Auto-Update: 2024-02-19T19:00:34.546187+00:00

2025-07-09 16:05:11 +00:00 · 2024-02-19 19:00:38 +00:00 · 2024-02-19 19:00:38 +00:00 · fc16368b09
commit fc16368b09
parent 076e351ad7
11 changed files with 466 additions and 13 deletions
--- a/CVE-2021/CVE-2021-38xx/CVE-2021-3860.json
+++ b/CVE-2021/CVE-2021-38xx/CVE-2021-3860.json
@ -2,8 +2,8 @@
  "id": "CVE-2021-3860",
  "sourceIdentifier": "reefs@jfrog.com",
  "published": "2021-12-20T22:15:07.707",
-  "lastModified": "2022-01-03T20:56:03.107",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-19T17:15:07.953",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -187,6 +187,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://packetstormsecurity.com/files/177162/JFrog-Artifactory-SQL-Injection.html",
+      "source": "reefs@jfrog.com"
+    },
    {
      "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-3860%3A+Artifactory+Low+Privileged+Blind+SQL+Injection",
      "source": "reefs@jfrog.com",
--- a/CVE-2023/CVE-2023-38xx/CVE-2023-3897.json
+++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3897.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-3897",
  "sourceIdentifier": "security@42gears.com",
  "published": "2023-07-25T09:15:11.687",
-  "lastModified": "2023-08-02T03:52:51.327",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-19T17:15:08.113",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -95,6 +95,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://packetstormsecurity.com/files/177179/SureMDM-On-Premise-CAPTCHA-Bypass-User-Enumeration.html",
+      "source": "security@42gears.com"
+    },
    {
      "url": "https://www.42gears.com/security-and-compliance",
      "source": "security@42gears.com",
--- a/CVE-2024/CVE-2024-08xx/CVE-2024-0811.json
+++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0811.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-0811",
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "published": "2024-01-24T00:15:08.117",
-  "lastModified": "2024-01-29T14:27:18.327",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-02-19T17:15:08.233",
+  "vulnStatus": "Modified",
  "descriptions": [
    {
      "lang": "en",
@ -89,6 +89,10 @@
    }
  ],
  "references": [
+    {
+      "url": "http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html",
+      "source": "chrome-cve-admin@google.com"
+    },
    {
      "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html",
      "source": "chrome-cve-admin@google.com",
--- a/CVE-2024/CVE-2024-16xx/CVE-2024-1633.json
+++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1633.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-1633",
+  "sourceIdentifier": "cve@asrg.io",
+  "published": "2024-02-19T17:15:08.347",
+  "lastModified": "2024-02-19T17:15:08.347",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "During the secure boot, bl2 (the second stage of\nthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.\nFor each image, the bl2 reads the image length and destination from the image\u2019s\ncertificate.\u00a0Because of the way of reading from the image, which base on\u00a032-bit unsigned integer value, it can result to\u00a0an integer overflow.\u00a0An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.\n\n Affected git version from\u00a0c2f286820471ed276c57e603762bd831873e5a17 until (not\u00a0\n"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@asrg.io",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
+          "attackVector": "PHYSICAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.0,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 0.5,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve@asrg.io",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-190"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://asrg.io/security-advisories/CVE-2024-1633/",
+      "source": "cve@asrg.io"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-259xx/CVE-2024-25978.json
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25978.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-25978",
+  "sourceIdentifier": "patrick@puiterwijk.org",
+  "published": "2024-02-19T17:15:08.567",
+  "lastModified": "2024-02-19T17:15:08.567",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "patrick@puiterwijk.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "patrick@puiterwijk.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-400"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74641",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264074",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://moodle.org/mod/forum/discuss.php?d=455634",
+      "source": "patrick@puiterwijk.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-259xx/CVE-2024-25979.json
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25979.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-25979",
+  "sourceIdentifier": "patrick@puiterwijk.org",
+  "published": "2024-02-19T17:15:08.793",
