diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21535.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21535.json new file mode 100644 index 00000000000..a67a8f42336 --- /dev/null +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21535.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-21535", + "sourceIdentifier": "report@snyk.io", + "published": "2024-10-15T05:15:11.530", + "lastModified": "2024-10-15T05:15:11.530", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "report@snyk.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/quantizor/markdown-to-jsx/commit/8eb74da825c0d8d2e9508d73c672bcae36ba555a", + "source": "report@snyk.io" + }, + { + "url": "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886", + "source": "report@snyk.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9969.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9969.json new file mode 100644 index 00000000000..1dfcb60b8fe --- /dev/null +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9969.json @@ -0,0 +1,67 @@ +{ + "id": "CVE-2024-9969", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-10-15T04:15:04.413", + "lastModified": "2024-10-15T04:15:04.413", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "twcert@cert.org.tw", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/cp-139-8135-ce1e6-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-8134-c476d-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9970.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9970.json new file mode 100644 index 00000000000..1de6073de41 --- /dev/null +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9970.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9970", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-10-15T04:15:04.793", + "lastModified": "2024-10-15T04:15:04.793", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-565" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/cp-139-8137-ea537-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-8136-4d5b4-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9971.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9971.json new file mode 100644 index 00000000000..2796d77e658 --- /dev/null +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9971.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-9971", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-10-15T04:15:05.080", + "lastModified": "2024-10-15T04:15:05.080", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/cp-139-8139-4daab-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b71a40e1378..3fc3329097e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-15T04:00:17.338495+00:00 +2024-10-15T06:00:17.136530+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-15T03:15:02.360000+00:00 +2024-10-15T05:15:11.530000+00:00 ``` ### Last Data Feed Release @@ -33,18 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -265544 +265548 