From eb4466fe08d14e2d223ae174037373c048ecf7e7 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 23 May 2024 04:03:30 +0000 Subject: [PATCH] Auto-Update: 2024-05-23T04:00:38.869278+00:00 --- CVE-2023/CVE-2023-68xx/CVE-2023-6844.json | 55 ++++++++++++++ CVE-2024/CVE-2024-18xx/CVE-2024-1855.json | 51 +++++++++++++ CVE-2024/CVE-2024-30xx/CVE-2024-3065.json | 47 ++++++++++++ CVE-2024/CVE-2024-32xx/CVE-2024-3201.json | 47 ++++++++++++ CVE-2024/CVE-2024-44xx/CVE-2024-4486.json | 47 ++++++++++++ CVE-2024/CVE-2024-47xx/CVE-2024-4783.json | 47 ++++++++++++ CVE-2024/CVE-2024-48xx/CVE-2024-4895.json | 51 +++++++++++++ CVE-2024/CVE-2024-49xx/CVE-2024-4978.json | 55 ++++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5230.json | 88 ++++++++++++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5231.json | 92 +++++++++++++++++++++++ README.md | 19 +++-- _state.csv | 12 ++- 12 files changed, 605 insertions(+), 6 deletions(-) create mode 100644 CVE-2023/CVE-2023-68xx/CVE-2023-6844.json create mode 100644 CVE-2024/CVE-2024-18xx/CVE-2024-1855.json create mode 100644 CVE-2024/CVE-2024-30xx/CVE-2024-3065.json create mode 100644 CVE-2024/CVE-2024-32xx/CVE-2024-3201.json create mode 100644 CVE-2024/CVE-2024-44xx/CVE-2024-4486.json create mode 100644 CVE-2024/CVE-2024-47xx/CVE-2024-4783.json create mode 100644 CVE-2024/CVE-2024-48xx/CVE-2024-4895.json create mode 100644 CVE-2024/CVE-2024-49xx/CVE-2024-4978.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5230.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5231.json diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6844.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6844.json new file mode 100644 index 00000000000..b793a7d9e61 --- /dev/null +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6844.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6844", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-23T02:15:08.040", + "lastModified": "2024-05-23T02:15:08.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The iframe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to and including 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/iframe/trunk/iframe.php#L37", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/iframe/trunk/iframe.php#L60", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3089839%40iframe%2Ftrunk&old=3036990%40iframe%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c16e16dc-8888-4222-862f-a57a9f14e7f4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1855.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1855.json new file mode 100644 index 00000000000..12c7ffe0772 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1855.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1855", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-23T02:15:08.277", + "lastModified": "2024-05-23T02:15:08.277", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WPCafe \u2013 Restaurant Menu, Online Ordering for WooCommerce, Pickup / Delivery and Table Reservation plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.2.23 via the wpc_check_for_submission function. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-cafe/trunk/core/action/wpc-ajax-action.php#L76", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3084054/wp-cafe/trunk/core/action/wpc-ajax-action.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f83c19e-1b75-4fea-b4de-f7f844a449c0?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3065.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3065.json new file mode 100644 index 00000000000..58d3fefadb9 --- /dev/null +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3065.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3065", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-23T02:15:08.480", + "lastModified": "2024-05-23T02:15:08.480", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/paypal-pay-buy-donation-and-cart-buttons-shortcode/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c596c278-4f16-4830-8e6e-5e1392d4d118?