Auto-Update: 2024-10-15T06:00:17.136530+00:00

2025-05-08 11:37:26 +00:00 · 2024-10-15 06:03:17 +00:00 · 2024-10-15 06:03:17 +00:00 · 8236166b80
commit 8236166b80
parent f7e25548a0
6 changed files with 264 additions and 14 deletions
--- a/CVE-2024/CVE-2024-215xx/CVE-2024-21535.json
+++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21535.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-21535",
  "sourceIdentifier": "report@snyk.io",
  "published": "2024-10-15T05:15:11.530",
  "lastModified": "2024-10-15T05:15:11.530",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Versions of the package markdown-to-jsx before 7.4.0 are vulnerable to Cross-site Scripting (XSS) via the src property due to improper input sanitization. An attacker can execute arbitrary code by injecting a malicious iframe element in the markdown."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "report@snyk.io",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "report@snyk.io",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/quantizor/markdown-to-jsx/commit/8eb74da825c0d8d2e9508d73c672bcae36ba555a",
      "source": "report@snyk.io"
    },
    {
      "url": "https://security.snyk.io/vuln/SNYK-JS-MARKDOWNTOJSX-6258886",
      "source": "report@snyk.io"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-99xx/CVE-2024-9969.json
+++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9969.json
@ -0,0 +1,67 @@
 {
  "id": "CVE-2024-9969",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2024-10-15T04:15:04.413",
  "lastModified": "2024-10-15T04:15:04.413",
  "vulnStatus": "Received",
  "cveTags": [
    {
      "sourceIdentifier": "twcert@cert.org.tw",
      "tags": [
        "unsupported-when-assigned"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "NewType WebEIP v3.0 does not properly validate user input, allowing a remote attacker with regular privileges to insert JavaScript into specific parameters, resulting in a Reflected Cross-site Scripting (XSS) attack. The affected product is no longer maintained. It is recommended to upgrade to the new product."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "twcert@cert.org.tw",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "twcert@cert.org.tw",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.twcert.org.tw/en/cp-139-8135-ce1e6-2.html",
      "source": "twcert@cert.org.tw"
    },
    {
      "url": "https://www.twcert.org.tw/tw/cp-132-8134-c476d-1.html",
      "source": "twcert@cert.org.tw"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-99xx/CVE-2024-9970.json
+++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9970.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-9970",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2024-10-15T04:15:04.793",
  "lastModified": "2024-10-15T04:15:04.793",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The FlowMaster BPM Plus system from NewType has a privilege escalation vulnerability. Remote attackers with regular privileges can elevate their privileges to administrator by tampering with a specific cookie."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "twcert@cert.org.tw",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "twcert@cert.org.tw",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-565"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.twcert.org.tw/en/cp-139-8137-ea537-2.html",
      "source": "twcert@cert.org.tw"
    },
    {
      "url": "https://www.twcert.org.tw/tw/cp-132-8136-4d5b4-1.html",
      "source": "twcert@cert.org.tw"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-99xx/CVE-2024-9971.json
