Auto-Update: 2024-04-06T20:00:38.874217+00:00

2025-07-09 16:05:11 +00:00 · 2024-04-06 20:03:28 +00:00 · 2024-04-06 20:03:28 +00:00 · a44fd26bc5
commit a44fd26bc5
parent 0caf3a613f
5 changed files with 162 additions and 11 deletions
--- a/CVE-2024/CVE-2024-276xx/CVE-2024-27620.json
+++ b/CVE-2024/CVE-2024-276xx/CVE-2024-27620.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2024-27620",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-06T19:15:07.183",
+  "lastModified": "2024-04-06T19:15:07.183",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://ladder.com",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://everywall.github.io/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://packetstormsecurity.com/files/177506/Ladder-0.0.21-Server-Side-Request-Forgery.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-287xx/CVE-2024-28741.json
+++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28741.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2024-28741",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-06T19:15:07.247",
+  "lastModified": "2024-04-06T19:15:07.247",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://blog.chebuya.com/posts/discovering-cve-2024-28741-remote-code-execution-on-northstar-c2-agents-via-pre-auth-stored-xss/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/EnginDemirbilek/NorthStarC2",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://packetstormsecurity.com/files/177542/NorthStar-C2-Agent-1.0-Cross-Site-Scripting-Remote-Command-Execution.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-34xx/CVE-2024-3413.json
+++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3413.json
@ -0,0 +1,92 @@
+{
+  "id": "CVE-2024-3413",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-04-06T19:15:07.303",
+  "lastModified": "2024-04-06T19:15:07.303",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability has been found in SourceCodester Human Resource Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file initialize/login_process.php. The manipulation of the argument hr_email/hr_password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259582 is the identifier assigned to this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "NONE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL",
+          "baseScore": 7.5
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-89"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/thisissuperann/Vul/blob/Human-Resource-Information-System/Human-Resource-Information-System-01.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.259582",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.259582",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.311431",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-06T18:00:30.764170+00:00
+2024-04-06T20:00:38.874217+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-06T17:15:07.127000+00:00
+2024-04-06T19:15:07.303000+00:00
 ```

 ### Last Data Feed Release
@ -33,22 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-244293
+244296
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `3`

- [CVE-2024-0406](CVE-2024/CVE-2024-04xx/CVE-2024-0406.json) (`2024-04-06T17:15:07.127`)
+- [CVE-2024-27620](CVE-2024/CVE-2024-276xx/CVE-2024-27620.json) (`2024-04-06T19:15:07.183`)
+- [CVE-2024-28741](CVE-2024/CVE-2024-287xx/CVE-2024-28741.json) (`2024-04-06T19:15:07.247`)
+- [CVE-2024-3413](CVE-2024/CVE-2024-34xx/CVE-2024-3413.json) (`2024-04-06T19:15:07.303`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `0`

- [CVE-2024-3203](CVE-2024/CVE-2024-32xx/CVE-2024-3203.json) (`2024-04-06T16:15:08.350`)
- [CVE-2024-3204](CVE-2024/CVE-2024-32xx/CVE-2024-3204.json) (`2024-04-06T16:15:08.530`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -238299,7 +238299,7 @@ CVE-2024-0400,0,0,18035b4484267a537c15645ebee53285fc55ae5559f980b5f9795ec2795f24
 CVE-2024-0402,0,0,2fe1b596353be20e61cfde75d3fd6588203ea2d19b7c21e2ce1c5a9ecc57cc90,2024-01-31T18:34:47.867000
 CVE-2024-0403,0,0,ba0983060e2034b216b25cd26ed2bb024a7850bc1fcd95abc9a090d5040f7805,2024-03-01T14:04:26.010000
 CVE-2024-0405,0,0,efdadcc35fc4ed87224ff4e930a96f9ee86e8b4ccb1a79f084616e91b90070e3,2024-01-24T17:23:09.773000
