From f7dbf6370673693d37f55ff5a0b72a6a849188ef Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 10 Jan 2024 00:55:29 +0000 Subject: [PATCH] Auto-Update: 2024-01-10T00:55:25.999809+00:00 --- CVE-2023/CVE-2023-30xx/CVE-2023-3043.json | 55 +++++++++++++ CVE-2023/CVE-2023-343xx/CVE-2023-34332.json | 55 +++++++++++++ CVE-2023/CVE-2023-343xx/CVE-2023-34333.json | 55 +++++++++++++ CVE-2023/CVE-2023-372xx/CVE-2023-37293.json | 55 +++++++++++++ CVE-2023/CVE-2023-372xx/CVE-2023-37294.json | 55 +++++++++++++ CVE-2023/CVE-2023-372xx/CVE-2023-37295.json | 55 +++++++++++++ CVE-2023/CVE-2023-372xx/CVE-2023-37296.json | 55 +++++++++++++ CVE-2023/CVE-2023-372xx/CVE-2023-37297.json | 55 +++++++++++++ CVE-2023/CVE-2023-479xx/CVE-2023-47992.json | 20 +++++ CVE-2023/CVE-2023-479xx/CVE-2023-47993.json | 20 +++++ CVE-2023/CVE-2023-479xx/CVE-2023-47994.json | 20 +++++ CVE-2023/CVE-2023-479xx/CVE-2023-47995.json | 20 +++++ CVE-2023/CVE-2023-479xx/CVE-2023-47996.json | 20 +++++ CVE-2023/CVE-2023-479xx/CVE-2023-47997.json | 20 +++++ CVE-2023/CVE-2023-486xx/CVE-2023-48655.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48656.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48657.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48658.json | 8 +- CVE-2023/CVE-2023-486xx/CVE-2023-48659.json | 8 +- CVE-2024/CVE-2024-03xx/CVE-2024-0349.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-03xx/CVE-2024-0350.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-03xx/CVE-2024-0351.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-03xx/CVE-2024-0352.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-03xx/CVE-2024-0354.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-03xx/CVE-2024-0355.json | 88 +++++++++++++++++++++ README.md | 52 ++++++------ 26 files changed, 1148 insertions(+), 32 deletions(-) create mode 100644 CVE-2023/CVE-2023-30xx/CVE-2023-3043.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34332.json create mode 100644 CVE-2023/CVE-2023-343xx/CVE-2023-34333.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37293.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37294.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37295.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37296.json create mode 100644 CVE-2023/CVE-2023-372xx/CVE-2023-37297.json create mode 100644 CVE-2023/CVE-2023-479xx/CVE-2023-47992.json create mode 100644 CVE-2023/CVE-2023-479xx/CVE-2023-47993.json create mode 100644 CVE-2023/CVE-2023-479xx/CVE-2023-47994.json create mode 100644 CVE-2023/CVE-2023-479xx/CVE-2023-47995.json create mode 100644 CVE-2023/CVE-2023-479xx/CVE-2023-47996.json create mode 100644 CVE-2023/CVE-2023-479xx/CVE-2023-47997.json create mode 100644 CVE-2024/CVE-2024-03xx/CVE-2024-0349.json create mode 100644 CVE-2024/CVE-2024-03xx/CVE-2024-0350.json create mode 100644 CVE-2024/CVE-2024-03xx/CVE-2024-0351.json create mode 100644 CVE-2024/CVE-2024-03xx/CVE-2024-0352.json create mode 100644 CVE-2024/CVE-2024-03xx/CVE-2024-0354.json create mode 100644 CVE-2024/CVE-2024-03xx/CVE-2024-0355.json diff --git a/CVE-2023/CVE-2023-30xx/CVE-2023-3043.json b/CVE-2023/CVE-2023-30xx/CVE-2023-3043.json new file mode 100644 index 00000000000..76274bd2b3a --- /dev/null +++ b/CVE-2023/CVE-2023-30xx/CVE-2023-3043.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-3043", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2024-01-09T23:15:09.290", + "lastModified": "2024-01-09T23:15:09.290", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\n\n\nAMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker may\ncause a stack-based buffer overflow via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34332.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34332.json new file mode 100644 index 00000000000..a8d79a8e9a4 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34332.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34332", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2024-01-09T23:15:07.817", + "lastModified": "2024-01-09T23:15:07.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\n\n\n\n\nAMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker\nmay cause an untrusted pointer to dereference by a local network. A successful\nexploitation of this vulnerability may lead to a loss of confidentiality,\nintegrity, and/or availability. \n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-822" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-343xx/CVE-2023-34333.json b/CVE-2023/CVE-2023-343xx/CVE-2023-34333.json new file mode 100644 index 00000000000..e4f48fb55f3 --- /dev/null +++ b/CVE-2023/CVE-2023-343xx/CVE-2023-34333.