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `4` -- [CVE-2024-6757](CVE-2024/CVE-2024-67xx/CVE-2024-6757.json) (`2024-10-15T02:15:02.653`) -- [CVE-2024-9687](CVE-2024/CVE-2024-96xx/CVE-2024-9687.json) (`2024-10-15T02:15:02.920`) -- [CVE-2024-9820](CVE-2024/CVE-2024-98xx/CVE-2024-9820.json) (`2024-10-15T02:15:03.170`) -- [CVE-2024-9952](CVE-2024/CVE-2024-99xx/CVE-2024-9952.json) (`2024-10-15T02:15:03.403`) -- [CVE-2024-9968](CVE-2024/CVE-2024-99xx/CVE-2024-9968.json) (`2024-10-15T03:15:02.360`) +- [CVE-2024-21535](CVE-2024/CVE-2024-215xx/CVE-2024-21535.json) (`2024-10-15T05:15:11.530`) +- [CVE-2024-9969](CVE-2024/CVE-2024-99xx/CVE-2024-9969.json) (`2024-10-15T04:15:04.413`) +- [CVE-2024-9970](CVE-2024/CVE-2024-99xx/CVE-2024-9970.json) (`2024-10-15T04:15:04.793`) +- [CVE-2024-9971](CVE-2024/CVE-2024-99xx/CVE-2024-9971.json) (`2024-10-15T04:15:05.080`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 092eb66f5f8..424a4570e03 100644 --- a/_state.csv +++ b/_state.csv @@ -244252,6 +244252,7 @@ CVE-2024-21531,0,0,556b4244c50c270222e18b4d703d3656d63fc81c95a1cab5391fb75a68df3 CVE-2024-21532,0,0,a24d27f47c5298fab706ab72282873a260fc61d5e510f460d432a2b7b9c38bac,2024-10-10T12:57:21.987000 CVE-2024-21533,0,0,b6d94b5290ee8a666e06ea3154c21a82f3a037332835b4cbc04bf2409f97ee11,2024-10-10T12:57:21.987000 CVE-2024-21534,0,0,7edd88deeb19b219ecc2b90a3976d54902d3b9e86766a1e32c231ec19796b637,2024-10-11T21:36:23.557000 +CVE-2024-21535,1,1,77b63b874e7db44dae4667146b1a652bfb8aaf69315a52aade7762c8e795542c,2024-10-15T05:15:11.530000 CVE-2024-2154,0,0,ab5f0b39bb38e5c25606bad964d563e0edda059ff34db22b99ca2b3670b021ff,2024-05-17T02:38:04.970000 CVE-2024-21545,0,0,614ed901d7a98204a096c9331020afa9e58729de6a0c722ccca7898674ea9a4d,2024-09-26T13:32:02.803000 CVE-2024-2155,0,0,499612150b3a1be829ef430bb3388eb54a55d7bb52271f37f2a76ceb8af6c56f,2024-05-17T02:38:05.063000 @@ -263537,7 +263538,7 @@ CVE-2024-6753,0,0,3e76b8f2ff884d366f5f73b3a783b6736bdd13f40eb3c8470772b1a85363db CVE-2024-6754,0,0,ccfecfa3a2f8a8cd4ba4f7ec7c001b4a7a2641aaa0e77c47a00426973251ea32,2024-09-03T21:35:50.437000 CVE-2024-6755,0,0,4434ea155c9d8cebbd60bda517677bb77b6d6f010c67ddfc3ed39aaa445357f2,2024-09-03T21:34:33.083000 CVE-2024-6756,0,0,fa0fe14081662fc33911ee3a0e4b2970b04961552ab67c6e139fa887872f5da8,2024-09-03T21:29:36.693000 -CVE-2024-6757,1,1,a454ce213bdf17868e3c4f191611622b2943ee93ab580739ddf50a2bb7442885,2024-10-15T02:15:02.653000 +CVE-2024-6757,0,0,a454ce213bdf17868e3c4f191611622b2943ee93ab580739ddf50a2bb7442885,2024-10-15T02:15:02.653000 CVE-2024-6758,0,0,eba9276bccb667ada2a9e6cadd00c35035c829f464cb8fc5793fac965ac82fe4,2024-08-13T14:58:47.857000 CVE-2024-6759,0,0,e7cd1780cd31aac9820013b04e76a14ca6ed66e984c4afbf1fe81690ab6c39a6,2024-08-13T15:08:27.780000 CVE-2024-6760,0,0,2363997d66d6496a6d94c4263cbac8f525a5e902af0a9a7389048de6fc4d9b78,2024-08-13T15:08:51.977000 @@ -265466,7 +265467,7 @@ CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f CVE-2024-9675,0,0,cd830de46e01fce71654106f4dc61863debb474230c2cb4969fc123764df58c7,2024-10-10T12:51:56.987000 CVE-2024-9680,0,0,a011127e762167171e169cf1c5c34d37941413b66fef20ba90b60170aec9759f,2024-10-11T13:15:21.013000 