Auto-Update: 2024-04-27T23:55:29.649412+00:00

This commit is contained in:
cad-safe-bot 2024-04-27 23:58:20 +00:00
parent bf4e48597d
commit e161c55421
7 changed files with 306 additions and 8 deletions

View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-48684",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-27T23:15:06.110",
"lastModified": "2024-04-27T23:15:06.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Logpoint before 7.1.1. Template injection was seen in the search template. The search template uses jinja templating for generating dynamic data. This could be abused to achieve code execution. Any user with access to create a search template can leverage this to execute code as the loginspect user."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://servicedesk.logpoint.com/hc/en-us/articles/7201134201885-Template-injection-in-Search-Template",
"source": "cve@mitre.org"
}
]
}

View File

@ -0,0 +1,43 @@
{
"id": "CVE-2022-48685",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-27T23:15:06.290",
"lastModified": "2024-04-27T23:15:06.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Logpoint 7.1 before 7.1.2. The daily executed cron file clean_secbi_old_logs is writable by all users and is executed as root, leading to privilege escalation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.1,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://servicedesk.logpoint.com/hc/en-us/articles/7997112373277-Privilege-Escalation-Through-Cronjob",
"source": "cve@mitre.org"
}
]
}

View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-33851",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-27T22:15:08.050",
"lastModified": "2024-04-27T22:15:08.050",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.)"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/paragonie/phpecc/releases/tag/v2.0.1",
"source": "cve@mitre.org"
}
]
}

View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4293",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-27T22:15:08.110",
"lastModified": "2024-04-27T22:15:08.110",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this vulnerability is an unknown functionality of the file appointment-bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262225 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_xss.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.262225",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.262225",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.323586",
"source": "cna@vuldb.com"
}
]
}

View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4294",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-27T23:15:06.470",
"lastModified": "2024-04-27T23:15:06.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul Doctor Appointment Management System 1.0. Affected by this issue is some unknown functionality of the file /doctor/view-appointment-detail.php. The manipulation of the argument editid leads to improper control of resource identifiers. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262226 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-99"
}
]
}
],
"references": [
{
"url": "https://github.com/Sospiro014/zday1/blob/main/doctor_appointment_management_system_idor.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.262226",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.262226",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.323597",
"source": "cna@vuldb.com"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-04-27T22:00:38.011414+00:00 2024-04-27T23:55:29.649412+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-04-27T21:15:47.453000+00:00 2024-04-27T23:15:06.470000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,15 +33,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
246965 246970
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `2` Recently added CVEs: `5`
- [CVE-2024-4291](CVE-2024/CVE-2024-42xx/CVE-2024-4291.json) (`2024-04-27T20:15:07.170`) - [CVE-2022-48684](CVE-2022/CVE-2022-486xx/CVE-2022-48684.json) (`2024-04-27T23:15:06.110`)
- [CVE-2024-4292](CVE-2024/CVE-2024-42xx/CVE-2024-4292.json) (`2024-04-27T21:15:47.453`) - [CVE-2022-48685](CVE-2022/CVE-2022-486xx/CVE-2022-48685.json) (`2024-04-27T23:15:06.290`)
- [CVE-2024-33851](CVE-2024/CVE-2024-338xx/CVE-2024-33851.json) (`2024-04-27T22:15:08.050`)
- [CVE-2024-4293](CVE-2024/CVE-2024-42xx/CVE-2024-4293.json) (`2024-04-27T22:15:08.110`)
- [CVE-2024-4294](CVE-2024/CVE-2024-42xx/CVE-2024-4294.json) (`2024-04-27T23:15:06.470`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit

