Auto-Update: 2024-03-05T00:55:27.824477+00:00

2025-05-08 03:27:17 +00:00 · 2024-03-05 00:55:31 +00:00 · 2024-03-05 00:55:31 +00:00 · f2bd6344fb
commit f2bd6344fb
parent 59738c23ca
13 changed files with 266 additions and 65 deletions
--- a/CVE-2020/CVE-2020-367xx/CVE-2020-36773.json
+++ b/CVE-2020/CVE-2020-367xx/CVE-2020-36773.json
@ -2,7 +2,7 @@
  "id": "CVE-2020-36773",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-04T18:16:00.713",
-  "lastModified": "2024-02-13T00:39:04.533",
+  "lastModified": "2024-03-04T23:04:23.720",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
@ -63,9 +63,28 @@
          "cpeMatch": [
            {
              "vulnerable": true,
-              "criteria": "cpe:2.3:a:artifex:ghostscript:*:*:*:*:*:*:*:*",
-              "versionEndExcluding": "9.53.0",
-              "matchCriteriaId": "350CC6F3-2230-4434-AFF3-29F4B9FC70C5"
+              "criteria": "cpe:2.3:a:artifex:ghostscript:9.51:*:*:*:*:*:*:*",
+              "matchCriteriaId": "C18E63CE-B2D5-44A2-89E0-B2C6A3554D79"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:artifex:ghostscript:9.52:*:*:*:*:*:*:*",
+              "matchCriteriaId": "BF20A2FF-98ED-45EF-9263-D915D7A1953D"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:artifex:ghostscript:9.52.1:*:*:*:*:*:*:*",
+              "matchCriteriaId": "FCA9F31F-F4B8-43E6-A747-BDC189BADD05"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:artifex:ghostscript:9.53.0:rc1:*:*:*:*:*:*",
+              "matchCriteriaId": "E6FE7E73-AE7B-42D4-8E83-17249CC9F46A"
+            },
+            {
+              "vulnerable": true,
+              "criteria": "cpe:2.3:a:artifex:ghostscript:9.53.0:rc2:*:*:*:*:*:*",
+              "matchCriteriaId": "AC033F01-8AF9-4B10-9789-35255739A232"
            }
          ]
        }
--- a/CVE-2022/CVE-2022-207xx/CVE-2022-20724.json
+++ b/CVE-2022/CVE-2022-207xx/CVE-2022-20724.json
@ -2,8 +2,8 @@
  "id": "CVE-2022-20724",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2022-04-15T15:15:13.460",
-  "lastModified": "2023-11-07T03:42:44.300",
-  "vulnStatus": "Modified",
+  "lastModified": "2024-03-04T23:03:57.340",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -21,23 +21,23 @@
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "HIGH",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
-          "confidentialityImpact": "HIGH",
+          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
-          "availabilityImpact": "HIGH",
-          "baseScore": 7.5,
-          "baseSeverity": "HIGH"
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.6,
-        "impactScore": 5.9
+        "impactScore": 3.6
      },
      {
-        "source": "d1c1063e-7a18-46af-9102-31f8928bc633",
+        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
@ -95,7 +95,7 @@
      ]
    },
    {
-      "source": "d1c1063e-7a18-46af-9102-31f8928bc633",
+      "source": "ykramarz@cisco.com",
      "type": "Secondary",
      "description": [
        {
@ -122,16 +122,6 @@
              "criteria": "cpe:2.3:a:cisco:ic3000_industrial_compute_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E9AF42D-A861-4585-8FA6-28BD3623681E"
            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:a:cisco:ir510_operating_system:*:*:*:*:*:*:*:*",
-              "matchCriteriaId": "A90577A5-5077-4A3C-87D8-63A77B7FBE30"
-            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:cisco:ios:*:*:*:*:*:*:*:*",
-              "matchCriteriaId": "5802E2D8-7069-474C-826F-AEE7B50BFE34"
-            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:cisco:ios:15.2\\(5\\)e1:*:*:*:*:*:*:*",
@ -482,11 +472,6 @@
              "criteria": "cpe:2.3:o:cisco:ios:15.9\\(3\\)m4a:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0E473CF-FE4B-4DBE-9EBE-337AE415FA4D"
            },
-            {
-              "vulnerable": true,
-              "criteria": "cpe:2.3:o:cisco:ios_xe:*:*:*:*:*:*:*:*",
-              "matchCriteriaId": "F73E7874-A063-4AE5-9F0A-53D590B7B99B"
-            },
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:cisco:ios_xe:16.3.1:*:*:*:*:*:*:*",
--- a/CVE-2023/CVE-2023-495xx/CVE-2023-49546.json
+++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49546.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49546",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-05T00:15:52.077",
+  "lastModified": "2024-03-05T00:15:52.077",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Customer Support System v1 was discovered to contain a SQL injection vulnerability via the email parameter at /customer_support/ajax.php."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49546",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-495xx/CVE-2023-49547.json
