Auto-Update: 2024-05-20T23:55:29.980201+00:00

This commit is contained in:
cad-safe-bot 2024-05-20 23:58:21 +00:00
parent e212910b36
commit b9dcc5c182
5 changed files with 213 additions and 19 deletions

View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-34710",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-20T22:15:08.500",
"lastModified": "2024-05-20T22:15:08.500",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execute once a victim loads the page that contains the payload. This was possible through the injection of a invalid HTML tag with a template injection payload on the next line. This vulnerability is fixed in 2.5.303.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1336"
}
]
}
],
"references": [
{
"url": "https://github.com/requarks/wiki/commit/1238d614e1599fefadd4614ee4b5797a087f50ac",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/requarks/wiki/security/advisories/GHSA-xjcj-p2qv-q3rf",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-4985",
"sourceIdentifier": "product-cna@github.com",
"published": "2024-05-20T22:15:08.727",
"lastModified": "2024-05-20T22:15:08.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulnerability allowed an attacker to forge a SAML response to provision and/or gain access to a user with site administrator privileges. Exploitation of this vulnerability would allow unauthorized access to the instance without requiring prior authentication. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13.0 and was fixed in versions 3.9.15, 3.10.12, 3.11.10 and 3.12.4. This vulnerability was reported via the GitHub Bug Bounty program."
}
],
"metrics": {},
"weaknesses": [
{
"source": "product-cna@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-303"
}
]
}
],
"references": [
{
"url": "https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.12",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.4",
"source": "product-cna@github.com"
},
{
"url": "https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.15",
"source": "product-cna@github.com"
}
]
}

View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-5145",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-20T23:15:08.533",
"lastModified": "2024-05-20T23:15:08.533",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-265289 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/CveSecLook/cve/issues/38",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.265289",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.265289",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.339721",
"source": "cna@vuldb.com"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-05-20T22:00:30.187293+00:00
2024-05-20T23:55:29.980201+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-05-20T21:15:09.990000+00:00
2024-05-20T23:15:08.533000+00:00
```
### Last Data Feed Release
@ -33,26 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
250876
250879
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `3`
- [CVE-2024-33900](CVE-2024/CVE-2024-339xx/CVE-2024-33900.json) (`2024-05-20T21:15:09.177`)
- [CVE-2024-33901](CVE-2024/CVE-2024-339xx/CVE-2024-33901.json) (`2024-05-20T21:15:09.243`)
- [CVE-2024-35191](CVE-2024/CVE-2024-351xx/CVE-2024-35191.json) (`2024-05-20T21:15:09.307`)
- [CVE-2024-35192](CVE-2024/CVE-2024-351xx/CVE-2024-35192.json) (`2024-05-20T21:15:09.550`)
- [CVE-2024-35194](CVE-2024/CVE-2024-351xx/CVE-2024-35194.json) (`2024-05-20T21:15:09.773`)
