.650000 CVE-2024-1653,0,0,875a0ad46333e774de4f895ea6a9ead74cdbdb6ae6c4ddb02a960bfb85513ae4,2024-02-27T14:19:41.650000 +CVE-2024-1654,1,1,b67f7c776b64097c757a87a6d7d22a8df21e2be37384f31188a789970302a42e,2024-03-14T03:15:08.033000 CVE-2024-1661,0,0,24db83c92b829dc6c3c4aa1496bd15ce44d311aaea85d91d099cbad064ada2b4,2024-02-29T01:43:53.173000 CVE-2024-1668,0,0,9fe479fb08a9c3e6acaa42b32d642c1a77a4b3afa3c06ca8b35741f02d9dd1bf,2024-03-13T18:15:58.530000 CVE-2024-1669,0,0,3362eeabf5b6399fda046d3f728ab967509d79cc74a91c5ce260a94031135ec7,2024-02-26T16:27:52.577000 @@ -238819,6 +238823,9 @@ CVE-2024-1875,0,0,6b658f389b536cea98293568c7ee6644587a9b1bef069f774207e95c99ee51 CVE-2024-1876,0,0,82560fab1f4fbe2b28673412a54026b5c1806e6e970cf396594ce5608059f917,2024-02-29T09:15:06.320000 CVE-2024-1877,0,0,dc0df84bf200c26187720f27a43e69dca821743a88d60bdf70024e88eda285b4,2024-02-29T09:15:06.407000 CVE-2024-1878,0,0,c55652da9052ae10c0f5815143b64799f9a5b82eb1a20210e8e29c385eb1c149,2024-02-29T09:15:06.490000 +CVE-2024-1882,1,1,10c6e74771347b67fa3c838c9d71cc234ab54d67925ce262fed28d8f9bb44513,2024-03-14T04:15:08.003000 +CVE-2024-1883,1,1,e5e91ae0abed696d1abc51c06539334ac29fcc9a9edcb560d2084b7e2dc68356,2024-03-14T04:15:08.353000 +CVE-2024-1884,1,1,0cbc4b22c13954feaf9f0861216bee59fd3068f748b376e760b0221e0a5f2091,2024-03-14T04:15:08.697000 CVE-2024-1885,0,0,502b33ef4dbb909774fc1ef1eb02e9b9fbffdbeee1e2971953e7a0c92a37628d,2024-02-29T07:15:06.293000 CVE-2024-1886,0,0,092cf7a21972f581040984f11ef7d5c93e369371178904eaee065bef71ec984b,2024-02-29T07:15:06.520000 CVE-2024-1887,0,0,c4ea1f30b4ee64401ec471c46007c0919b3d087c3cc77ec486ec75f252891a28,2024-02-29T13:49:29.390000 @@ -239708,6 +239715,9 @@ CVE-2024-2239,0,0,8a25d7fd7eaacb8ebf85fc00694a049e7ce7420bfb6cf416c5b42d50c5d1d4 CVE-2024-22393,0,0,baae8029e1587725a02d8ccb1fb298e540bb69b478da7728d31a9731926e8718,2024-02-22T19:07:27.197000 CVE-2024-22394,0,0,fdf2846817bf0321d479c4aa67f29d797db24255733cd4d946cc68e44bfccdc7,2024-02-14T21:46:40.537000 CVE-2024-22395,0,0,b21f811c39a8757d126ad039f30ef550a4161900f4b964d1876a739d59a87644,2024-02-26T13:42:22.567000 +CVE-2024-22396,1,1,f31a8478611f246e75e3189d21bf9ef362e314a74863dafebff2c53a0d093433,2024-03-14T04:15:09.080000 +CVE-2024-22397,1,1,dd628a66d8f0ca8bd03cdfa506d1cfa64763356d779eb356796a3ef2aa6831cb,2024-03-14T04:15:09.297000 +CVE-2024-22398,1,1,c77e5448cb612df458a655c23f75acac1504b30f42bbfcca524271c814d3eb63,2024-03-14T04:15:09.417000 