diff --git a/CVE-2024/CVE-2024-129xx/CVE-2024-12976.json b/CVE-2024/CVE-2024-129xx/CVE-2024-12976.json new file mode 100644 index 00000000000..0cad4bc555f --- /dev/null +++ b/CVE-2024/CVE-2024-129xx/CVE-2024-12976.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-12976", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-27T02:15:06.063", + "lastModified": "2024-12-27T02:15:06.063", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 7.3, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "baseScore": 7.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/nexus-wkx/CVE/blob/main/SQL_Injection_in_Hospital_Management_System.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289352", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289352", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.469072", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-129xx/CVE-2024-12977.json b/CVE-2024/CVE-2024-129xx/CVE-2024-12977.json new file mode 100644 index 00000000000..3f99eab403f --- /dev/null +++ b/CVE-2024/CVE-2024-129xx/CVE-2024-12977.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-12977", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-12-27T02:15:07.130", + "lastModified": "2024-12-27T02:15:07.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/AngrySheep2003/cve/blob/main/Complaint_Management_System_SQL_Injection.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://phpgurukul.com/", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.289353", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.289353", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.469112", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9774.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9774.json new file mode 100644 index 00000000000..da5f591c1e5 --- /dev/null +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9774.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-9774", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-12-27T02:15:07.330", + "lastModified": "2024-12-27T02:15:07.330", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in python-sql where unary operators do not escape non-Expression." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-150" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.tryton.org/t/security-release-for-issue-93/7889/3", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 8767e41bf29..0c07772c709 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-12-27T00:55:34.405816+00:00 +2024-12-27T03:00:19.338538+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-12-26T23:15:05.600000+00:00 +2024-12-27T02:15:07.330000+00:00 ``` ### Last Data Feed Release @@ -27,20 +27,22 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-12-26T01:00:04.350766+00:00 +2024-12-27T01:00:04.363374+00:00 ``` ### Total Number of included CVEs ```plain -274740 +274743 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `3` -- [CVE-2024-12969](CVE-2024/CVE-2024-129xx/CVE-2024-12969.json) (`2024-12-26T23:15:05.600`) +- [CVE-2024-12976](CVE-2024/CVE-2024-129xx/CVE-2024-12976.json) (`2024-12-27T02:15:06.063`) +- [CVE-2024-12977](CVE-2024/CVE-2024-129xx/CVE-2024-12977.json) (`2024-12-27T02:15:07.130`) +- [CVE-2024-9774](CVE-2024/CVE-2024-97xx/CVE-2024-9774.json) (`2024-12-27T02:15:07.330`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index ce62fe0a54e..84a1fbc0c25 100644 --- a/_state.csv +++ b/_state.csv @@ -245173,8 +245173,10 @@ CVE-2024-12965,0,0,ce7b99ccf57741b4ca7153da6eb6faefd0fc5ac81511f5a9ad11acfa14fa0 CVE-2024-12966,0,0,70d7d7aad73b28a1ad6fe1b4eb93c5d5133f134b0d4fa7792f0c14ad4f8a9f80,2024-12-26T21:15:06.570000 CVE-2024-12967,0,0,ba8cde12b66bcb16be5a127b6d62440c1ec18d2d86c570d4e17758238dcb37d5,2024-12-26T22:15:09.487000 CVE-2024-12968,0,0,98eff8f6392edea4f7cae0c974800d088e75e03d5974ef7539a1b2768d28bdb1,2024-12-26T22:15:11.557000 -CVE-2024-12969,1,1,4bbcd7139cc2c7f1babb3318390dc8531852894fa6d58b398e8d066bcc3c9352,2024-12-26T23:15:05.600000 +CVE-2024-12969,0,0,4bbcd7139cc2c7f1babb3318390dc8531852894fa6d58b398e8d066bcc3c9352,2024-12-26T23:15:05.600000 CVE-2024-1297,0,0,0d9e22e56ecef1715a16e9d7809dba48ba55def0e741f79f7098027ea7ebc7ff,2024-11-21T08:50:15.770000 +CVE-2024-12976,1,1,881e367356f5af137bfa0b6f42d2733b95c2606d7a1d6ffba9137fbc1ec6d825,2024-12-27T02:15:06.063000 +CVE-2024-12977,1,1,e0c792ee9d7dc7bc23cebbcafeadddd9c49d7359d6ea51dd9e4880db7f1cc233,2024-12-27T02:15:07.130000 CVE-2024-1298,0,0,04246e35362f6f4b760051526529d0b042d99f56b78c06a26d303553264d4594,2024-11-21T08:50:15.890000 CVE-2024-1299,0,0,c7f245e662ec35ddd87c48ae29ff03e74531f9ba7973bf15293ed4e82f111599,2024-12-11T20:23:27.497000 CVE-2024-1300,0,0,1449d51d635587092ee7e467b53bae80464f92cc07a6bda2595172832d29c1e4,2024-11-25T03:15:10.053000 @@ -274543,6 +274545,7 @@ CVE-2024-9767,0,0,80d36f7190a9ee1712fc0bac7af287f8aeae0caf94e9c8386dc03bfd7eb71f CVE-2024-9768,0,0,904cffc60d5e826fadde1f9279bf1637d0038b817b76c6a013f678cc172cfc96,2024-11-26T17:14:14.327000 CVE-2024-9769,0,0,c2696bf31f1ba7076083554371447a32b4e26b069c06f2ff37292495919c4490,2024-12-06T04:15:05.200000 CVE-2024-9772,0,0,00de6e2212e38deec5d85dcbb0fb26ecbb8065a78c6c2a56178e317ffc908e8d,2024-11-25T20:03:01.613000 +CVE-2024-9774,1,1,0377867bd7cdf29d78185f6164e0cd6bb0007aefa1638d3ea2b693b781e7f7f0,2024-12-27T02:15:07.330000 CVE-2024-9775,0,0,67011f9891bd518291e230fce5bb1e646dc07c3ccf350d707077824dc265951b,2024-11-26T01:45:57.317000 CVE-2024-9776,0,0,691b7d4a970bfdfe6f45a48f305ac12244ac4e899e8a5e612ebd4c9c1703b9b5,2024-11-25T18:45:54.377000 CVE-2024-9777,0,0,93ee86692c4d166322b2f54769a2de3ae116ef1efe45b8b5542abe4611d31128,2024-11-29T20:57:53.423000