- [CVE-2024-35195](CVE-2024/CVE-2024-351xx/CVE-2024-35195.json) (`2024-05-20T21:15:09.990`)
- [CVE-2024-34710](CVE-2024/CVE-2024-347xx/CVE-2024-34710.json) (`2024-05-20T22:15:08.500`)
- [CVE-2024-4985](CVE-2024/CVE-2024-49xx/CVE-2024-4985.json) (`2024-05-20T22:15:08.727`)
- [CVE-2024-5145](CVE-2024/CVE-2024-51xx/CVE-2024-5145.json) (`2024-05-20T23:15:08.533`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `0`
- [CVE-2019-20180](CVE-2019/CVE-2019-201xx/CVE-2019-20180.json) (`2024-05-20T21:15:08.827`)
## Download and Usage

View File

@ -137076,7 +137076,7 @@ CVE-2019-20176,0,0,119d4e137d19b3147bebb5f12cacdd3df688d102b05711091e1d0fdf4b011
CVE-2019-20178,0,0,f0742cf19222f81d609a3b4802cdb734b7ad73f74080d2124e95754262fa6a86,2023-11-07T03:08:40.090000
CVE-2019-20179,0,0,d184903ff51d6af8532bb7eedbe1337b6792d7fb2b734649090d1ff7cb4600bd,2023-11-07T03:08:40.150000
CVE-2019-2018,0,0,8e7de94004ce5aeb65fcd755bdea96ed2fbaf715a253f2bd9a9a49dc72d55f26,2020-08-24T17:37:01.140000
CVE-2019-20180,0,1,46f84788396671dffc6f82fb348b1eb821b79caf25a751cce7d1e43c127e2ce7,2024-05-20T21:15:08.827000
CVE-2019-20180,0,0,46f84788396671dffc6f82fb348b1eb821b79caf25a751cce7d1e43c127e2ce7,2024-05-20T21:15:08.827000
CVE-2019-20181,0,0,a962294bc94f45d4e7ced6d052a4960ff2a2c5ff7fbe324f918a57d49ce907d1,2023-11-07T03:08:40.277000
CVE-2019-20182,0,0,4b992830ce564e13dd461d8e339ca0c172e1d6e68d4d6e47c6d5ea934ee33639,2023-11-07T03:08:40.340000
CVE-2019-20183,0,0,41006a2836624d7a622c75f65686509fa9798ce30621a14f7fcb66ab1254c43e,2023-11-07T03:08:40.397000
@ -249210,8 +249210,8 @@ CVE-2024-3388,0,0,9a13547aa29d2171bfe252870fb3dde44261a463a11a31d9062dc130e0f3c4
CVE-2024-33883,0,0,d21d8ca934661e52f0e44367a0fd9ba1bffeaf9f6f5050d38db197cfeb832973,2024-04-29T12:42:03.667000
CVE-2024-33891,0,0,dbfd0a46c344c55dc0dc7b94e4bd09b3968a700bb28b10a9c34051909c1cf008,2024-04-29T12:42:03.667000
CVE-2024-33899,0,0,3953877290e7ea59299fc2e6fd3641cdc5f0dd0a60947ca4a9fd862e9c59d70e,2024-04-29T12:42:03.667000
CVE-2024-33900,1,1,8cbc6afee3f3bf0be10864103df9daa85f7657fddf3822bcf0ba2459d05ee94b,2024-05-20T21:15:09.177000
CVE-2024-33901,1,1,b14d67142bf430998d05d13984477b69852654e5ebfd2667061f027427e474fd,2024-05-20T21:15:09.243000
CVE-2024-33900,0,0,8cbc6afee3f3bf0be10864103df9daa85f7657fddf3822bcf0ba2459d05ee94b,2024-05-20T21:15:09.177000
CVE-2024-33901,0,0,b14d67142bf430998d05d13984477b69852654e5ebfd2667061f027427e474fd,2024-05-20T21:15:09.243000
CVE-2024-33903,0,0,d2659cb95032f4bf4e82ec7ebb3e3a955a9eb80acf170b021644b79abb230380,2024-04-29T12:42:03.667000
CVE-2024-33904,0,0,4e23880abf5747270fb682428cdb1c8d9da3ad9f2ae0530104035f429e5a2c50,2024-04-29T12:42:03.667000
CVE-2024-33905,0,0,4f2af541fd9603df50f92dd094e460dd4dcee3f568c1f2af9533e6ef2f5fb1b0,2024-05-01T18:15:24.390000
@ -249593,6 +249593,7 @@ CVE-2024-34707,0,0,4ed4d85a391d834d7fb079efda0834353a1979685e57868a3cb454f56a739
CVE-2024-34708,0,0,50ae7ddc2e75e3cdce67dd59d0961391cf6e2a4b57c62edc7a621111d8513880,2024-05-14T16:12:23.490000
CVE-2024-34709,0,0,06ef108f024a9984841f3f127183d5734c022052a25b089dea508889fcf5f5e7,2024-05-14T16:12:23.490000
CVE-2024-3471,0,0,54767cbf563c0be6df0476fd4d8642a65d7e71e0c7bed8d9d2a79519c6ab070f,2024-05-02T13:27:25.103000
CVE-2024-34710,1,1,5dc4665d60f068782e169ed16e4b5aeed2aca25ab0ab03aa4614a987dea76645,2024-05-20T22:15:08.500000
CVE-2024-34712,0,0,40b56468c6b0e23be2aec8e055821c01815577c206a3bde1e73f06a6cae6bcb3,2024-05-14T19:17:55.627000