+++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9971.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-9971",
  "sourceIdentifier": "twcert@cert.org.tw",
  "published": "2024-10-15T04:15:05.080",
  "lastModified": "2024-10-15T04:15:05.080",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The specific query functionality in the FlowMaster BPM Plus from NewType does not properly restrict user input, allowing remote attackers with regular privileges to inject SQL commands to read, modify, or delete database contents."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "twcert@cert.org.tw",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "twcert@cert.org.tw",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.twcert.org.tw/en/cp-139-8139-4daab-2.html",
      "source": "twcert@cert.org.tw"
    },
    {
      "url": "https://www.twcert.org.tw/tw/cp-132-8138-d2bb7-1.html",
      "source": "twcert@cert.org.tw"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-10-15T04:00:17.338495+00:00
+2024-10-15T06:00:17.136530+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-10-15T03:15:02.360000+00:00
+2024-10-15T05:15:11.530000+00:00
 ```
 ### Last Data Feed Release
@ -33,18 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-265544
+265548
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `5`
+Recently added CVEs: `4`
- [CVE-2024-6757](CVE-2024/CVE-2024-67xx/CVE-2024-6757.json) (`2024-10-15T02:15:02.653`)
+- [CVE-2024-21535](CVE-2024/CVE-2024-215xx/CVE-2024-21535.json) (`2024-10-15T05:15:11.530`)
- [CVE-2024-9687](CVE-2024/CVE-2024-96xx/CVE-2024-9687.json) (`2024-10-15T02:15:02.920`)
+- [CVE-2024-9969](CVE-2024/CVE-2024-99xx/CVE-2024-9969.json) (`2024-10-15T04:15:04.413`)
- [CVE-2024-9820](CVE-2024/CVE-2024-98xx/CVE-2024-9820.json) (`2024-10-15T02:15:03.170`)
+- [CVE-2024-9970](CVE-2024/CVE-2024-99xx/CVE-2024-9970.json) (`2024-10-15T04:15:04.793`)
- [CVE-2024-9952](CVE-2024/CVE-2024-99xx/CVE-2024-9952.json) (`2024-10-15T02:15:03.403`)
+- [CVE-2024-9971](CVE-2024/CVE-2024-99xx/CVE-2024-9971.json) (`2024-10-15T04:15:05.080`)
 - [CVE-2024-9968](CVE-2024/CVE-2024-99xx/CVE-2024-9968.json) (`2024-10-15T03:15:02.360`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -244252,6 +244252,7 @@ CVE-2024-21531,0,0,556b4244c50c270222e18b4d703d3656d63fc81c95a1cab5391fb75a68df3
 CVE-2024-21532,0,0,a24d27f47c5298fab706ab72282873a260fc61d5e510f460d432a2b7b9c38bac,2024-10-10T12:57:21.987000
 CVE-2024-21533,0,0,b6d94b5290ee8a666e06ea3154c21a82f3a037332835b4cbc04bf2409f97ee11,2024-10-10T12:57:21.987000
 CVE-2024-21534,0,0,7edd88deeb19b219ecc2b90a3976d54902d3b9e86766a1e32c231ec19796b637,2024-10-11T21:36:23.557000
 CVE-2024-21535,1,1,77b63b874e7db44dae4667146b1a652bfb8aaf69315a52aade7762c8e795542c,2024-10-15T05:15:11.530000
 CVE-2024-2154,0,0,ab5f0b39bb38e5c25606bad964d563e0edda059ff34db22b99ca2b3670b021ff,2024-05-17T02:38:04.970000
 CVE-2024-21545,0,0,614ed901d7a98204a096c9331020afa9e58729de6a0c722ccca7898674ea9a4d,2024-09-26T13:32:02.803000
 CVE-2024-2155,0,0,499612150b3a1be829ef430bb3388eb54a55d7bb52271f37f2a76ceb8af6c56f,2024-05-17T02:38:05.063000
@ -263537,7 +263538,7 @@ CVE-2024-6753,0,0,3e76b8f2ff884d366f5f73b3a783b6736bdd13f40eb3c8470772b1a85363db
 CVE-2024-6754,0,0,ccfecfa3a2f8a8cd4ba4f7ec7c001b4a7a2641aaa0e77c47a00426973251ea32,2024-09-03T21:35:50.437000
 CVE-2024-6755,0,0,4434ea155c9d8cebbd60bda517677bb77b6d6f010c67ddfc3ed39aaa445357f2,2024-09-03T21:34:33.083000
 CVE-2024-6756,0,0,fa0fe14081662fc33911ee3a0e4b2970b04961552ab67c6e139fa887872f5da8,2024-09-03T21:29:36.693000
-CVE-2024-6757,1,1,a454ce213bdf17868e3c4f191611622b2943ee93ab580739ddf50a2bb7442885,2024-10-15T02:15:02.653000
+CVE-2024-6757,0,0,a454ce213bdf17868e3c4f191611622b2943ee93ab580739ddf50a2bb7442885,2024-10-15T02:15:02.653000
