diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13138.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13138.json new file mode 100644 index 00000000000..d96b0cfb923 --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13138.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13138", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T11:15:05.747", + "lastModified": "2025-01-05T11:15:05.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wangl1989/mysiteforme/issues/55", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wangl1989/mysiteforme/issues/55#issue-2757868654", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290212", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290212", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.468511", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13139.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13139.json new file mode 100644 index 00000000000..8a098e7694d --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13139.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-13139", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T11:15:07.247", + "lastModified": "2025-01-05T11:15:07.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wangl1989/mysiteforme/issues/56", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wangl1989/mysiteforme/issues/56#issue-2757876365", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290213", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290213", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.468513", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13140.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13140.json new file mode 100644 index 00000000000..50276bdbb27 --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13140.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13140", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T12:15:05.473", + "lastModified": "2025-01-05T12:15:05.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/emlog/emlog/issues/312", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/emlog/emlog/issues/312#issue-2758546837", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290214", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290214", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.468753", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 00f511d40c2..4ddb5dd9f58 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-05T11:00:19.488012+00:00 +2025-01-05T13:00:19.452640+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-05T10:15:06.707000+00:00 +2025-01-05T12:15:05.473000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275726 +275729 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -- [CVE-2024-13135](CVE-2024/CVE-2024-131xx/CVE-2024-13135.json) (`2025-01-05T09:15:05.240`) -- [CVE-2024-13136](CVE-2024/CVE-2024-131xx/CVE-2024-13136.json) (`2025-01-05T09:15:06.320`) -- [CVE-2024-13137](CVE-2024/CVE-2024-131xx/CVE-2024-13137.json) (`2025-01-05T10:15:06.707`) +- [CVE-2024-13138](CVE-2024/CVE-2024-131xx/CVE-2024-13138.json) (`2025-01-05T11:15:05.747`) +- [CVE-2024-13139](CVE-2024/CVE-2024-131xx/CVE-2024-13139.json) (`2025-01-05T11:15:07.247`) +- [CVE-2024-13140](CVE-2024/CVE-2024-131xx/CVE-2024-13140.json) (`2025-01-05T12:15:05.473`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 13e16cbf530..9a286116ff6 100644 --- a/_state.csv +++ b/_state.csv @@ -245452,9 +245452,12 @@ CVE-2024-13131,0,0,95b9a2d6a08f93879d932e041b311c499d3f0e154f510b263af670d8e3f4e CVE-2024-13132,0,0,21d2d0a056783edb04baa7102838e18985529312e228439b1f29de893d6c8fa8,2025-01-05T05:15:06.400000 CVE-2024-13133,0,0,9785e69379d6a0c25057df0e85fe2b0fda922cd10a604d201c02ee6ff38b912f,2025-01-05T05:15:07.507000 CVE-2024-13134,0,0,bf32841e8233339434384501225db38253b29750f711b67f74a58aecb9e0610e,2025-01-05T08:15:05.443000 -CVE-2024-13135,1,1,9a43452518638b8d25c8090b95d8a1fcf70738bb2886554ca1f52e4a4a6a3c1f,2025-01-05T09:15:05.240000 -CVE-2024-13136,1,1,6a249d76ffb3f851877c6526a17a3f8cb75c7d4e6c345db37f81d84beb0f5b88,2025-01-05T09:15:06.320000 -CVE-2024-13137,1,1,a706682410d196acd863ad5b1cfb7824e74d6ba58ecdb615df00dfd743ce1392,2025-01-05T10:15:06.707000 +CVE-2024-13135,0,0,9a43452518638b8d25c8090b95d8a1fcf70738bb2886554ca1f52e4a4a6a3c1f,2025-01-05T09:15:05.240000 +CVE-2024-13136,0,0,6a249d76ffb3f851877c6526a17a3f8cb75c7d4e6c345db37f81d84beb0f5b88,2025-01-05T09:15:06.320000 +CVE-2024-13137,0,0,a706682410d196acd863ad5b1cfb7824e74d6ba58ecdb615df00dfd743ce1392,2025-01-05T10:15:06.707000 +CVE-2024-13138,1,1,3a3b18ed00598e7695cbde7f87e909bb594ffa902be1c82ea14d41c8c6711709,2025-01-05T11:15:05.747000 +CVE-2024-13139,1,1,c1ed4a968ae444af8bf29c392f5a432bc37c326640c8ea7589aed59510006f8d,2025-01-05T11:15:07.247000 +CVE-2024-13140,1,1,280859b2e6d3787ec54aea9421ce7df191d758da1d1e75404cd2a48e4ec661e3,2025-01-05T12:15:05.473000 CVE-2024-1315,0,0,e1f16e3b2be06db6b65befc45bb21c6efb290182d3477c01a71033b0effe0c2a,2024-11-21T08:50:18.373000 CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa7d,2024-11-21T08:50:19.090000 CVE-2024-1317,0,0,a1d296c91e245cb27c998bff4f84250fb1101a61ebac429b7ce35a2ceb239c73,2024-12-31T16:57:11.080000