Auto-Update: 2024-02-07T11:08:41.849260+00:00

2025-05-08 03:27:17 +00:00 · 2024-02-07 11:08:45 +00:00 · 2024-02-07 11:08:45 +00:00 · f7a1c46231
commit f7a1c46231
parent 94506ac10a
6 changed files with 148 additions and 11 deletions
--- a/CVE-2023/CVE-2023-469xx/CVE-2023-46914.json
+++ b/CVE-2023/CVE-2023-469xx/CVE-2023-46914.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2023-46914",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-07T09:15:15.633",
+  "lastModified": "2024-02-07T09:15:15.633",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQL Injection vulnerability in RM bookingcalendar module for PrestaShop versions 2.7.9 and before, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via ics_export.php."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2024/02/06/bookingcalendar.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2023/CVE-2023-514xx/CVE-2023-51437.json
+++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51437.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-51437",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-02-07T10:15:08.137",
+  "lastModified": "2024-02-07T10:15:08.137",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Observable timing discrepancy vulnerability in Apache Pulsar SASL Authentication Provider can allow an attacker to forge a SASL Role Token that will pass signature verification.\nUsers are recommended to upgrade to version 2.11.3, 3.0.2, or 3.1.1 which fixes the issue. Users should also consider updating the configured secret in the `saslJaasServerRoleTokenSignerSecretPath` file.\n\nAny component matching an above version running the SASL Authentication Provider is affected. That includes the Pulsar Broker, Proxy, Websocket Proxy, or Function Worker.\n\n2.11 Pulsar users should upgrade to at least 2.11.3.\n3.0 Pulsar users should upgrade to at least 3.0.2.\n3.1 Pulsar users should upgrade to at least 3.1.1.\nAny users running Pulsar 2.8, 2.9, 2.10, and earlier should upgrade to one of the above patched versions.\n\nFor additional details on this attack vector, please refer to  https://codahale.com/a-lesson-in-timing-attacks/ .\n\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@apache.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.4,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-200"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/5kgmvvolf5tzp5rz9xjwfg2ncwvqqgl5",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-243xx/CVE-2024-24303.json
+++ b/CVE-2024/CVE-2024-243xx/CVE-2024-24303.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-24303",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-07T09:15:15.780",
+  "lastModified": "2024-02-07T09:15:15.780",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SQL Injection vulnerability in HiPresta \"Gift Wrapping Pro\" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2024/02/06/hiadvancedgiftwrapping.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-243xx/CVE-2024-24304.json
+++ b/CVE-2024/CVE-2024-243xx/CVE-2024-24304.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-24304",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-07T09:15:15.913",
+  "lastModified": "2024-02-07T09:15:15.913",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In the module \"Mailjet\" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/mailjet/prestashop-mailjet-plugin-apiv3/releases/tag/v3.5.1",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://security.friendsofpresta.org/modules/2024/02/06/mailjet.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-243xx/CVE-2024-24311.json
+++ b/CVE-2024/CVE-2024-243xx/CVE-2024-24311.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-24311",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-02-07T09:15:16.053",
+  "lastModified": "2024-02-07T09:15:16.053",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Path Traversal vulnerability in Linea Grafica \"Multilingual and Multistore Sitemap Pro - SEO\" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://security.friendsofpresta.org/modules/2024/02/06/lgsitemaps.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-02-07T09:01:13.871050+00:00
+2024-02-07T11:08:41.849260+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-02-07T08:15:43.500000+00:00
+2024-02-07T10:15:08.137000+00:00
 ```

 ### Last Data Feed Release
@ -29,20 +29,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-237858
+237863
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `7`
+Recently added CVEs: `5`

-* [CVE-2023-40355](CVE-2023/CVE-2023-403xx/CVE-2023-40355.json) (`2024-02-07T08:15:40.973`)
-* [CVE-2024-0628](CVE-2024/CVE-2024-06xx/CVE-2024-0628.json) (`2024-02-07T07:15:07.577`)
-* [CVE-2024-1037](CVE-2024/CVE-2024-10xx/CVE-2024-1037.json) (`2024-02-07T07:15:08.877`)
-* [CVE-2024-1055](CVE-2024/CVE-2024-10xx/CVE-2024-1055.json) (`2024-02-07T07:15:09.497`)
-* [CVE-2024-0977](CVE-2024/CVE-2024-09xx/CVE-2024-0977.json) (`2024-02-07T08:15:41.957`)
-* [CVE-2024-1078](CVE-2024/CVE-2024-10xx/CVE-2024-1078.json) (`2024-02-07T08:15:42.863`)
-* [CVE-2024-1079](CVE-2024/CVE-2024-10xx/CVE-2024-1079.json) (`2024-02-07T08:15:43.500`)
+* [CVE-2023-46914](CVE-2023/CVE-2023-469xx/CVE-2023-46914.json) (`2024-02-07T09:15:15.633`)
+* [CVE-2023-51437](CVE-2023/CVE-2023-514xx/CVE-2023-51437.json) (`2024-02-07T10:15:08.137`)
+* [CVE-2024-24303](CVE-2024/CVE-2024-243xx/CVE-2024-24303.json) (`2024-02-07T09:15:15.780`)
+* [CVE-2024-24304](CVE-2024/CVE-2024-243xx/CVE-2024-24304.json) (`2024-02-07T09:15:15.913`)
+* [CVE-2024-24311](CVE-2024/CVE-2024-243xx/CVE-2024-24311.json) (`2024-02-07T09:15:16.053`)


 ### CVEs modified in the last Commit