Auto-Update: 2024-12-16T13:01:47.468556+00:00

CVE-2023/CVE-2023-427xx/CVE-2023-42793.json

@@ -2,8 +2,8 @@
   "id": "CVE-2023-42793",
   "sourceIdentifier": "[email protected]",
   "published": "2023-09-19T17:15:08.330",
-  "lastModified": "2024-11-29T14:47:58.587",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-12-16T12:15:04.797",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "descriptions": [
     {
@@ -148,6 +148,10 @@
         "Press/Media Coverage"
       ]
     },
+    {
+      "url": "https://www.sonarsource.com/blog/teamcity-vulnerability/",
+      "source": "[email protected]"
+    },
     {
       "url": "http://packetstormsecurity.com/files/174860/JetBrains-TeamCity-Unauthenticated-Remote-Code-Execution.html",
       "source": "af854a3a-2127-422b-91ae-364da2661108",

CVE-2024/CVE-2024-124xx/CVE-2024-12478.json

@@ -0,0 +1,145 @@
+{
+  "id": "CVE-2024-12478",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-12-16T11:15:04.890",
+  "lastModified": "2024-12-16T11:15:04.890",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "baseScore": 5.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "LOW",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "baseScore": 6.5,
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "PARTIAL",
+          "integrityImpact": "PARTIAL",
+          "availabilityImpact": "PARTIAL"
+        },
+        "baseSeverity": "MEDIUM",
+        "exploitabilityScore": 8.0,
+        "impactScore": 6.4,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-284"
+        },
+        {
+          "lang": "en",
+          "value": "CWE-434"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/InvoicePlane/InvoicePlane/pull/1141",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/InvoicePlane/InvoicePlane/releases/tag/v1.6.2-beta-1",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.288538",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://vuldb.com/?id.288538",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://vuldb.com/?submit.459910",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-474xx/CVE-2024-47484.json

@@ -2,13 +2,13 @@
   "id": "CVE-2024-47484",
   "sourceIdentifier": "[email protected]",
   "published": "2024-12-10T11:15:07.400",
-  "lastModified": "2024-12-10T11:15:07.400",
+  "lastModified": "2024-12-16T11:15:06.110",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution."
+      "value": "Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution."
     },
     {
       "lang": "es",
@@ -42,7 +42,7 @@
   "weaknesses": [
     {
       "source": "[email protected]",
-      "type": "Primary",
+      "type": "Secondary",
       "description": [
         {
           "lang": "en",

CVE-2024/CVE-2024-479xx/CVE-2024-47977.json

@@ -2,13 +2,13 @@
   "id": "CVE-2024-47977",
   "sourceIdentifier": "[email protected]",
   "published": "2024-12-10T11:15:07.550",
-  "lastModified": "2024-12-10T11:15:07.550",
+  "lastModified": "2024-12-16T11:15:06.370",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution."
+      "value": "Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution."
     },
     {
       "lang": "es",
@@ -42,7 +42,7 @@
   "weaknesses": [
     {
       "source": "[email protected]",
-      "type": "Primary",
+      "type": "Secondary",
       "description": [
         {
           "lang": "en",

CVE-2024/CVE-2024-525xx/CVE-2024-52538.json

@@ -2,13 +2,13 @@
   "id": "CVE-2024-52538",
   "sourceIdentifier": "[email protected]",
   "published": "2024-12-10T11:15:07.690",
-  "lastModified": "2024-12-10T11:15:07.690",
+  "lastModified": "2024-12-16T11:15:06.523",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
-      "value": "Dell Avamar, version(s) 19.9, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection."
+      "value": "Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection."
     },
     {
       "lang": "es",
@@ -42,7 +42,7 @@
   "weaknesses": [
     {
       "source": "[email protected]",
-      "type": "Primary",
+      "type": "Secondary",
       "description": [
         {
           "lang": "en",

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-12-16T11:00:48.631145+00:00
+2024-12-16T13:01:47.468556+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-12-16T10:15:06.330000+00:00
+2024-12-16T12:15:04.797000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,21 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-273910
+273911
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `1`
 