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3201.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3201.json new file mode 100644 index 00000000000..98727a769db --- /dev/null +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3201.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3201", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-23T02:15:08.673", + "lastModified": "2024-05-23T02:15:08.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP DSGVO Tools (GDPR) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pp_link' shortcode in all versions up to, and including, 3.1.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3090019%40shapepress-dsgvo%2Ftrunk&old=3016389%40shapepress-dsgvo%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/df5cd6e7-e821-403f-a048-25c2ca1fb2de?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-44xx/CVE-2024-4486.json b/CVE-2024/CVE-2024-44xx/CVE-2024-4486.json new file mode 100644 index 00000000000..4da24e71b79 --- /dev/null +++ b/CVE-2024/CVE-2024-44xx/CVE-2024-4486.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-4486", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-23T02:15:08.870", + "lastModified": "2024-05-23T02:15:08.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Awesome Contact Form7 for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'AEP Contact Form 7' widget in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/awesome-contact-form7-for-elementor/trunk/widgets/aep-contact-form7.php#L819", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0687e101-3c96-4c9b-941a-1b0fed2f76e2?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4783.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4783.json new file mode 100644 index 00000000000..9d73b10f52d --- /dev/null +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4783.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-4783", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-23T02:15:09.070", + "lastModified": "2024-05-23T02:15:09.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/jquery-t-countdown-widget/trunk/countdown-timer.php#L768", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78eeef12-123b-42f6-b446-c3f2d43153fd?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4895.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4895.json new file mode 100644 index 00000000000..3964c57b882 --- /dev/null +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4895.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-4895", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-23T03:15:08.063", + "lastModified": "2024-05-23T03:15:08.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The wpDataTables \u2013 WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the CSV import functionality in all versions up to, and including, 3.4.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3089897/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/wpdatatables/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c944e08-1b70-4b56-80eb-f588c0fab5b6?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4978.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4978.json new file mode 100644 index 00000000000..a6692b69a32 --- /dev/null +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4978.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-4978", + "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", + "published": "2024-05-23T02:15:09.257", + "lastModified": "2024-05-23T02:15:09.257", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Justice AV Solutions Viewer Setup 8.3.7.250-1 contains a malicious binary when executed and is signed with an unexpected authenticode signature. A remote, privileged threat actor may exploit this vulnerability to execute of unauthorized PowerShell commands." