diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10191.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10191.json new file mode 100644 index 00000000000..3fa2f6cc550 --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10191.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10191", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-20T06:15:02.413", + "lastModified": "2024-10-20T06:15:02.413", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in PHPGurukul Boat Booking System 1.0. This affects an unknown part of the file /admin/book-details.php of the component Booking Details Page. The manipulation of the argument Official Remark leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_booking_details_xss.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280965", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280965", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.426734", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10192.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10192.json new file mode 100644 index 00000000000..9321c6f9d45 --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10192.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10192", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-20T07:15:02.103", + "lastModified": "2024-10-20T07:15:02.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PHPGurukul IFSC Code Finder Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file search.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_ifsc_code_finder_search_xss.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280966", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280966", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.426759", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 327c5633682..aa9a8c1f980 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-20T06:00:17.406269+00:00 +2024-10-20T08:00:17.292542+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-20T05:15:02.830000+00:00 +2024-10-20T07:15:02.103000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -266182 +266184 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `2` -- [CVE-2024-10169](CVE-2024/CVE-2024-101xx/CVE-2024-10169.json) (`2024-10-20T04:15:02.600`) -- [CVE-2024-10170](CVE-2024/CVE-2024-101xx/CVE-2024-10170.json) (`2024-10-20T04:15:02.920`) -- [CVE-2024-10171](CVE-2024/CVE-2024-101xx/CVE-2024-10171.json) (`2024-10-20T05:15:02.363`) -- [CVE-2024-10173](CVE-2024/CVE-2024-101xx/CVE-2024-10173.json) (`2024-10-20T05:15:02.830`) +- [CVE-2024-10191](CVE-2024/CVE-2024-101xx/CVE-2024-10191.json) (`2024-10-20T06:15:02.413`) +- [CVE-2024-10192](CVE-2024/CVE-2024-101xx/CVE-2024-10192.json) (`2024-10-20T07:15:02.103`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index f1045040da2..0c6cddae623 100644 --- a/_state.csv +++ b/_state.csv @@ -242301,13 +242301,15 @@ CVE-2024-10163,0,0,760804505c29a993b3ee60bb0053b8796cff3f61fdbf35c8f9cb4945e46ed CVE-2024-10165,0,0,1ee5150692a7caaa2f8d2f9cce2d2d3d86fe3d042db0026ad07e240edd08b858,2024-10-20T03:15:02.557000 CVE-2024-10166,0,0,ee36d7372e2b89408897b5a68fb832be02d6b3e768730f2fbaef49e92c40cd7d,2024-10-20T03:15:02.840000 CVE-2024-10167,0,0,e5beea9cb4c295a286090ab98b78e03dd1ce66fe9d6d402d0be81c2b1aa4b5c6,2024-10-20T03:15:03.090000 -CVE-2024-10169,1,1,d09a97a6d1608683e29b40fc52428bcec4f907868be75b732e3811329cbb0ca0,2024-10-20T04:15:02.600000 +CVE-2024-10169,0,0,d09a97a6d1608683e29b40fc52428bcec4f907868be75b732e3811329cbb0ca0,2024-10-20T04:15:02.600000 CVE-2024-1017,0,0,50b68641acb97d381e6a65107328f0dab0fccf027bea27ef0f379cc058119760,2024-05-17T02:35:10.627000 -CVE-2024-10170,1,1,eadc15e054dff92a72c41bb061c16d2faf69911f67d05dd4dcda672e37172826,2024-10-20T04:15:02.920000 -CVE-2024-10171,1,1,60d7017912088a83451045313890efea0a3c4a8f38779b7c5b7680aa67b3fb1b,2024-10-20T05:15:02.363000 -CVE-2024-10173,1,1,694065e426755de8442b8b1e2a83d2200f1796f2f77c0caced3c41944e1a6b83,2024-10-20T05:15:02.830000 +CVE-2024-10170,0,0,eadc15e054dff92a72c41bb061c16d2faf69911f67d05dd4dcda672e37172826,2024-10-20T04:15:02.920000 +CVE-2024-10171,0,0,60d7017912088a83451045313890efea0a3c4a8f38779b7c5b7680aa67b3fb1b,2024-10-20T05:15:02.363000 +CVE-2024-10173,0,0,694065e426755de8442b8b1e2a83d2200f1796f2f77c0caced3c41944e1a6b83,2024-10-20T05:15:02.830000 CVE-2024-1018,0,0,6a41753bbb9bddfdeb27e8da1aa301f604399583ccfe73ec2b7c0e024f66f45f,2024-05-17T02:35:10.733000 CVE-2024-1019,0,0,9d34fb91efb6a448073ac765944da7eab7ec7fd07c6fef378639c859599f6841,2024-02-20T02:15:49.973000 +CVE-2024-10191,1,1,0d543e8a82bc8c79a47d9712105c05a38228b23d0440b597d65516663ce860f2,2024-10-20T06:15:02.413000 +CVE-2024-10192,1,1,9f3a26656d3a0aa5ee219d066ee638d49fb09c17860b4f18ed9a6f860568e3c9,2024-10-20T07:15:02.103000 CVE-2024-1020,0,0,d848db5207b830f092dac5463c394c0f65f6423556f55d15e70d177c797c2de1,2024-05-17T02:35:10.867000 CVE-2024-1021,0,0,89180a6ed9705fc79d8d8a15633a1cfe9e27adac2a4a623501249d49427826d0,2024-05-17T02:35:10.970000 CVE-2024-1022,0,0,f42eaa1b302319f7e3148377e0522c31bf6c16d407215c446c1d3f1b55b4debd,2024-05-17T02:35:11.070000