diff --git a/CVE-2022/CVE-2022-438xx/CVE-2022-43880.json b/CVE-2022/CVE-2022-438xx/CVE-2022-43880.json new file mode 100644 index 00000000000..db6f22cfcfa --- /dev/null +++ b/CVE-2022/CVE-2022-438xx/CVE-2022-43880.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2022-43880", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-03-03T16:15:49.570", + "lastModified": "2024-03-03T16:15:49.570", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM QRadar WinCollect Agent 10.0 through 10.1.2 could allow a privileged user to cause a denial of service. IBM X-Force ID: 240151." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/240151", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/6980843", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-272xx/CVE-2023-27291.json b/CVE-2023/CVE-2023-272xx/CVE-2023-27291.json new file mode 100644 index 00000000000..2a94713cfdf --- /dev/null +++ b/CVE-2023/CVE-2023-272xx/CVE-2023-27291.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-27291", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-03-03T16:15:49.777", + "lastModified": "2024-03-03T16:15:49.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Watson CP4D Data Stores 4.6.0, 4.6.1, 4.6.2, and 4.6.3 does not encrypt sensitive or critical information before storage or transmission which could allow an attacker to obtain sensitive information. IBM X-Force ID: 248740." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-311" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/248740", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/6965458", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-285xx/CVE-2023-28512.json b/CVE-2023/CVE-2023-285xx/CVE-2023-28512.json new file mode 100644 index 00000000000..39b9568afba --- /dev/null +++ b/CVE-2023/CVE-2023-285xx/CVE-2023-28512.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-28512", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-03-03T16:15:49.983", + "lastModified": "2024-03-03T16:15:49.983", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Watson CP4D Data Stores 4.6.0, 4.6.1, and 4.6.2 could allow an attacker with specific knowledge about the system to manipulate data due to improper input validation. IBM X-Force ID: 250396." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-472" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/250396", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/6965456", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0765.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0765.json new file mode 100644 index 00000000000..421c2af8763 --- /dev/null +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0765.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-0765", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-03-03T15:15:07.113", + "lastModified": "2024-03-03T15:15:07.113", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state.\n\nThis would require the attacked to be granted explicit access to the system, but they can do this at any role. Additionally, post-download, the data is deleted so no evidence would exist that the exfiltration occured." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1923.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1923.json index f10719e1d19..6b45a0c105c 100644 --- a/CVE-2024/CVE-2024-19xx/CVE-2024-1923.json +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1923.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1923", "sourceIdentifier": "cna@vuldb.com", "published": "2024-02-27T16:15:46.057", - "lastModified": "2024-02-29T01:43:56.900", + "lastModified": "2024-03-03T15:15:07.427", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability." + "value": "A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2146.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2146.json new file mode 100644 index 00000000000..d2f0b4e3cfd --- /dev/null +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2146.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-2146", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-03T15:15:07.573", + "lastModified": "2024-03-03T15:15:07.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255499." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/vanitashtml/CVE-Dumps/blob/main/Reflected%20XSS%20in%20Mobile%20Management%20Store.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.255499", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.255499", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 6fa417ce83b..a71ac215d28 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-03T15:00:24.006981+00:00 +2024-03-03T17:00:24.858448+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-03T14:15:52.383000+00:00 +2024-03-03T16:15:49.983000+00:00 ``` ### Last Data Feed Release @@ -29,23 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -240374 +240379 ``` ### CVEs added in the last Commit -Recently added CVEs: `4` +Recently added CVEs: `5` -* [CVE-2023-43054](CVE-2023/CVE-2023-430xx/CVE-2023-43054.json) (`2024-03-03T13:15:06.880`) -* [CVE-2023-47742](CVE-2023/CVE-2023-477xx/CVE-2023-47742.json) (`2024-03-03T13:15:07.090`) -* [CVE-2024-22355](CVE-2024/CVE-2024-223xx/CVE-2024-22355.json) (`2024-03-03T13:15:07.293`) -* [CVE-2024-2145](CVE-2024/CVE-2024-21xx/CVE-2024-2145.json) (`2024-03-03T14:15:52.383`) +* [CVE-2022-43880](CVE-2022/CVE-2022-438xx/CVE-2022-43880.json) (`2024-03-03T16:15:49.570`) +* [CVE-2023-27291](CVE-2023/CVE-2023-272xx/CVE-2023-27291.json) (`2024-03-03T16:15:49.777`) +* [CVE-2023-28512](CVE-2023/CVE-2023-285xx/CVE-2023-28512.json) (`2024-03-03T16:15:49.983`) +* [CVE-2024-0765](CVE-2024/CVE-2024-07xx/CVE-2024-0765.json) (`2024-03-03T15:15:07.113`) +* [CVE-2024-2146](CVE-2024/CVE-2024-21xx/CVE-2024-2146.json) (`2024-03-03T15:15:07.573`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +* [CVE-2024-1923](CVE-2024/CVE-2024-19xx/CVE-2024-1923.json) (`2024-03-03T15:15:07.427`) ## Download and Usage