diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4692.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4692.json index 653669ab953..e08015384b0 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4692.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4692.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4692", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-25T18:17:41.743", - "lastModified": "2024-04-23T02:15:47.930", + "lastModified": "2024-04-29T03:15:09.310", "vulnStatus": "Modified", "descriptions": [ { @@ -142,6 +142,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/", + "source": "secalert@redhat.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-46xx/CVE-2023-4693.json b/CVE-2023/CVE-2023-46xx/CVE-2023-4693.json index 400b2821cf5..0b724731854 100644 --- a/CVE-2023/CVE-2023-46xx/CVE-2023-4693.json +++ b/CVE-2023/CVE-2023-46xx/CVE-2023-4693.json @@ -2,7 +2,7 @@ "id": "CVE-2023-4693", "sourceIdentifier": "secalert@redhat.com", "published": "2023-10-25T18:17:41.817", - "lastModified": "2024-04-23T02:15:48.087", + "lastModified": "2024-04-29T03:15:09.480", "vulnStatus": "Modified", "descriptions": [ { @@ -142,6 +142,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUU42E7CPYLATXOYVYNW6YTXXULAOV6L/", + "source": "secalert@redhat.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OIRJ5UZRXX2KLR4IKBJEQUNGOCXMMDLY/", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4296.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4296.json new file mode 100644 index 00000000000..e9e23dfd753 --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4296.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-4296", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-04-29T02:15:06.153", + "lastModified": "2024-04-29T02:15:06.153", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7765-49906-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4297.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4297.json new file mode 100644 index 00000000000..8f1cc64a74f --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4297.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-4297", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-04-29T03:15:09.613", + "lastModified": "2024-04-29T03:15:09.613", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7767-ce3b4-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4298.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4298.json new file mode 100644 index 00000000000..f535a35ca8b --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4298.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-4298", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-04-29T03:15:09.810", + "lastModified": "2024-04-29T03:15:09.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability for Command Injection attacks, enabling execution of arbitrary system commands." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7769-0773a-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 849505d1bf5..bfc9449719f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-29T02:00:29.792519+00:00 +2024-04-29T04:00:38.623922+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-29T01:15:09.600000+00:00 +2024-04-29T03:15:09.810000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -247017 +247020 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `3` -- [CVE-2024-33899](CVE-2024/CVE-2024-338xx/CVE-2024-33899.json) (`2024-04-29T00:15:07.773`) -- [CVE-2024-33903](CVE-2024/CVE-2024-339xx/CVE-2024-33903.json) (`2024-04-29T01:15:09.600`) +- [CVE-2024-4296](CVE-2024/CVE-2024-42xx/CVE-2024-4296.json) (`2024-04-29T02:15:06.153`) +- [CVE-2024-4297](CVE-2024/CVE-2024-42xx/CVE-2024-4297.json) (`2024-04-29T03:15:09.613`) +- [CVE-2024-4298](CVE-2024/CVE-2024-42xx/CVE-2024-4298.json) (`2024-04-29T03:15:09.810`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `2` +- [CVE-2023-4692](CVE-2023/CVE-2023-46xx/CVE-2023-4692.json) (`2024-04-29T03:15:09.310`) +- [CVE-2023-4693](CVE-2023/CVE-2023-46xx/CVE-2023-4693.json) (`2024-04-29T03:15:09.480`) ## Download