Auto-Update: 2024-03-03T17:00:24.858448+00:00

2025-07-09 16:05:11 +00:00 · 2024-03-03 17:00:28 +00:00 · 2024-03-03 17:00:28 +00:00 · efdc3eb1ca
commit efdc3eb1ca
parent 2526e058fc
7 changed files with 337 additions and 11 deletions
--- a/CVE-2022/CVE-2022-438xx/CVE-2022-43880.json
+++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43880.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2022-43880",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-03-03T16:15:49.570",
+  "lastModified": "2024-03-03T16:15:49.570",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service.  IBM X-Force ID:  240151."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 4.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-400"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240151",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/6980843",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-272xx/CVE-2023-27291.json
+++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27291.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-27291",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-03-03T16:15:49.777",
+  "lastModified": "2024-03-03T16:15:49.777",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information.  IBM X-Force ID:  248740."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 0.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-311"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248740",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/6965458",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-285xx/CVE-2023-28512.json
+++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28512.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2023-28512",
+  "sourceIdentifier": "psirt@us.ibm.com",
+  "published": "2024-03-03T16:15:49.983",
+  "lastModified": "2024-03-03T16:15:49.983",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation.  IBM X-Force ID:  250396."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@us.ibm.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.9,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@us.ibm.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-472"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250396",
+      "source": "psirt@us.ibm.com"
+    },
+    {
+      "url": "https://www.ibm.com/support/pages/node/6965456",
+      "source": "psirt@us.ibm.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-07xx/CVE-2024-0765.json
+++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0765.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-0765",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2024-03-03T15:15:07.113",
+  "lastModified": "2024-03-03T15:15:07.113",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state.\n\nThis would require the attacked to be granted explicit access to the system, but they can do this at any role. Additionally, post-download, the data is deleted so no evidence would exist that the exfiltration occured."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 9.6,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 5.8
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786",
+      "source": "security@huntr.dev"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-19xx/CVE-2024-1923.json
+++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1923.json
@ -2,12 +2,12 @@
  "id": "CVE-2024-1923",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-02-27T16:15:46.057",
-  "lastModified": "2024-02-29T01:43:56.900",
+  "lastModified": "2024-03-03T15:15:07.427",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
-      "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability."
+      "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability."
    },
    {
      "lang": "es",
--- a/CVE-2024/CVE-2024-21xx/CVE-2024-2146.json
+++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2146.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2024-2146",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-03-03T15:15:07.573",
+  "lastModified": "2024-03-03T15:15:07.573",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255499."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.0
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 2.9,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/vanitashtml/CVE-Dumps/blob/main/Reflected%20XSS%20in%20Mobile%20Management%20Store.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.255499",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.255499",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-03-03T15:00:24.006981+00:00
+2024-03-03T17:00:24.858448+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-03-03T14:15:52.383000+00:00
+2024-03-03T16:15:49.983000+00:00
 ```

 ### Last Data Feed Release
@ -29,23 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-240374
+240379
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `4`
+Recently added CVEs: `5`

-* [CVE-2023-43054](CVE-2023/CVE-2023-430xx/CVE-2023-43054.json) (`2024-03-03T13:15:06.880`)
-* [CVE-2023-47742](CVE-2023/CVE-2023-477xx/CVE-2023-47742.json) (`2024-03-03T13:15:07.090`)
-* [CVE-2024-22355](CVE-2024/CVE-2024-223xx/CVE-2024-22355.json) (`2024-03-03T13:15:07.293`)
-* [CVE-2024-2145](CVE-2024/CVE-2024-21xx/CVE-2024-2145.json) (`2024-03-03T14:15:52.383`)
+* [CVE-2022-43880](CVE-2022/CVE-2022-438xx/CVE-2022-43880.json) (`2024-03-03T16:15:49.570`)
+* [CVE-2023-27291](CVE-2023/CVE-2023-272xx/CVE-2023-27291.json) (`2024-03-03T16:15:49.777`)
+* [CVE-2023-28512](CVE-2023/CVE-2023-285xx/CVE-2023-28512.json) (`2024-03-03T16:15:49.983`)
+* [CVE-2024-0765](CVE-2024/CVE-2024-07xx/CVE-2024-0765.json) (`2024-03-03T15:15:07.113`)
+* [CVE-2024-2146](CVE-2024/CVE-2024-21xx/CVE-2024-2146.json) (`2024-03-03T15:15:07.573`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `1`

+* [CVE-2024-1923](CVE-2024/CVE-2024-19xx/CVE-2024-1923.json) (`2024-03-03T15:15:07.427`)


 ## Download and Usage