admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-05-19T22:00:37.570715+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-05-19 22:03:31 +00:00
parent 1d7fde8874
commit 8247bc5754
7 changed files with 233 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2024/CVE-2024-360xx/CVE-2024-36076.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36076",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-19T20:15:07.970",
"lastModified": "2024-05-19T20:15:07.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Syslifters SysReptor before 2024.40 has a CSRF vulnerability for WebSocket connections."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Syslifters/sysreptor/releases/tag/2024.40",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-360xx/CVE-2024-36078.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-36078",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-19T20:15:08.043",
"lastModified": "2024-05-19T20:15:08.043",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In Zammad before 6.3.1, a Ruby gem bundled by Zammad is installed with world-writable file permissions. This allowed a local attacker on the server to modify the gem's files, injecting arbitrary code into Zammad processes (which run with the environment and permissions of the Zammad user)."
}
],
"metrics": {},
"references": [
{
"url": "https://zammad.com/en/advisories/zaa-2024-04",
"source": "cve@mitre.org"
}
]
}

43
CVE-2024/CVE-2024-360xx/CVE-2024-36080.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-36080",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-19T20:15:08.107",
"lastModified": "2024-05-19T20:15:08.107",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.westermo.com/-/media/Files/Cyber-security/westermo_sa_EDW-100_24-05.pdf",
"source": "cve@mitre.org"
}
]
}

43
CVE-2024/CVE-2024-360xx/CVE-2024-36081.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-36081",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-19T20:15:08.287",
"lastModified": "2024-05-19T20:15:08.287",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Westermo EDW-100 devices through 2024-05-03 allow an unauthenticated user to download a configuration file containing a cleartext password. NOTE: this is a serial-to-Ethernet converter that should not be placed at the edge of the network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://www.westermo.com/-/media/Files/Cyber-security/westermo_sa_EDW-100_24-05.pdf",
"source": "cve@mitre.org"
}
]
}

92
CVE-2024/CVE-2024-51xx/CVE-2024-5103.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-5103",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-19T21:15:06.893",
"lastModified": "2024-05-19T21:15:06.893",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument grade leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265093 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%208.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.265093",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.265093",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.338506",
"source": "cna@vuldb.com"
}
]
}

14
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-05-19T20:00:37.810738+00:00
2024-05-19T22:00:37.570715+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-05-19T19:15:48.550000+00:00
2024-05-19T21:15:06.893000+00:00
```
### Last Data Feed Release
@ -33,14 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
250746
250751
```
### CVEs added in the last Commit
Recently added CVEs: `1`
Recently added CVEs: `5`
- [CVE-2024-36070](CVE-2024/CVE-2024-360xx/CVE-2024-36070.json) (`2024-05-19T19:15:48.550`)
- [CVE-2024-36076](CVE-2024/CVE-2024-360xx/CVE-2024-36076.json) (`2024-05-19T20:15:07.970`)
- [CVE-2024-36078](CVE-2024/CVE-2024-360xx/CVE-2024-36078.json) (`2024-05-19T20:15:08.043`)
- [CVE-2024-36080](CVE-2024/CVE-2024-360xx/CVE-2024-36080.json) (`2024-05-19T20:15:08.107`)
- [CVE-2024-36081](CVE-2024/CVE-2024-360xx/CVE-2024-36081.json) (`2024-05-19T20:15:08.287`)
- [CVE-2024-5103](CVE-2024/CVE-2024-51xx/CVE-2024-5103.json) (`2024-05-19T21:15:06.893`)
### CVEs modified in the last Commit

7
_state.csv
View File

@ -249923,7 +249923,11 @@ CVE-2024-36050,0,0,b22df6ffe793b6ac9ff6008c800098dd716d933a6144f94e508ea9c509180
CVE-2024-36053,0,0,d51c9a75127f54998ecb6ee58b412865a9dfdd688bdb7147c71644ad15266736,2024-05-19T16:15:45.687000
CVE-2024-3606,0,0,aad549bdf5ff1831d91b9701456650bb1ccc1938c3f938f0c7eb426394ab8356,2024-05-02T18:00:37.360000
CVE-2024-3607,0,0,af4721086df8378a380a0243b924575fce7196863af6b8319186a0a7c6039e9f,2024-05-02T18:00:37.360000
CVE-2024-36070,1,1,de05fa573555501b450b607d3a0cbcf86f8b56d7ce5d38b83850f99163fba56c,2024-05-19T19:15:48.550000
CVE-2024-36070,0,0,de05fa573555501b450b607d3a0cbcf86f8b56d7ce5d38b83850f99163fba56c,2024-05-19T19:15:48.550000
CVE-2024-36076,1,1,de56b684acd44fab306e3d4f3e900b1defa82aecf47673f3ee1edf1ffb6e9c64,2024-05-19T20:15:07.970000
CVE-2024-36078,1,1,fbdb754fd263eb534eff9145151d70c09cf3881bfaf985f38b529acbb20b379f,2024-05-19T20:15:08.043000
CVE-2024-36080,1,1,35e4409f3385e60e1679f0ddb0b14af2c392237344ea75664d5ab569f94830db,2024-05-19T20:15:08.107000
CVE-2024-36081,1,1,137f97cfef519ce61017992cae8c63613ff3bad7c58d1db3768106d1f2e0623e,2024-05-19T20:15:08.287000
CVE-2024-3609,0,0,6c3cd77579fee8e9517beb08b888a97a81906e9d1fc4f51c5d372766647e52cb,2024-05-17T18:36:05.263000
CVE-2024-3612,0,0,d6528427cbb589467c111cbd40a18dd09640d3302d8baf887860f351407e958e,2024-05-17T02:40:01.520000
CVE-2024-3613,0,0,d7eb1ddde521e54e1fe9acae408bd9221d7036e0a03927b308a853106c490093,2024-05-17T02:40:01.607000
@ -250745,3 +250749,4 @@ CVE-2024-5098,0,0,27e182691f6df2f6e5de66c3e5527fb52eb62e6c11728f25b5e5f30216127d
CVE-2024-5099,0,0,4293f4c81987dc00fde1b446c94f0fb96801ad62e3b48b03d925386f0d01f996,2024-05-19T08:15:06.367000
CVE-2024-5100,0,0,c6616e790fe9d0055566f7986afbbf39bedb52a3fb1f8f9cf3fd594fbdcbac45,2024-05-19T12:15:08.310000
CVE-2024-5101,0,0,fc10060049ea504f994e085091d4ed1d41b5c3f4a4a5b1cf97b8ade4d9f392f6,2024-05-19T14:15:35.700000
CVE-2024-5103,1,1,8f9f7277326c932fb90531905ddffa42bb6c2181d40ea72c0c326203870b4d89,2024-05-19T21:15:06.893000

Can't render this file because it is too large.