and Usage diff --git a/_state.csv b/_state.csv index b4307e56f2f..c7e094d150a 100644 --- a/_state.csv +++ b/_state.csv @@ -233076,12 +233076,12 @@ CVE-2023-46914,0,0,c59adb74e4c80e2986f7cbf12bded831271a227b08fb4bcf358c8a2151c16 CVE-2023-46916,0,0,807dec74b0b6302aa78a9b1a564deb8dae9da79985c10fc5f40f549edd1dd100,2023-12-12T17:03:51.163000 CVE-2023-46918,0,0,778a5b7a17f93ea048ea10d26e5870dcbb0e2ebfe6cf90309ef7420272b8cd33,2024-01-05T17:24:42.153000 CVE-2023-46919,0,0,483dbc1ac50d3d8abd2c60ae86d8ddee9660e752ace819201c59dbd8b27520f8,2024-01-05T18:35:20.857000 -CVE-2023-4692,0,0,4919df09aaeba176a6a4d69eb6bf676cb10380d8f70c7df8edb44fee6e74612e,2024-04-23T02:15:47.930000 +CVE-2023-4692,0,1,344b4a37980672b8486b75cfa0bdde80fee355883a269351c89e3b8757112e72,2024-04-29T03:15:09.310000 CVE-2023-46925,0,0,474049e6d20eb13bc575b65561ef84204e608a738f0064cb996ff655202f4db6,2023-11-09T17:46:52.517000 CVE-2023-46927,0,0,456f3b68c111783341a61120a7d7e73c89200952dbed58aeb4bf5bca9eb4478b,2023-11-08T19:35:56.783000 CVE-2023-46928,0,0,dbfacac533f97d8c2bde499ce6922d40d78d9f3b0bb57ad0be92dbe4894d1239,2023-11-08T19:31:58.797000 CVE-2023-46929,0,0,4b9a36b63210b5bf3fec4e65cc498ed3b2577a322d91bc8ef6e07cb6de32caa5,2024-01-10T19:26:28.647000 -CVE-2023-4693,0,0,b26f9a8fb4f44cbe84dbf174637055152d70cce8df279438b32a59b91e36e271,2024-04-23T02:15:48.087000 +CVE-2023-4693,0,1,0ef623ea51d2cff073a3080052a5b3e580de738e9c70e2deea304a44415b6e9f,2024-04-29T03:15:09.480000 CVE-2023-46930,0,0,443982cf4f9c9d9211b72c7a5eeec2189c4d88d6928a4ab3098294f9b9d79991,2023-11-08T19:41:01.493000 CVE-2023-46931,0,0,dc0c5aeb658231ecdb137544de7e966d78b050885917a9eabad5feda7e19db03,2023-11-08T19:36:49.673000 CVE-2023-46932,0,0,1e42f5d6f78dc1da5f70ec6553388859dad53ed5da3358f8c3a1cfe520573e36,2023-12-12T22:32:26.197000 @@ -246687,8 +246687,8 @@ CVE-2024-3387,0,0,59a783d7f5a632f1312dc02ccd745e7c758f93e478c4554a0dbc9aba27d256 CVE-2024-3388,0,0,9a13547aa29d2171bfe252870fb3dde44261a463a11a31d9062dc130e0f3c4f3,2024-04-10T19:49:51.183000 CVE-2024-33883,0,0,3b17b48394bf62744fbd468bf457ba6f01138ca86f08a667646ea9846d188bb5,2024-04-28T16:15:23.233000 CVE-2024-33891,0,0,4d067bbdb453306352bedaf699cdd4319a93f8f140e1ffcfce72980a6fa91b2e,2024-04-28T23:15:07.200000 -CVE-2024-33899,1,1,83c5c675381e020685b43fd536d5112506568fc46560c71323f3b12b51ed8097,2024-04-29T00:15:07.773000 -CVE-2024-33903,1,1,d96c3db96f0e438997e300c2112a3a0d050aa12880229d964d5b557d89ba9aa1,2024-04-29T01:15:09.600000 +CVE-2024-33899,0,0,83c5c675381e020685b43fd536d5112506568fc46560c71323f3b12b51ed8097,2024-04-29T00:15:07.773000 +CVE-2024-33903,0,0,d96c3db96f0e438997e300c2112a3a0d050aa12880229d964d5b557d89ba9aa1,2024-04-29T01:15:09.600000 CVE-2024-3400,0,0,5bb68c1f741d7492d6e3e08b6f1711eb6e28a4a827bd2f3f354ccd1b7a47a1fe,2024-04-23T19:57:25.207000 CVE-2024-3413,0,0,7c0263f5aa26015f580f259b17ac76e3fb232807ce6eb6b3e0fa4a42d34def58,2024-04-11T01:26:00.727000 CVE-2024-3414,0,0,fcf8b2012e3dcab7048965e9d40e8c26f25a86217cc70e6c24a2ae712b119943,2024-04-11T01:26:00.803000 @@ -247016,3 +247016,6 @@ CVE-2024-4291,0,0,2865a121351ebb56160fcf65d7e9586ac99e0ff8d6036dc46e718a2eabc1d3 CVE-2024-4292,0,0,f35115db4ed64c24607ced52e93cbcd1c5148fc71f3b2566211f6e6c34c15f40,2024-04-27T21:15:47.453000 CVE-2024-4293,0,0,0728359e5c83609717b6c30efe8cad67c03c56d671ce2adc06f7d27fb0c3ea84,2024-04-27T22:15:08.110000 CVE-2024-4294,0,0,acd8c525c0dbd05d938d9cfd91b4f84bb2cd9884ab996901732c285a16449adb,2024-04-27T23:15:06.470000 +CVE-2024-4296,1,1,c1d96940ea7b43530c90e361026a1465dd23d6cea465eae6b4e8fab350dd5200,2024-04-29T02:15:06.153000 +CVE-2024-4297,1,1,beec816d4a0b36417a8c7e4d11aae9631f4c8663ea5a064622665d3b052214e9,2024-04-29T03:15:09.613000 +CVE-2024-4298,1,1,f9266dd2ad13ca247a2df7083a82f45a12f2423c014a4332f080e78d4a30747d,2024-04-29T03:15:09.810000