+  "lastModified": "2024-02-19T17:15:08.793",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The URL parameters accepted by forum search were not limited to the allowed parameters."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "patrick@puiterwijk.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "patrick@puiterwijk.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-233"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69774",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264095",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://moodle.org/mod/forum/discuss.php?d=455635",
+      "source": "patrick@puiterwijk.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-259xx/CVE-2024-25980.json
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25980.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-25980",
+  "sourceIdentifier": "patrick@puiterwijk.org",
+  "published": "2024-02-19T17:15:09.023",
+  "lastModified": "2024-02-19T17:15:09.023",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "patrick@puiterwijk.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "patrick@puiterwijk.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264096",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://moodle.org/mod/forum/discuss.php?d=455636",
+      "source": "patrick@puiterwijk.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-259xx/CVE-2024-25981.json
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25981.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-25981",
+  "sourceIdentifier": "patrick@puiterwijk.org",
+  "published": "2024-02-19T17:15:09.230",
+  "lastModified": "2024-02-19T17:15:09.230",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "patrick@puiterwijk.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "patrick@puiterwijk.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264097",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://moodle.org/mod/forum/discuss.php?d=455637",
+      "source": "patrick@puiterwijk.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-259xx/CVE-2024-25982.json
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25982.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-25982",
+  "sourceIdentifier": "patrick@puiterwijk.org",
+  "published": "2024-02-19T17:15:09.467",
+  "lastModified": "2024-02-19T17:15:09.467",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The link to update all installed language packs did not include the necessary token to prevent a CSRF risk."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "patrick@puiterwijk.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "patrick@puiterwijk.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-54749",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264098",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://moodle.org/mod/forum/discuss.php?d=455638",
+      "source": "patrick@puiterwijk.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-259xx/CVE-2024-25983.json
+++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25983.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-25983",
+  "sourceIdentifier": "patrick@puiterwijk.org",
+  "published": "2024-02-19T17:15:09.697",
+  "lastModified": "2024-02-19T17:15:09.697",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page)."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "patrick@puiterwijk.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.5,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "patrick@puiterwijk.org",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-639"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264099",
+      "source": "patrick@puiterwijk.org"
+    },
+    {
+      "url": "https://moodle.org/mod/forum/discuss.php?d=455641",
+      "source": "patrick@puiterwijk.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-02-19T17:01:10.767432+00:00
+2024-02-19T19:00:34.546187+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-02-19T16:15:52.060000+00:00
+2024-02-19T17:15:09.697000+00:00
 ```

 ### Last Data Feed Release
@ -29,21 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-238882
+238889
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `7`

-* [CVE-2024-25623](CVE-2024/CVE-2024-256xx/CVE-2024-25623.json) (`2024-02-19T16:15:51.847`)
-* [CVE-2024-25625](CVE-2024/CVE-2024-256xx/CVE-2024-25625.json) (`2024-02-19T16:15:52.060`)
+* [CVE-2024-1633](CVE-2024/CVE-2024-16xx/CVE-2024-1633.json) (`2024-02-19T17:15:08.347`)
+* [CVE-2024-25978](CVE-2024/CVE-2024-259xx/CVE-2024-25978.json) (`2024-02-19T17:15:08.567`)
+* [CVE-2024-25979](CVE-2024/CVE-2024-259xx/CVE-2024-25979.json) (`2024-02-19T17:15:08.793`)
+* [CVE-2024-25980](CVE-2024/CVE-2024-259xx/CVE-2024-25980.json) (`2024-02-19T17:15:09.023`)
+* [CVE-2024-25981](CVE-2024/CVE-2024-259xx/CVE-2024-25981.json) (`2024-02-19T17:15:09.230`)
+* [CVE-2024-25982](CVE-2024/CVE-2024-259xx/CVE-2024-25982.json) (`2024-02-19T17:15:09.467`)
+* [CVE-2024-25983](CVE-2024/CVE-2024-259xx/CVE-2024-25983.json) (`2024-02-19T17:15:09.697`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `0`
+Recently modified CVEs: `3`

+* [CVE-2021-3860](CVE-2021/CVE-2021-38xx/CVE-2021-3860.json) (`2024-02-19T17:15:07.953`)
+* [CVE-2023-3897](CVE-2023/CVE-2023-38xx/CVE-2023-3897.json) (`2024-02-19T17:15:08.113`)
+* [CVE-2024-0811](CVE-2024/CVE-2024-08xx/CVE-2024-0811.json) (`2024-02-19T17:15:08.233`)


 ## Download and Usage