From e28b4eba928fb366f0707dbc8e48fa727893e6d9 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 5 Jan 2025 13:03:44 +0000 Subject: [PATCH] Auto-Update: 2025-01-05T13:00:19.452640+00:00 --- CVE-2024/CVE-2024-131xx/CVE-2024-13138.json | 145 ++++++++++++++++++++ CVE-2024/CVE-2024-131xx/CVE-2024-13139.json | 141 +++++++++++++++++++ CVE-2024/CVE-2024-131xx/CVE-2024-13140.json | 145 ++++++++++++++++++++ README.md | 12 +- _state.csv | 9 +- 5 files changed, 443 insertions(+), 9 deletions(-) create mode 100644 CVE-2024/CVE-2024-131xx/CVE-2024-13138.json create mode 100644 CVE-2024/CVE-2024-131xx/CVE-2024-13139.json create mode 100644 CVE-2024/CVE-2024-131xx/CVE-2024-13140.json diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13138.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13138.json new file mode 100644 index 00000000000..d96b0cfb923 --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13138.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13138", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T11:15:05.747", + "lastModified": "2025-01-05T11:15:05.747", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "baseScore": 5.8, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wangl1989/mysiteforme/issues/55", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wangl1989/mysiteforme/issues/55#issue-2757868654", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290212", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290212", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.468511", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13139.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13139.json new file mode 100644 index 00000000000..8a098e7694d --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13139.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-13139", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T11:15:07.247", + "lastModified": "2025-01-05T11:15:07.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "baseScore": 6.5, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/wangl1989/mysiteforme/issues/56", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/wangl1989/mysiteforme/issues/56#issue-2757876365", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290213", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290213", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.468513", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-131xx/CVE-2024-13140.json b/CVE-2024/CVE-2024-131xx/CVE-2024-13140.json new file mode 100644 index 00000000000..50276bdbb27 --- /dev/null +++ b/CVE-2024/CVE-2024-131xx/CVE-2024-13140.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-13140", + "sourceIdentifier": "cna@vuldb.com", + "published": "2025-01-05T12:15:05.473", + "lastModified": "2025-01-05T12:15:05.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 3.5, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "baseScore": 4.0, + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE" + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/emlog/emlog/issues/312", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/emlog/emlog/issues/312#issue-2758546837", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.290214", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.290214", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.468753", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 00f511d40c2..4ddb5dd9f58 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2025-01-05T11:00:19.488012+00:00 +2025-01-05T13:00:19.452640+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2025-01-05T10:15:06.707000+00:00 +2025-01-05T12:15:05.473000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -275726 +275729 ``` ### CVEs added in the last Commit Recently added CVEs: `3` -- [CVE-2024-13135](CVE-2024/CVE-2024-131xx/CVE-2024-13135.json) (`2025-01-05T09:15:05.240`) -- [CVE-2024-13136](CVE-2024/CVE-2024-131xx/CVE-2024-13136.json) (`2025-01-05T09:15:06.320`) -- [CVE-2024-13137](CVE-2024/CVE-2024-131xx/CVE-2024-13137.json) (`2025-01-05T10:15:06.707`) +- [CVE-2024-13138](CVE-2024/CVE-2024-131xx/CVE-2024-13138.json) (`2025-01-05T11:15:05.747`) +- [CVE-2024-13139](CVE-2024/CVE-2024-131xx/CVE-2024-13139.json) (`2025-01-05T11:15:07.247`) +- [CVE-2024-13140](CVE-2024/CVE-2024-131xx/CVE-2024-13140.json) (`2025-01-05T12:15:05.473`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 13e16cbf530..9a286116ff6 100644 --- a/_state.csv +++ b/_state.csv @@ -245452,9 +245452,12 @@ CVE-2024-13131,0,0,95b9a2d6a08f93879d932e041b311c499d3f0e154f510b263af670d8e3f4e CVE-2024-13132,0,0,21d2d0a056783edb04baa7102838e18985529312e228439b1f29de893d6c8fa8,2025-01-05T05:15:06.400000 CVE-2024-13133,0,0,9785e69379d6a0c25057df0e85fe2b0fda922cd10a604d201c02ee6ff38b912f,2025-01-05T05:15:07.507000 CVE-2024-13134,0,0,bf32841e8233339434384501225db38253b29750f711b67f74a58aecb9e0610e,2025-01-05T08:15:05.443000 -CVE-2024-13135,1,1,9a43452518638b8d25c8090b95d8a1fcf70738bb2886554ca1f52e4a4a6a3c1f,2025-01-05T09:15:05.240000 -CVE-2024-13136,1,1,6a249d76ffb3f851877c6526a17a3f8cb75c7d4e6c345db37f81d84beb0f5b88,2025-01-05T09:15:06.320000 -CVE-2024-13137,1,1,a706682410d196acd863ad5b1cfb7824e74d6ba58ecdb615df00dfd743ce1392,2025-01-05T10:15:06.707000 +CVE-2024-13135,0,0,9a43452518638b8d25c8090b95d8a1fcf70738bb2886554ca1f52e4a4a6a3c1f,2025-01-05T09:15:05.240000 +CVE-2024-13136,0,0,6a249d76ffb3f851877c6526a17a3f8cb75c7d4e6c345db37f81d84beb0f5b88,2025-01-05T09:15:06.320000 +CVE-2024-13137,0,0,a706682410d196acd863ad5b1cfb7824e74d6ba58ecdb615df00dfd743ce1392,2025-01-05T10:15:06.707000 +CVE-2024-13138,1,1,3a3b18ed00598e7695cbde7f87e909bb594ffa902be1c82ea14d41c8c6711709,2025-01-05T11:15:05.747000 +CVE-2024-13139,1,1,c1ed4a968ae444af8bf29c392f5a432bc37c326640c8ea7589aed59510006f8d,2025-01-05T11:15:07.247000 +CVE-2024-13140,1,1,280859b2e6d3787ec54aea9421ce7df191d758da1d1e75404cd2a48e4ec661e3,2025-01-05T12:15:05.473000 CVE-2024-1315,0,0,e1f16e3b2be06db6b65befc45bb21c6efb290182d3477c01a71033b0effe0c2a,2024-11-21T08:50:18.373000 CVE-2024-1316,0,0,ec6b544cc876a8479e8de890063434d877e95d2641a1a8c864b5c959e6dbfa7d,2024-11-21T08:50:19.090000 CVE-2024-1317,0,0,a1d296c91e245cb27c998bff4f84250fb1101a61ebac429b7ce35a2ceb239c73,2024-12-31T16:57:11.080000