-CVE-2024-0406,1,1,0d732ed0dcd4fee7d1608f00be852db4804bc0faa2e05ae9887b791a398602f2,2024-04-06T17:15:07.127000
+CVE-2024-0406,0,0,0d732ed0dcd4fee7d1608f00be852db4804bc0faa2e05ae9887b791a398602f2,2024-04-06T17:15:07.127000
 CVE-2024-0407,0,0,f3bc2895be8ea5b6951b82e45fc670b2af282e8da3ab8846004c7a5f8a8e92ad,2024-02-22T19:07:37.840000
 CVE-2024-0408,0,0,4e3e81f52cf3d5178a7182e7de9f0301b287ec329828c0391a69e3034670a699,2024-03-07T17:15:12.400000
 CVE-2024-0409,0,0,34ebe0729ae458ad3578e4d18065a813c37b10bf9cf2255ae436410c7013521e,2024-03-07T17:15:12.540000
@ -242896,6 +242896,7 @@ CVE-2024-27609,0,0,f5d2fceb3a71c480d99c4c75cd0a83ffe0e0dd3a726d0869ef9aadec6a003
 CVE-2024-27612,0,0,c510222cc98aeecd84a141efbf806cb4a31be0185bd980ef0ea0993f9e29a425,2024-03-08T14:02:57.420000
 CVE-2024-27613,0,0,55e42cf2e4639a6096ea75af39dc974125f1048dbd4b80fc4aa61dc42e00d85d,2024-03-08T14:02:57.420000
 CVE-2024-27619,0,0,ac27585ed59a6668049d75158e75afc441f45955e396bf2ead784d9f82b5977e,2024-04-01T01:12:59.077000
+CVE-2024-27620,1,1,a39ca740f47ad27742f34d3bd3f86260ea8eac572f198f6a32bc8896f290f0fc,2024-04-06T19:15:07.183000
 CVE-2024-27622,0,0,1f97ac5b5ef46757629262fb3eae095c2e31f5e8d93445f5e445dbfb6034e57e,2024-03-05T14:27:46.090000
 CVE-2024-27623,0,0,2fddee8e74e15c6e7895f22777fd9ac33928389d1ff6851e7ceeb0e05ed9e8b4,2024-03-05T14:27:46.090000
 CVE-2024-27625,0,0,d6b6da55ca3f292d09b4a714bcb504e227f68a5bde518c62e1054c68c65c7b4c,2024-03-05T14:27:46.090000
@ -243323,6 +243324,7 @@ CVE-2024-28715,0,0,054dc6dc725c244acb835446cab8d82270f7d8ffd8311eb9aca1ba238d62a
 CVE-2024-2873,0,0,38b44d61d3230fcaba1c551f8073fe8dda4eadd0cd50d8705b668e3c4529f628,2024-03-26T12:55:05.010000
 CVE-2024-28734,0,0,f4687488b267ac163f3e0d4b9d3eb38f6f5a041c19b985a560624c627a7f4e16,2024-04-01T21:15:33.200000
 CVE-2024-28735,0,0,27a3fb731c930af76bd97477e46fd57873e1d90373135fa3e190a08c95c9db47,2024-04-01T21:15:37.360000
+CVE-2024-28741,1,1,1678ed4de6f62b62747c7cf1ef99a3f3ff7e7dec4db75414c76ffae859a52b6b,2024-04-06T19:15:07.247000
 CVE-2024-28745,0,0,15394cfaddabd1c5537f1c3a0b8bc4d088d58358d421e9d9475a38fad6a5e44f,2024-03-18T12:38:25.490000
 CVE-2024-28746,0,0,fb320a7d6e12ec8f68beabcf59bf59d1aef1d7213d73fb79561b698cb3fb6967,2024-03-14T12:52:09.877000
 CVE-2024-28752,0,0,495f9c5e12c0e13f37b84e847c6c74c560494d5ce882050026116e368be1891f,2024-03-15T12:53:06.423000
@ -244225,8 +244227,8 @@ CVE-2024-31850,0,0,4982070fceb832e31d5e30fb03a84954ccaa75a897ce5879a6b4f81a150e3
 CVE-2024-31851,0,0,ab4658af068ad1058f367d60d6c046977f3ab3864a10d3fc49f99432a80d6938,2024-04-05T18:15:09.953000
 CVE-2024-31852,0,0,0ee0023d5b34c1dac5fa2039f744500c40b254d8784a31e411708a273dd8e7b9,2024-04-05T15:15:08.270000
 CVE-2024-3202,0,0,c740eb561a7c1440cb5a8dd5eb2f94f0cce226529c05056c2f841e5a9fe9ca73,2024-04-03T12:38:04.840000
-CVE-2024-3203,0,1,50d63f401f7659abc3d4fe6662d0f1a519a0e385e123db03b5f1830a5a75ec57,2024-04-06T16:15:08.350000
-CVE-2024-3204,0,1,f0ecaa4cd894fa75e44a48d7dd9614c107f33ee3ea503e315d2394814a086ab4,2024-04-06T16:15:08.530000
+CVE-2024-3203,0,0,50d63f401f7659abc3d4fe6662d0f1a519a0e385e123db03b5f1830a5a75ec57,2024-04-06T16:15:08.350000
+CVE-2024-3204,0,0,f0ecaa4cd894fa75e44a48d7dd9614c107f33ee3ea503e315d2394814a086ab4,2024-04-06T16:15:08.530000
 CVE-2024-3205,0,0,b2f3ceb1bf38a09a954460b526a18eba5a5a22a0c7181b9f1de158755c6153d4,2024-04-03T12:38:04.840000
 CVE-2024-3207,0,0,5c9ae7819818cf69391317769652edafe7eb5058db1623e7c6299d6d13471791,2024-04-03T12:38:04.840000
 CVE-2024-3209,0,0,cbfab2641f7deaa26fa0bc09801c52aa5b55dcac193d132dc1556c423a22c65d,2024-04-06T03:15:07.983000
@ -244292,3 +244294,4 @@ CVE-2024-3369,0,0,7a39035754b68492641cb801e8701eeb86e1c475b1c8ae1891ee1f8aedb43b
 CVE-2024-3376,0,0,9009bf84f2f2acf8c6da092be580b37368b74d73874442305c15722269582997,2024-04-06T12:15:08.603000
 CVE-2024-3377,0,0,c094224cee8d924a29bc0a9702b2198278de47decc998b32b54a996076466234,2024-04-06T12:15:08.857000
 CVE-2024-3378,0,0,18603e1af81d7ddd6783ce6e71ce93149edac58389cc6209d2aa06899a476553,2024-04-06T13:15:12.473000
+CVE-2024-3413,1,1,e1d44a7f6ecaa59001e0c3b7293038f73b00022993d5cfe2b006c5f004dd07b4,2024-04-06T19:15:07.303000