Auto-Update: 2024-02-09T09:00:29.872381+00:00

CVE-2023/CVE-2023-315xx/CVE-2023-31506.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-31506",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T07:15:59.310",
+  "lastModified": "2024-02-09T07:15:59.310",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A cross-site scripting (XSS) vulnerability in Grav versions 1.7.44 and before, allows remote authenticated attackers to execute arbitrary web scripts or HTML via the onmouseover attribute of an ISINDEX element."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://m3n0sd0n4ld.github.io/patoHackventuras/cve-2023-31506",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-396xx/CVE-2023-39683.json

@@ -0,0 +1,28 @@
+{
+  "id": "CVE-2023-39683",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T07:15:59.960",
+  "lastModified": "2024-02-09T07:15:59.960",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting (XSS) vulnerability in EasyEmail v.4.12.2 and before allows a local attacker to execute arbitrary code via the user input parameter(s). NOTE: Researcher claims issue is present in all versions prior and later than tested version."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/zalify/easy-email/issues/321",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/zalify/easy-email/issues/373",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://medium.com/%40vificatem/cve-2023-39683-dom-xss-on-json-source-code-panel-in-zalify-easy-email-3fa08f3e0d49",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-463xx/CVE-2023-46350.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-46350",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T08:15:08.253",
+  "lastModified": "2024-02-09T08:15:08.253",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQL injection vulnerability in InnovaDeluxe \"Manufacturer or supplier alphabetical search\" (idxrmanufacturer) module for PrestaShop versions 2.0.4 and before, allows remote attackers to escalate privileges and obtain sensitive information via the methods IdxrmanufacturerFunctions::getCornersLink, IdxrmanufacturerFunctions::getManufacturersLike and IdxrmanufacturerFunctions::getSuppliersLike."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2024/02/08/idxrmanufacturer.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2023/CVE-2023-500xx/CVE-2023-50026.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-50026",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T08:15:08.460",
+  "lastModified": "2024-02-09T08:15:08.460",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQL injection vulnerability in Presta Monster \"Multi Accessories Pro\" (hsmultiaccessoriespro) module for PrestaShop versions 5.1.1 and before, allows remote attackers to escalate privileges and obtain sensitive information via the method HsAccessoriesGroupProductAbstract::getAccessoriesByIdProducts()."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2024/02/08/hsmultiaccessoriespro.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-02xx/CVE-2024-0229.json

@@ -0,0 +1,99 @@
+{
+  "id": "CVE-2024-0229",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2024-02-09T07:16:00.107",
+  "lastModified": "2024-02-09T07:16:00.107",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secalert@redhat.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "secalert@redhat.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-788"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0320",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0557",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0558",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0597",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0607",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0614",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0617",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0621",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0626",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:0629",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://access.redhat.com/security/cve/CVE-2024-0229",
+      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2256690",
+      "source": "secalert@redhat.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-237xx/CVE-2024-23749.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-23749",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T08:15:08.530",
+  "lastModified": "2024-02-09T08:15:08.530",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://blog.defcesco.io/CVE-2024-23749",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-243xx/CVE-2024-24308.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-24308",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T08:15:08.707",
+  "lastModified": "2024-02-09T08:15:08.707",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2024/02/08/boostmyshopagent.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-250xx/CVE-2024-25003.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-25003",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T07:16:00.807",
+  "lastModified": "2024-02-09T08:15:08.920",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-250xx/CVE-2024-25004.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-25004",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-09T07:16:00.930",
+  "lastModified": "2024-02-09T08:15:09.037",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-02-09T07:00:24.659687+00:00
+2024-02-09T09:00:29.872381+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-02-09T05:15:08.840000+00:00
+2024-02-09T08:15:09.037000+00:00
 ```
 
 ### Last Data Feed Release
@@ -29,16 +29,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-238010
+238019
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `3`
+Recently added CVEs: `9`
 
-* [CVE-2024-0657](CVE-2024/CVE-2024-06xx/CVE-2024-0657.json) (`2024-02-09T05:15:08.410`)
-* [CVE-2024-0842](CVE-2024/CVE-2024-08xx/CVE-2024-0842.json) (`2024-02-09T05:15:08.660`)
-* [CVE-2024-1122](CVE-2024/CVE-2024-11xx/CVE-2024-1122.json) (`2024-02-09T05:15:08.840`)
+* [CVE-2023-31506](CVE-2023/CVE-2023-315xx/CVE-2023-31506.json) (`2024-02-09T07:15:59.310`)
+* [CVE-2023-39683](CVE-2023/CVE-2023-396xx/CVE-2023-39683.json) (`2024-02-09T07:15:59.960`)
+* [CVE-2023-46350](CVE-2023/CVE-2023-463xx/CVE-2023-46350.json) (`2024-02-09T08:15:08.253`)
+* [CVE-2023-50026](CVE-2023/CVE-2023-500xx/CVE-2023-50026.json) (`2024-02-09T08:15:08.460`)
+* [CVE-2024-0229](CVE-2024/CVE-2024-02xx/CVE-2024-0229.json) (`2024-02-09T07:16:00.107`)
+* [CVE-2024-23749](CVE-2024/CVE-2024-237xx/CVE-2024-23749.json) (`2024-02-09T08:15:08.530`)
+* [CVE-2024-24308](CVE-2024/CVE-2024-243xx/CVE-2024-24308.json) (`2024-02-09T08:15:08.707`)
+* [CVE-2024-25003](CVE-2024/CVE-2024-250xx/CVE-2024-25003.json) (`2024-02-09T07:16:00.807`)
+* [CVE-2024-25004](CVE-2024/CVE-2024-250xx/CVE-2024-25004.json) (`2024-02-09T07:16:00.930`)
 
 
 ### CVEs modified in the last Commit