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-34333", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2024-01-09T23:15:08.223", + "lastModified": "2024-01-09T23:15:08.223", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\n\n\n\n\nAMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker may cause an\nuntrusted pointer to dereference via a local network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability.\n\n\n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-822" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37293.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37293.json new file mode 100644 index 00000000000..4127c5c5e84 --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37293.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37293", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2024-01-09T23:15:08.413", + "lastModified": "2024-01-09T23:15:08.413", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "AMI\u2019s SPx contains\na vulnerability in the BMC where an Attacker may cause a\nstack-based buffer overflow via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37294.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37294.json new file mode 100644 index 00000000000..e85f537174d --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37294.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37294", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2024-01-09T23:15:08.600", + "lastModified": "2024-01-09T23:15:08.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\n\n\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a heap memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37295.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37295.json new file mode 100644 index 00000000000..ae8ee01c1c1 --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37295.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37295", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2024-01-09T23:15:08.770", + "lastModified": "2024-01-09T23:15:08.770", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\n\n\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a heap memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37296.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37296.json new file mode 100644 index 00000000000..1cfefda8820 --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37296.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37296", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2024-01-09T23:15:08.940", + "lastModified": "2024-01-09T23:15:08.940", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\n\n\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a stack memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-372xx/CVE-2023-37297.json b/CVE-2023/CVE-2023-372xx/CVE-2023-37297.json new file mode 100644 index 00000000000..9048aeb4c84 --- /dev/null +++ b/CVE-2023/CVE-2023-372xx/CVE-2023-37297.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37297", + "sourceIdentifier": "biossecurity@ami.com", + "published": "2024-01-09T23:15:09.110", + "lastModified": "2024-01-09T23:15:09.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nAMI\u2019s\nSPx contains a vulnerability in the BMC where an Attacker may\ncause a heap memory corruption via an adjacent network. A successful exploitation\nof this vulnerability may lead to a loss of confidentiality, integrity, and/or\navailability. \n\n\n\n\n\n\n\n \n\n\n\n\n\n\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "biossecurity@ami.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://9443417.fs1.hubspotusercontent-na1.net/hubfs/9443417/Security%20Advisories/AMI-SA-2023010.pdf", + "source": "biossecurity@ami.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-479xx/CVE-2023-47992.json b/CVE-2023/CVE-2023-479xx/CVE-2023-47992.json new file mode 100644 index 00000000000..ef98844966f --- /dev/null +++ b/CVE-2023/CVE-2023-479xx/CVE-2023-47992.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47992", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-09T23:15:09.467", + "lastModified": "2024-01-09T23:15:09.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An integer overflow vulnerability in FreeImageIO.cpp::_MemoryReadProc in FreeImage 3.18.0 allows attackers to obtain sensitive information, cause a denial-of-service attacks and/or run arbitrary code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47992", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-479xx/CVE-2023-47993.json b/CVE-2023/CVE-2023-479xx/CVE-2023-47993.json new file mode 100644 index 00000000000..330b693a9d1 --- /dev/null +++ b/CVE-2023/CVE-2023-479xx/CVE-2023-47993.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47993", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-09T23:15:09.530", + "lastModified": "2024-01-09T23:15:09.