From e75899c9d151d4dbafeaac2278cc28c474ef2e2e Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 24 Aug 2024 23:58:14 +0000 Subject: [PATCH] Auto-Update: 2024-08-24T23:55:17.472549+00:00 --- CVE-2024/CVE-2024-452xx/CVE-2024-45234.json | 21 +++ CVE-2024/CVE-2024-452xx/CVE-2024-45235.json | 21 +++ CVE-2024/CVE-2024-452xx/CVE-2024-45236.json | 21 +++ CVE-2024/CVE-2024-452xx/CVE-2024-45237.json | 21 +++ CVE-2024/CVE-2024-452xx/CVE-2024-45238.json | 21 +++ CVE-2024/CVE-2024-452xx/CVE-2024-45239.json | 21 +++ CVE-2024/CVE-2024-452xx/CVE-2024-45240.json | 21 +++ CVE-2024/CVE-2024-81xx/CVE-2024-8135.json | 145 ++++++++++++++++++++ CVE-2024/CVE-2024-81xx/CVE-2024-8136.json | 141 +++++++++++++++++++ CVE-2024/CVE-2024-81xx/CVE-2024-8137.json | 141 +++++++++++++++++++ README.md | 19 ++- _state.csv | 12 +- 12 files changed, 599 insertions(+), 6 deletions(-) create mode 100644 CVE-2024/CVE-2024-452xx/CVE-2024-45234.json create mode 100644 CVE-2024/CVE-2024-452xx/CVE-2024-45235.json create mode 100644 CVE-2024/CVE-2024-452xx/CVE-2024-45236.json create mode 100644 CVE-2024/CVE-2024-452xx/CVE-2024-45237.json create mode 100644 CVE-2024/CVE-2024-452xx/CVE-2024-45238.json create mode 100644 CVE-2024/CVE-2024-452xx/CVE-2024-45239.json create mode 100644 CVE-2024/CVE-2024-452xx/CVE-2024-45240.json create mode 100644 CVE-2024/CVE-2024-81xx/CVE-2024-8135.json create mode 100644 CVE-2024/CVE-2024-81xx/CVE-2024-8136.json create mode 100644 CVE-2024/CVE-2024-81xx/CVE-2024-8137.json diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45234.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45234.json new file mode 100644 index 00000000000..518be4069b2 --- /dev/null +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45234.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-45234", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-08-24T23:15:04.037", + "lastModified": "2024-08-24T23:15:04.037", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a signedAttrs encoded in non-canonical form. This bypasses Fort's BER decoder, reaching a point in the code that panics when faced with data not encoded in DER. Because Fort is an RPKI Relying Party, a panic can lead to Route Origin Validation unavailability, which can lead to compromised routing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://nicmx.github.io/FORT-validator/CVE.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45235.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45235.json new file mode 100644 index 00000000000..65cd4dcb696 --- /dev/null +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45235.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-45235", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-08-24T23:15:04.130", + "lastModified": "2024-08-24T23:15:04.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing an Authority Key Identifier extension that lacks the keyIdentifier field. Fort references this pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://nicmx.github.io/FORT-validator/CVE.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45236.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45236.json new file mode 100644 index 00000000000..629a39ed637 --- /dev/null +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45236.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-45236", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-08-24T23:15:04.187", + "lastModified": "2024-08-24T23:15:04.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a signed object containing an empty signedAttributes field. Fort accesses the set's elements without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://nicmx.github.io/FORT-validator/CVE.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45237.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45237.json new file mode 100644 index 00000000000..5d6f8643c34 --- /dev/null +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45237.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-45237", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-08-24T23:15:04.243", + "lastModified": "2024-08-24T23:15:04.243", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a Key Usage extension composed of more than two bytes of data. Fort writes this string into a 2-byte buffer without properly sanitizing its length, leading to a buffer overflow." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://nicmx.github.io/FORT-validator/CVE.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45238.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45238.json new file mode 100644 index 00000000000..bf4c788931c --- /dev/null +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45238.