Auto-Update: 2024-09-21T23:55:16.925757+00:00

2025-07-11 16:13:34 +00:00 · 2024-09-21 23:58:14 +00:00 · 2024-09-21 23:58:14 +00:00 · e747a483a2
commit e747a483a2
parent 5828e4aeba
4 changed files with 181 additions and 17 deletions
--- a/CVE-2024/CVE-2024-472xx/CVE-2024-47210.json
+++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47210.json
@ -0,0 +1,29 @@
+{
+  "id": "CVE-2024-47210",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-09-21T23:15:14.137",
+  "lastModified": "2024-09-21T23:15:14.137",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Gladys Assistant before 4.45.1 allows Privilege Escalation (a user changing their own role) because req.body.role can be used in updateMySelf in server/api/controllers/user.controller.js."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/GladysAssistant/Gladys/commit/344ad9b8ca3078d9292dd95f2dd7b9172bc6ebbe",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/GladysAssistant/Gladys/compare/v4.45.0...v4.45.1",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/GladysAssistant/Gladys/pull/2115",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-90xx/CVE-2024-9075.json
+++ b/CVE-2024/CVE-2024-90xx/CVE-2024-9075.json
@ -0,0 +1,137 @@
+{
+  "id": "CVE-2024-9075",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-09-21T23:15:14.493",
+  "lastModified": "2024-09-21T23:15:14.493",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Stirling-Tools Stirling-PDF up to 0.28.3. It has been declared as problematic. This vulnerability affects unknown code of the component Markdown-to-PDF. The manipulation leads to cross site scripting. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "NONE",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "NONE",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 2.3,
+          "baseSeverity": "LOW"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.6,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 1.2,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "HIGH",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.1
+        },
+        "baseSeverity": "LOW",
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://drive.google.com/file/d/1J4TnzgzKOEvMck3kpaFuR6zfSVt7YgKu/view?usp=sharing",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.278242",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.278242",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?submit.406335",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-09-21T18:00:17.606406+00:00
+2024-09-21T23:55:16.925757+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-09-21T16:35:06.637000+00:00
+2024-09-21T23:15:14.493000+00:00
 ```

 ### Last Data Feed Release
@ -33,25 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-263525
+263527
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `2`

+- [CVE-2024-47210](CVE-2024/CVE-2024-472xx/CVE-2024-47210.json) (`2024-09-21T23:15:14.137`)
+- [CVE-2024-9075](CVE-2024/CVE-2024-90xx/CVE-2024-9075.json) (`2024-09-21T23:15:14.493`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `6`
+Recently modified CVEs: `0`

- [CVE-2023-20819](CVE-2023/CVE-2023-208xx/CVE-2023-20819.json) (`2024-09-21T16:35:01.573`)
- [CVE-2023-32826](CVE-2023/CVE-2023-328xx/CVE-2023-32826.json) (`2024-09-21T16:35:03.330`)
- [CVE-2023-32827](CVE-2023/CVE-2023-328xx/CVE-2023-32827.json) (`2024-09-21T16:35:04.183`)
- [CVE-2023-32828](CVE-2023/CVE-2023-328xx/CVE-2023-32828.json) (`2024-09-21T16:35:05.013`)
- [CVE-2023-32829](CVE-2023/CVE-2023-328xx/CVE-2023-32829.json) (`2024-09-21T16:35:05.837`)
- [CVE-2023-32830](CVE-2023/CVE-2023-328xx/CVE-2023-32830.json) (`2024-09-21T16:35:06.637`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -215060,7 +215060,7 @@ CVE-2023-20815,0,0,8cc3f7cc80285a6d4675688af0e2947eb6247e1768f3a1cba4030e1fe2239
 CVE-2023-20816,0,0,b5ebd1fdc3ab6ed7a182a78bde921026151951d7c3c6446da9b6c53cc30f6793,2023-08-09T17:49:47.037000
 CVE-2023-20817,0,0,f0b94745e685b77ed63a36db9c117b6b39f9cfcbdabff9d9c87b3a2313980c93,2023-08-09T17:49:40.027000