-- [CVE-2024-12362](CVE-2024/CVE-2024-123xx/CVE-2024-12362.json) (`2024-12-16T10:15:05.097`)
+- [CVE-2024-12478](CVE-2024/CVE-2024-124xx/CVE-2024-12478.json) (`2024-12-16T11:15:04.890`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `4`
 
-- [CVE-2024-53677](CVE-2024/CVE-2024-536xx/CVE-2024-53677.json) (`2024-12-16T10:15:06.330`)
+- [CVE-2023-42793](CVE-2023/CVE-2023-427xx/CVE-2023-42793.json) (`2024-12-16T12:15:04.797`)
+- [CVE-2024-47484](CVE-2024/CVE-2024-474xx/CVE-2024-47484.json) (`2024-12-16T11:15:06.110`)
+- [CVE-2024-47977](CVE-2024/CVE-2024-479xx/CVE-2024-47977.json) (`2024-12-16T11:15:06.370`)
+- [CVE-2024-52538](CVE-2024/CVE-2024-525xx/CVE-2024-52538.json) (`2024-12-16T11:15:06.523`)
 
 
 ## Download and Usage

_state.csv

@@ -233055,7 +233055,7 @@ CVE-2023-4279,0,0,1caed5149541c10d4336248a1287cbb2fb27f3524c93ad81d6b75ca3202c17
 CVE-2023-42790,0,0,d4a58d7345844e2500d9a95d1338ce209447c20c8a9a245fefec6b908b6fd44c,2024-11-21T08:23:09.530000
 CVE-2023-42791,0,0,a98415b633c36b4422b91dd8561f71c34db40d6ba8fc121fffe12ad8b33bf5ed,2024-11-21T08:23:09.673000
 CVE-2023-42792,0,0,b039ad93eb114bba0187448e5be8dc712aa808e9094212e2681cc2587cb17547,2024-11-21T08:23:09.800000
-CVE-2023-42793,0,0,bece86b4120d15fedf0acf5f4479e37a47464d567754426ab2b23acf64a99730,2024-11-29T14:47:58.587000
+CVE-2023-42793,0,1,2cb19f7cac072dbde3861f81c268665fa5adbb63dafa84c63f9b398ce5dc164e,2024-12-16T12:15:04.797000
 CVE-2023-42794,0,0,48048c4e2d6d564bbcc96727bb6871dccd15ed86260523047edc87d3e3cde6a1,2024-11-21T08:23:10.077000
 CVE-2023-42795,0,0,9dda4920f034b69e90ebc7bebfabc972c19fa8b93143ccf2c5a0da5c2a1aa92d,2024-11-21T08:23:10.213000
 CVE-2023-42796,0,0,4e3c42f1018ec4a81d9ac20e8d31eda02f7ba00133483b55be83b5c6fac92755,2024-11-21T08:23:10.387000
@@ -244704,7 +244704,7 @@ CVE-2024-12358,0,0,c693e0849f917c8e8b82ecbabaa009531cb87832861cfd247370c207501db
 CVE-2024-12359,0,0,c89d1a1aa75e792ebb41728457dc48f1f26a200ebabc2671ae04aee3d706d446,2024-12-10T23:34:02.110000
 CVE-2024-1236,0,0,98cf8c8d0d2027d41420e47ce0e54a62c55b6c82b55779fb1975380b5e094f29,2024-11-21T08:50:07.797000
 CVE-2024-12360,0,0,9c92ce0fa75af6038fb90116f61bca41613e1dcad55daccb6d63b1c2c6eac745,2024-12-10T23:33:47.773000
-CVE-2024-12362,1,1,96e15c2faa2bd6e0d657897006f5afbf531e277c4e36a7600a72ca925ed55ef4,2024-12-16T10:15:05.097000
+CVE-2024-12362,0,0,96e15c2faa2bd6e0d657897006f5afbf531e277c4e36a7600a72ca925ed55ef4,2024-12-16T10:15:05.097000
 CVE-2024-12363,0,0,8bf95d170f6881f24ef42d227f38a0cf0a0a8682e2906a9aa2aaa1e3f316a356,2024-12-11T10:15:07.260000