 CVE-2024-6758,0,0,eba9276bccb667ada2a9e6cadd00c35035c829f464cb8fc5793fac965ac82fe4,2024-08-13T14:58:47.857000
 CVE-2024-6759,0,0,e7cd1780cd31aac9820013b04e76a14ca6ed66e984c4afbf1fe81690ab6c39a6,2024-08-13T15:08:27.780000
 CVE-2024-6760,0,0,2363997d66d6496a6d94c4263cbac8f525a5e902af0a9a7389048de6fc4d9b78,2024-08-13T15:08:51.977000
@ -265466,7 +265467,7 @@ CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f
 CVE-2024-9675,0,0,cd830de46e01fce71654106f4dc61863debb474230c2cb4969fc123764df58c7,2024-10-10T12:51:56.987000
 CVE-2024-9680,0,0,a011127e762167171e169cf1c5c34d37941413b66fef20ba90b60170aec9759f,2024-10-11T13:15:21.013000
 CVE-2024-9685,0,0,e6c5702d4decca35be66ea71703aa60deb1f2e59d98c7d4ddb3a3f46548916f6,2024-10-10T12:51:56.987000
-CVE-2024-9687,1,1,781a9aca6790af8a2c9eadd244238cc09ff8a5288ec96ae8bb9cb4fe4bc843c4,2024-10-15T02:15:02.920000
+CVE-2024-9687,0,0,781a9aca6790af8a2c9eadd244238cc09ff8a5288ec96ae8bb9cb4fe4bc843c4,2024-10-15T02:15:02.920000
 CVE-2024-9696,0,0,a63df99df1f6813fb55c58d350483f24d63b6efd0cdffde98a71bd76ffa94a8e,2024-10-12T09:15:03.590000
 CVE-2024-9704,0,0,eac985eabca9a3c6a15dbb5a4e611613c412ae3dd37df6667fc5aafbc6bc84d5,2024-10-12T07:15:02.570000
 CVE-2024-9707,0,0,5022899338c6a36d44072ae7018b6a919d11834b1f5740a300f73a64606c0150,2024-10-11T13:15:21.233000
@ -265508,7 +265509,7 @@ CVE-2024-9815,0,0,acdb2eea5487476eecdd8d88a221ef2e739cf1c612e45186b5ced05a7a6264
 CVE-2024-9816,0,0,24f7ee2c16fe348d340e7bcf315ed256344d7d90e5e0b7dcdaddb90504eefe81,2024-10-10T22:15:12.230000
 CVE-2024-9817,0,0,aa4071cf5ce97bf162c1cca4a7f07d25d51157e1698481fe4534c2979d4a7e22,2024-10-10T23:15:03.410000
 CVE-2024-9818,0,0,0b4965dc9157be1c79882236820da1fc50a01232d912ae1b867d598f551f291b,2024-10-10T23:15:03.680000
-CVE-2024-9820,1,1,60851f27b9908cfc9f3c26505c33604da2935e2d7e4b8e1efd449e88611c4e5e,2024-10-15T02:15:03.170000
+CVE-2024-9820,0,0,60851f27b9908cfc9f3c26505c33604da2935e2d7e4b8e1efd449e88611c4e5e,2024-10-15T02:15:03.170000
 CVE-2024-9821,0,0,0fe84d15377a57feb9c16456d9d6e98b8f06d72079455451a6924d64eac80b40,2024-10-12T03:15:02.507000
 CVE-2024-9822,0,0,31c5fa39db5fe31c5cd7802827b5c169adace5e7cdcfe1c09d420a2a1af019c6,2024-10-11T03:15:10.967000
 CVE-2024-9823,0,0,797ad589a845f20d3c764555cd88dd01739b03d274a2154c13310668db597c99,2024-10-14T16:15:04.653000
@ -265540,6 +265541,9 @@ CVE-2024-9922,0,0,38a9a769415efbcfedd53b122b48fa65b5e1f382fdf217a030bbaee2ce3081
 CVE-2024-9923,0,0,54d0eb71a24239c4cf72f6c8d2d43f40cc27d7ae4dae943f2db0568ffd629c72,2024-10-14T04:15:06.070000
 CVE-2024-9924,0,0,5d7f89079afc3d9ca8548ebb3725e799ef08b64b7b5fd0fc7f3c47978b6a83d8,2024-10-14T04:15:06.353000
 CVE-2024-9936,0,0,84f1422b67bbaa43c4b2b921a0bd24fe5cb86e5da956c7f811c06ae275078cda,2024-10-14T14:15:12.553000
-CVE-2024-9952,1,1,6c9b73a8e4b10cb99cb5c164ba7fa12c94692c23e6d970a37d505df0c13bbb91,2024-10-15T02:15:03.403000
+CVE-2024-9952,0,0,6c9b73a8e4b10cb99cb5c164ba7fa12c94692c23e6d970a37d505df0c13bbb91,2024-10-15T02:15:03.403000
 CVE-2024-9953,0,0,4a504a26518c946bdd00df6aaba3929049f6fb7ebb2fe638799eca1ccb235ae3,2024-10-14T22:15:03.957000
-CVE-2024-9968,1,1,717d3c358e767369a770843606e1e4d5483d80687e292f6016fca8579965de7a,2024-10-15T03:15:02.360000
+CVE-2024-9968,0,0,717d3c358e767369a770843606e1e4d5483d80687e292f6016fca8579965de7a,2024-10-15T03:15:02.360000
 CVE-2024-9969,1,1,cecfd308ad2e03f71dc5b9d4ea26ee57ff6f453836fcfce8973e360b5170dab6,2024-10-15T04:15:04.413000
 CVE-2024-9970,1,1,da32accfb2d25120b84c063f3a64982453a9afe6c85fcc9f83f58303dcf83157,2024-10-15T04:15:04.793000
 CVE-2024-9971,1,1,9e45feb9165a3cb00f61704141ebcf4fcf4e2bd7aeaf74a94f0ef43cd5d8b449,2024-10-15T04:15:05.080000