diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6083.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6083.json new file mode 100644 index 00000000000..33559329567 --- /dev/null +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6083.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-6083", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-06-18T00:15:09.853", + "lastModified": "2024-06-18T00:15:09.853", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268824. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/WeikFu/PHPVibe-vulnerability-description/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.268824", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.268824", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.353552", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6084.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6084.json new file mode 100644 index 00000000000..95887b541db --- /dev/null +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6084.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-6084", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-06-18T01:15:20.333", + "lastModified": "2024-06-18T01:15:20.333", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in itsourcecode Pool of Bethesda Online Reservation System up to 1.0 and classified as critical. Affected by this vulnerability is the function uploadImage of the file /admin/mod_room/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268825 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Laster-dev/CVE/issues/2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.268825", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.268825", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.358628", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 81975a02dd6..4371ba13fa7 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-17T23:55:18.444308+00:00 +2024-06-18T02:00:18.426605+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-17T23:15:51.920000+00:00 +2024-06-18T01:15:20.333000+00:00 ``` ### Last Data Feed Release @@ -27,29 +27,27 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-06-17T00:00:08.676261+00:00 +2024-06-18T00:00:08.635679+00:00 ``` ### Total Number of included CVEs ```plain -254322 +254324 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2024-6067](CVE-2024/CVE-2024-60xx/CVE-2024-6067.json) (`2024-06-17T22:15:10.657`) -- [CVE-2024-6080](CVE-2024/CVE-2024-60xx/CVE-2024-6080.json) (`2024-06-17T23:15:51.583`) -- [CVE-2024-6082](CVE-2024/CVE-2024-60xx/CVE-2024-6082.json) (`2024-06-17T23:15:51.920`) +- [CVE-2024-6083](CVE-2024/CVE-2024-60xx/CVE-2024-6083.json) (`2024-06-18T00:15:09.853`) +- [CVE-2024-6084](CVE-2024/CVE-2024-60xx/CVE-2024-6084.json) (`2024-06-18T01:15:20.333`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2020-10136](CVE-2020/CVE-2020-101xx/CVE-2020-10136.json) (`2024-06-17T22:15:10.090`) ## Download and Usage diff --git a/_state.csv b/_state.csv index f007992f4f3..41202c25c0e 100644 --- a/_state.csv +++ b/_state.csv @@ -145189,7 +145189,7 @@ CVE-2020-10131,0,0,553049a5bcad135034d34345ba829520614449174b4a8152b5cd68519b6c8 CVE-2020-10132,0,0,279947b47ec84ce5e5ada7b6ed001a372b163a336e6035ca9936f02649e9e33b,2023-11-07T03:14:06.940000 CVE-2020-10134,0,0,91ad4c201f2b6aa1887090462c58b752a1cdad891ea09f362ffcda51dc7bd28b,2020-05-21T18:58:31.067000 CVE-2020-10135,0,0,f812f69541f61b2703a0a9d90b887f7bcbed4ad67060c5583739c58c17659497,2021-12-21T12:42:21.433000 -CVE-2020-10136,0,1,6445ccd649ea68f9444a4cf4d2938416bf3cc51c400cae92e122883ad326661b,2024-06-17T22:15:10.090000 +CVE-2020-10136,0,0,6445ccd649ea68f9444a4cf4d2938416bf3cc51c400cae92e122883ad326661b,2024-06-17T22:15:10.090000 CVE-2020-10137,0,0,2a5eb940e6c61fea1d962cef6246c92b9595777e4d58a353b370116dd664bcac,2022-01-18T17:12:45.303000 CVE-2020-10138,0,0,ba845448ac5c9328f42a754df8083611452c3b522cbc84c088eac08e5bf49b24,2021-12-20T22:24:51.817000 CVE-2020-10139,0,0,87daaf80c1937e104a591afe096bf597d2519a132bace3e6f2aff1ad93329615,2021-12-20T22:25:19.430000 @@ -254318,6 +254318,8 @@ CVE-2024-6063,0,0,b67d10210bed54ecb8364f0d64a24e8a9bb67fda8d7cdbfbf01d23eb1fcb1b CVE-2024-6064,0,0,dfa0698ee8caf241b62eef71e2d604b23eb45d719d7bfffd9edd5b3eea92dc02,2024-06-17T21:15:51.727000 CVE-2024-6065,0,0,ec7d6c92bf7a949498dd9805836d3dc45c84184ec068d4330849b9f7c74e24ca,2024-06-17T21:15:52.007000 CVE-2024-6066,0,0,4be16afb26a67eeaa99325b278e1eb15007f8629556d5972406c66487d6fe7ae,2024-06-17T21:15:52.283000 -CVE-2024-6067,1,1,917ec11acc59771cd289e02ed472e235338a36350e131e2242624c6b5a660576,2024-06-17T22:15:10.657000 -CVE-2024-6080,1,1,ce117abbbf27c271f3b1c554aeba9f1090748517ce038abb4811acdf5fadb2ed,2024-06-17T23:15:51.583000 -CVE-2024-6082,1,1,b34a8b9e9d7597c030b945a5724fac42f5803ca75f53728fefe9f424acf1cad3,2024-06-17T23:15:51.920000 +CVE-2024-6067,0,0,917ec11acc59771cd289e02ed472e235338a36350e131e2242624c6b5a660576,2024-06-17T22:15:10.657000 +CVE-2024-6080,0,0,ce117abbbf27c271f3b1c554aeba9f1090748517ce038abb4811acdf5fadb2ed,2024-06-17T23:15:51.583000 +CVE-2024-6082,0,0,b34a8b9e9d7597c030b945a5724fac42f5803ca75f53728fefe9f424acf1cad3,2024-06-17T23:15:51.920000 +CVE-2024-6083,1,1,6fddaebd6fd505529ccfd2377fbb90eb3ff967f1b7daa3e62aab60a1d99a55f2,2024-06-18T00:15:09.853000 +CVE-2024-6084,1,1,8f1263f1fd5f68ce001ded5ef625a4f2157c36b7cc48c52db74013e47bd8c7ad,2024-06-18T01:15:20.333000