 CVE-2024-12369,0,0,5b7cc273eb06dd7ee2a2ae3818321c32759b57238bbfe6b2aea54c3bd6ee2b32,2024-12-09T21:15:08.203000
 CVE-2024-1237,0,0,7608b762d209f55f10a23dbde634d086adad1d6240344714ec7de5c458d836b6,2024-11-21T08:50:07.910000
@@ -244738,6 +244738,7 @@ CVE-2024-12463,0,0,bf2ad951357546047d42b0aefb8a66347583691f5449e603983c94f9bac4e
 CVE-2024-12465,0,0,71cf8d099f9bc4306dd9d21cf13805ebee4cfad62908f99a6e3f6ef7ca285117,2024-12-13T09:15:09.060000
 CVE-2024-1247,0,0,87dd54613b1838220658d2242080e8fb0b79934df6e5afef144b61ee319c0ba1,2024-11-21T08:50:09.013000
 CVE-2024-12474,0,0,bcf4da13bc4f1e0c625542bed8143ddc9b6abe063d1d53c5426da4c6de732659,2024-12-14T06:15:19.627000
+CVE-2024-12478,1,1,7473ce067b9c599bc20c6c8d7a8c7536b78b656ac44817a403493b4711b0f4db,2024-12-16T11:15:04.890000
 CVE-2024-12479,0,0,71e9962db709a4fb365c50c76ea2678c0c0be3cc10bb9fad5f99b55609975bac,2024-12-13T17:10:45.860000
 CVE-2024-12480,0,0,278aebffcfd2515ae9c7caddd55ce9bc13fc09babf1329c96da477d94bc16635,2024-12-13T17:11:08.800000
 CVE-2024-12481,0,0,1070540f1746510f09883c64ab78c248209e68cbe0c912951863befef0b41f3e,2024-12-13T17:11:19.967000
@@ -265610,7 +265611,7 @@ CVE-2024-47476,0,0,7fbeddc8b679c54b9a8d16b073a75eec4d455c0be7f1e02e1d7d8aa5633f3
 CVE-2024-4748,0,0,0e1bf604cc16c6bb1a8683ee11cfaa8201b2be0b492e06be1984933dd6cedb52,2024-11-21T09:43:30.787000
 CVE-2024-47481,0,0,71ea09e89917de5bc1b44200d74f1ffc8698bb7da082bd763134d649f33a6380,2024-10-31T00:01:40.487000
 CVE-2024-47483,0,0,f01599a6880bac8eacea8814fc1f580c96bada992530caa76be5bdf38bc089f7,2024-10-31T00:01:05.127000
-CVE-2024-47484,0,0,6bcb994f32b35bf9c9d77cc0076f82000e845bfdad5719fe8e757f597dd8b8d0,2024-12-10T11:15:07.400000
+CVE-2024-47484,0,1,a43113a3b51493d7032edb4af2e9799b9e3c0a4d5ceb50c5dbfba812996f3a8c,2024-12-16T11:15:06.110000
 CVE-2024-47485,0,0,f3e17ff20ae3263d9853078761f1fcc280526d84c6f26f0f79a89c8c8da75f6d,2024-10-22T16:23:22.890000
 CVE-2024-47486,0,0,73b6ec5c93b8df7e12b45674095673d040f8ca89712ac88fe6ad816e1b46356f,2024-11-21T15:15:31.407000
 CVE-2024-47487,0,0,285367b03b1e1af1cf720c4c097845509c3c98a24864a9cd28d57659dbb3da2b,2024-10-22T16:10:08.027000
@@ -266036,7 +266037,7 @@ CVE-2024-47973,0,0,4c755251fddad4f39a2e7e0c2967304daa922575998c42fd2fc2365294c3e
 CVE-2024-47974,0,0,5b42e76afcab24c20bdceb8d619dc3b1d3700c61728605186411865d26bbe7c7,2024-10-31T13:35:11.790000
 CVE-2024-47975,0,0,919a5c25fcfdd1004bec82ba910db5fe6300dd9cdcfe2f11fc4b0bb574f4091b,2024-10-11T20:15:05.143000
 CVE-2024-47976,0,0,b7d584a3048cada45c1f6e92a2751d3e6ae6406892198b5d0fe37bebaa37f847,2024-10-17T22:15:03.210000