 CVE-2023-20818,0,0,45ae32b47377e91ea351a73468b41994cd1d3b4ec51c18c8865d863ed741c606,2023-08-09T17:49:30.607000
-CVE-2023-20819,0,1,c056b87b2ebed256b5107aaf5ce311d220de95b3b3db7b11c4effe7a4eed0352,2024-09-21T16:35:01.573000
+CVE-2023-20819,0,0,c056b87b2ebed256b5107aaf5ce311d220de95b3b3db7b11c4effe7a4eed0352,2024-09-21T16:35:01.573000
 CVE-2023-2082,0,0,24dcd898b1f3567259f4f6aad9d57c28cbb421cc1896ebbe2df775b7cf6101c6,2023-11-07T04:11:54.467000
 CVE-2023-20820,0,0,b8ce0f691521cb188b31615a2914ada5344f69549b9bff1e5f48aff8b60d954f,2023-09-07T19:14:49.727000
 CVE-2023-20821,0,0,56097556eb1ad331e0b189d13a8b1a23a2b3597ff14666e0ee3d23e7f183ab98,2023-09-07T19:14:35.620000
@ -224835,11 +224835,11 @@ CVE-2023-32822,0,0,b987edc1db190e267bb6438737458e2dac5d65812942d68e2ab015a603d08
 CVE-2023-32823,0,0,b9fb55a617c0cac443c2e071ea3ed1c6ff6a530f9b24932fc0acac1e43a0e524,2023-10-03T01:23:26.747000
 CVE-2023-32824,0,0,b7cad1ba52f105ff630479666c65d5edcee094510df5e15b0915a16af2131535,2023-10-03T01:35:09.277000
 CVE-2023-32825,0,0,4d951244a3034e7e148d958c4fde86bb8e3198d5c4adad847f95bad235aed891,2023-11-13T18:51:48.043000
-CVE-2023-32826,0,1,16c6cd1f14a315c0a20ae139a1ad19f2ce5feaa9b72eb7e640c67ad6da2f2ed6,2024-09-21T16:35:03.330000
-CVE-2023-32827,0,1,ef41d0f2c1c5cfc16ed9ec7554b5e76f64c7725bdc1ef4e38829af2a10e7b4ea,2024-09-21T16:35:04.183000
-CVE-2023-32828,0,1,2a64567e47a81e49cddaa59202432056a85abf65111cfed8bb34b2ba7b6235de,2024-09-21T16:35:05.013000
-CVE-2023-32829,0,1,f74edb0218d3ad61b2920a2eb8e3043631cf97287f4688a4d36afae56da3eff4,2024-09-21T16:35:05.837000
-CVE-2023-32830,0,1,4fc451796bbf3586d99008b5c09f7319f4fb37f77ce10f5c39fee6543c09af01,2024-09-21T16:35:06.637000
+CVE-2023-32826,0,0,16c6cd1f14a315c0a20ae139a1ad19f2ce5feaa9b72eb7e640c67ad6da2f2ed6,2024-09-21T16:35:03.330000
+CVE-2023-32827,0,0,ef41d0f2c1c5cfc16ed9ec7554b5e76f64c7725bdc1ef4e38829af2a10e7b4ea,2024-09-21T16:35:04.183000
+CVE-2023-32828,0,0,2a64567e47a81e49cddaa59202432056a85abf65111cfed8bb34b2ba7b6235de,2024-09-21T16:35:05.013000
+CVE-2023-32829,0,0,f74edb0218d3ad61b2920a2eb8e3043631cf97287f4688a4d36afae56da3eff4,2024-09-21T16:35:05.837000
+CVE-2023-32830,0,0,4fc451796bbf3586d99008b5c09f7319f4fb37f77ce10f5c39fee6543c09af01,2024-09-21T16:35:06.637000
 CVE-2023-32831,0,0,2d09d42e69e9e82fdf031dc13638335823cf5316d77b2bad2a3d97ea22c19b9a,2024-01-05T12:11:01.800000
 CVE-2023-32832,0,0,e798353a6720ac57c05adb0175800bc6e61a17269787b9e22c5601e0e157e639,2023-11-14T03:15:08.717000
 CVE-2023-32834,0,0,4f00cb7a2be19f938eb5f63bc1e783890c9bb501803843b99e5fc4824ea460ad,2023-11-13T18:50:02.027000
@ -260418,6 +260418,7 @@ CVE-2024-4718,0,0,2fda56f630ea417950b3260007ed553b407a44c514b05be289e283a21ee915
 CVE-2024-4719,0,0,5f15010ce3da97593d62bd8e5cbd7e4df0db8fec077945fcbb72e898184ff8a0,2024-06-20T20:15:19.763000
 CVE-2024-4720,0,0,eb5b6c06efbc2e8e5b700d46905e09781ba603e4dc4e18ff8664640e85fa6762,2024-06-04T19:20:47.440000
 CVE-2024-4721,0,0,58190a4c7e114543454f0451ab9386f5b2fe1b56ab67d3c8b011dbecb251f4fd,2024-05-17T02:40:34.750000
+CVE-2024-47210,1,1,0f454d85fbf6c0f05fab65abefd093954043a58c5c70cce05f4c4cc167a25521,2024-09-21T23:15:14.137000
 CVE-2024-4722,0,0,d0eb70616d7559be2944527d8cacda4cb03faa787985cf2ceace067dd7c5ef1c,2024-06-04T19:20:47.553000
 CVE-2024-4723,0,0,7af98ecd367a90ef8c416c400db7bb1bdf630fc1c111a3c8e6b7b48b9bb15bbe,2024-06-04T19:20:47.717000
 CVE-2024-4724,0,0,1e35a8d6fb4d3f11b5f0d2a27ec10d126d5383267b650c161b24f017393ebb63,2024-06-04T19:20:47.830000
@ -263524,3 +263525,4 @@ CVE-2024-9040,0,0,b2e6ba9f70727fa0a7ad666e492a886dd19e8c26da377d2d82938ce54a27f8
 CVE-2024-9041,0,0,9b2bb47050dcdd44edd27fd4fde021bb936ec7198fce2f08f9ad2c86bf8bcde4,2024-09-20T17:15:15.507000
 CVE-2024-9043,0,0,8dd475426653f7d07aa5f325730a5d6c66debac84ef1209cdf6fa14cde3c264c,2024-09-20T12:30:17.483000
 CVE-2024-9048,0,0,913e9b0e4b91d6981c8b5bd62134205df1942a32410b4410b939157a5d95c26c,2024-09-21T09:15:04.660000
+CVE-2024-9075,1,1,f7f22be52254778b6653f4ac2ce21c5a7e460aac88837a4becb800c46b24a892,2024-09-21T23:15:14.493000