From e161c5542105796ad3c8da74a76a77bb18eea9ce Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 27 Apr 2024 23:58:20 +0000 Subject: [PATCH] Auto-Update: 2024-04-27T23:55:29.649412+00:00 --- CVE-2022/CVE-2022-486xx/CVE-2022-48684.json | 43 ++++++++++ CVE-2022/CVE-2022-486xx/CVE-2022-48685.json | 43 ++++++++++ CVE-2024/CVE-2024-338xx/CVE-2024-33851.json | 20 +++++ CVE-2024/CVE-2024-42xx/CVE-2024-4293.json | 92 +++++++++++++++++++++ CVE-2024/CVE-2024-42xx/CVE-2024-4294.json | 92 +++++++++++++++++++++ README.md | 15 ++-- _state.csv | 9 +- 7 files changed, 306 insertions(+), 8 deletions(-) create mode 100644 CVE-2022/CVE-2022-486xx/CVE-2022-48684.json create mode 100644 CVE-2022/CVE-2022-486xx/CVE-2022-48685.json create mode 100644 CVE-2024/CVE-2024-338xx/CVE-2024-33851.json create mode 100644 CVE-2024/CVE-2024-42xx/CVE-2024-4293.json create mode 100644 CVE-2024/CVE-2024-42xx/CVE-2024-4294.json diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48684.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48684.json new file mode 100644 index 00000000000..ffbbae7e8d2 --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48684.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-48684", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-27T23:15:06.110", + "lastModified": "2024-04-27T23:15:06.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://servicedesk.logpoint.com/hc/en-us/articles/7201134201885-Template-injection-in-Search-Template", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48685.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48685.json new file mode 100644 index 00000000000..d0cc6d7c166 --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48685.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2022-48685", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-27T23:15:06.290", + "lastModified": "2024-04-27T23:15:06.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@mitre.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://servicedesk.logpoint.com/hc/en-us/articles/7997112373277-Privilege-Escalation-Through-Cronjob", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-338xx/CVE-2024-33851.json b/CVE-2024/CVE-2024-338xx/CVE-2024-33851.json new file mode 100644 index 00000000000..12c14373fae --- /dev/null +++ b/CVE-2024/CVE-2024-338xx/CVE-2024-33851.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-33851", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-27T22:15:08.050", + "lastModified": "2024-04-27T22:15:08.050", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/paragonie/phpecc/releases/tag/v2.0.1", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4293.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4293.json new file mode 100644 index 00000000000..ab742ec5604 --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4293.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-4293", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-27T22:15:08.110", + "lastModified": "2024-04-27T22:15:08.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.262225", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.262225", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.323586", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4294.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4294.json new file mode 100644 index 00000000000..1093c4fafd9 --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4294.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-4294", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-27T23:15:06.470", + "lastModified": "2024-04-27T23:15:06.470", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262226 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-99" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_idor.