+++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49547.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49547",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-05T00:15:52.150",
+  "lastModified": "2024-03-05T00:15:52.150",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Customer Support System v1 was discovered to contain a SQL injection vulnerability via the username parameter at /customer_support/ajax.php?action=login."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49547",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-495xx/CVE-2023-49548.json
+++ b/CVE-2023/CVE-2023-495xx/CVE-2023-49548.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49548",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-05T00:15:52.203",
+  "lastModified": "2024-03-05T00:15:52.203",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Customer Support System v1 was discovered to contain a SQL injection vulnerability via the lastname parameter at /customer_support/ajax.php?action=save_user."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49548",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-499xx/CVE-2023-49968.json
+++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49968.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49968",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-05T00:15:52.253",
+  "lastModified": "2024-03-05T00:15:52.253",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/manage_department.php."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49968",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-499xx/CVE-2023-49969.json
+++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49969.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49969",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-05T00:15:52.303",
+  "lastModified": "2024-03-05T00:15:52.303",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Customer Support System v1 was discovered to contain a SQL injection vulnerability via the id parameter at /customer_support/index.php?page=edit_customer."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49969",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-499xx/CVE-2023-49970.json
+++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49970.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2023-49970",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-05T00:15:52.350",
+  "lastModified": "2024-03-05T00:15:52.350",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Customer Support System v1 was discovered to contain a SQL injection vulnerability via the subject parameter at /customer_support/ajax.php?action=save_ticket."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/geraldoalcantara/CVE-2023-49970",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sourcecodester.com/php/14587/customer-support-system-using-phpmysqli-source-code.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-67xx/CVE-2023-6780.json
+++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6780.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-6780",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-01-31T14:15:48.917",
-  "lastModified": "2024-02-19T12:15:44.103",
-  "vulnStatus": "Modified",
+  "lastModified": "2024-03-04T23:04:39.210",
+  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
@ -95,7 +95,8 @@
              "vulnerable": true,
              "criteria": "cpe:2.3:a:gnu:glibc:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "2.37",
-              "matchCriteriaId": "4A1D8F1D-02AB-4FC7-9AD2-817AA41EAA0E"
+              "versionEndExcluding": "2.39",
+              "matchCriteriaId": "8A5153FA-49E9-457F-94BB-202CACA41C76"
            }
          ]
        }
--- a/CVE-2024/CVE-2024-251xx/CVE-2024-25164.json
+++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25164.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-25164",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-05T00:15:52.400",
+  "lastModified": "2024-03-05T00:15:52.400",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/idurar/idurar-erp-crm/tree/2.0.0/routes/erpRoutes/erpDownloadRouter.js",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/u32i/cve/tree/main/CVE-2024-25164",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-257xx/CVE-2024-25731.json
+++ b/CVE-2024/CVE-2024-257xx/CVE-2024-25731.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-25731",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-05T00:15:52.457",
+  "lastModified": "2024-03-05T00:15:52.457",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi)."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/actuator/com.cn.dq.ipc",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/actuator/com.cn.dq.ipc/blob/main/CVE-2024-25731",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-277xx/CVE-2024-27718.json
