Auto-Update: 2024-04-27T23:55:29.649412+00:00

2025-07-09 16:05:11 +00:00 · 2024-04-27 23:58:20 +00:00 · 2024-04-27 23:58:20 +00:00 · e161c55421
commit e161c55421
parent bf4e48597d
7 changed files with 306 additions and 8 deletions
--- a/CVE-2022/CVE-2022-486xx/CVE-2022-48684.json
+++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48684.json
@ -0,0 +1,43 @@
 {
  "id": "CVE-2022-48684",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-04-27T23:15:06.110",
  "lastModified": "2024-04-27T23:15:06.110",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cve@mitre.org",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.4,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 6.0
      }
    ]
  },
  "references": [
    {
      "url": "https://servicedesk.logpoint.com/hc/en-us/articles/7201134201885-Template-injection-in-Search-Template",
      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2022/CVE-2022-486xx/CVE-2022-48685.json
+++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48685.json
@ -0,0 +1,43 @@
 {
  "id": "CVE-2022-48685",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-04-27T23:15:06.290",
  "lastModified": "2024-04-27T23:15:06.290",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cve@mitre.org",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.7,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 6.0
      }
    ]
  },
  "references": [
    {
      "url": "https://servicedesk.logpoint.com/hc/en-us/articles/7997112373277-Privilege-Escalation-Through-Cronjob",
      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-338xx/CVE-2024-33851.json
+++ b/CVE-2024/CVE-2024-338xx/CVE-2024-33851.json
@ -0,0 +1,20 @@
 {
  "id": "CVE-2024-33851",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-04-27T22:15:08.050",
  "lastModified": "2024-04-27T22:15:08.050",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.)"
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/paragonie/phpecc/releases/tag/v2.0.1",
      "source": "cve@mitre.org"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-42xx/CVE-2024-4293.json
+++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4293.json
@ -0,0 +1,92 @@
 {
  "id": "CVE-2024-4293",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-04-27T22:15:08.110",
  "lastModified": "2024-04-27T22:15:08.110",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 2.1,
        "impactScore": 1.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "NONE",
          "baseScore": 4.0
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cna@vuldb.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss.md",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?ctiid.262225",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?id.262225",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?submit.323586",
      "source": "cna@vuldb.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-42xx/CVE-2024-4294.json
+++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4294.json
@ -0,0 +1,92 @@
 {
  "id": "CVE-2024-4294",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-04-27T23:15:06.470",
  "lastModified": "2024-04-27T23:15:06.470",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262226 is the identifier assigned to this vulnerability."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4
      }
    ],
    "cvssMetricV2": [
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "SINGLE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cna@vuldb.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-99"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_idor.md",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?ctiid.262226",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?id.262226",
      "source": "cna@vuldb.com"
    },
    {
      "url": "https://vuldb.com/?submit.323597",
      "source": "cna@vuldb.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-04-27T22:00:38.011414+00:00