View File

@ -211498,6 +211498,8 @@ CVE-2022-4866,0,0,64c9ea7b26626d61a99b74354dc5f958961e6d20aa6371d15f635281a82cc0
CVE-2022-4867,0,0,df30bf033a8b71c87ccc147259fbbc1d4b447580323b889a3d7676505e257148,2023-01-06T21:26:37.597000 CVE-2022-4867,0,0,df30bf033a8b71c87ccc147259fbbc1d4b447580323b889a3d7676505e257148,2023-01-06T21:26:37.597000
CVE-2022-4868,0,0,49bc3762269009af54870f2860cabd5c2f0372571503d002526079fe993a74bc,2023-01-06T21:20:41.477000 CVE-2022-4868,0,0,49bc3762269009af54870f2860cabd5c2f0372571503d002526079fe993a74bc,2023-01-06T21:20:41.477000
CVE-2022-48682,0,0,ab79a7884cf84c87a21a00581b3679825469c2af77233a0e49acaa1ff90167b4,2024-04-26T12:58:17.720000 CVE-2022-48682,0,0,ab79a7884cf84c87a21a00581b3679825469c2af77233a0e49acaa1ff90167b4,2024-04-26T12:58:17.720000
CVE-2022-48684,1,1,26bc86c32451e11b61341538f04c10755ce98022fe22b1a900d8ba22be7cab7e,2024-04-27T23:15:06.110000
CVE-2022-48685,1,1,697644abcc0de3c107ffa9318e9cc62abeda8286f079bfdc78c7fc7a3a8f7654,2024-04-27T23:15:06.290000
CVE-2022-4869,0,0,8d8764937cca8aa8c728688dab097a07b47820eec099f6720542fc4a3e489b45,2024-04-11T01:17:32.477000 CVE-2022-4869,0,0,8d8764937cca8aa8c728688dab097a07b47820eec099f6720542fc4a3e489b45,2024-04-11T01:17:32.477000
CVE-2022-4870,0,0,ffd8aa6f3e45d78db8f0fdd0224eff53e3f88f9afa51308e06056eb1d9d02eeb,2023-05-25T17:41:06.867000 CVE-2022-4870,0,0,ffd8aa6f3e45d78db8f0fdd0224eff53e3f88f9afa51308e06056eb1d9d02eeb,2023-05-25T17:41:06.867000
CVE-2022-4871,0,0,7da137eba4bc59f17d11a7ab323d7f3109098463f5f3c2c9ae236dde33ebca18,2024-04-11T01:17:32.567000 CVE-2022-4871,0,0,7da137eba4bc59f17d11a7ab323d7f3109098463f5f3c2c9ae236dde33ebca18,2024-04-11T01:17:32.567000
@ -246636,6 +246638,7 @@ CVE-2024-3382,0,0,359ee56c09e0a2a64315ebc823efc4b55ab60390ccbf48a0550f896cf550e0
CVE-2024-3383,0,0,23294a2c02d282067f57807e610d19ad62151e7737eff1a2dbce91b2ce33a939,2024-04-10T19:49:51.183000 CVE-2024-3383,0,0,23294a2c02d282067f57807e610d19ad62151e7737eff1a2dbce91b2ce33a939,2024-04-10T19:49:51.183000
CVE-2024-3384,0,0,f1db02aa38b819888be52a421a922174001b5f3c9e0abe3ab9082a168503f129,2024-04-10T19:49:51.183000 CVE-2024-3384,0,0,f1db02aa38b819888be52a421a922174001b5f3c9e0abe3ab9082a168503f129,2024-04-10T19:49:51.183000
CVE-2024-3385,0,0,dafd55987e5738b5d6ec37d523526a7e0269d60d96cd780933abafbc800645a8,2024-04-10T19:49:51.183000 CVE-2024-3385,0,0,dafd55987e5738b5d6ec37d523526a7e0269d60d96cd780933abafbc800645a8,2024-04-10T19:49:51.183000
CVE-2024-33851,1,1,80e66c30b70ef5a8f9f2435498df5e864043c48455dff57b5825fff8531be05b,2024-04-27T22:15:08.050000
CVE-2024-3386,0,0,d08d523d066834a85bfe06023f05a033d8631a6197479f66bfb86438af143c6d,2024-04-10T19:49:51.183000 CVE-2024-3386,0,0,d08d523d066834a85bfe06023f05a033d8631a6197479f66bfb86438af143c6d,2024-04-10T19:49:51.183000
CVE-2024-3387,0,0,59a783d7f5a632f1312dc02ccd745e7c758f93e478c4554a0dbc9aba27d256c0,2024-04-10T19:49:51.183000 CVE-2024-3387,0,0,59a783d7f5a632f1312dc02ccd745e7c758f93e478c4554a0dbc9aba27d256c0,2024-04-10T19:49:51.183000
CVE-2024-3388,0,0,9a13547aa29d2171bfe252870fb3dde44261a463a11a31d9062dc130e0f3c4f3,2024-04-10T19:49:51.183000 CVE-2024-3388,0,0,9a13547aa29d2171bfe252870fb3dde44261a463a11a31d9062dc130e0f3c4f3,2024-04-10T19:49:51.183000
@ -246962,5 +246965,7 @@ CVE-2024-4252,0,0,425370b01235b5a72a19664ff47531a79c32ee2dd07da1d85c4b62183392ac
CVE-2024-4255,0,0,518bbffc81cec3ec25fe3ee4962cde6a51f819d0a78ddbcfb4ba3f10713d6dc5,2024-04-27T15:15:06.437000 CVE-2024-4255,0,0,518bbffc81cec3ec25fe3ee4962cde6a51f819d0a78ddbcfb4ba3f10713d6dc5,2024-04-27T15:15:06.437000
CVE-2024-4256,0,0,9aae2a577ebf758e1c98bdb4c74a2b6a26ec76a10e9268085a4e889dfd55f5a2,2024-04-27T16:15:07.170000 CVE-2024-4256,0,0,9aae2a577ebf758e1c98bdb4c74a2b6a26ec76a10e9268085a4e889dfd55f5a2,2024-04-27T16:15:07.170000
CVE-2024-4257,0,0,1a42e073c03689d5b2126a749fafc08d5e7c2c3c7dcaa82139edd37d740f3e62,2024-04-27T16:15:07.410000 CVE-2024-4257,0,0,1a42e073c03689d5b2126a749fafc08d5e7c2c3c7dcaa82139edd37d740f3e62,2024-04-27T16:15:07.410000
CVE-2024-4291,1,1,2865a121351ebb56160fcf65d7e9586ac99e0ff8d6036dc46e718a2eabc1d391,2024-04-27T20:15:07.170000 CVE-2024-4291,0,0,2865a121351ebb56160fcf65d7e9586ac99e0ff8d6036dc46e718a2eabc1d391,2024-04-27T20:15:07.170000
CVE-2024-4292,1,1,f35115db4ed64c24607ced52e93cbcd1c5148fc71f3b2566211f6e6c34c15f40,2024-04-27T21:15:47.453000 CVE-2024-4292,0,0,f35115db4ed64c24607ced52e93cbcd1c5148fc71f3b2566211f6e6c34c15f40,2024-04-27T21:15:47.453000
CVE-2024-4293,1,1,0728359e5c83609717b6c30efe8cad67c03c56d671ce2adc06f7d27fb0c3ea84,2024-04-27T22:15:08.110000
CVE-2024-4294,1,1,acd8c525c0dbd05d938d9cfd91b4f84bb2cd9884ab996901732c285a16449adb,2024-04-27T23:15:06.470000

Can't render this file because it is too large.