diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42340.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42340.json new file mode 100644 index 00000000000..4ad540be9f4 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42340.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42340", + "sourceIdentifier": "cna@cyber.gov.il", + "published": "2024-08-25T08:15:03.290", + "lastModified": "2024-08-25T08:15:03.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "CyberArk - CWE-602: Client-Side Enforcement of Server-Side Security" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@cyber.gov.il", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "cna@cyber.gov.il", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-602" + } + ] + } + ], + "references": [ + { + "url": "https://www.gov.il/en/Departments/faq/cve_advisories", + "source": "cna@cyber.gov.il" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8146.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8146.json new file mode 100644 index 00000000000..82bb653dc0c --- /dev/null +++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8146.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8146", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-25T08:15:03.597", + "lastModified": "2024-08-25T08:15:03.597", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in code-projects Pharmacy Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /index.php?action=editSalesman. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/maqingnan/cve/blob/main/sql1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275728", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275728", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.397417", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8147.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8147.json new file mode 100644 index 00000000000..721b853ed22 --- /dev/null +++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8147.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8147", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-25T09:15:04.243", + "lastModified": "2024-08-25T09:15:04.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in code-projects Pharmacy Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /index.php?action=editPharmacist. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/maqingnan/cve/blob/main/sql2.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275729", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275729", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.397418", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e4ba8aa1cc4..25513697416 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-25T08:00:17.045819+00:00 +2024-08-25T10:00:16.889136+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-25T07:15:11.067000+00:00 +2024-08-25T09:15:04.243000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -261110 +261113 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `3` -- [CVE-2024-42337](CVE-2024/CVE-2024-423xx/CVE-2024-42337.json) (`2024-08-25T07:15:08.540`) -- [CVE-2024-42338](CVE-2024/CVE-2024-423xx/CVE-2024-42338.json) (`2024-08-25T07:15:10.350`) -- [CVE-2024-42339](CVE-2024/CVE-2024-423xx/CVE-2024-42339.json) (`2024-08-25T07:15:11.067`) -- [CVE-2024-8145](CVE-2024/CVE-2024-81xx/CVE-2024-8145.json) (`2024-08-25T06:15:03.910`) +- [CVE-2024-42340](CVE-2024/CVE-2024-423xx/CVE-2024-42340.json) (`2024-08-25T08:15:03.290`) +- [CVE-2024-8146](CVE-2024/CVE-2024-81xx/CVE-2024-8146.json) (`2024-08-25T08:15:03.597`) +- [CVE-2024-8147](CVE-2024/CVE-2024-81xx/CVE-2024-8147.json) (`2024-08-25T09:15:04.243`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-1430](CVE-2024/CVE-2024-14xx/CVE-2024-1430.json) (`2024-08-25T06:15:03.247`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 