From 97417cec35a930ee392051a05469a0310e4d691e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 4 Mar 2024 03:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-03-04T03:00:24.756531+00:00 --- CVE-2024/CVE-2024-21xx/CVE-2024-2153.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-21xx/CVE-2024-2154.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-21xx/CVE-2024-2155.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-21xx/CVE-2024-2156.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-220xx/CVE-2024-22054.json | 33 ++------ README.md | 20 ++--- 6 files changed, 370 insertions(+), 35 deletions(-) create mode 100644 CVE-2024/CVE-2024-21xx/CVE-2024-2153.json create mode 100644 CVE-2024/CVE-2024-21xx/CVE-2024-2154.json create mode 100644 CVE-2024/CVE-2024-21xx/CVE-2024-2155.json create mode 100644 CVE-2024/CVE-2024-21xx/CVE-2024-2156.json diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2153.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2153.json new file mode 100644 index 00000000000..650cdeabf4f --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2153.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-2153", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-04T01:15:06.953", + "lastModified": "2024-03-04T01:15:06.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255585 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20View%20Order%20-%20Mobile%20Management%20Store.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.255585", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.255585", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2154.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2154.json new file mode 100644 index 00000000000..8951f20c79d --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2154.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-2154", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-04T01:15:07.200", + "lastModified": "2024-03-04T01:15:07.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255586 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vanitashtml/CVE-Dumps/blob/main/Unauthenticated%20SQL%20Injection%20-%20Mobile%20Management%20Store.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.255586", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.255586", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2155.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2155.json new file mode 100644 index 00000000000..db393f632f9 --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2155.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-2155", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-04T01:15:07.437", + "lastModified": "2024-03-04T01:15:07.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-73" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wkeyi0x1/vul-report/blob/main/Best%20pos%20management%20system%20in%20php/report.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.255587", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.255587", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2156.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2156.json new file mode 100644 index 00000000000..75cfe6a934f --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2156.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-2156", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-04T01:15:07.680", + "lastModified": "2024-03-04T01:15:07.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin_class.php. The manipulation of the argument img leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255588." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wkeyi0x1/vul-report/blob/main/Best%20pos%20management%20system%20in%20php/Report-SQLI-1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.255588", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.255588", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22054.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22054.json index 582ee22eb51..8f8ffafd258 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22054.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22054.json @@ -2,38 +2,19 @@ "id": "CVE-2024-22054", "sourceIdentifier": "support@hackerone.com", "published": "2024-02-20T18:15:51.393", - "lastModified": "2024-02-20T19:50:53.960", + "lastModified": "2024-03-04T02:15:16.820", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.\n\n \n\n \n\nAffected Products:\n\nUniFi Access Points\n\nUniFi Switches\n\nUniFi LTE Backup\n\nUniFi Express (Only Mesh Mode, Router mode is not affected)\n\n \n\nMitigation:\n\nUpdate UniFi Access Points to Version 6.6.65 or later.\n\nUpdate UniFi Switches to Version 6.6.61 or later.\n\nUpdate UniFi LTE Backup to Version 6.6.57 or later.\n\nUpdate UniFi Express to Version 3.2.5 or later." + "value": "A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery.\n\n\nAffected Products:\nUniFi Access Points\nUniFi Switches\nUniFi LTE Backup\nUniFi Express (Only Mesh Mode, Router mode is not affected)\n\n \nMitigation:\nUpdate UniFi Access Points to Version 6.6.55 or later.\nUpdate UniFi Switches to Version 6.6.61 or later.\nUpdate UniFi LTE Backup to Version 6.6.57 or later.\nUpdate UniFi Express to Version 3.2.5 or later." + }, + { + "lang": "es", + "value": "Un paquete de descubrimiento con formato incorrecto enviado por un actor malintencionado con acceso preexistente a la red podr\u00eda interrumpir la funcionalidad de administraci\u00f3n y descubrimiento de dispositivos. Productos afectados: Puntos de acceso UniFi Conmutadores UniFi Copia de seguridad UniFi LTE UniFi Express (solo el modo malla, el modo enrutador no se ve afectado) Mitigaci\u00f3n: actualice los puntos de acceso UniFi a la versi\u00f3n 6.6.65 o posterior. Actualice UniFi Switches a la versi\u00f3n 6.6.61 o posterior. Actualice UniFi LTE Backup a la versi\u00f3n 6.6.57 o posterior. Actualice UniFi Express a la versi\u00f3n 3.2.5 o posterior." } ], - "metrics": { - "cvssMetricV30": [ - { - "source": "support@hackerone.com", - "type": "Secondary", - "cvssData": { - "version": "3.0", - "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 3.9, - "impactScore": 3.6 - } - ] - }, + "metrics": {}, "references": [ { "url": "https://community.ui.com/releases/Security-Advisory-Bulletin-037-037/9aeeccef-ca4a-4f10-9f66-1eb400b3d027", diff --git a/README.md b/README.md index 16d0aa3694d..37896ccaaf0 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-04T00:55:25.108787+00:00 +2024-03-04T03:00:24.756531+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-04T00:15:47.303000+00:00 +2024-03-04T02:15:16.820000+00:00 ``` ### Last Data Feed Release @@ -23,28 +23,30 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-03-03T01:00:28.265427+00:00 +2024-03-04T01:00:28.248638+00:00 ``` ### Total Number of included CVEs ```plain -240388 +240392 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `4` -* [CVE-2024-28088](CVE-2024/CVE-2024-280xx/CVE-2024-28088.json) (`2024-03-04T00:15:47.017`) -* [CVE-2024-2151](CVE-2024/CVE-2024-21xx/CVE-2024-2151.json) (`2024-03-04T00:15:47.070`) -* [CVE-2024-2152](CVE-2024/CVE-2024-21xx/CVE-2024-2152.json) (`2024-03-04T00:15:47.303`) +* [CVE-2024-2153](CVE-2024/CVE-2024-21xx/CVE-2024-2153.json) (`2024-03-04T01:15:06.953`) +* [CVE-2024-2154](CVE-2024/CVE-2024-21xx/CVE-2024-2154.json) (`2024-03-04T01:15:07.200`) +* [CVE-2024-2155](CVE-2024/CVE-2024-21xx/CVE-2024-2155.json) (`2024-03-04T01:15:07.437`) +* [CVE-2024-2156](CVE-2024/CVE-2024-21xx/CVE-2024-2156.json) (`2024-03-04T01:15:07.680`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2024-22054](CVE-2024/CVE-2024-220xx/CVE-2024-22054.json) (`2024-03-04T02:15:16.820`) ## Download and Usage