From b9dcc5c1821ed90e03d29545202ecebbe2fbc5ad Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 20 May 2024 23:58:21 +0000 Subject: [PATCH] Auto-Update: 2024-05-20T23:55:29.980201+00:00 --- CVE-2024/CVE-2024-347xx/CVE-2024-34710.json | 59 +++++++++++++ CVE-2024/CVE-2024-49xx/CVE-2024-4985.json | 44 ++++++++++ CVE-2024/CVE-2024-51xx/CVE-2024-5145.json | 92 +++++++++++++++++++++ README.md | 20 ++--- _state.csv | 17 ++-- 5 files changed, 213 insertions(+), 19 deletions(-) create mode 100644 CVE-2024/CVE-2024-347xx/CVE-2024-34710.json create mode 100644 CVE-2024/CVE-2024-49xx/CVE-2024-4985.json create mode 100644 CVE-2024/CVE-2024-51xx/CVE-2024-5145.json diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34710.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34710.json new file mode 100644 index 00000000000..57b772997a0 --- /dev/null +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34710.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-34710", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-05-20T22:15:08.500", + "lastModified": "2024-05-20T22:15:08.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1336" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4985.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4985.json new file mode 100644 index 00000000000..1eed5e9280f --- /dev/null +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4985.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-4985", + "sourceIdentifier": "product-cna@github.com", + "published": "2024-05-20T22:15:08.727", + "lastModified": "2024-05-20T22:15:08.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "product-cna@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-303" + } + ] + } + ], + "references": [ + { + "url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.12", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.4", + "source": "product-cna@github.com" + }, + { + "url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.15", + "source": "product-cna@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5145.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5145.json new file mode 100644 index 00000000000..b8a626d8aba --- /dev/null +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5145.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-5145", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-20T23:15:08.533", + "lastModified": "2024-05-20T23:15:08.533", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265289 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/CveSecLook/cve/issues/38", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.265289", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.265289", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.339721", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index efd25fe9efb..e609cb6f9f3 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-20T22:00:30.187293+00:00 +2024-05-20T23:55:29.980201+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-20T21:15:09.990000+00:00 +2024-05-20T23:15:08.533000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -250876 +250879 