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.262226", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.262226", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.323597", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 81be79c250b..48c4720539e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-27T22:00:38.011414+00:00 +2024-04-27T23:55:29.649412+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-27T21:15:47.453000+00:00 +2024-04-27T23:15:06.470000+00:00 ``` ### Last Data Feed Release @@ -33,15 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -246965 +246970 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `5` -- [CVE-2024-4291](CVE-2024/CVE-2024-42xx/CVE-2024-4291.json) (`2024-04-27T20:15:07.170`) -- [CVE-2024-4292](CVE-2024/CVE-2024-42xx/CVE-2024-4292.json) (`2024-04-27T21:15:47.453`) +- [CVE-2022-48684](CVE-2022/CVE-2022-486xx/CVE-2022-48684.json) (`2024-04-27T23:15:06.110`) +- [CVE-2022-48685](CVE-2022/CVE-2022-486xx/CVE-2022-48685.json) (`2024-04-27T23:15:06.290`) +- [CVE-2024-33851](CVE-2024/CVE-2024-338xx/CVE-2024-33851.json) (`2024-04-27T22:15:08.050`) +- [CVE-2024-4293](CVE-2024/CVE-2024-42xx/CVE-2024-4293.json) (`2024-04-27T22:15:08.110`) +- [CVE-2024-4294](CVE-2024/CVE-2024-42xx/CVE-2024-4294.json) (`2024-04-27T23:15:06.470`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 97c27ad666d..0bda87531ac 100644 --- a/_state.csv +++ b/_state.csv @@ -211498,6 +211498,8 @@ CVE-2022-4866,0,0,64c9ea7b26626d61a99b74354dc5f958961e6d20aa6371d15f635281a82cc0 CVE-2022-4867,0,0,df30bf033a8b71c87ccc147259fbbc1d4b447580323b889a3d7676505e257148,2023-01-06T21:26:37.597000 CVE-2022-4868,0,0,49bc3762269009af54870f2860cabd5c2f0372571503d002526079fe993a74bc,2023-01-06T21:20:41.477000 CVE-2022-48682,0,0,ab79a7884cf84c87a21a00581b3679825469c2af77233a0e49acaa1ff90167b4,2024-04-26T12:58:17.720000 +CVE-2022-48684,1,1,26bc86c32451e11b61341538f04c10755ce98022fe22b1a900d8ba22be7cab7e,2024-04-27T23:15:06.110000 +CVE-2022-48685,1,1,697644abcc0de3c107ffa9318e9cc62abeda8286f079bfdc78c7fc7a3a8f7654,2024-04-27T23:15:06.290000 CVE-2022-4869,0,0,8d8764937cca8aa8c728688dab097a07b47820eec099f6720542fc4a3e489b45,2024-04-11T01:17:32.477000 CVE-2022-4870,0,0,ffd8aa6f3e45d78db8f0fdd0224eff53e3f88f9afa51308e06056eb1d9d02eeb,2023-05-25T17:41:06.867000 CVE-2022-4871,0,0,7da137eba4bc59f17d11a7ab323d7f3109098463f5f3c2c9ae236dde33ebca18,2024-04-11T01:17:32.567000 @@ -246636,6 +246638,7 @@ CVE-2024-3382,0,0,359ee56c09e0a2a64315ebc823efc4b55ab60390ccbf48a0550f896cf550e0 CVE-2024-3383,0,0,23294a2c02d282067f57807e610d19ad62151e7737eff1a2dbce91b2ce33a939,2024-04-10T19:49:51.183000 CVE-2024-3384,0,0,f1db02aa38b819888be52a421a922174001b5f3c9e0abe3ab9082a168503f129,2024-04-10T19:49:51.183000 CVE-2024-3385,0,0,dafd55987e5738b5d6ec37d523526a7e0269d60d96cd780933abafbc800645a8,2024-04-10T19:49:51.183000 +CVE-2024-33851,1,1,80e66c30b70ef5a8f9f2435498df5e864043c48455dff57b5825fff8531be05b,2024-04-27T22:15:08.050000 CVE-2024-3386,0,0,d08d523d066834a85bfe06023f05a033d8631a6197479f66bfb86438af143c6d,2024-04-10T19:49:51.183000 CVE-2024-3387,0,0,59a783d7f5a632f1312dc02ccd745e7c758f93e478c4554a0dbc9aba27d256c0,2024-04-10T19:49:51.183000 CVE-2024-3388,0,0,9a13547aa29d2171bfe252870fb3dde44261a463a11a31d9062dc130e0f3c4f3,2024-04-10T19:49:51.183000 @@ -246962,5 +246965,7 @@ CVE-2024-4252,0,0,425370b01235b5a72a19664ff47531a79c32ee2dd07da1d85c4b62183392ac CVE-2024-4255,0,0,518bbffc81cec3ec25fe3ee4962cde6a51f819d0a78ddbcfb4ba3f10713d6dc5,2024-04-27T15:15:06.437000 CVE-2024-4256,0,0,9aae2a577ebf758e1c98bdb4c74a2b6a26ec76a10e9268085a4e889dfd55f5a2,2024-04-27T16:15:07.170000 CVE-2024-4257,0,0,1a42e073c03689d5b2126a749fafc08d5e7c2c3c7dcaa82139edd37d740f3e62,2024-04-27T16:15:07.410000 -CVE-2024-4291,1,1,2865a121351ebb56160fcf65d7e9586ac99e0ff8d6036dc46e718a2eabc1d391,2024-04-27T20:15:07.170000 -CVE-2024-4292,1,1,f35115db4ed64c24607ced52e93cbcd1c5148fc71f3b2566211f6e6c34c15f40,2024-04-27T21:15:47.453000 +CVE-2024-4291,0,0,2865a121351ebb56160fcf65d7e9586ac99e0ff8d6036dc46e718a2eabc1d391,2024-04-27T20:15:07.170000 +CVE-2024-4292,0,0,f35115db4ed64c24607ced52e93cbcd1c5148fc71f3b2566211f6e6c34c15f40,2024-04-27T21:15:47.453000 +CVE-2024-4293,1,1,0728359e5c83609717b6c30efe8cad67c03c56d671ce2adc06f7d27fb0c3ea84,2024-04-27T22:15:08.110000 +CVE-2024-4294,1,1,acd8c525c0dbd05d938d9cfd91b4f84bb2cd9884ab996901732c285a16449adb,2024-04-27T23:15:06.470000