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Buffer out-of-bound read vulnerability in Exif.cpp::ReadInt32 in FreeImage 3.18.0 allows attackers to cause a denial-of-service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47993", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-479xx/CVE-2023-47994.json b/CVE-2023/CVE-2023-479xx/CVE-2023-47994.json new file mode 100644 index 00000000000..84b7e03fcc6 --- /dev/null +++ b/CVE-2023/CVE-2023-479xx/CVE-2023-47994.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47994", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-09T23:15:09.583", + "lastModified": "2024-01-09T23:15:09.583", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An integer overflow vulnerability in LoadPixelDataRLE4 function in PluginBMP.cpp in Freeimage 3.18.0 allows attackers to obtain sensitive information, cause a denial of service and/or run arbitrary code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47994", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-479xx/CVE-2023-47995.json b/CVE-2023/CVE-2023-479xx/CVE-2023-47995.json new file mode 100644 index 00000000000..19f5d8732d9 --- /dev/null +++ b/CVE-2023/CVE-2023-479xx/CVE-2023-47995.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47995", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-09T23:15:09.637", + "lastModified": "2024-01-09T23:15:09.637", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Buffer Overflow vulnerability in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 allows attackers to cause a denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://freeimage.sourceforge.io/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-479xx/CVE-2023-47996.json b/CVE-2023/CVE-2023-479xx/CVE-2023-47996.json new file mode 100644 index 00000000000..2febd975d3b --- /dev/null +++ b/CVE-2023/CVE-2023-479xx/CVE-2023-47996.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47996", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-09T23:15:09.680", + "lastModified": "2024-01-09T23:15:09.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An integer overflow vulnerability in Exif.cpp::jpeg_read_exif_dir in FreeImage 3.18.0 allows attackers to obtain information and cause a denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47996", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-479xx/CVE-2023-47997.json b/CVE-2023/CVE-2023-479xx/CVE-2023-47997.json new file mode 100644 index 00000000000..e3d7056b724 --- /dev/null +++ b/CVE-2023/CVE-2023-479xx/CVE-2023-47997.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-47997", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-01-10T00:15:45.463", + "lastModified": "2024-01-10T00:15:45.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue discovered in BitmapAccess.cpp::FreeImage_AllocateBitmap in FreeImage 3.18.0 leads to an infinite loop and allows attackers to cause a denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/thelastede/FreeImage-cve-poc/tree/master/CVE-2023-47997", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json index c0788ba4cfc..b1917e483f2 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48655.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48655", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.640", - "lastModified": "2023-11-22T17:35:04.137", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-10T00:15:45.530", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "Issue Tracking", "Patch" ] + }, + { + "url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-array-input-parameters/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json index 10697170480..90ad35e4594 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48656.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48656", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.690", - "lastModified": "2023-11-22T17:35:26.090", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-10T00:15:45.627", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -83,6 +83,10 @@ "Issue Tracking", "Patch" ] + }, + { + "url": "https://zigrin.com/advisories/misp-blind-sql-injection-in-order-parameter/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json index 73096dc8457..671e793fc0e 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48657.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48657", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.740", - "lastModified": "2023-11-22T17:53:34.483", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-10T00:15:45.697", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -84,6 +84,10 @@ "Patch", "Release Notes" ] + }, + { + "url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json index ca8c7d2bb4d..123fe92c7a4 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48658.