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "9119a7d8-5eab-497f-8521-727c672e3725", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://twitter.com/2RunJack2/status/1775052981966377148", + "source": "9119a7d8-5eab-497f-8521-727c672e3725" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5230.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5230.json new file mode 100644 index 00000000000..938bce03103 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5230.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-5230", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-23T02:15:09.503", + "lastModified": "2024-05-23T02:15:09.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.265981", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.265981", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.333519", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5231.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5231.json new file mode 100644 index 00000000000..d57103c9e14 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5231.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-5231", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-23T03:15:08.307", + "lastModified": "2024-05-23T03:15:08.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view/teacher_salary_details.php. The manipulation of the argument index leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-265982 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System%20-%20sql/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2021.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.265982", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.265982", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.339807", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index dd43d75505f..3908cec7fa1 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-23T02:00:29.691489+00:00 +2024-05-23T04:00:38.869278+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-23T01:15:47.413000+00:00 +2024-05-23T03:15:08.307000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -251516 +251526 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `10` -- [CVE-2024-3708](CVE-2024/CVE-2024-37xx/CVE-2024-3708.json) (`2024-05-23T01:15:47.413`) +- [CVE-2023-6844](CVE-2023/CVE-2023-68xx/CVE-2023-6844.json) (`2024-05-23T02:15:08.040`) +- [CVE-2024-1855](CVE-2024/CVE-2024-18xx/CVE-2024-1855.json) (`2024-05-23T02:15:08.277`) +- [CVE-2024-3065](CVE-2024/CVE-2024-30xx/CVE-2024-3065.json) (`2024-05-23T02:15:08.480`) +- [CVE-2024-3201](CVE-2024/CVE-2024-32xx/CVE-2024-3201.json) (`2024-05-23T02:15:08.673`) +- [CVE-2024-4486](CVE-2024/CVE-2024-44xx/CVE-2024-4486.json) (`2024-05-23T02:15:08.870`) +- [CVE-2024-4783](CVE-2024/CVE-2024-47xx/CVE-2024-4783.json) (`2024-05-23T02:15:09.070`) +- [CVE-2024-4895](CVE-2024/CVE-2024-48xx/CVE-2024-4895.json) (`2024-05-23T03:15:08.063`) +- [CVE-2024-4978](CVE-2024/CVE-2024-49xx/CVE-2024-4978.json) (`2024-05-23T02:15:09.257`) +- [CVE-2024-5230](CVE-2024/CVE-2024-52xx/CVE-2024-5230.json) (`2024-05-23T02:15:09.503`) +- [CVE-2024-5231](CVE-2024/CVE-2024-52xx/CVE-2024-5231.json) (`2024-05-23T03:15:08.307`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index ceb3b8fec91..6c23a0cfced 100644 --- a/_state.csv +++ b/_state.csv @@ -239675,6 +239675,7 @@ CVE-2023-6839,0,0,8807fec9c6525daa027947c43f6efc6745e2a71d884dfca25a093387609b37 CVE-2023-6840,0,0,f3e90530a8fdb37e8db2c5be55b74b905390253b9e9a28117ebf58c12b7d6599,2024-03-04T20:52:05.890000 CVE-2023-6842,0,0,fd352664a753beeee1da1e0c7b186fb8d6f51c73028cad0cf6ca2db0482ef010,2024-01-16T17:15:22.207000 CVE-2023-6843,0,0,5c319d42869a0026e9f202107450d0b8ffa48ae74093cce628f853fdfe644ede,2024-01-19T17:53:58.730000 +CVE-2023-6844,1,1,f0feb88aa8162578e8cb59319e2343437602c1052b1a8b44a3c5963136b5e6dd,2024-05-23T02:15:08.040000 CVE-2023-6845,0,0,731d1bd3631a1daee902267120e683edafdd00fe9b5cbc0c0fd9798c06818f11,2024-01-11T20:01:43.617000 CVE-2023-6846,0,0,1c711df48c681681a27e697b91eaf1c1879d45e51afb6a99949f93aa7233f3f5,2024-02-09T16:51:01.473000 