+++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27718.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-27718",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-05T00:15:52.507",
+  "lastModified": "2024-03-05T00:15:52.507",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/tldjgggg/cve/blob/main/sql.md",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-03-04T23:00:29.036078+00:00
+2024-03-05T00:55:27.824477+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-03-04T22:59:52.460000+00:00
+2024-03-05T00:15:52.507000+00:00
 ```

 ### Last Data Feed Release
@ -29,47 +29,31 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-240498
+240507
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `6`
+Recently added CVEs: `9`

-* [CVE-2023-41827](CVE-2023/CVE-2023-418xx/CVE-2023-41827.json) (`2024-03-04T22:15:46.330`)
-* [CVE-2023-41829](CVE-2023/CVE-2023-418xx/CVE-2023-41829.json) (`2024-03-04T22:15:46.547`)
-* [CVE-2024-1316](CVE-2024/CVE-2024-13xx/CVE-2024-1316.json) (`2024-03-04T21:15:07.007`)
-* [CVE-2024-1319](CVE-2024/CVE-2024-13xx/CVE-2024-1319.json) (`2024-03-04T21:15:07.083`)
-* [CVE-2024-2168](CVE-2024/CVE-2024-21xx/CVE-2024-2168.json) (`2024-03-04T21:15:07.137`)
-* [CVE-2024-1936](CVE-2024/CVE-2024-19xx/CVE-2024-1936.json) (`2024-03-04T22:15:46.733`)
+* [CVE-2023-49546](CVE-2023/CVE-2023-495xx/CVE-2023-49546.json) (`2024-03-05T00:15:52.077`)
+* [CVE-2023-49547](CVE-2023/CVE-2023-495xx/CVE-2023-49547.json) (`2024-03-05T00:15:52.150`)
+* [CVE-2023-49548](CVE-2023/CVE-2023-495xx/CVE-2023-49548.json) (`2024-03-05T00:15:52.203`)
+* [CVE-2023-49968](CVE-2023/CVE-2023-499xx/CVE-2023-49968.json) (`2024-03-05T00:15:52.253`)
+* [CVE-2023-49969](CVE-2023/CVE-2023-499xx/CVE-2023-49969.json) (`2024-03-05T00:15:52.303`)
+* [CVE-2023-49970](CVE-2023/CVE-2023-499xx/CVE-2023-49970.json) (`2024-03-05T00:15:52.350`)
+* [CVE-2024-25164](CVE-2024/CVE-2024-251xx/CVE-2024-25164.json) (`2024-03-05T00:15:52.400`)
+* [CVE-2024-25731](CVE-2024/CVE-2024-257xx/CVE-2024-25731.json) (`2024-03-05T00:15:52.457`)
+* [CVE-2024-27718](CVE-2024/CVE-2024-277xx/CVE-2024-27718.json) (`2024-03-05T00:15:52.507`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `22`
+Recently modified CVEs: `3`

-* [CVE-2013-2094](CVE-2013/CVE-2013-20xx/CVE-2013-2094.json) (`2024-03-04T22:58:17.433`)
-* [CVE-2017-6663](CVE-2017/CVE-2017-66xx/CVE-2017-6663.json) (`2024-03-04T22:59:19.157`)
-* [CVE-2017-6665](CVE-2017/CVE-2017-66xx/CVE-2017-6665.json) (`2024-03-04T22:59:22.970`)
-* [CVE-2017-6627](CVE-2017/CVE-2017-66xx/CVE-2017-6627.json) (`2024-03-04T22:59:28.410`)
-* [CVE-2018-20169](CVE-2018/CVE-2018-201xx/CVE-2018-20169.json) (`2024-03-04T22:59:10.290`)
-* [CVE-2019-1738](CVE-2019/CVE-2019-17xx/CVE-2019-1738.json) (`2024-03-04T22:59:31.617`)
-* [CVE-2019-1739](CVE-2019/CVE-2019-17xx/CVE-2019-1739.json) (`2024-03-04T22:59:36.037`)
-* [CVE-2019-1752](CVE-2019/CVE-2019-17xx/CVE-2019-1752.json) (`2024-03-04T22:59:48.230`)
-* [CVE-2019-1757](CVE-2019/CVE-2019-17xx/CVE-2019-1757.json) (`2024-03-04T22:59:52.460`)
-* [CVE-2021-3621](CVE-2021/CVE-2021-36xx/CVE-2021-3621.json) (`2024-03-04T22:58:08.510`)
-* [CVE-2022-3734](CVE-2022/CVE-2022-37xx/CVE-2022-3734.json) (`2024-03-04T22:55:48.850`)
-* [CVE-2022-48554](CVE-2022/CVE-2022-485xx/CVE-2022-48554.json) (`2024-03-04T22:57:50.017`)
-* [CVE-2023-52160](CVE-2023/CVE-2023-521xx/CVE-2023-52160.json) (`2024-03-04T22:47:18.233`)
-* [CVE-2023-52161](CVE-2023/CVE-2023-521xx/CVE-2023-52161.json) (`2024-03-04T22:50:03.490`)
-* [CVE-2023-7028](CVE-2023/CVE-2023-70xx/CVE-2023-7028.json) (`2024-03-04T22:54:45.797`)
-* [CVE-2023-49290](CVE-2023/CVE-2023-492xx/CVE-2023-49290.json) (`2024-03-04T22:59:00.657`)
-* [CVE-2024-25064](CVE-2024/CVE-2024-250xx/CVE-2024-25064.json) (`2024-03-04T22:43:15.337`)
-* [CVE-2024-25063](CVE-2024/CVE-2024-250xx/CVE-2024-25063.json) (`2024-03-04T22:45:02.117`)
-* [CVE-2024-20321](CVE-2024/CVE-2024-203xx/CVE-2024-20321.json) (`2024-03-04T22:45:23.647`)
-* [CVE-2024-20267](CVE-2024/CVE-2024-202xx/CVE-2024-20267.json) (`2024-03-04T22:45:43.893`)
-* [CVE-2024-0971](CVE-2024/CVE-2024-09xx/CVE-2024-0971.json) (`2024-03-04T22:58:00.967`)
-* [CVE-2024-0565](CVE-2024/CVE-2024-05xx/CVE-2024-0565.json) (`2024-03-04T22:58:47.570`)
+* [CVE-2020-36773](CVE-2020/CVE-2020-367xx/CVE-2020-36773.json) (`2024-03-04T23:04:23.720`)
+* [CVE-2022-20724](CVE-2022/CVE-2022-207xx/CVE-2022-20724.json) (`2024-03-04T23:03:57.340`)
+* [CVE-2023-6780](CVE-2023/CVE-2023-67xx/CVE-2023-6780.json) (`2024-03-04T23:04:39.210`)


 ## Download and Usage