From 88c3c889bf837f5914c30cd57ec406504be3b4bc Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 30 Dec 2024 00:58:42 +0000 Subject: [PATCH] Auto-Update: 2024-12-30T00:55:19.384791+00:00 --- CVE-2024/CVE-2024-130xx/CVE-2024-13025.json | 141 ++++++++++++++++++++ CVE-2024/CVE-2024-130xx/CVE-2024-13028.json | 141 ++++++++++++++++++++ CVE-2024/CVE-2024-130xx/CVE-2024-13029.json | 137 +++++++++++++++++++ README.md | 13 +- _state.csv | 7 +- 5 files changed, 431 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-130xx/CVE-2024-13025.json create mode 100644 CVE-2024/CVE-2024-130xx/CVE-2024-13028.json create mode 100644 CVE-2024/CVE-2024-130xx/CVE-2024-13029.json diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13025.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13025.json new file mode 100644 index 00000000000..6d06053cd47 --- /dev/null +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13025.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-13025", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-29T23:15:05.460", + "lastModified": "2024-12-29T23:15:05.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Codezips College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Front-end/faculty.php. The manipulation of the argument book_name/book_author leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/shaturo1337/POCs/blob/main/SQL%20Injection%20in%20College%20Management%20System.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289716", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289716", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.471108", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13028.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13028.json new file mode 100644 index 00000000000..a4cbd79052a --- /dev/null +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13028.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-13028", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-29T23:15:06.030", + "lastModified": "2024-12-29T23:15:06.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "baseScore": 3.7, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "baseScore": 2.6, + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "baseSeverity": "LOW", + "exploitabilityScore": 4.9, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + }, + { + "lang": "en", + "value": "CWE-204" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ObservableDiscrepancy-UserLogin.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289721", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289721", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.465924", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-130xx/CVE-2024-13029.json b/CVE-2024/CVE-2024-130xx/CVE-2024-13029.json new file mode 100644 index 00000000000..1b717ff1c90 --- /dev/null +++ b/CVE-2024/CVE-2024-130xx/CVE-2024-13029.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-13029", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-30T00:15:04.837", + "lastModified": "2024-12-30T00:15:04.837", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/cydtseng/Vulnerability-Research/blob/main/white-jotter/ServerSideRequestForgery-BookCoverURL.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289722", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289722", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.465942", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 07034e06114..c1b3deb627c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-29T23:00:19.777358+00:00 +2024-12-30T00:55:19.384791+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-29T21:15:06.220000+00:00 +2024-12-30T00:15:04.837000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275142 +275145 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `3` -- [CVE-2024-13023](CVE-2024/CVE-2024-130xx/CVE-2024-13023.json) (`2024-12-29T21:15:06.020`) -- [CVE-2024-13024](CVE-2024/CVE-2024-130xx/CVE-2024-13024.json) (`2024-12-29T21:15:06.220`) +- [CVE-2024-13025](CVE-2024/CVE-2024-130xx/CVE-2024-13025.json) (`2024-12-29T23:15:05.460`) +- [CVE-2024-13028](CVE-2024/CVE-2024-130xx/CVE-2024-13028.json) (`2024-12-29T23:15:06.030`) +- [CVE-2024-13029](CVE-2024/CVE-2024-130xx/CVE-2024-13029.json) (`2024-12-30T00:15:04.837`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 3f5506ebee3..2e19c728ddd 100644 --- a/_state.csv +++ b/_state.csv @@ -245253,8 +245253,11 @@ CVE-2024-1302,0,0,50e21539c22b43b4db748f33a4680786d0cd3b39c9a7a5fc858bc75c336607 CVE-2024-13020,0,0,2916e522cf2b8d14142afa8629cb0d2116b3867d136a09d1c87f4d9b5a62f928,2024-12-29T19:15:07.273000 CVE-2024-13021,0,0,521ad71af2c0629838bea435a2fcdf80dc49a418cbb2c1adaa365efc2f54aa2c,2024-12-29T20:15:05.043000 CVE-2024-13022,0,0,31946f46234a2f885529fc55fb9df522feaa7112e2244bd255db91f99134c814,2024-12-29T20:15:05.980000 -CVE-2024-13023,1,1,a6002ae756a126843e0244f11dec8062c69ff459b14d4771d8dead00e17d6b47,2024-12-29T21:15:06.020000 -CVE-2024-13024,1,1,e340e51a3df794ede6df3c6be7e441d083b7ba4e9dc9e86eed36ca28aec27427,2024-12-29T21:15:06.220000 +CVE-2024-13023,0,0,a6002ae756a126843e0244f11dec8062c69ff459b14d4771d8dead00e17d6b47,2024-12-29T21:15:06.020000 +CVE-2024-13024,0,0,e340e51a3df794ede6df3c6be7e441d083b7ba4e9dc9e86eed36ca28aec27427,2024-12-29T21:15:06.220000 +CVE-2024-13025,1,1,a87750376ff6243f001740c9bce13c9b5fe6fd7c08ed899ff608efcb535952c9,2024-12-29T23:15:05.460000 +CVE-2024-13028,1,1,9c7c8ebb025b45a51d90b3c21686bdb8a4bd0ad2279542d46cda94901b741f1b,2024-12-29T23:15:06.030000 +CVE-2024-13029,1,1,b5072dc5bc09f8cacb09ffc8e511fa77cd763986efcaa6d43b5f9a8ec7809208,2024-12-30T00:15:04.837000 CVE-2024-1303,0,0,922ad92b627c1129d744b1f80cb5c88d28598a22649a8dddf52c9956281bb86f,2024-11-21T08:50:16.593000 CVE-2024-1304,0,0,7f3d377d10786bd7b29e3437adfa1f791151a43db698785def3901d685804d14,2024-11-21T08:50:16.717000 CVE-2024-1305,0,0,61bd2e20ff0aa394ece1e84d5d848dafdcba1e6f1c6375393ac194bd0f52a153,2024-11-21T08:50:16.840000