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48658", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.793", - "lastModified": "2023-11-22T17:54:32.743", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-10T00:15:45.780", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -84,6 +84,10 @@ "Patch", "Release Notes" ] + }, + { + "url": "https://zigrin.com/advisories/misp-time-based-sql-injection-in-logs-index/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json b/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json index a78fb8f73ed..50e447eb2ba 100644 --- a/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json +++ b/CVE-2023/CVE-2023-486xx/CVE-2023-48659.json @@ -2,8 +2,8 @@ "id": "CVE-2023-48659", "sourceIdentifier": "cve@mitre.org", "published": "2023-11-17T05:15:12.847", - "lastModified": "2023-11-22T17:54:40.517", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-10T00:15:45.860", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -84,6 +84,10 @@ "Patch", "Release Notes" ] + }, + { + "url": "https://zigrin.com/advisories/misp-reflected-cross-site-scripting-in-galaxies/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0349.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0349.json new file mode 100644 index 00000000000..c1fd4b8547c --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0349.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0349", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-09T23:15:09.727", + "lastModified": "2024-01-09T23:15:09.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.6 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 4.9, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-614" + } + ] + } + ], + "references": [ + { + "url": "https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250117", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250117", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0350.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0350.json new file mode 100644 index 00000000000..12013583e06 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0350.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0350", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-09T23:15:09.947", + "lastModified": "2024-01-09T23:15:09.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 2.1 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 3.9, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + } + ], + "references": [ + { + "url": "https://mega.nz/file/fckFBASJ#lffaC0xY44ri9Ln-7hrUbUtq2GTiE8roiW8guR7QeVE", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250118", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250118", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0351.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0351.json new file mode 100644 index 00000000000..4cb245fa989 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0351.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0351", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-09T23:15:10.180", + "lastModified": "2024-01-09T23:15:10.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250119." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "HIGH", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 2.6 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 4.9, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250119", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250119", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0352.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0352.json new file mode 100644 index 00000000000..8d11474d639 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0352.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0352", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-09T23:15:10.403", + "lastModified": "2024-01-09T23:15:10.403", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/ciwYj7QXC4sZ", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250120", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250120", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0354.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0354.json new file mode 100644 index 00000000000..696efd045b9 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0354.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0354", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-10T00:15:45.950", + "lastModified": "2024-01-10T00:15:45.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-24" + } + ] + } + ], + "references": [ + { + "url": "https://note.zhaoj.in/share/nHD5xiHQgHG0", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250121", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250121", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0355.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0355.json new file mode 100644 index 00000000000..23f8c8ea193 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0355.