From ecc1754bb406d0a33f788598b62a0eab23232cc6 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 19 Oct 2024 16:03:17 +0000 Subject: [PATCH] Auto-Update: 2024-10-19T16:00:17.498386+00:00 --- CVE-2024/CVE-2024-101xx/CVE-2024-10139.json | 141 ++++++++++++++++++++ CVE-2024/CVE-2024-101xx/CVE-2024-10140.json | 141 ++++++++++++++++++++ CVE-2024/CVE-2024-101xx/CVE-2024-10141.json | 141 ++++++++++++++++++++ README.md | 15 +-- _state.csv | 11 +- 5 files changed, 437 insertions(+), 12 deletions(-) create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10139.json create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10140.json create mode 100644 CVE-2024/CVE-2024-101xx/CVE-2024-10141.json diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10139.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10139.json new file mode 100644 index 00000000000..6e29f7ae9da --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10139.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10139", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-19T14:15:02.223", + "lastModified": "2024-10-19T14:15:02.223", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in code-projects Pharmacy Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add_new_supplier.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://gist.github.com/higordiego/155be99b5314d97b276a7b30b9e6dec0", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280927", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280927", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.425285", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10140.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10140.json new file mode 100644 index 00000000000..da55a9ced1c --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10140.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10140", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-19T15:15:14.603", + "lastModified": "2024-10-19T15:15:14.603", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in code-projects Pharmacy Management System 1.0. Affected by this issue is some unknown functionality of the file /manage_supplier.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://code-projects.org/", + "source": "cna@vuldb.com" + }, + { + "url": "https://gist.github.com/higordiego/b03bc3a330374a0581e51891d6105ed2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280928", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280928", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.425348", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10141.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10141.json new file mode 100644 index 00000000000..48daa5db0ab --- /dev/null +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10141.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-10141", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-10-19T15:15:14.973", + "lastModified": "2024-10-19T15:15:14.973", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in jsbroks COCO Annotator 0.11.1. This affects an unknown part of the component Session Handler. The manipulation of the argument SECRET_KEY leads to predictable from observable state. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.6 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 4.9, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-341" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jsbroks/coco-annotator/issues/626", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/jsbroks/coco-annotator/issues/626#issue-2582440109", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.280929", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.280929", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.422713", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 2f134a4a58e..c1b8b7dc97e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-19T14:00:16.655517+00:00 +2024-10-19T16:00:17.498386+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-19T13:15:12.277000+00:00 +2024-10-19T15:15:14.973000+00:00 ``` ### Last Data Feed Release @@ -33,17 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -266160 +266163 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `3` -- [CVE-2024-10135](CVE-2024/CVE-2024-101xx/CVE-2024-10135.json) (`2024-10-19T12:15:13.247`) -- [CVE-2024-10136](CVE-2024/CVE-2024-101xx/CVE-2024-10136.json) (`2024-10-19T12:15:14.110`) -- [CVE-2024-10137](CVE-2024/CVE-2024-101xx/CVE-2024-10137.json) (`2024-10-19T13:15:11.553`) -- [CVE-2024-10138](CVE-2024/CVE-2024-101xx/CVE-2024-10138.json) (`2024-10-19T13:15:12.277`) +- [CVE-2024-10139](CVE-2024/CVE-2024-101xx/CVE-2024-10139.json) (`2024-10-19T14:15:02.223`) +- [CVE-2024-10140](CVE-2024/CVE-2024-101xx/CVE-2024-10140.json) (`2024-10-19T15:15:14.603`) +- [CVE-2024-10141](CVE-2024/CVE-2024-101xx/CVE-2024-10141.json) (`2024-10-19T15:15:14.973`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 723ccb2af99..c1dc8924e7f 100644 --- a/_state.csv +++ b/_state.csv @@ -242276,11 +242276,14 @@ CVE-2024-10130,0,0,005b5772134ad7ab3ff093e3d1f3c1dcefb8a6bac854c40ff82f3832025c5 CVE-2024-10131,0,0,ec7f7d7eafabbce2d329a6df322b2a0ff4b203d8976eb09a804b94ea08a31f0c,2024-10-19T04:15:05.300000 CVE-2024-10133,0,0,1403af45d2d75980e8b273ee70d6599abebda1b60a49d652dd75f4a6f64bf012,2024-10-19T09:15:11.090000 CVE-2024-10134,0,0,461682cbdde81a87fe2c1d2aa03d035dc5e4253714bf534aa9aadd2b9f613670,2024-10-19T10:15:02.663000 -CVE-2024-10135,1,1,e8914e55b781bff716eafa940f25de30efb583513684251275ba2a3ba698eef6,2024-10-19T12:15:13.247000 -CVE-2024-10136,1,1,e0375517a90e229f8575b14da9742f014680eb77442b5a89ce25ef37d4825053,2024-10-19T12:15:14.110000 -CVE-2024-10137,1,1,33a47f69af14970bc437ebeaf02e36f1b2c715225745b0dc593980e1d4a08c0c,2024-10-19T13:15:11.553000 -CVE-2024-10138,1,1,1b4e7d561938531d13618919ae381cfdda69729bdad56337db9636f70aef3445,2024-10-19T13:15:12.277000 +CVE-2024-10135,0,0,e8914e55b781bff716eafa940f25de30efb583513684251275ba2a3ba698eef6,2024-10-19T12:15:13.247000 +CVE-2024-10136,0,0,e0375517a90e229f8575b14da9742f014680eb77442b5a89ce25ef37d4825053,2024-10-19T12:15:14.110000 +CVE-2024-10137,0,0,33a47f69af14970bc437ebeaf02e36f1b2c715225745b0dc593980e1d4a08c0c,2024-10-19T13:15:11.553000 +CVE-2024-10138,0,0,1b4e7d561938531d13618919ae381cfdda69729bdad56337db9636f70aef3445,2024-10-19T13:15:12.277000 +CVE-2024-10139,1,1,0ed3826709bf9e931ea547c65bfab2710bfb80e53b842917d28eaf89d2532e46,2024-10-19T14:15:02.223000 CVE-2024-1014,0,0,8e546db835ee0e62e0f6ed5b95e90d5586231fc78746cbbfef7db3d61b3c5f3d,2024-02-02T02:05:39.277000 +CVE-2024-10140,1,1,aec311209a02b8c14f754431c8bb87bae3f3320865efe32c0e3bd857d5ceadf9,2024-10-19T15:15:14.603000 +CVE-2024-10141,1,1,09fa08cc46cecf31331ef8b05b7e25cdba3a32b1fba57ba9bc41b0aac71ce99c,2024-10-19T15:15:14.973000 CVE-2024-1015,0,0,5516b1d1af5a9d3814b8a6e102d3692fcdb9c463b2e2645787afdcb157946f20,2024-02-02T02:04:13.267000 CVE-2024-1016,0,0,71cf76ab1a6b276906d8ecf764cf0be1d15a9c7c60543569d9e172588701616f,2024-05-17T02:35:10.520000 CVE-2024-1017,0,0,50b68641acb97d381e6a65107328f0dab0fccf027bea27ef0f379cc058119760,2024-05-17T02:35:10.627000