5ea4031b912..b7e8fc84694 100644 --- a/_state.csv +++ b/_state.csv @@ -242369,7 +242369,7 @@ CVE-2024-1426,0,0,58297813532bddd72ed4f278824b8276e78c437596064bf3a5aa32ce1b4813 CVE-2024-1427,0,0,cab6a0307295e866b43ac26f256e1637a37d7a2b197239c60a9da244492c16fe,2024-07-03T15:44:40.083000 CVE-2024-1428,0,0,3cc3b1a9efed5e9bd932f5f4b32240359ff16f5465557beabc74530c2a820d28,2024-04-08T18:48:40.217000 CVE-2024-1429,0,0,e6662f9b0f545f55c7ee8bcb23a23604a89d336e239381f2a1bde6ff8a245229,2024-04-18T13:04:28.900000 -CVE-2024-1430,0,1,5f572c70d25522d061e4003dc5db707a19ced2389745e1d9c2e010c648602583,2024-08-25T06:15:03.247000 +CVE-2024-1430,0,0,5f572c70d25522d061e4003dc5db707a19ced2389745e1d9c2e010c648602583,2024-08-25T06:15:03.247000 CVE-2024-1431,0,0,dffeae7ac141470af7be0b2328a469b677a187755a6f5b33a0e207b69e8951ff,2024-05-17T02:35:26.750000 CVE-2024-1432,0,0,c5cced34d488ad6451a389f4ef94ad47e3a692cf248f0465497b6f18a4764cd4,2024-08-01T19:15:36.183000 CVE-2024-1433,0,0,fc501baa3742da2eca2c8d6dbd68b98ba191ec1168203c3ad2d0a6bbc1a9ee77,2024-05-17T02:35:26.970000 @@ -257696,10 +257696,11 @@ CVE-2024-4233,0,0,e3336c43dd885f8db6271cd8e49f7796169d1b724e733d53d39e8dcd56cab2 CVE-2024-42334,0,0,63554eb6ad9440efa3ee44750a635a89b93444804b44759a759c86799c0d08da,2024-08-21T15:59:56.493000 CVE-2024-42335,0,0,2b9b97973dd654c6eb68cc221bad7788b92938b457385b73625ca969f07db996,2024-08-21T13:49:19.863000 CVE-2024-42336,0,0,2a147ce2c01a7e418a5959472912788f2794cc01211d2520283d06f56199ab5d,2024-08-20T15:44:20.567000 -CVE-2024-42337,1,1,47e1940a0e7d8f836173649e1092c05c4a599d6952732f048ef06f63fe0c62ed,2024-08-25T07:15:08.540000 -CVE-2024-42338,1,1,00b1ab80b5a0024a676edd49282a142c1d301f4b5e828f08f344e9a0e94c0116,2024-08-25T07:15:10.350000 -CVE-2024-42339,1,1,f4ee840292c50c15be4fdc2b991811af45baa71c81082da6eef96531aabf104d,2024-08-25T07:15:11.067000 +CVE-2024-42337,0,0,47e1940a0e7d8f836173649e1092c05c4a599d6952732f048ef06f63fe0c62ed,2024-08-25T07:15:08.540000 +CVE-2024-42338,0,0,00b1ab80b5a0024a676edd49282a142c1d301f4b5e828f08f344e9a0e94c0116,2024-08-25T07:15:10.350000 +CVE-2024-42339,0,0,f4ee840292c50c15be4fdc2b991811af45baa71c81082da6eef96531aabf104d,2024-08-25T07:15:11.067000 CVE-2024-4234,0,0,18c98986f4d0c323ca7a76881b57d07f11d740fced15b647da44016411c790ed,2024-04-26T15:32:22.523000 +CVE-2024-42340,1,1,9ca332630bfc51f7c0e6be2bc1bb935ca544861351b51e7eb13a40e4f63659ec,2024-08-25T08:15:03.290000 CVE-2024-42347,0,0,9d56c3d6f460e2251d08d50a3e874b7efeb364cadb050367418d1be0b31e15cb,2024-08-12T18:52:08.163000 CVE-2024-42348,0,0,9049ba06c12fadbe924de4e1d7650091813be7f3a3306b9434f7ebd8620eed32,2024-08-05T12:41:45.957000 CVE-2024-42349,0,0,7c83a1a3a31095b7c061367c56e1e2185d3951ede9de2f7c2b93de97074131bc,2024-08-05T12:41:45.957000 @@ -261108,4 +261109,6 @@ CVE-2024-8140,0,0,60bdcb31e72dc8d58ebff5f24a11864be8d911ad4f98a34c83d4ad581bf2f5 CVE-2024-8141,0,0,5b89c55608dc7c94dcc3a41a381072a0d3a68ce11de5be1e80b6665e2959a8b1,2024-08-25T02:15:04.687000 CVE-2024-8142,0,0,fcb738cd7c7aaf1f9f023d59895853a768ef11a919deeb1ffc545380a5d50560,2024-08-25T03:15:03.673000 CVE-2024-8144,0,0,88fed21edfd93fa7bca725ad2225251a9d109041c2e48809ee1ed796915b95a8,2024-08-25T04:15:03.867000 -CVE-2024-8145,1,1,78b78143837f5c0df569416f880d975eb45acf9e0ac0d1c0640b30f4b266e1ba,2024-08-25T06:15:03.910000 +CVE-2024-8145,0,0,78b78143837f5c0df569416f880d975eb45acf9e0ac0d1c0640b30f4b266e1ba,2024-08-25T06:15:03.910000 +CVE-2024-8146,1,1,1a014ee97b984953eab99f79670e8f6f85a815565363ce01758e7ec2838e752e,2024-08-25T08:15:03.597000 +CVE-2024-8147,1,1,1943d5219ce6820bb91164b12575bc9bc6449d1368374a8bac82f600f631e34c,2024-08-25T09:15:04.243000