CVE-2024-22400,0,0,75e98c1f1edd6beccc5653abbccb406114df98ae36ae20c7db97671271c6d967,2024-01-26T20:55:37.543000 CVE-2024-22401,0,0,66adbef511b1833a5b0f5721c3bf92cfe438dfd63a9ac9655aa7c9dea6d9ded0,2024-01-26T14:42:35.147000 CVE-2024-22402,0,0,6c66fef7245df59e63379f6d488e03f20fc7beed00d8afe188d68ca1b49ff0b2,2024-01-26T14:11:30.677000 @@ -240349,7 +240359,7 @@ CVE-2024-23978,0,0,dce24325560fbd2c8a4b55826a990c779123e234941d6c9decad894b94e08 CVE-2024-23979,0,0,5e1dc647eec92472a586c7319077fa782b48d632d4a171a926ee19c9f0ee9a24,2024-02-14T18:04:45.380000 CVE-2024-23982,0,0,b14ba0205dd1f33ce2faf143ef8b9750d0c0a19e31571fc2532f719ca5f2eec3,2024-02-14T18:04:45.380000 CVE-2024-23985,0,0,258f4468fe9f37b9a6c2732e57d96bdd80375c2f3603af19ad729cbcccfb8b72,2024-02-01T17:33:41.777000 -CVE-2024-2400,0,0,31291c6cf30feb91ac75c40efc02cddd7fe96feba10715f6c78832f80fb9000c,2024-03-13T12:33:51.697000 +CVE-2024-2400,0,1,a3559f292416a7177d55cf2300155f3e2cebd6068dd39e4a19e49113027fe34d,2024-03-14T03:15:09.323000 CVE-2024-24000,0,0,c0e25ee371e3e2954ce1c31994df30792949134b707de19bf25452c7e2c5373a,2024-02-13T20:30:10.053000 CVE-2024-24001,0,0,ee1c723e23fc182642c00ee71c6c1dbca341b34ff9a2a69da4bee1c4da91e395,2024-02-09T02:10:25.807000 CVE-2024-24002,0,0,9bdb915eced684ff7e6e2357761c75646971413f2fc2285fbb97b632594b2045,2024-02-09T02:10:13.973000 @@ -240788,7 +240798,7 @@ CVE-2024-25223,0,0,fed0ee1c93d4da13aa94c11be23fd7ce47331585823cc1398816a42e972c6 CVE-2024-25224,0,0,60a033d8e8f6de71de20eba59193ebdd929b6bf393aa49baa96edb59007a6ae2,2024-02-14T16:13:16.563000 CVE-2024-25225,0,0,b00e13f44ac0134f1fc7e8ea7aab2c5dcadd2e02f8582f1036d69738d9332b6f,2024-02-14T16:13:16.563000 CVE-2024-25226,0,0,97ea8fb758b8c513c8e72ae3403e9f8a56bb02ec88e94afe18fc9fb3fc39daf2,2024-02-14T16:13:16.563000 -CVE-2024-25228,1,1,874aa05e1a272a25a83a650ac8d7cced0f21348e2881b87b6589a4012112af12,2024-03-14T02:15:50.613000 +CVE-2024-25228,0,0,874aa05e1a272a25a83a650ac8d7cced0f21348e2881b87b6589a4012112af12,2024-03-14T02:15:50.613000 CVE-2024-25247,0,0,1833ae291fb426e6ea03731a73288e6521c4f877eb6214fb79e6117118a15f59,2024-02-27T14:20:06.637000 CVE-2024-25248,0,0,ab3d2a3b38abc9eda04104b8736bee6722a7b783d7f7311f9358790a48b160f2,2024-02-27T14:20:06.637000 CVE-2024-25249,0,0,e626f7804fc8e3e2331820b9aeb548c245c405719ff0d76dcfa04a8ec8a29acb,2024-02-22T19:07:27.197000 @@ -240913,7 +240923,11 @@ CVE-2024-25642,0,0,bf91eeb1502dedca60fe6c035b93d7dfc5a440bc6932322c6ae4d128b4c7c