-CVE-2024-47977,0,0,18e1383f9eaaf99e74bd8485ed75e82e0dc1509c75785e1e68c79f1838b961bf,2024-12-10T11:15:07.550000
+CVE-2024-47977,0,1,e38680112a30ad62187a3d04ee7a979b5da459a2a6058680229404134a82d5e8,2024-12-16T11:15:06.370000
 CVE-2024-4798,0,0,67d409a675b221a14312164f5cc62c5f24d760e91c26863f4b27a369f421db4d,2024-11-21T09:43:38.167000
 CVE-2024-47984,0,0,d73a6d8eb2c9c949e06c05cf9b6e98722d9c8009534296ca413e0e0d9e7de4c1,2024-12-13T15:15:27.110000
 CVE-2024-4799,0,0,bcde09b7182d8e0e6116d4d77d66aa7fc678a4d38a1639ef2abc6c729d992c49,2024-11-21T09:43:38.320000
@@ -268955,7 +268956,7 @@ CVE-2024-52531,0,0,8eedc16d1aadf080c6f2b302997fd47ee6a376af2a4466e43fcf9633d2418
 CVE-2024-52532,0,0,54c3190a0eeff653a8f66dda7fd5b580cc7aa4648618e83320436fca355bcda1,2024-11-12T19:35:16.970000
 CVE-2024-52533,0,0,1eb71d89b0eb5dd4c4750374cbcae2f7fe6179355aa90c3882a1d10864ff06bd,2024-12-06T14:15:21.400000
 CVE-2024-52537,0,0,79d5bab7a316a4a5e36b347dfcb08651d568dc7cb64073148e1c1e42669123b6,2024-12-11T08:15:05.747000
-CVE-2024-52538,0,0,96b202dd764bd68541a2884c160fe0655cc8c287558e242a389c09ba4d423ebe,2024-12-10T11:15:07.690000
+CVE-2024-52538,0,1,1bae7e87d532ab1b896b47e33928c8b9835fb6690e8325140679d38a93ad90cb,2024-12-16T11:15:06.523000
 CVE-2024-5254,0,0,b08a56d01443c9abf44ee33ecfae9cdfa73a8d20318044fcd2f5caa1e9d31f2e,2024-11-21T09:47:17.063000
 CVE-2024-52544,0,0,c58d604e70e1d52d10e6c46ba91f7cf731eb4ad32c0c46522333c5ba2eb214aa,2024-12-03T21:15:07.390000
 CVE-2024-52545,0,0,387ccc5d59fa5b7f0e29a5a9d3b818216a2c3bea1d9e491918de17e5ca055044,2024-12-03T21:15:07.490000
@@ -269444,7 +269445,7 @@ CVE-2024-53673,0,0,998c285a4fe0e35cbecbdb698279013b408c1bb4163a1e69369fac314d145
 CVE-2024-53674,0,0,f555b7f03d33cd061d1493d8fc99309d52915e66d5ae0672802dcf1d36a50f32,2024-12-12T19:49:49.800000
 CVE-2024-53675,0,0,1183b1bd94841ad73311a268c8a0b2c37f3657514fc74825a9481690ca681ab0,2024-12-12T19:48:48.443000
 CVE-2024-53676,0,0,9e5335d7636e62fb7cc2e79040736f3f5e3856b52ef7bfb0006141b3e5724acd,2024-12-11T16:49:45.783000
-CVE-2024-53677,0,1,b609243c036f17eeee5716ce5982790964aead13c9071ef1069dc5264f78d358,2024-12-16T10:15:06.330000
+CVE-2024-53677,0,0,b609243c036f17eeee5716ce5982790964aead13c9071ef1069dc5264f78d358,2024-12-16T10:15:06.330000
 CVE-2024-5368,0,0,0267b73ce86fd5c42a4c0cf503f4bdead8427924f402a3554f435c1bc916f416,2024-11-21T09:47:30.877000
 CVE-2024-5369,0,0,14abdfed4d5003ff16a96b2708e00658833baa1f8166ee56f5ba2dba896b20f5,2024-11-21T09:47:31.020000
 CVE-2024-53691,0,0,09846e368cf7a07a1d919202728e77d0589572ed56c2c2f1bb03db07c3ec7fb0,2024-12-06T17:15:10.520000