Auto-Update: 2024-10-21T06:00:20.383271+00:00

2025-05-07 11:07:05 +00:00 · 2024-10-21 06:03:21 +00:00 · 2024-10-21 06:03:21 +00:00 · a7d9c73f17
commit a7d9c73f17
parent f4283c30aa
5 changed files with 192 additions and 9 deletions
--- a/CVE-2024/CVE-2024-102xx/CVE-2024-10200.json
+++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10200.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-10200",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-10-21T04:15:02.513",
+  "lastModified": "2024-10-21T04:15:02.513",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Administrative Management System from Wellchoose has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to download arbitrary files on the server."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-23"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8158-dadbc-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8159-0f7a2-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-102xx/CVE-2024-10201.json
+++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10201.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-10201",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-10-21T04:15:02.893",
+  "lastModified": "2024-10-21T04:15:02.893",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Administrative Management System from Wellchoose does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8161-b8a6d-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8160-756b6-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-102xx/CVE-2024-10202.json
+++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10202.json
@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-10202",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-10-21T04:15:03.900",
+  "lastModified": "2024-10-21T04:15:03.900",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Administrative Management System from Wellchoose has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-8163-b701e-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-8162-dc491-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-10-21T04:00:17.602746+00:00
+2024-10-21T06:00:20.383271+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-10-21T02:15:02.680000+00:00
+2024-10-21T04:15:03.900000+00:00
 ```

 ### Last Data Feed Release
@ -33,16 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-266245
+266248
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `3`

- [CVE-2024-10198](CVE-2024/CVE-2024-101xx/CVE-2024-10198.json) (`2024-10-21T02:15:02.133`)
- [CVE-2024-10199](CVE-2024/CVE-2024-101xx/CVE-2024-10199.json) (`2024-10-21T02:15:02.403`)
- [CVE-2024-43689](CVE-2024/CVE-2024-436xx/CVE-2024-43689.json) (`2024-10-21T02:15:02.680`)
+- [CVE-2024-10200](CVE-2024/CVE-2024-102xx/CVE-2024-10200.json) (`2024-10-21T04:15:02.513`)
+- [CVE-2024-10201](CVE-2024/CVE-2024-102xx/CVE-2024-10201.json) (`2024-10-21T04:15:02.893`)
+- [CVE-2024-10202](CVE-2024/CVE-2024-102xx/CVE-2024-10202.json) (`2024-10-21T04:15:03.900`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -242315,9 +242315,12 @@ CVE-2024-10194,0,0,01d2cafbf34c62e6f1147d9592057704a8ba426a02b5123a102e0bc34f4d9
 CVE-2024-10195,0,0,ed593f10b27233229e70d7006e552e63b4bf846b117fb3ae7173871eb91ce5c3,2024-10-20T09:15:02.393000
 CVE-2024-10196,0,0,ee1cf86004a08bc66a40ce7fab7cd92b4df29cd21692f664a994fb9ea341a0bc,2024-10-21T01:15:02.230000
 CVE-2024-10197,0,0,0f4c7b0f1324f1028f59c6eea75b7680e53d8c2cba987b1b9d71fb6f14bbecae,2024-10-21T01:15:02.687000
-CVE-2024-10198,1,1,e50ec102560503824c1906a6ce9e160e44334b56699bcb1ddd7e7a8fc8253c03,2024-10-21T02:15:02.133000
-CVE-2024-10199,1,1,e0c59945948bc46b98115fe8189e2d8c5ee7ae03f6b32f5e7c36095a253b5217,2024-10-21T02:15:02.403000
+CVE-2024-10198,0,0,e50ec102560503824c1906a6ce9e160e44334b56699bcb1ddd7e7a8fc8253c03,2024-10-21T02:15:02.133000
+CVE-2024-10199,0,0,e0c59945948bc46b98115fe8189e2d8c5ee7ae03f6b32f5e7c36095a253b5217,2024-10-21T02:15:02.403000
 CVE-2024-1020,0,0,d848db5207b830f092dac5463c394c0f65f6423556f55d15e70d177c797c2de1,2024-05-17T02:35:10.867000
+CVE-2024-10200,1,1,8a0a5449263ceb6d99052019049485c29def119be58a456e70ed636c534defde,2024-10-21T04:15:02.513000
+CVE-2024-10201,1,1,0268e5b8055cd4f9391da1f46cdf30de5d78d63eea8f3d57c03ade7c051060ac,2024-10-21T04:15:02.893000
+CVE-2024-10202,1,1,5976aed508a7dac4042f88f75913f32bf73c23fea0278b2e8d75d8199f94ef6f,2024-10-21T04:15:03.900000
 CVE-2024-1021,0,0,89180a6ed9705fc79d8d8a15633a1cfe9e27adac2a4a623501249d49427826d0,2024-05-17T02:35:10.970000
 CVE-2024-1022,0,0,f42eaa1b302319f7e3148377e0522c31bf6c16d407215c446c1d3f1b55b4debd,2024-05-17T02:35:11.070000
 CVE-2024-1023,0,0,8d9bd157d13575cb2f7284ebb3a2797f2b531ebc1f530e248b6a4889677c4116,2024-07-25T21:15:10.280000
@ -259905,7 +259908,7 @@ CVE-2024-43685,0,0,a89a9c99e0124da64988793c53f10ebfe259e8367a37913b86ec873ac50d0
 CVE-2024-43686,0,0,57da9b9a959d579b6b38566543c182c3ea32961f0f4f75db16d108202427ec80,2024-10-16T19:20:57.230000
 CVE-2024-43687,0,0,2d688f9009e177644291437898c6abc2a42e1449965d5242ebc6bc49d96ae3d9,2024-10-16T19:28:09.177000
 CVE-2024-43688,0,0,f39d1b1cd29869db949f77b65b174936ed5c42e4fb24c070ceb5bc7ef518b2eb,2024-08-26T14:35:06.680000
-CVE-2024-43689,1,1,314ab1e8c87cc3233d04bfb1f55a1185312f7fc476617d6b92cd42393922b9c8,2024-10-21T02:15:02.680000
+CVE-2024-43689,0,0,314ab1e8c87cc3233d04bfb1f55a1185312f7fc476617d6b92cd42393922b9c8,2024-10-21T02:15:02.680000
 CVE-2024-4369,0,0,9bcc319f475d5802b53d6dedcfa6ead4761cbf7c42adde8daf6f3ff8c0c17af2,2024-06-19T18:15:11.820000
 CVE-2024-43690,0,0,d9d35b70595ee9d0c288460e486611e2e8293b6f0702f7c86364e442cd6413d7,2024-09-11T16:26:11.920000
 CVE-2024-43692,0,0,dd90c0c7ec0961e33104688c3a64f24371b069eba59a503241b07b01ecbb28f7,2024-10-01T16:22:38.197000