From fc16368b093770386dd6d50a7b4850e59deff027 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 19 Feb 2024 19:00:38 +0000 Subject: [PATCH] Auto-Update: 2024-02-19T19:00:34.546187+00:00 --- CVE-2021/CVE-2021-38xx/CVE-2021-3860.json | 8 ++- CVE-2023/CVE-2023-38xx/CVE-2023-3897.json | 8 ++- CVE-2024/CVE-2024-08xx/CVE-2024-0811.json | 8 ++- CVE-2024/CVE-2024-16xx/CVE-2024-1633.json | 55 ++++++++++++++++++ CVE-2024/CVE-2024-259xx/CVE-2024-25978.json | 63 +++++++++++++++++++++ CVE-2024/CVE-2024-259xx/CVE-2024-25979.json | 63 +++++++++++++++++++++ CVE-2024/CVE-2024-259xx/CVE-2024-25980.json | 63 +++++++++++++++++++++ CVE-2024/CVE-2024-259xx/CVE-2024-25981.json | 63 +++++++++++++++++++++ CVE-2024/CVE-2024-259xx/CVE-2024-25982.json | 63 +++++++++++++++++++++ CVE-2024/CVE-2024-259xx/CVE-2024-25983.json | 63 +++++++++++++++++++++ README.md | 22 ++++--- 11 files changed, 466 insertions(+), 13 deletions(-) create mode 100644 CVE-2024/CVE-2024-16xx/CVE-2024-1633.json create mode 100644 CVE-2024/CVE-2024-259xx/CVE-2024-25978.json create mode 100644 CVE-2024/CVE-2024-259xx/CVE-2024-25979.json create mode 100644 CVE-2024/CVE-2024-259xx/CVE-2024-25980.json create mode 100644 CVE-2024/CVE-2024-259xx/CVE-2024-25981.json create mode 100644 CVE-2024/CVE-2024-259xx/CVE-2024-25982.json create mode 100644 CVE-2024/CVE-2024-259xx/CVE-2024-25983.json diff --git a/CVE-2021/CVE-2021-38xx/CVE-2021-3860.json b/CVE-2021/CVE-2021-38xx/CVE-2021-3860.json index 33a492c7917..ebb561cd8aa 100644 --- a/CVE-2021/CVE-2021-38xx/CVE-2021-3860.json +++ b/CVE-2021/CVE-2021-38xx/CVE-2021-3860.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3860", "sourceIdentifier": "reefs@jfrog.com", "published": "2021-12-20T22:15:07.707", - "lastModified": "2022-01-03T20:56:03.107", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-19T17:15:07.953", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -187,6 +187,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/177162/JFrog-Artifactory-SQL-Injection.html", + "source": "reefs@jfrog.com" + }, { "url": "https://www.jfrog.com/confluence/display/JFROG/CVE-2021-3860%3A+Artifactory+Low+Privileged+Blind+SQL+Injection", "source": "reefs@jfrog.com", diff --git a/CVE-2023/CVE-2023-38xx/CVE-2023-3897.json b/CVE-2023/CVE-2023-38xx/CVE-2023-3897.json index f3c21c2ef9b..82bb73f3fcb 100644 --- a/CVE-2023/CVE-2023-38xx/CVE-2023-3897.json +++ b/CVE-2023/CVE-2023-38xx/CVE-2023-3897.json @@ -2,8 +2,8 @@ "id": "CVE-2023-3897", "sourceIdentifier": "security@42gears.com", "published": "2023-07-25T09:15:11.687", - "lastModified": "2023-08-02T03:52:51.327", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-19T17:15:08.113", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -95,6 +95,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/177179/SureMDM-On-Premise-CAPTCHA-Bypass-User-Enumeration.html", + "source": "security@42gears.com" + }, { "url": "https://www.42gears.com/security-and-compliance", "source": "security@42gears.com", diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0811.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0811.json index fa7bab0efbd..5b22cbbddda 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0811.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0811.json @@ -2,8 +2,8 @@ "id": "CVE-2024-0811", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-24T00:15:08.117", - "lastModified": "2024-01-29T14:27:18.327", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-19T17:15:08.233", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -89,6 +89,10 @@ } ], "references": [ + { + "url": "http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html", "source": "chrome-cve-admin@google.com", diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1633.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1633.json new file mode 100644 index 00000000000..303574ec5ff --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1633.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1633", + "sourceIdentifier": "cve@asrg.io", + "published": "2024-02-19T17:15:08.347", + "lastModified": "2024-02-19T17:15:08.347", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "During the secure boot, bl2 (the second stage of\nthe bootloader) loops over images defined in the table \u201cbl2_mem_params_descs\u201d.\nFor each image, the bl2 reads the image length and destination from the image\u2019s\ncertificate.\u00a0Because of the way of reading from the image, which base on\u00a032-bit unsigned integer value, it can result to\u00a0an integer overflow.\u00a0An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot.\n\n Affected git version from\u00a0c2f286820471ed276c57e603762bd831873e5a17 until (not\u00a0\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.0, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@asrg.io", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://asrg.io/security-advisories/CVE-2024-1633/", + "source": "cve@asrg.io" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25978.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25978.json new file mode 100644 index 00000000000..496ddf60b03 --- /dev/null +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25978.