CVE-2023-6847,0,0,cdcc4710c54412d28ccbb11fb3bee795734a0457425239dfdc6d0858011c26df,2023-12-29T19:13:35.857000 @@ -241589,6 +241590,7 @@ CVE-2024-1851,0,0,ac07ab34f3e596527407cf2fcb93e785fa1a213045982c8aadd05f9e543a11 CVE-2024-1852,0,0,9f92825b65e6bb9369c1037dcd50c43b1f7e5526ff6359d4256ca25ce4ba1079,2024-04-10T13:23:38.787000 CVE-2024-1853,0,0,88e46cdee904df65be156cae6d046ba1f9b383351c4ae2ffb721120e1de469e2,2024-03-15T12:53:06.423000 CVE-2024-1854,0,0,3a967413553da784783a186d6f1f68031ea1075d4f2cd23254325d37dfc46570,2024-03-13T18:15:58.530000 +CVE-2024-1855,1,1,f305bdfff5a173e9490a0ac6a981555af957170602a4e149c7a017f18f31c235,2024-05-23T02:15:08.277000 CVE-2024-1856,0,0,48e25a0a51ff59c36d550bf65bc3fc4ba5a1076a897470898ae662b3caa65413,2024-03-20T17:18:26.603000 CVE-2024-1857,0,0,164ffc9028ea8123e170b3133bd7028efed77d0a506ca5e23a7f1160b5525233,2024-03-17T22:38:29.433000 CVE-2024-1858,0,0,d329b4dad593adf10fc77a9347763d88761569a73a452b4e0bfbb9040ab7c169,2024-03-29T12:45:02.937000 @@ -248072,6 +248074,7 @@ CVE-2024-30638,0,0,476165b7ba1121567d55c67d54d9d40e3e29ea068ff3cb9f8e442a4ce4566 CVE-2024-30639,0,0,46b7c5471e103449855c9fbd2240c66d12c0c2b4b2c2dd58c9da71634c442509,2024-04-01T01:12:59.077000 CVE-2024-3064,0,0,150d2695d7eeb315cec549f12d6c6ef3f6e02daaf223b84571983b190cdbdba2,2024-04-10T13:23:38.787000 CVE-2024-30645,0,0,00b9821a66dbca80d2d2c9c63858e19e8817ea8f49dc6578caf9fd20dddfbebc,2024-04-01T01:12:59.077000 +CVE-2024-3065,1,1,5f9266cdecf636eb5ea3f51da0541b10e2125808cb45f7885ecbf721eb833e46,2024-05-23T02:15:08.480000 CVE-2024-30656,0,0,c800b352c15d86c6b7538edefbe50a56ea126bd7af414b5024084888358a8802,2024-04-16T13:24:07.103000 CVE-2024-30659,0,0,5ebf34ef5301500333f12d205c33075783bdc7dbc5af4530638bd854345f163a,2024-05-17T02:38:52.657000 CVE-2024-3066,0,0,9e39c1837a02fe45f60a2b47e49f27e1fbc5dc31dbbfb58a7f58eade8d944914,2024-05-22T12:46:53.887000 @@ -248750,6 +248753,7 @@ CVE-2024-32002,0,0,4b112f717b2a99383c626759f5cc1e661f6669171e8818b9856cf105765ed CVE-2024-32003,0,0,8e8c8d945f0ee0a518068e981d0cc584a07044ae728a9a77ce2d918bc43c232f,2024-04-15T13:15:31.997000 CVE-2024-32004,0,0,36c53e6b23ae4855264d40aff92ae0ce3b5701c2e0b937ef9fe8ca91ba7755d7,2024-05-14T19:17:55.627000 CVE-2024-32005,0,0,67300e4989f99e2e013d8397bc4806c53fe7ab524173b29e08f1814aa041fd14,2024-04-15T13:15:31.997000 +CVE-2024-3201,1,1,b879bbf3f151398a0e83d7e6d4801f5c6347cf5a50091d66bb5947b42b461ab4,2024-05-23T02:15:08.673000 CVE-2024-32017,0,0,c47f78232c4c3749a77898f284cf5dd751f8e553e59dc7410a9242dddea7ca2b,2024-05-07T12:15:09.593000 CVE-2024-32018,0,0,ed367d82895b9d9075702d5ab3b6c086d7325180d4e88bf52d874df7314b6c9a,2024-05-07T12:15:09.667000 CVE-2024-32019,0,0,7d17b262f48d84e5d46deb667dc18694c73147c4bad7ea42fd1b388af87a63d3,2024-04-15T13:15:31.997000 @@ -250678,7 +250682,7 @@ CVE-2024-3704,0,0,ad7f205e31bc442943bbd584692b194a3485d815654eeb83e4eefef6a6eff3 CVE-2024-3705,0,0,44f1c76d2f6cd8dab882ddfdbdbe908a4e3a8f22d6a90f31f0279b7faf87a669,2024-04-15T13:15:51.577000 CVE-2024-3706,0,0,93b27543775cdce8e7b256b8d014ea258e7a61f0ddb1cca03581da1a85330700,2024-04-15T13:15:51.577000 CVE-2024-3707,0,0,cb892298714e8d1628bf09ece0bc00ef0a1a1429034ce83bb3286f4d822c160d,2024-04-15T13:15:51.577000 -CVE-2024-3708,1,1,163a69531029a6fb699881d69e0e6be6ea30a2641941f7226f06e0429c39d0bb,2024-05-23T01:15:47.413000 +CVE-2024-3708,0,0,163a69531029a6fb699881d69e0e6be6ea30a2641941f7226f06e0429c39d0bb,2024-05-23T01:15:47.413000 CVE-2024-3714,0,0,67d2f256f515fc7fb7a12633af83387395a2a6015e3786015a9a5a4420323bea,2024-05-20T13:00:34.807000 CVE-2024-3715,0,0,902861be5261e2c029ed83a5c6920fde180817c53e05bb93208dc31c820658c5,2024-05-02T18:00:37.360000 CVE-2024-3717,0,0,f925293668cd733410cea58d8de3d8ac1f08ce4fec8b5812651df64ea2fd428a,2024-05-02T18:00:37.360000 @@ -251145,6 +251149,7 @@ CVE-2024-4470,0,0,f0fba350e729f8feed66d9240267f117660bcf2139730ecc32d391638246d5 CVE-2024-4473,0,0,be8deb42c9d1905b301c3bfbae608b1551ce9395ac2fbbb337038c3a7eb347fa,2024-05-14T19:17:55.627000 