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-45238", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-08-24T23:15:04.303", + "lastModified": "2024-08-24T23:15:04.303", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a resource certificate containing a bit string that doesn't properly decode into a Subject Public Key. OpenSSL does not report this problem during parsing, and when compiled with OpenSSL libcrypto versions below 3, Fort recklessly dereferences the pointer. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://nicmx.github.io/FORT-validator/CVE.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45239.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45239.json new file mode 100644 index 00000000000..e283d462209 --- /dev/null +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45239.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-45239", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-08-24T23:15:04.353", + "lastModified": "2024-08-24T23:15:04.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in Fort before 1.6.3. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) an ROA or a Manifest containing a null eContent field. Fort dereferences the pointer without sanitizing it first. Because Fort is an RPKI Relying Party, a crash can lead to Route Origin Validation unavailability, which can lead to compromised routing." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://nicmx.github.io/FORT-validator/CVE.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45240.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45240.json new file mode 100644 index 00000000000..1f834c8ac05 --- /dev/null +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45240.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-45240", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-08-24T23:15:04.407", + "lastModified": "2024-08-24T23:15:04.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this is only exploitable by third-party applications.)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://hackerone.com/reports/2417516", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8135.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8135.json new file mode 100644 index 00000000000..227002cb2aa --- /dev/null +++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8135.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-8135", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-24T22:15:13.827", + "lastModified": "2024-08-24T22:15:13.827", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The patch is identified as 4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f. It is recommended to apply a patch to fix this issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.5, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Go-Tribe/gotribe/commit/4fb9b9e80a2beedd09d9fde4b9cf5bd510baf18f", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Go-Tribe/gotribe/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/Go-Tribe/gotribe/issues/1#issuecomment-2307205980", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275706", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275706", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.396310", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8136.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8136.json new file mode 100644 index 00000000000..4751dce4700 --- /dev/null +++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8136.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8136", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-24T22:15:14.087", + "lastModified": "2024-08-24T22:15:14.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Record Management System 1.0. This affects an unknown part of the file sort1_user.php. The manipulation of the argument position leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/acmglz/bug1_report/blob/main/Record-Management-System-1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275709", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275709", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.396486", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-81xx/CVE-2024-8137.json b/CVE-2024/CVE-2024-81xx/CVE-2024-8137.json new file mode 100644 index 00000000000..9fe1f0768c3 --- /dev/null +++ b/CVE-2024/CVE-2024-81xx/CVE-2024-8137.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-8137", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-08-24T23:15:04.467", + "lastModified": "2024-08-24T23:15:04.467", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in SourceCodester Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file search_user.php. The manipulation of the argument search leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/acmglz/bug1_report/blob/main/Record-Management-System-2.