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-25978", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-02-19T17:15:08.567", + "lastModified": "2024-02-19T17:15:08.567", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74641", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264074", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=455634", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25979.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25979.json new file mode 100644 index 00000000000..b5ed5cc9ae6 --- /dev/null +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25979.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-25979", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-02-19T17:15:08.793", + "lastModified": "2024-02-19T17:15:08.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The URL parameters accepted by forum search were not limited to the allowed parameters." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-233" + } + ] + } + ], + "references": [ + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69774", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264095", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=455635", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25980.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25980.json new file mode 100644 index 00000000000..f2110d968fa --- /dev/null +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25980.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-25980", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-02-19T17:15:09.023", + "lastModified": "2024-02-19T17:15:09.023", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264096", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=455636", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25981.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25981.json new file mode 100644 index 00000000000..d1cb8c6704e --- /dev/null +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25981.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-25981", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-02-19T17:15:09.230", + "lastModified": "2024-02-19T17:15:09.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264097", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=455637", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25982.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25982.json new file mode 100644 index 00000000000..b114678d051 --- /dev/null +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25982.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-25982", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-02-19T17:15:09.467", + "lastModified": "2024-02-19T17:15:09.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The link to update all installed language packs did not include the necessary token to prevent a CSRF risk." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-54749", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264098", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=455638", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25983.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25983.json new file mode 100644 index 00000000000..ad61f4355d5 --- /dev/null +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25983.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-25983", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-02-19T17:15:09.697", + "lastModified": "2024-02-19T17:15:09.697", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264099", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://moodle.org/mod/forum/discuss.php?d=455641", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index bc7d3320be6..a92b4218f26 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-19T17:01:10.767432+00:00 +2024-02-19T19:00:34.546187+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-19T16:15:52.060000+00:00 +2024-02-19T17:15:09.697000+00:00 ``` ### Last Data Feed Release @@ -29,21 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -238882 +238889 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `7` -* [CVE-2024-25623](CVE-2024/CVE-2024-256xx/CVE-2024-25623.json) (`2024-02-19T16:15:51.847`) -* [CVE-2024-25625](CVE-2024/CVE-2024-256xx/CVE-2024-25625.json) (`2024-02-19T16:15:52.060`) +* [CVE-2024-1633](CVE-2024/CVE-2024-16xx/CVE-2024-1633.json) (`2024-02-19T17:15:08.347`) +* [CVE-2024-25978](CVE-2024/CVE-2024-259xx/CVE-2024-25978.json) (`2024-02-19T17:15:08.567`) +* [CVE-2024-25979](CVE-2024/CVE-2024-259xx/CVE-2024-25979.json) (`2024-02-19T17:15:08.793`) +* [CVE-2024-25980](CVE-2024/CVE-2024-259xx/CVE-2024-25980.json) (`2024-02-19T17:15:09.023`) +* [CVE-2024-25981](CVE-2024/CVE-2024-259xx/CVE-2024-25981.json) (`2024-02-19T17:15:09.230`) +* [CVE-2024-25982](CVE-2024/CVE-2024-259xx/CVE-2024-25982.json) (`2024-02-19T17:15:09.467`) +* [CVE-2024-25983](CVE-2024/CVE-2024-259xx/CVE-2024-25983.json) (`2024-02-19T17:15:09.697`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `3` +* [CVE-2021-3860](CVE-2021/CVE-2021-38xx/CVE-2021-3860.json) (`2024-02-19T17:15:07.953`) +* [CVE-2023-3897](CVE-2023/CVE-2023-38xx/CVE-2023-3897.json) (`2024-02-19T17:15:08.113`) +* [CVE-2024-0811](CVE-2024/CVE-2024-08xx/CVE-2024-0811.json) (`2024-02-19T17:15:08.233`) ## Download and Usage