Auto-Update: 2024-10-14T22:00:16.837568+00:00

CVE-2024/CVE-2024-488xx/CVE-2024-48821.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-48821",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T21:15:11.710",
+  "lastModified": "2024-10-14T21:15:11.710",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-488xx/CVE-2024-48822.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-48822",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T21:15:11.813",
+  "lastModified": "2024-10-14T21:15:11.813",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-488xx/CVE-2024-48823.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-48823",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T21:15:11.903",
+  "lastModified": "2024-10-14T21:15:11.903",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-488xx/CVE-2024-48824.json

@@ -0,0 +1,21 @@
+{
+  "id": "CVE-2024-48824",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T21:15:11.997",
+  "lastModified": "2024-10-14T21:15:11.997",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://daly.wtf/multiple-vulnerabilities-discovered-in-automatic-systems-software/",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-489xx/CVE-2024-48909.json

@@ -0,0 +1,60 @@
+{
+  "id": "CVE-2024-48909",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T21:15:12.080",
+  "lastModified": "2024-10-14T21:15:12.080",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "SpiceDB is an open source database for scalably storing and querying fine-grained authorization data. Starting in version 1.35.0 and prior to version 1.37.1, clients that have enabled `LookupResources2` and have caveats in the evaluation path for their requests can return a permissionship of `CONDITIONAL` with context marked as missing, even then the context was supplied. LookupResources2 is the new default in SpiceDB 1.37.0 and has been opt-in since SpiceDB 1.35.0. The bug is patched as part of SpiceDB 1.37.1. As a workaround, disable LookupResources2 via the `--enable-experimental-lookup-resources` flag by setting it to `false`."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 2.0,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 0.5,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-172"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/authzed/spicedb/commit/2f3cf77a7fcfcb478ef5a480a245842c96ac8853",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/authzed/spicedb/security/advisories/GHSA-3c32-4hq9-6wgj",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-489xx/CVE-2024-48911.json

@@ -0,0 +1,86 @@
+{
+  "id": "CVE-2024-48911",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T21:15:12.323",
+  "lastModified": "2024-10-14T21:15:12.323",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OpenCanary, a multi-protocol network honeypot, directly executed commands taken from its config file. Prior to version 0.9.4, where the config file is stored in an unprivileged user directory but the daemon is executed by root, it\u2019s possible for the unprivileged user to change the config file and escalate permissions when root later runs the daemon. Version 0.9.4 contains a fix for the issue."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "attackRequirements": "PRESENT",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "LOW",
+          "vulnerableSystemIntegrity": "HIGH",
+          "vulnerableSystemAvailability": "LOW",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 5.8,
+          "baseSeverity": "MEDIUM"
+        }
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-863"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/thinkst/opencanary/commit/2c11575b1a3dd8b0df26a879ba856c0aa350c049",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/thinkst/opencanary/releases/tag/v0.9.4",
+      "source": "[email protected]"
+    },
+    {
+      "url": "https://github.com/thinkst/opencanary/security/advisories/GHSA-pf5v-pqfv-x8jj",
+      "source": "[email protected]"
+    }
+  ]
+}