CVE-2024-25643,0,0,08f3e6c0d454841d4e4dc84aae81812246ffbd96bb71cc2e9e4566cd4077e910,2024-02-13T14:01:07.747000 CVE-2024-25644,0,0,cad748db94c87605f745ac8efbb54ef36e9bf866e1bcdbdf96bff9a05dfcf738,2024-03-12T12:40:13.500000 CVE-2024-25645,0,0,611af6391fb4617a6b65e5d2ff91bac5a4003873b65f133d0cd2495d911bd094,2024-03-12T12:40:13.500000 -CVE-2024-25650,1,1,642f2a97fcbb295131b088a5341f3b030499ec647a2ae701e0541ed64c8cf428,2024-03-14T02:15:50.690000 +CVE-2024-25649,1,1,218331cab7c62b05eb4d39dac1a79ad7ac8b83af2eb750388e434f7637a774f7,2024-03-14T03:15:08.540000 +CVE-2024-25650,0,0,642f2a97fcbb295131b088a5341f3b030499ec647a2ae701e0541ed64c8cf428,2024-03-14T02:15:50.690000 +CVE-2024-25651,1,1,2248b9010081da7da6b627ee680afeedcd3d4b945ee538337f832cfc007fb085,2024-03-14T03:15:08.727000 +CVE-2024-25652,1,1,295dd2978154c1bf9b2c6a87719cce6733bb755cf3cd8c6462372fddfcabd618,2024-03-14T03:15:08.877000 +CVE-2024-25653,1,1,288666ab37b8b1bd826f20b5520fe1bf046ca6dbd75973955552561e56a31a42,2024-03-14T03:15:09.017000 CVE-2024-25674,0,0,880844ace2ad9fa6a214f1eff7f46e3beaded8f86ef202dfc09585e1e07ca21c,2024-02-12T14:30:40.343000 CVE-2024-25675,0,0,7eb120f8543ce89181641a0a8c791e82666c8e07d23577075c360f9dbf73d233,2024-02-12T14:30:28.640000 CVE-2024-25677,0,0,1d7f4f51208daa48b27418602ba1484337c537523201080701287445cfed0006,2024-02-15T19:43:24.983000 @@ -241436,6 +241450,9 @@ CVE-2024-28251,0,0,fb8bb85433bd3b41ad1d143c946985fc64b58ab7659a617713f0e321c9f0e CVE-2024-28338,0,0,9985a0b99abb928b9c829cb29ecce6039c07964aad6d9841c1477c6680f4f9b5,2024-03-12T17:46:17.273000 CVE-2024-28339,0,0,06a7f15d55f22a965683bef17c82587bc073ddf9fa5edb33c38c4cd82d5f37f7,2024-03-12T17:46:17.273000 CVE-2024-28340,0,0,89775fa07d73d115a7392603111ecb04f65799be74b8d41063e67ed0eb97d0cf,2024-03-12T17:46:17.273000 +CVE-2024-28388,1,1,f17eaaccd231d77546d7899d1df3085348280bec8337c1a366c3d44c86452404,2024-03-14T03:15:09.173000 +CVE-2024-28390,1,1,1da0808737c64cfb1966175097fd2c66620ce27fb357d642515e15877a4acd6d,2024-03-14T04:15:09.640000 +CVE-2024-28391,1,1,2cf4d2f98732c7b04ac1c5926873543ea38367c981d16dbe8f52fbe309920f7c,2024-03-14T04:15:09.697000 CVE-2024-28429,0,0,caaa64487b84149266e9e941a72e13f93e6070c94b1fe7355fb56db4eb5b2161,2024-03-13T14:28:45.217000 CVE-2024-28430,0,0,bf34fb49e742ebf9176808c1e05b7467ed1662a29a5c18afe29f976454928e37,2024-03-13T14:28:45.217000 CVE-2024-28431,0,0,148c6be422e12f315897bdd57f5208c74e8137e452c7019eafe29f97f527c418,2024-03-13T14:28:45.217000