+2024-04-27T23:55:29.649412+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-04-27T21:15:47.453000+00:00
+2024-04-27T23:15:06.470000+00:00
 ```
 ### Last Data Feed Release
@ -33,15 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-246965
+246970
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `2`
+Recently added CVEs: `5`
- [CVE-2024-4291](CVE-2024/CVE-2024-42xx/CVE-2024-4291.json) (`2024-04-27T20:15:07.170`)
+- [CVE-2022-48684](CVE-2022/CVE-2022-486xx/CVE-2022-48684.json) (`2024-04-27T23:15:06.110`)
- [CVE-2024-4292](CVE-2024/CVE-2024-42xx/CVE-2024-4292.json) (`2024-04-27T21:15:47.453`)
+- [CVE-2022-48685](CVE-2022/CVE-2022-486xx/CVE-2022-48685.json) (`2024-04-27T23:15:06.290`)
 - [CVE-2024-33851](CVE-2024/CVE-2024-338xx/CVE-2024-33851.json) (`2024-04-27T22:15:08.050`)
 - [CVE-2024-4293](CVE-2024/CVE-2024-42xx/CVE-2024-4293.json) (`2024-04-27T22:15:08.110`)
 - [CVE-2024-4294](CVE-2024/CVE-2024-42xx/CVE-2024-4294.json) (`2024-04-27T23:15:06.470`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -211498,6 +211498,8 @@ CVE-2022-4866,0,0,64c9ea7b26626d61a99b74354dc5f958961e6d20aa6371d15f635281a82cc0
 CVE-2022-4867,0,0,df30bf033a8b71c87ccc147259fbbc1d4b447580323b889a3d7676505e257148,2023-01-06T21:26:37.597000
 CVE-2022-4868,0,0,49bc3762269009af54870f2860cabd5c2f0372571503d002526079fe993a74bc,2023-01-06T21:20:41.477000
 CVE-2022-48682,0,0,ab79a7884cf84c87a21a00581b3679825469c2af77233a0e49acaa1ff90167b4,2024-04-26T12:58:17.720000
 CVE-2022-48684,1,1,26bc86c32451e11b61341538f04c10755ce98022fe22b1a900d8ba22be7cab7e,2024-04-27T23:15:06.110000
 CVE-2022-48685,1,1,697644abcc0de3c107ffa9318e9cc62abeda8286f079bfdc78c7fc7a3a8f7654,2024-04-27T23:15:06.290000
 CVE-2022-4869,0,0,8d8764937cca8aa8c728688dab097a07b47820eec099f6720542fc4a3e489b45,2024-04-11T01:17:32.477000
 CVE-2022-4870,0,0,ffd8aa6f3e45d78db8f0fdd0224eff53e3f88f9afa51308e06056eb1d9d02eeb,2023-05-25T17:41:06.867000
 CVE-2022-4871,0,0,7da137eba4bc59f17d11a7ab323d7f3109098463f5f3c2c9ae236dde33ebca18,2024-04-11T01:17:32.567000
@ -246636,6 +246638,7 @@ CVE-2024-3382,0,0,359ee56c09e0a2a64315ebc823efc4b55ab60390ccbf48a0550f896cf550e0
 CVE-2024-3383,0,0,23294a2c02d282067f57807e610d19ad62151e7737eff1a2dbce91b2ce33a939,2024-04-10T19:49:51.183000
 CVE-2024-3384,0,0,f1db02aa38b819888be52a421a922174001b5f3c9e0abe3ab9082a168503f129,2024-04-10T19:49:51.183000
 CVE-2024-3385,0,0,dafd55987e5738b5d6ec37d523526a7e0269d60d96cd780933abafbc800645a8,2024-04-10T19:49:51.183000
 CVE-2024-33851,1,1,80e66c30b70ef5a8f9f2435498df5e864043c48455dff57b5825fff8531be05b,2024-04-27T22:15:08.050000
 CVE-2024-3386,0,0,d08d523d066834a85bfe06023f05a033d8631a6197479f66bfb86438af143c6d,2024-04-10T19:49:51.183000
 CVE-2024-3387,0,0,59a783d7f5a632f1312dc02ccd745e7c758f93e478c4554a0dbc9aba27d256c0,2024-04-10T19:49:51.183000
 CVE-2024-3388,0,0,9a13547aa29d2171bfe252870fb3dde44261a463a11a31d9062dc130e0f3c4f3,2024-04-10T19:49:51.183000
@ -246962,5 +246965,7 @@ CVE-2024-4252,0,0,425370b01235b5a72a19664ff47531a79c32ee2dd07da1d85c4b62183392ac
 CVE-2024-4255,0,0,518bbffc81cec3ec25fe3ee4962cde6a51f819d0a78ddbcfb4ba3f10713d6dc5,2024-04-27T15:15:06.437000
 CVE-2024-4256,0,0,9aae2a577ebf758e1c98bdb4c74a2b6a26ec76a10e9268085a4e889dfd55f5a2,2024-04-27T16:15:07.170000
 CVE-2024-4257,0,0,1a42e073c03689d5b2126a749fafc08d5e7c2c3c7dcaa82139edd37d740f3e62,2024-04-27T16:15:07.410000
-CVE-2024-4291,1,1,2865a121351ebb56160fcf65d7e9586ac99e0ff8d6036dc46e718a2eabc1d391,2024-04-27T20:15:07.170000
+CVE-2024-4291,0,0,2865a121351ebb56160fcf65d7e9586ac99e0ff8d6036dc46e718a2eabc1d391,2024-04-27T20:15:07.170000
-CVE-2024-4292,1,1,f35115db4ed64c24607ced52e93cbcd1c5148fc71f3b2566211f6e6c34c15f40,2024-04-27T21:15:47.453000
+CVE-2024-4292,0,0,f35115db4ed64c24607ced52e93cbcd1c5148fc71f3b2566211f6e6c34c15f40,2024-04-27T21:15:47.453000
 CVE-2024-4293,1,1,0728359e5c83609717b6c30efe8cad67c03c56d671ce2adc06f7d27fb0c3ea84,2024-04-27T22:15:08.110000
 CVE-2024-4294,1,1,acd8c525c0dbd05d938d9cfd91b4f84bb2cd9884ab996901732c285a16449adb,2024-04-27T23:15:06.470000