CVE-2024/CVE-2024-62xx/CVE-2024-6207.json

@@ -0,0 +1,100 @@
+{
+  "id": "CVE-2024-6207",
+  "sourceIdentifier": "[email protected]",
+  "published": "2024-10-14T21:15:12.460",
+  "lastModified": "2024-10-14T21:15:12.460",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "CVE 2021-22681 https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.PN1550.html \u00a0and send a specially crafted CIP message to the device.  If exploited, a threat actor could help prevent access to the legitimate user and end connections to connected devices including the workstation.  To recover the controllers, a download is required which ends any process that the controller is running."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV40": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "4.0",
+          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "attackRequirements": "NONE",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "vulnerableSystemConfidentiality": "NONE",
+          "vulnerableSystemIntegrity": "NONE",
+          "vulnerableSystemAvailability": "HIGH",
+          "subsequentSystemConfidentiality": "NONE",
+          "subsequentSystemIntegrity": "NONE",
+          "subsequentSystemAvailability": "NONE",
+          "exploitMaturity": "NOT_DEFINED",
+          "confidentialityRequirements": "NOT_DEFINED",
+          "integrityRequirements": "NOT_DEFINED",
+          "availabilityRequirements": "NOT_DEFINED",
+          "modifiedAttackVector": "NOT_DEFINED",
+          "modifiedAttackComplexity": "NOT_DEFINED",
+          "modifiedAttackRequirements": "NOT_DEFINED",
+          "modifiedPrivilegesRequired": "NOT_DEFINED",
+          "modifiedUserInteraction": "NOT_DEFINED",
+          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+          "safety": "NOT_DEFINED",
+          "automatable": "NOT_DEFINED",
+          "recovery": "NOT_DEFINED",
+          "valueDensity": "NOT_DEFINED",
+          "vulnerabilityResponseEffort": "NOT_DEFINED",
+          "providerUrgency": "NOT_DEFINED",
+          "baseScore": 8.7,
+          "baseSeverity": "HIGH"
+        }
+      }
+    ],
+    "cvssMetricV31": [
+      {
+        "source": "[email protected]",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.5,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "[email protected]",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-20"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1707.html",
+      "source": "[email protected]"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-10-14T20:00:18.001794+00:00
+2024-10-14T22:00:16.837568+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-10-14T19:15:10.903000+00:00
+2024-10-14T21:15:12.460000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,29 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-265525
+265532
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `16`
-
-- [CVE-2023-45817](CVE-2023/CVE-2023-458xx/CVE-2023-45817.json) (`2024-10-14T18:15:03.630`)
-- [CVE-2023-48082](CVE-2023/CVE-2023-480xx/CVE-2023-48082.json) (`2024-10-14T19:15:10.780`)
-- [CVE-2024-46528](CVE-2024/CVE-2024-465xx/CVE-2024-46528.json) (`2024-10-14T18:15:03.847`)
-- [CVE-2024-46980](CVE-2024/CVE-2024-469xx/CVE-2024-46980.json) (`2024-10-14T18:15:03.947`)
-- [CVE-2024-46988](CVE-2024/CVE-2024-469xx/CVE-2024-46988.json) (`2024-10-14T18:15:04.173`)
-- [CVE-2024-47766](CVE-2024/CVE-2024-477xx/CVE-2024-47766.json) (`2024-10-14T18:15:04.387`)
-- [CVE-2024-47767](CVE-2024/CVE-2024-477xx/CVE-2024-47767.json) (`2024-10-14T18:15:04.593`)
-- [CVE-2024-47826](CVE-2024/CVE-2024-478xx/CVE-2024-47826.json) (`2024-10-14T18:15:04.800`)
-- [CVE-2024-47831](CVE-2024/CVE-2024-478xx/CVE-2024-47831.json) (`2024-10-14T18:15:05.013`)
-- [CVE-2024-47885](CVE-2024/CVE-2024-478xx/CVE-2024-47885.json) (`2024-10-14T19:15:10.903`)
-- [CVE-2024-48789](CVE-2024/CVE-2024-487xx/CVE-2024-48789.json) (`2024-10-14T18:15:05.230`)
-- [CVE-2024-48790](CVE-2024/CVE-2024-487xx/CVE-2024-48790.json) (`2024-10-14T18:15:05.323`)
-- [CVE-2024-48791](CVE-2024/CVE-2024-487xx/CVE-2024-48791.json) (`2024-10-14T18:15:05.420`)
-- [CVE-2024-48792](CVE-2024/CVE-2024-487xx/CVE-2024-48792.json) (`2024-10-14T18:15:05.520`)
-- [CVE-2024-48793](CVE-2024/CVE-2024-487xx/CVE-2024-48793.json) (`2024-10-14T18:15:05.620`)
-- [CVE-2024-48795](CVE-2024/CVE-2024-487xx/CVE-2024-48795.json) (`2024-10-14T18:15:05.717`)
+Recently added CVEs: `7`
+
+- [CVE-2024-48821](CVE-2024/CVE-2024-488xx/CVE-2024-48821.json) (`2024-10-14T21:15:11.710`)
+- [CVE-2024-48822](CVE-2024/CVE-2024-488xx/CVE-2024-48822.json) (`2024-10-14T21:15:11.813`)
+- [CVE-2024-48823](CVE-2024/CVE-2024-488xx/CVE-2024-48823.json) (`2024-10-14T21:15:11.903`)
+- [CVE-2024-48824](CVE-2024/CVE-2024-488xx/CVE-2024-48824.json) (`2024-10-14T21:15:11.997`)
+- [CVE-2024-48909](CVE-2024/CVE-2024-489xx/CVE-2024-48909.json) (`2024-10-14T21:15:12.080`)
+- [CVE-2024-48911](CVE-2024/CVE-2024-489xx/CVE-2024-48911.json) (`2024-10-14T21:15:12.323`)
+- [CVE-2024-6207](CVE-2024/CVE-2024-62xx/CVE-2024-6207.json) (`2024-10-14T21:15:12.460`)
 
 
 ### CVEs modified in the last Commit