Auto-Update: 2024-03-01T13:00:23.610492+00:00

2025-07-09 16:05:11 +00:00 · 2024-03-01 13:00:27 +00:00 · 2024-03-01 13:00:27 +00:00 · 8d61886604
commit 8d61886604
parent 36731a2f73
8 changed files with 500 additions and 8 deletions
--- a/CVE-2024/CVE-2024-20xx/CVE-2024-2057.json
+++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2057.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2024-2057",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-03-01T12:15:48.670",
+  "lastModified": "2024-03-01T12:15:48.670",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Harrison Chase LangChain 0.1.9. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255372."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 6.5
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-918"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/bayuncao/vul-cve-16",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.255372",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.255372",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-20xx/CVE-2024-2058.json
+++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2058.json
@ -0,0 +1,96 @@
+{
+  "id": "CVE-2024-2058",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-03-01T11:15:08.237",
+  "lastModified": "2024-03-01T11:15:08.237",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255373 was assigned to this vulnerability."
+    },
+    {
+      "lang": "es",
+      "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Petrol Pump Management Software 1.0. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/app/product.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n de la foto del argumento da lugar a una subida sin restricciones. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-255373."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "MULTIPLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 5.8
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 6.4,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.255373",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.255373",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-20xx/CVE-2024-2059.json
+++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2059.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2024-2059",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-03-01T12:15:48.890",
+  "lastModified": "2024-03-01T12:15:48.890",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "MULTIPLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 5.8
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 6.4,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/service_crud.php%20Unauthenticated%20Arbitrary%20File%20Upload.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.255374",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.255374",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-20xx/CVE-2024-2078.json
+++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2078.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-2078",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-03-01T12:15:49.100",
+  "lastModified": "2024-03-01T12:15:49.100",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 2.5
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-helpdeskz",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-224xx/CVE-2024-22457.json
+++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22457.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-22457",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2024-03-01T11:15:07.127",
+  "lastModified": "2024-03-01T11:15:07.127",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server."
+    },
+    {
+      "lang": "es",
+      "value": "Dell Secure Connect Gateway 5.20 contiene una vulnerabilidad de autenticaci\u00f3n incorrecta durante la ruta de actualizaci\u00f3n de SRS a SCG. Un atacante remoto con pocos privilegios podr\u00eda explotar esta vulnerabilidad, lo que llevar\u00eda a la suplantaci\u00f3n del servidor mediante la presentaci\u00f3n de un certificado autofirmado falso y la comunicaci\u00f3n con el servidor remoto."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-290"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000222433/dsa-2024-076-security-update-for-dell-secure-connect-gateway-appliance-vulnerabilities",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-224xx/CVE-2024-22458.json
+++ b/CVE-2024/CVE-2024-224xx/CVE-2024-22458.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-22458",
+  "sourceIdentifier": "security_alert@emc.com",
+  "published": "2024-03-01T11:15:07.910",
+  "lastModified": "2024-03-01T11:15:07.910",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext."
+    },
+    {
+      "lang": "es",
+      "value": "Dell Secure Connect Gateway, versi\u00f3n 5.18, contiene una vulnerabilidad de potencia de cifrado inadecuada. Un atacante de red no autenticado podr\u00eda explotar esta vulnerabilidad, permiti\u00e9ndole recuperar texto plano de un bloque de texto cifrado."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security_alert@emc.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.7,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security_alert@emc.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-327"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.dell.com/support/kbdoc/en-us/000222433/dsa-2024-076-security-update-for-dell-secure-connect-gateway-appliance-vulnerabilities",
+      "source": "security_alert@emc.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-262xx/CVE-2024-26280.json
+++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26280.json
@ -0,0 +1,40 @@
+{
+  "id": "CVE-2024-26280",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-03-01T11:15:08.123",
+  "lastModified": "2024-03-01T11:15:08.123",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view.\u00a0With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default.\n\nUsers of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability"
+    },
+    {
+      "lang": "es",
+      "value": "Apache Airflow, versiones anteriores a la 2.8.2, tiene una vulnerabilidad que permite a los usuarios autenticados de Ops y Viewers ver toda la informaci\u00f3n en los registros de auditor\u00eda, incluidos los nombres de dag y los nombres de usuario que no ten\u00edan permiso para ver. Con 2.8.2 y versiones posteriores, los usuarios de Ops y Viewer no tienen permiso de registro de auditor\u00eda de forma predeterminada; se les debe otorgar permisos expl\u00edcitamente para ver los registros. De forma predeterminada, solo los usuarios administradores tienen permiso de registro de auditor\u00eda. Se recomienda a los usuarios de Apache Airflow actualizar a la versi\u00f3n 2.8.2 o posterior para mitigar el riesgo asociado con esta vulnerabilidad."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-276"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/apache/airflow/pull/37501",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-03-01T11:00:24.301840+00:00
+2024-03-01T13:00:23.610492+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-03-01T10:15:07.413000+00:00
+2024-03-01T12:15:49.100000+00:00
 ```

 ### Last Data Feed Release
@ -29,17 +29,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-240182
+240189
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `7`

-* [CVE-2024-0692](CVE-2024/CVE-2024-06xx/CVE-2024-0692.json) (`2024-03-01T09:15:09.600`)
-* [CVE-2024-25091](CVE-2024/CVE-2024-250xx/CVE-2024-25091.json) (`2024-03-01T09:15:09.820`)
-* [CVE-2024-1120](CVE-2024/CVE-2024-11xx/CVE-2024-1120.json) (`2024-03-01T10:15:07.173`)
-* [CVE-2024-25972](CVE-2024/CVE-2024-259xx/CVE-2024-25972.json) (`2024-03-01T10:15:07.413`)
+* [CVE-2024-22457](CVE-2024/CVE-2024-224xx/CVE-2024-22457.json) (`2024-03-01T11:15:07.127`)
+* [CVE-2024-22458](CVE-2024/CVE-2024-224xx/CVE-2024-22458.json) (`2024-03-01T11:15:07.910`)
+* [CVE-2024-26280](CVE-2024/CVE-2024-262xx/CVE-2024-26280.json) (`2024-03-01T11:15:08.123`)
+* [CVE-2024-2058](CVE-2024/CVE-2024-20xx/CVE-2024-2058.json) (`2024-03-01T11:15:08.237`)
+* [CVE-2024-2057](CVE-2024/CVE-2024-20xx/CVE-2024-2057.json) (`2024-03-01T12:15:48.670`)
+* [CVE-2024-2059](CVE-2024/CVE-2024-20xx/CVE-2024-2059.json) (`2024-03-01T12:15:48.890`)
+* [CVE-2024-2078](CVE-2024/CVE-2024-20xx/CVE-2024-2078.json) (`2024-03-01T12:15:49.100`)


 ### CVEs modified in the last Commit