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `3` -- [CVE-2024-33900](CVE-2024/CVE-2024-339xx/CVE-2024-33900.json) (`2024-05-20T21:15:09.177`) -- [CVE-2024-33901](CVE-2024/CVE-2024-339xx/CVE-2024-33901.json) (`2024-05-20T21:15:09.243`) -- [CVE-2024-35191](CVE-2024/CVE-2024-351xx/CVE-2024-35191.json) (`2024-05-20T21:15:09.307`) -- [CVE-2024-35192](CVE-2024/CVE-2024-351xx/CVE-2024-35192.json) (`2024-05-20T21:15:09.550`) -- [CVE-2024-35194](CVE-2024/CVE-2024-351xx/CVE-2024-35194.json) (`2024-05-20T21:15:09.773`) -- [CVE-2024-35195](CVE-2024/CVE-2024-351xx/CVE-2024-35195.json) (`2024-05-20T21:15:09.990`) +- [CVE-2024-34710](CVE-2024/CVE-2024-347xx/CVE-2024-34710.json) (`2024-05-20T22:15:08.500`) +- [CVE-2024-4985](CVE-2024/CVE-2024-49xx/CVE-2024-4985.json) (`2024-05-20T22:15:08.727`) +- [CVE-2024-5145](CVE-2024/CVE-2024-51xx/CVE-2024-5145.json) (`2024-05-20T23:15:08.533`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2019-20180](CVE-2019/CVE-2019-201xx/CVE-2019-20180.json) (`2024-05-20T21:15:08.827`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 7cc73bb5038..6d8505de8c5 100644 --- a/_state.csv +++ b/_state.csv @@ -137076,7 +137076,7 @@ CVE-2019-20176,0,0,119d4e137d19b3147bebb5f12cacdd3df688d102b05711091e1d0fdf4b011 CVE-2019-20178,0,0,f0742cf19222f81d609a3b4802cdb734b7ad73f74080d2124e95754262fa6a86,2023-11-07T03:08:40.090000 CVE-2019-20179,0,0,d184903ff51d6af8532bb7eedbe1337b6792d7fb2b734649090d1ff7cb4600bd,2023-11-07T03:08:40.150000 CVE-2019-2018,0,0,8e7de94004ce5aeb65fcd755bdea96ed2fbaf715a253f2bd9a9a49dc72d55f26,2020-08-24T17:37:01.140000 -CVE-2019-20180,0,1,46f84788396671dffc6f82fb348b1eb821b79caf25a751cce7d1e43c127e2ce7,2024-05-20T21:15:08.827000 +CVE-2019-20180,0,0,46f84788396671dffc6f82fb348b1eb821b79caf25a751cce7d1e43c127e2ce7,2024-05-20T21:15:08.827000 CVE-2019-20181,0,0,a962294bc94f45d4e7ced6d052a4960ff2a2c5ff7fbe324f918a57d49ce907d1,2023-11-07T03:08:40.277000 CVE-2019-20182,0,0,4b992830ce564e13dd461d8e339ca0c172e1d6e68d4d6e47c6d5ea934ee33639,2023-11-07T03:08:40.340000 CVE-2019-20183,0,0,41006a2836624d7a622c75f65686509fa9798ce30621a14f7fcb66ab1254c43e,2023-11-07T03:08:40.397000 @@ -249210,8 +249210,8 @@ CVE-2024-3388,0,0,9a13547aa29d2171bfe252870fb3dde44261a463a11a31d9062dc130e0f3c4 CVE-2024-33883,0,0,d21d8ca934661e52f0e44367a0fd9ba1bffeaf9f6f5050d38db197cfeb832973,2024-04-29T12:42:03.667000 CVE-2024-33891,0,0,dbfd0a46c344c55dc0dc7b94e4bd09b3968a700bb28b10a9c34051909c1cf008,2024-04-29T12:42:03.667000 CVE-2024-33899,0,0,3953877290e7ea59299fc2e6fd3641cdc5f0dd0a60947ca4a9fd862e9c59d70e,2024-04-29T12:42:03.667000 -CVE-2024-33900,1,1,8cbc6afee3f3bf0be10864103df9daa85f7657fddf3822bcf0ba2459d05ee94b,2024-05-20T21:15:09.177000 -CVE-2024-33901,1,1,b14d67142bf430998d05d13984477b69852654e5ebfd2667061f027427e474fd,2024-05-20T21:15:09.243000 +CVE-2024-33900,0,0,8cbc6afee3f3bf0be10864103df9daa85f7657fddf3822bcf0ba2459d05ee94b,2024-05-20T21:15:09.177000 +CVE-2024-33901,0,0,b14d67142bf430998d05d13984477b69852654e5ebfd2667061f027427e474fd,2024-05-20T21:15:09.243000 CVE-2024-33903,0,0,d2659cb95032f4bf4e82ec7ebb3e3a955a9eb80acf170b021644b79abb230380,2024-04-29T12:42:03.667000 CVE-2024-33904,0,0,4e23880abf5747270fb682428cdb1c8d9da3ad9f2ae0530104035f429e5a2c50,2024-04-29T12:42:03.667000 CVE-2024-33905,0,0,4f2af541fd9603df50f92dd094e460dd4dcee3f568c1f2af9533e6ef2f5fb1b0,2024-05-01T18:15:24.390000 @@ -249593,6 +249593,7 @@ CVE-2024-34707,0,0,4ed4d85a391d834d7fb079efda0834353a1979685e57868a3cb454f56a739 CVE-2024-34708,0,0,50ae7ddc2e75e3cdce67dd59d0961391cf6e2a4b57c62edc7a621111d8513880,2024-05-14T16:12:23.490000 CVE-2024-34709,0,0,06ef108f024a9984841f3f127183d5734c022052a25b089dea508889fcf5f5e7,2024-05-14T16:12:23.490000 CVE-2024-3471,0,0,54767cbf563c0be6df0476fd4d8642a65d7e71e0c7bed8d9d2a79519c6ab070f,2024-05-02T13:27:25.103000 +CVE-2024-34710,1,1,5dc4665d60f068782e169ed16e4b5aeed2aca25ab0ab03aa4614a987dea76645,2024-05-20T22:15:08.500000 CVE-2024-34712,0,0,40b56468c6b0e23be2aec8e055821c01815577c206a3bde1e73f06a6cae6bcb3,2024-05-14T19:17:55.627000 CVE-2024-34713,0,0,71c068cea1357926b6436f81cbdf6c8a79fd8b732c917dfd0c04a9555e362968,2024-05-14T19:17:55.627000 CVE-2024-34714,0,0,a16faa7f57b02979f0d9baa24210a39fe199236a17b9a6c8ee9e34ebead52447,2024-05-14T19:17:55.627000 @@ -249712,10 +249713,10 @@ CVE-2024-35184,0,0,b9e43a79a8d3cf5f3dc97bfbc13e9d1e865d4c1cbd767526b45c719d87ddd CVE-2024-35185,0,0,9566de12a112578d6f544cd49512e0fec5a478c1209019c8a894392a85ee7161,2024-05-17T18:36:31.297000 CVE-2024-35187,0,0,e540e1bc620ba80ad5fa80f7d3263a6e3207bc8224e5eb747cca071b3bd90ce6,2024-05-17T18:36:31.297000 CVE-2024-35190,0,0,df7331f94dde17b6fe9caf5aceb08176ef5d062bd31daf4fd79d8cfe540794ae,2024-05-17T18:35:35.070000 -CVE-2024-35191,1,1,3fea625f0f16665d25f87c7c16f9d8cab824ad7cfe77d4057d035c38f2b00424,2024-05-20T21:15:09.307000 -CVE-2024-35192,1,1,afc551a53865ea35750cf87859d26c473f70804fe12f089bd78ff2c0b31a95a2,2024-05-20T21:15:09.550000 -CVE-2024-35194,1,1,b7f6bdf6baf26167ef80f1f1aa25b6ca57578dbc17f9023e78bb78772baa20b9,2024-05-20T21:15:09.773000 -CVE-2024-35195,1,1,cc1ea11b9334e63a9a93d27b1f4942a9ae7fafcc7165816bd0ec3c38eaa5d2e6,2024-05-20T21:15:09.990000 +CVE-2024-35191,0,0,3fea625f0f16665d25f87c7c16f9d8cab824ad7cfe77d4057d035c38f2b00424,2024-05-20T21:15:09.307000 +CVE-2024-35192,0,0,afc551a53865ea35750cf87859d26c473f70804fe12f089bd78ff2c0b31a95a2,2024-05-20T21:15:09.550000 +CVE-2024-35194,0,0,b7f6bdf6baf26167ef80f1f1aa25b6ca57578dbc17f9023e78bb78772baa20b9,2024-05-20T21:15:09.773000 +CVE-2024-35195,0,0,cc1ea11b9334e63a9a93d27b1f4942a9ae7fafcc7165816bd0ec3c38eaa5d2e6,2024-05-20T21:15:09.990000 CVE-2024-3520,0,0,f6428e86e9ec472cba9c3c5754043cb34202461d79bcb1fa1b6a365d8347f93e,2024-05-02T18:00:37.360000 CVE-2024-35204,0,0,e1a61e5fa740b8d773028d5010a8e42a433a924bdea5e26108812aad66d1c249,2024-05-16T20:15:09.910000 CVE-2024-35205,0,0,e759b9359595ebaf333ccada053519f187d3d1cfddc6ef72f21bfd74e59fe204,2024-05-14T16:11:39.510000 @@ -250815,6 +250816,7 @@ CVE-2024-4974,0,0,30c18840d61a7da1f6d082016a110f1f3e155cb69a321c5f3011e04a781ace CVE-2024-4975,0,0,09924b0fbe93d87fd37542372e09ae669637640cc2222ca882fa05e7d37dfb27,2024-05-17T02:40:45.073000 CVE-2024-4976,0,0,cec1c528b9c81bb2353d630af7aeaeed80f8c396bb33272f9e3c075fa645e3ec,2024-05-16T13:03:05.353000 CVE-2024-4984,0,0,c181b2792419ab292757f17fa7ed54efe54e64b1f0d7a8e32f201040654607f4,2024-05-16T13:03:05.353000 +CVE-2024-4985,1,1,bc448e1bde699518577a6998209a5a0146da6fb11a5b9b2f9d4aabb1f818fd6f,2024-05-20T22:15:08.727000 CVE-2024-4991,0,0,180b9ed28c0cce46df550147eebf5773d3a2c46d3490c6ab8f019084050e5a01,2024-05-16T13:03:05.353000 CVE-2024-4992,0,0,504a91a45451c38d9b5beed8f2c88cac747dfe187af29754ed23c5e483929557,2024-05-16T13:03:05.353000 CVE-2024-4993,0,0,54558f9e3463a1500143cda3bf9ee67127625c6afa1872d34f1d786cf2569f73,2024-05-16T13:03:05.353000 @@ -250875,3 +250877,4 @@ CVE-2024-5134,0,0,44a789f42f5a3c13ba63d82e5081c6abc6a3d25c1481cb7c53cfc6c6e78700 CVE-2024-5135,0,0,68cf9bdf9dec0a96d7d353e92a3ea23735e4dfab71f12aba03f45faad350b446,2024-05-20T13:00:04.957000 CVE-2024-5136,0,0,7e1453b58a6b8cdb889318a17e467bc4887e911147f2bbd5898eefe5c0fc0fa9,2024-05-20T13:00:04.957000 CVE-2024-5137,0,0,9ef636c571a0277ac03884ccb19a37de0ac2ceab7c0195ff8a91e587e734c012,2024-05-20T13:00:04.957000 +CVE-2024-5145,1,1,c53440da82a6dd0eb446d498465c5990d294584701f1510d2f50eecfd1574c85,2024-05-20T23:15:08.533000