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.275710", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.275710", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.396487", + "source": "cna@vuldb.com" + }, + { + "url": "https://www.sourcecodester.com/", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index fd9b68066ec..d9716e59005 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-24T22:00:16.755004+00:00 +2024-08-24T23:55:17.472549+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-24T20:15:04.503000+00:00 +2024-08-24T23:15:04.467000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -261089 +261099 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `10` -- [CVE-2024-8134](CVE-2024/CVE-2024-81xx/CVE-2024-8134.json) (`2024-08-24T20:15:04.503`) +- [CVE-2024-45234](CVE-2024/CVE-2024-452xx/CVE-2024-45234.json) (`2024-08-24T23:15:04.037`) +- [CVE-2024-45235](CVE-2024/CVE-2024-452xx/CVE-2024-45235.json) (`2024-08-24T23:15:04.130`) +- [CVE-2024-45236](CVE-2024/CVE-2024-452xx/CVE-2024-45236.json) (`2024-08-24T23:15:04.187`) +- [CVE-2024-45237](CVE-2024/CVE-2024-452xx/CVE-2024-45237.json) (`2024-08-24T23:15:04.243`) +- [CVE-2024-45238](CVE-2024/CVE-2024-452xx/CVE-2024-45238.json) (`2024-08-24T23:15:04.303`) +- [CVE-2024-45239](CVE-2024/CVE-2024-452xx/CVE-2024-45239.json) (`2024-08-24T23:15:04.353`) +- [CVE-2024-45240](CVE-2024/CVE-2024-452xx/CVE-2024-45240.json) (`2024-08-24T23:15:04.407`) +- [CVE-2024-8135](CVE-2024/CVE-2024-81xx/CVE-2024-8135.json) (`2024-08-24T22:15:13.827`) +- [CVE-2024-8136](CVE-2024/CVE-2024-81xx/CVE-2024-8136.json) (`2024-08-24T22:15:14.087`) +- [CVE-2024-8137](CVE-2024/CVE-2024-81xx/CVE-2024-8137.json) (`2024-08-24T23:15:04.467`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 7915689485f..f91a5fb5441 100644 --- a/_state.csv +++ b/_state.csv @@ -258498,7 +258498,14 @@ CVE-2024-45201,0,0,83db05d7484ca5c2638e18e64e3b5c06d28a9caaae332ad6d01f844ea902b CVE-2024-4521,0,0,a1d240438f25322e21494c2ddd2f5ee26b23410f012534bc2c27a0a49b09a860,2024-06-04T19:20:41.223000 CVE-2024-4522,0,0,acd0b6b231758473c48ed22daa75c2f0d87280406667aa3ced0f39aaa73cb777,2024-06-04T19:20:41.320000 CVE-2024-4523,0,0,e149ff229bd41b5a453469b36d558b5c1f467161b85c2884a74fe2177217c73a,2024-06-04T19:20:41.420000 +CVE-2024-45234,1,1,eb2ed051220c651a8423dbb0fc83b52b423c380776af072c8af587d2e1454d33,2024-08-24T23:15:04.037000 +CVE-2024-45235,1,1,9a8e57c7df2e3b62d496e60bd01da607f9e4fa385ceff51cd76da19f4bb3184b,2024-08-24T23:15:04.130000 +CVE-2024-45236,1,1,7e45375a083fe66d5d0e730805724b8294d78bb5d4e7b8efadf489767ec0c62a,2024-08-24T23:15:04.187000 +CVE-2024-45237,1,1,0fd4b5d345455ab0f4cf0a491f150cffb4adc98b1f0924dc0fa3bdb568d11c66,2024-08-24T23:15:04.243000 +CVE-2024-45238,1,1,ccc45be69dfe19e1e7a8bdab1dc3635c5b76d3b76fc80d9b03b5db6c4c8e84e0,2024-08-24T23:15:04.303000 +CVE-2024-45239,1,1,c2071b3339b557e4b3c067d45324b1f9fd1fd76e10f09111d85f3447f19fffe5,2024-08-24T23:15:04.353000 CVE-2024-4524,0,0,8e732eea1a281702bf1b965cf73e8243f70f2376e5e0521757bce6618382002a,2024-06-04T19:20:41.520000 +CVE-2024-45240,1,1,fccbd301154823cd83da805270cd48452cd27b133537c22483ab00d65d1ebe85,2024-08-24T23:15:04.407000 CVE-2024-4525,0,0,dfe2a87106534aea559d2a64c000518f6d0b8952ad5d7b752f8fc10ec2414d43,2024-06-04T19:20:41.620000 CVE-2024-4526,0,0,87a45e4eb41404ceb4b9ba3ca9513f18cac2687a381a0d6211a80485bbac625a,2024-06-04T19:20:41.720000 CVE-2024-4527,0,0,c7ad79186f39af6c4287cf90f197f2ec298291b738fc5af7e4ddede8b4e9adfb,2024-06-04T19:20:41.810000 @@ -261087,4 +261094,7 @@ CVE-2024-8130,0,0,9b7e1f9329e9e382cf628f98432202d425007974b54e0718aec7ddedc99bcb CVE-2024-8131,0,0,20c710f19d9d755da6abb0b6cdc364aa07ce74f6e6bd39946f1725506ba77183,2024-08-24T18:15:04.420000 CVE-2024-8132,0,0,c8871d198ab70f9db950df8031b66bd584c152c143118a2eb4e6abb910756de3,2024-08-24T18:15:04.727000 CVE-2024-8133,0,0,943cb52df07d6f70b3f097830243c502e4670441c6eb14c80d5819b5d4d27e9e,2024-08-24T19:15:05.963000 -CVE-2024-8134,1,1,a70532fb9cb95955f340f169abe5f8802bbdc93add6de472e54e68ee1b69157f,2024-08-24T20:15:04.503000 +CVE-2024-8134,0,0,a70532fb9cb95955f340f169abe5f8802bbdc93add6de472e54e68ee1b69157f,2024-08-24T20:15:04.503000 +CVE-2024-8135,1,1,f972f5907607a776b4a5ac79f5b33ca96c221f023d75c6beb0b2ee0e84ebf60c,2024-08-24T22:15:13.827000 +CVE-2024-8136,1,1,6ae8a815666d8a02e6809da8fe11df5b3a5993643a37b38c3ca83e4a46c6bb9e,2024-08-24T22:15:14.087000 +CVE-2024-8137,1,1,8fb9d58e8a9ec0c32f19e7936e62cda731eeccd1d68d05595a4657e8ebded412,2024-08-24T23:15:04.467000