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0355", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-10T00:15:46.217", + "lastModified": "2024-01-10T00:15:46.217", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "ADJACENT_NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.2 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 5.1, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250122", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250122", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f2f256e9665..713d0d20c78 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-09T23:00:25.204357+00:00 +2024-01-10T00:55:25.999809+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-09T22:15:44.257000+00:00 +2024-01-10T00:15:46.217000+00:00 ``` ### Last Data Feed Release @@ -29,36 +29,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235341 +235361 ``` ### CVEs added in the last Commit -Recently added CVEs: `9` +Recently added CVEs: `20` -* [CVE-2023-38827](CVE-2023/CVE-2023-388xx/CVE-2023-38827.json) (`2024-01-09T22:15:43.263`) -* [CVE-2023-50136](CVE-2023/CVE-2023-501xx/CVE-2023-50136.json) (`2024-01-09T22:15:43.350`) -* [CVE-2023-5770](CVE-2023/CVE-2023-57xx/CVE-2023-5770.json) (`2024-01-09T22:15:43.400`) -* [CVE-2023-6476](CVE-2023/CVE-2023-64xx/CVE-2023-6476.json) (`2024-01-09T22:15:43.610`) -* [CVE-2024-0344](CVE-2024/CVE-2024-03xx/CVE-2024-0344.json) (`2024-01-09T21:15:08.123`) -* [CVE-2024-0345](CVE-2024/CVE-2024-03xx/CVE-2024-0345.json) (`2024-01-09T21:15:08.347`) -* [CVE-2024-0346](CVE-2024/CVE-2024-03xx/CVE-2024-0346.json) (`2024-01-09T22:15:43.800`) -* [CVE-2024-0347](CVE-2024/CVE-2024-03xx/CVE-2024-0347.json) (`2024-01-09T22:15:44.027`) -* [CVE-2024-0348](CVE-2024/CVE-2024-03xx/CVE-2024-0348.json) (`2024-01-09T22:15:44.257`) +* [CVE-2023-34332](CVE-2023/CVE-2023-343xx/CVE-2023-34332.json) (`2024-01-09T23:15:07.817`) +* [CVE-2023-34333](CVE-2023/CVE-2023-343xx/CVE-2023-34333.json) (`2024-01-09T23:15:08.223`) +* [CVE-2023-37293](CVE-2023/CVE-2023-372xx/CVE-2023-37293.json) (`2024-01-09T23:15:08.413`) +* [CVE-2023-37294](CVE-2023/CVE-2023-372xx/CVE-2023-37294.json) (`2024-01-09T23:15:08.600`) +* [CVE-2023-37295](CVE-2023/CVE-2023-372xx/CVE-2023-37295.json) (`2024-01-09T23:15:08.770`) +* [CVE-2023-37296](CVE-2023/CVE-2023-372xx/CVE-2023-37296.json) (`2024-01-09T23:15:08.940`) +* [CVE-2023-37297](CVE-2023/CVE-2023-372xx/CVE-2023-37297.json) (`2024-01-09T23:15:09.110`) +* [CVE-2023-3043](CVE-2023/CVE-2023-30xx/CVE-2023-3043.json) (`2024-01-09T23:15:09.290`) +* [CVE-2023-47992](CVE-2023/CVE-2023-479xx/CVE-2023-47992.json) (`2024-01-09T23:15:09.467`) +* [CVE-2023-47993](CVE-2023/CVE-2023-479xx/CVE-2023-47993.json) (`2024-01-09T23:15:09.530`) +* [CVE-2023-47994](CVE-2023/CVE-2023-479xx/CVE-2023-47994.json) (`2024-01-09T23:15:09.583`) +* [CVE-2023-47995](CVE-2023/CVE-2023-479xx/CVE-2023-47995.json) (`2024-01-09T23:15:09.637`) +* [CVE-2023-47996](CVE-2023/CVE-2023-479xx/CVE-2023-47996.json) (`2024-01-09T23:15:09.680`) +* [CVE-2023-47997](CVE-2023/CVE-2023-479xx/CVE-2023-47997.json) (`2024-01-10T00:15:45.463`) +* [CVE-2024-0349](CVE-2024/CVE-2024-03xx/CVE-2024-0349.json) (`2024-01-09T23:15:09.727`) +* [CVE-2024-0350](CVE-2024/CVE-2024-03xx/CVE-2024-0350.json) (`2024-01-09T23:15:09.947`) +* [CVE-2024-0351](CVE-2024/CVE-2024-03xx/CVE-2024-0351.json) (`2024-01-09T23:15:10.180`) +* [CVE-2024-0352](CVE-2024/CVE-2024-03xx/CVE-2024-0352.json) (`2024-01-09T23:15:10.403`) +* [CVE-2024-0354](CVE-2024/CVE-2024-03xx/CVE-2024-0354.json) (`2024-01-10T00:15:45.950`) +* [CVE-2024-0355](CVE-2024/CVE-2024-03xx/CVE-2024-0355.json) (`2024-01-10T00:15:46.217`) ### CVEs modified in the last Commit -Recently modified CVEs: `8` +Recently modified CVEs: `5` -* [CVE-2023-6600](CVE-2023/CVE-2023-66xx/CVE-2023-6600.json) (`2024-01-09T21:01:53.373`) -* [CVE-2023-6524](CVE-2023/CVE-2023-65xx/CVE-2023-6524.json) (`2024-01-09T21:07:07.617`) -* [CVE-2023-52266](CVE-2023/CVE-2023-522xx/CVE-2023-52266.json) (`2024-01-09T21:08:23.073`) -* [CVE-2023-6927](CVE-2023/CVE-2023-69xx/CVE-2023-6927.json) (`2024-01-09T21:15:07.990`) -* [CVE-2023-50090](CVE-2023/CVE-2023-500xx/CVE-2023-50090.json) (`2024-01-09T21:18:46.207`) -* [CVE-2023-52267](CVE-2023/CVE-2023-522xx/CVE-2023-52267.json) (`2024-01-09T21:19:32.343`) -* [CVE-2023-52262](CVE-2023/CVE-2023-522xx/CVE-2023-52262.json) (`2024-01-09T21:20:26.513`) -* [CVE-2023-52263](CVE-2023/CVE-2023-522xx/CVE-2023-52263.json) (`2024-01-09T21:37:09.483`) +* [CVE-2023-48655](CVE-2023/CVE-2023-486xx/CVE-2023-48655.json) (`2024-01-10T00:15:45.530`) +* [CVE-2023-48656](CVE-2023/CVE-2023-486xx/CVE-2023-48656.json) (`2024-01-10T00:15:45.627`) +* [CVE-2023-48657](CVE-2023/CVE-2023-486xx/CVE-2023-48657.json) (`2024-01-10T00:15:45.697`) +* [CVE-2023-48658](CVE-2023/CVE-2023-486xx/CVE-2023-48658.json) (`2024-01-10T00:15:45.780`) +* [CVE-2023-48659](CVE-2023/CVE-2023-486xx/CVE-2023-48659.json) (`2024-01-10T00:15:45.860`) ## Download and Usage