CVE-2024-4478,0,0,31a4a4c48861c0c170c939e3aa0b10661ec97e9653465707919926dbd3595183,2024-05-16T13:03:05.353000 CVE-2024-4481,0,0,7ecf88f2a22a659849266bdc0bd40c464d195e3dafdf490c58869a301c87572b,2024-05-14T16:11:39.510000 +CVE-2024-4486,1,1,287cbf1c38738e27cc60bfb6efc5c8e685dbce48639a2d00ddabceb3ceb215bc,2024-05-23T02:15:08.870000 CVE-2024-4487,0,0,50c826d9a63ca2cf478652fe406866ee1f801cabb050eb8635e58a006f7805c7,2024-05-14T16:11:39.510000 CVE-2024-4490,0,0,e9307362c9e30effa78a675ee98be99c8b3d9c66fa0a2fa85d2752ca1d5cbd01,2024-05-14T16:11:39.510000 CVE-2024-4491,0,0,190d33e9615cd5e358f556ed01f8347aea5b370679d05434a810920d72ca6c97,2024-05-17T02:40:24.800000 @@ -251327,6 +251332,7 @@ CVE-2024-4775,0,0,757972c70170e347b2c51d2e2498d128ecd7ff8f77339f6d2f4b77d366af97 CVE-2024-4776,0,0,64dd8268145f408ad7d61272729ea601365b30d5997216da96d560825c4fd0a6,2024-05-14T19:17:55.627000 CVE-2024-4777,0,0,871c0aa9bb9189afc5f5526abead12f9f754ed9ce1a10923259013af7abd7d06,2024-05-14T19:17:55.627000 CVE-2024-4778,0,0,37531b60d89a44d35c14fde25587b4d8cbf891fd39da513ae2adbe2646535312,2024-05-14T19:17:55.627000 +CVE-2024-4783,1,1,50a34812bb489c1e29faa5e7d01f999517b3b3f303f3febab98067b6fc927dbe,2024-05-23T02:15:09.070000 CVE-2024-4789,0,0,76a34ff55f02f4fdd71bc209763f0c4ed9b869d8ff89c5fc6a1a936b72db812c,2024-05-17T18:35:35.070000 CVE-2024-4790,0,0,9ca82e19e832a950283217f2bfd1db7efd6838c8a8bf54a7d78165e2752eb0b9,2024-05-17T02:40:36.990000 CVE-2024-4791,0,0,bc4ba581266356fcb662bc273060193bcd7412d6015907e518b3ebb2854be230,2024-05-17T02:40:37.090000 @@ -251381,6 +251387,7 @@ CVE-2024-4876,0,0,9001a39aab22b409ed584cd8d039f27b1e6b747a96583eefc2888b2c10c762 CVE-2024-4891,0,0,e74bd5bb85af020930d6b90474dcbd5a7bb8df3f51cfa57310da23b320714b43,2024-05-20T13:00:34.807000 CVE-2024-4893,0,0,d5ebc2dfcb13b74b4f1951a124d2e638a95f79aa05d19e6fadfe65b7ad1c4f46,2024-05-15T16:40:19.330000 CVE-2024-4894,0,0,d68130303d356c053d0f6768d0ee08506e206d16216142c952b9b56af8835d24,2024-05-15T16:40:19.330000 +CVE-2024-4895,1,1,ca47e9a880d615991518777911d21cd25e835db6515f90e24fb08e57e6f756a8,2024-05-23T03:15:08.063000 CVE-2024-4896,0,0,3b4886ba9dbcbd85f320cc34951c4d380c3a427ae383c882b64cfe15748a2c5b,2024-05-22T12:46:53.887000 CVE-2024-4903,0,0,9a411d9f215d13d2c422791efc5893252c00fbd9ad8c56cc74522677d5819e4f,2024-05-17T02:40:40.423000 CVE-2024-4904,0,0,6b2e400045aa483c1c0238ef1875b5106ef715ac4df10d8cb60a7ffbc3253def,2024-05-17T02:40:40.593000 @@ -251435,6 +251442,7 @@ CVE-2024-4973,0,0,ad7c577ee4f5c4118bca59729635919eaea613eef16c91713940397f35ef51 CVE-2024-4974,0,0,30c18840d61a7da1f6d082016a110f1f3e155cb69a321c5f3011e04a781acecd,2024-05-17T02:40:44.973000 CVE-2024-4975,0,0,09924b0fbe93d87fd37542372e09ae669637640cc2222ca882fa05e7d37dfb27,2024-05-17T02:40:45.073000 CVE-2024-4976,0,0,cec1c528b9c81bb2353d630af7aeaeed80f8c396bb33272f9e3c075fa645e3ec,2024-05-16T13:03:05.353000 +CVE-2024-4978,1,1,6aea9a2193ddedd3c50cdcb631099577c4e8e5dee89bf2f1d82709591ceea1be,2024-05-23T02:15:09.257000 CVE-2024-4980,0,0,d20f2ef35ef0f1f8e96465b1028eec7a5f2d3c74ffe21053744b8fa063677175,2024-05-22T12:46:53.887000 CVE-2024-4984,0,0,c181b2792419ab292757f17fa7ed54efe54e64b1f0d7a8e32f201040654607f4,2024-05-16T13:03:05.353000 CVE-2024-4985,0,0,b81bff980fe085b1791160496ce934ae0ce49626339c7659d52666ce349dace5,2024-05-21T12:37:59.687000 @@ -251515,3 +251523,5 @@ CVE-2024-5193,0,0,10c68e7444190b04603fe41121d5ca46f60a4a86754539b9aa3d12094e7245 CVE-2024-5194,0,0,449708a9669696a9d45dc12d62d0dd60618e438564c2c2163a0a40f19cb2695e,2024-05-22T12:46:53.887000 CVE-2024-5195,0,0,6f936c1a350f3aa4241c2485aebe122e7725b90fcb612ab0345f361f301112f3,2024-05-22T12:46:53.887000 CVE-2024-5196,0,0,5d3f231a43c31999680087469716ad4f3327a52b153d985ebb2cb490ce1591bb,2024-05-22T12:46:53.887000 +CVE-2024-5230,1,1,cf2becfcaf10c991a6e891134ca15d918b17a419b24de9a99e4b60c016014c40,2024-05-23T02:15:09.503000 +CVE-2024-5231,1,1,2fc06f277cf3b2ccd9f8bef63c31f29dbbc25b6622a63bce2a1973925c5571e0,2024-05-23T03:15:08.307000