CVE-2024-34713,0,0,71c068cea1357926b6436f81cbdf6c8a79fd8b732c917dfd0c04a9555e362968,2024-05-14T19:17:55.627000
CVE-2024-34714,0,0,a16faa7f57b02979f0d9baa24210a39fe199236a17b9a6c8ee9e34ebead52447,2024-05-14T19:17:55.627000
@ -249712,10 +249713,10 @@ CVE-2024-35184,0,0,b9e43a79a8d3cf5f3dc97bfbc13e9d1e865d4c1cbd767526b45c719d87ddd
CVE-2024-35185,0,0,9566de12a112578d6f544cd49512e0fec5a478c1209019c8a894392a85ee7161,2024-05-17T18:36:31.297000
CVE-2024-35187,0,0,e540e1bc620ba80ad5fa80f7d3263a6e3207bc8224e5eb747cca071b3bd90ce6,2024-05-17T18:36:31.297000
CVE-2024-35190,0,0,df7331f94dde17b6fe9caf5aceb08176ef5d062bd31daf4fd79d8cfe540794ae,2024-05-17T18:35:35.070000
CVE-2024-35191,1,1,3fea625f0f16665d25f87c7c16f9d8cab824ad7cfe77d4057d035c38f2b00424,2024-05-20T21:15:09.307000
CVE-2024-35192,1,1,afc551a53865ea35750cf87859d26c473f70804fe12f089bd78ff2c0b31a95a2,2024-05-20T21:15:09.550000
CVE-2024-35194,1,1,b7f6bdf6baf26167ef80f1f1aa25b6ca57578dbc17f9023e78bb78772baa20b9,2024-05-20T21:15:09.773000
CVE-2024-35195,1,1,cc1ea11b9334e63a9a93d27b1f4942a9ae7fafcc7165816bd0ec3c38eaa5d2e6,2024-05-20T21:15:09.990000
CVE-2024-35191,0,0,3fea625f0f16665d25f87c7c16f9d8cab824ad7cfe77d4057d035c38f2b00424,2024-05-20T21:15:09.307000
CVE-2024-35192,0,0,afc551a53865ea35750cf87859d26c473f70804fe12f089bd78ff2c0b31a95a2,2024-05-20T21:15:09.550000
CVE-2024-35194,0,0,b7f6bdf6baf26167ef80f1f1aa25b6ca57578dbc17f9023e78bb78772baa20b9,2024-05-20T21:15:09.773000
CVE-2024-35195,0,0,cc1ea11b9334e63a9a93d27b1f4942a9ae7fafcc7165816bd0ec3c38eaa5d2e6,2024-05-20T21:15:09.990000
CVE-2024-3520,0,0,f6428e86e9ec472cba9c3c5754043cb34202461d79bcb1fa1b6a365d8347f93e,2024-05-02T18:00:37.360000
CVE-2024-35204,0,0,e1a61e5fa740b8d773028d5010a8e42a433a924bdea5e26108812aad66d1c249,2024-05-16T20:15:09.910000
CVE-2024-35205,0,0,e759b9359595ebaf333ccada053519f187d3d1cfddc6ef72f21bfd74e59fe204,2024-05-14T16:11:39.510000
@ -250815,6 +250816,7 @@ CVE-2024-4974,0,0,30c18840d61a7da1f6d082016a110f1f3e155cb69a321c5f3011e04a781ace
CVE-2024-4975,0,0,09924b0fbe93d87fd37542372e09ae669637640cc2222ca882fa05e7d37dfb27,2024-05-17T02:40:45.073000
CVE-2024-4976,0,0,cec1c528b9c81bb2353d630af7aeaeed80f8c396bb33272f9e3c075fa645e3ec,2024-05-16T13:03:05.353000
CVE-2024-4984,0,0,c181b2792419ab292757f17fa7ed54efe54e64b1f0d7a8e32f201040654607f4,2024-05-16T13:03:05.353000
CVE-2024-4985,1,1,bc448e1bde699518577a6998209a5a0146da6fb11a5b9b2f9d4aabb1f818fd6f,2024-05-20T22:15:08.727000
CVE-2024-4991,0,0,180b9ed28c0cce46df550147eebf5773d3a2c46d3490c6ab8f019084050e5a01,2024-05-16T13:03:05.353000
CVE-2024-4992,0,0,504a91a45451c38d9b5beed8f2c88cac747dfe187af29754ed23c5e483929557,2024-05-16T13:03:05.353000
CVE-2024-4993,0,0,54558f9e3463a1500143cda3bf9ee67127625c6afa1872d34f1d786cf2569f73,2024-05-16T13:03:05.353000
@ -250875,3 +250877,4 @@ CVE-2024-5134,0,0,44a789f42f5a3c13ba63d82e5081c6abc6a3d25c1481cb7c53cfc6c6e78700
CVE-2024-5135,0,0,68cf9bdf9dec0a96d7d353e92a3ea23735e4dfab71f12aba03f45faad350b446,2024-05-20T13:00:04.957000
CVE-2024-5136,0,0,7e1453b58a6b8cdb889318a17e467bc4887e911147f2bbd5898eefe5c0fc0fa9,2024-05-20T13:00:04.957000
CVE-2024-5137,0,0,9ef636c571a0277ac03884ccb19a37de0ac2ceab7c0195ff8a91e587e734c012,2024-05-20T13:00:04.957000
CVE-2024-5145,1,1,c53440da82a6dd0eb446d498465c5990d294584701f1510d2f50eecfd1574c85,2024-05-20T23:15:08.533000

Can't render this file because it is too large.