CVE-2024-9685,0,0,e6c5702d4decca35be66ea71703aa60deb1f2e59d98c7d4ddb3a3f46548916f6,2024-10-10T12:51:56.987000 -CVE-2024-9687,1,1,781a9aca6790af8a2c9eadd244238cc09ff8a5288ec96ae8bb9cb4fe4bc843c4,2024-10-15T02:15:02.920000 +CVE-2024-9687,0,0,781a9aca6790af8a2c9eadd244238cc09ff8a5288ec96ae8bb9cb4fe4bc843c4,2024-10-15T02:15:02.920000 CVE-2024-9696,0,0,a63df99df1f6813fb55c58d350483f24d63b6efd0cdffde98a71bd76ffa94a8e,2024-10-12T09:15:03.590000 CVE-2024-9704,0,0,eac985eabca9a3c6a15dbb5a4e611613c412ae3dd37df6667fc5aafbc6bc84d5,2024-10-12T07:15:02.570000 CVE-2024-9707,0,0,5022899338c6a36d44072ae7018b6a919d11834b1f5740a300f73a64606c0150,2024-10-11T13:15:21.233000 @@ -265508,7 +265509,7 @@ CVE-2024-9815,0,0,acdb2eea5487476eecdd8d88a221ef2e739cf1c612e45186b5ced05a7a6264 CVE-2024-9816,0,0,24f7ee2c16fe348d340e7bcf315ed256344d7d90e5e0b7dcdaddb90504eefe81,2024-10-10T22:15:12.230000 CVE-2024-9817,0,0,aa4071cf5ce97bf162c1cca4a7f07d25d51157e1698481fe4534c2979d4a7e22,2024-10-10T23:15:03.410000 CVE-2024-9818,0,0,0b4965dc9157be1c79882236820da1fc50a01232d912ae1b867d598f551f291b,2024-10-10T23:15:03.680000 -CVE-2024-9820,1,1,60851f27b9908cfc9f3c26505c33604da2935e2d7e4b8e1efd449e88611c4e5e,2024-10-15T02:15:03.170000 +CVE-2024-9820,0,0,60851f27b9908cfc9f3c26505c33604da2935e2d7e4b8e1efd449e88611c4e5e,2024-10-15T02:15:03.170000 CVE-2024-9821,0,0,0fe84d15377a57feb9c16456d9d6e98b8f06d72079455451a6924d64eac80b40,2024-10-12T03:15:02.507000 CVE-2024-9822,0,0,31c5fa39db5fe31c5cd7802827b5c169adace5e7cdcfe1c09d420a2a1af019c6,2024-10-11T03:15:10.967000 CVE-2024-9823,0,0,797ad589a845f20d3c764555cd88dd01739b03d274a2154c13310668db597c99,2024-10-14T16:15:04.653000 @@ -265540,6 +265541,9 @@ CVE-2024-9922,0,0,38a9a769415efbcfedd53b122b48fa65b5e1f382fdf217a030bbaee2ce3081 CVE-2024-9923,0,0,54d0eb71a24239c4cf72f6c8d2d43f40cc27d7ae4dae943f2db0568ffd629c72,2024-10-14T04:15:06.070000 CVE-2024-9924,0,0,5d7f89079afc3d9ca8548ebb3725e799ef08b64b7b5fd0fc7f3c47978b6a83d8,2024-10-14T04:15:06.353000 CVE-2024-9936,0,0,84f1422b67bbaa43c4b2b921a0bd24fe5cb86e5da956c7f811c06ae275078cda,2024-10-14T14:15:12.553000 -CVE-2024-9952,1,1,6c9b73a8e4b10cb99cb5c164ba7fa12c94692c23e6d970a37d505df0c13bbb91,2024-10-15T02:15:03.403000 +CVE-2024-9952,0,0,6c9b73a8e4b10cb99cb5c164ba7fa12c94692c23e6d970a37d505df0c13bbb91,2024-10-15T02:15:03.403000 CVE-2024-9953,0,0,4a504a26518c946bdd00df6aaba3929049f6fb7ebb2fe638799eca1ccb235ae3,2024-10-14T22:15:03.957000 -CVE-2024-9968,1,1,717d3c358e767369a770843606e1e4d5483d80687e292f6016fca8579965de7a,2024-10-15T03:15:02.360000 +CVE-2024-9968,0,0,717d3c358e767369a770843606e1e4d5483d80687e292f6016fca8579965de7a,2024-10-15T03:15:02.360000 +CVE-2024-9969,1,1,cecfd308ad2e03f71dc5b9d4ea26ee57ff6f453836fcfce8973e360b5170dab6,2024-10-15T04:15:04.413000 +CVE-2024-9970,1,1,da32accfb2d25120b84c063f3a64982453a9afe6c85fcc9f83f58303dcf83157,2024-10-15T04:15:04.793000 +CVE-2024-9971,1,1,9e45feb9165a3cb00f61704141ebcf4fcf4e2bd7aeaf74a94f0ef43cd5d8b449,2024-10-15T04:15:05.080000