From 9f4a158f686de002288b5934ca29131beaa62b0c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 13 Jan 2024 21:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-01-13T21:00:24.847988+00:00 --- CVE-2022/CVE-2022-46xx/CVE-2022-4603.json | 12 +++- CVE-2024/CVE-2024-03xx/CVE-2024-0333.json | 6 +- CVE-2024/CVE-2024-04xx/CVE-2024-0499.json | 88 +++++++++++++++++++++++ CVE-2024/CVE-2024-05xx/CVE-2024-0500.json | 88 +++++++++++++++++++++++ CVE-2024/CVE-2024-05xx/CVE-2024-0501.json | 88 +++++++++++++++++++++++ CVE-2024/CVE-2024-05xx/CVE-2024-0502.json | 88 +++++++++++++++++++++++ README.md | 30 +++----- 7 files changed, 378 insertions(+), 22 deletions(-) create mode 100644 CVE-2024/CVE-2024-04xx/CVE-2024-0499.json create mode 100644 CVE-2024/CVE-2024-05xx/CVE-2024-0500.json create mode 100644 CVE-2024/CVE-2024-05xx/CVE-2024-0501.json create mode 100644 CVE-2024/CVE-2024-05xx/CVE-2024-0502.json diff --git a/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json b/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json index 879c4de1ae1..3e235c2bd0c 100644 --- a/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json +++ b/CVE-2022/CVE-2022-46xx/CVE-2022-4603.json @@ -2,12 +2,16 @@ "id": "CVE-2022-4603", "sourceIdentifier": "cna@vuldb.com", "published": "2022-12-18T11:15:11.077", - "lastModified": "2023-12-20T19:14:03.717", - "vulnStatus": "Analyzed", + "lastModified": "2024-01-13T20:15:44.760", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario." + }, + { + "lang": "es", + "value": "Una vulnerabilidad ha sido encontrada en ppp y clasificada como problem\u00e1tica. La funci\u00f3n dumpppp del archivo pppdump/pppdump.c del componente pppdump es afectada por la vulnerabilidad. La manipulaci\u00f3n del argumento spkt.buf/rpkt.buf conduce a una validaci\u00f3n incorrecta del \u00edndice de la matriz. Por el momento todav\u00eda se duda de la existencia real de esta vulnerabilidad. El nombre del parche es a75fb7b198eed50d769c80c36629f38346882cbf. Se recomienda aplicar un parche para solucionar este problema. VDB-216198 es el identificador asignado a esta vulnerabilidad. NOTA: pppdump no se utiliza en el proceso normal de configuraci\u00f3n de una conexi\u00f3n PPP, no se instala con setuid-root y no se invoca autom\u00e1ticamente en ning\u00fan escenario." } ], "metrics": { @@ -109,6 +113,10 @@ "Third Party Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J43NP7ABHOCIWOFHWCH6ZCZOYKZH6723/", + "source": "cna@vuldb.com" + }, { "url": "https://vuldb.com/?id.216198", "source": "cna@vuldb.com", diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json index bb6d9d0b06f..a470bcadb18 100644 --- a/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0333.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0333", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-01-10T22:15:50.907", - "lastModified": "2024-01-11T13:57:26.160", + "lastModified": "2024-01-13T20:15:45.073", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -24,6 +24,10 @@ "url": "https://crbug.com/1513379", "source": "chrome-cve-admin@google.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BXC7FJIAZRY3P72XC4Z4UOW2QDA7YX7/", + "source": "chrome-cve-admin@google.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPYCYENYQYADCOS6XG4JITUVRZ6HTE2B/", "source": "chrome-cve-admin@google.com" diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0499.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0499.json new file mode 100644 index 00000000000..79f14625faa --- /dev/null +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0499.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0499", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-13T19:15:08.273", + "lastModified": "2024-01-13T19:15:08.273", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1DTGd_IWdS_tMOQN0Pt1-MeZ4Yv3tXiRt/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250607", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250607", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0500.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0500.json new file mode 100644 index 00000000000..7850c1bde9e --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0500.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0500", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-13T19:15:08.580", + "lastModified": "2024-01-13T19:15:08.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1z30nTAfoX58NqwIMXyHb3LB6Pv2bEm5v/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250608", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250608", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0501.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0501.json new file mode 100644 index 00000000000..8eb510e1850 --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0501.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0501", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-13T20:15:45.137", + "lastModified": "2024-01-13T20:15:45.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1xEenTDcXwNYdOxY8kdQ142nRnbcHrTRv/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250609", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250609", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0502.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0502.json new file mode 100644 index 00000000000..31eb6a1be86 --- /dev/null +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0502.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-0502", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-01-13T20:15:45.390", + "lastModified": "2024-01-13T20:15:45.390", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250610 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/file/d/1DGb371-evTgstf42t3u2dOM4KBEt5mPw/view?usp=sharing", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.250610", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.250610", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 26f3134bb5c..b5d8ae2d108 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-01-13T19:00:24.923665+00:00 +2024-01-13T21:00:24.847988+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-01-13T18:36:49.423000+00:00 +2024-01-13T20:15:45.390000+00:00 ``` ### Last Data Feed Release @@ -29,33 +29,25 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -235858 +235862 ``` ### CVEs added in the last Commit Recently added CVEs: `4` -* [CVE-2024-0495](CVE-2024/CVE-2024-04xx/CVE-2024-0495.json) (`2024-01-13T17:15:07.813`) -* [CVE-2024-0496](CVE-2024/CVE-2024-04xx/CVE-2024-0496.json) (`2024-01-13T17:15:08.120`) -* [CVE-2024-0497](CVE-2024/CVE-2024-04xx/CVE-2024-0497.json) (`2024-01-13T18:15:43.807`) -* [CVE-2024-0498](CVE-2024/CVE-2024-04xx/CVE-2024-0498.json) (`2024-01-13T18:15:44.150`) +* [CVE-2024-0499](CVE-2024/CVE-2024-04xx/CVE-2024-0499.json) (`2024-01-13T19:15:08.273`) +* [CVE-2024-0500](CVE-2024/CVE-2024-05xx/CVE-2024-0500.json) (`2024-01-13T19:15:08.580`) +* [CVE-2024-0501](CVE-2024/CVE-2024-05xx/CVE-2024-0501.json) (`2024-01-13T20:15:45.137`) +* [CVE-2024-0502](CVE-2024/CVE-2024-05xx/CVE-2024-0502.json) (`2024-01-13T20:15:45.390`) ### CVEs modified in the last Commit -Recently modified CVEs: `10` - -* [CVE-2019-11538](CVE-2019/CVE-2019-115xx/CVE-2019-11538.json) (`2024-01-13T18:36:49.423`) -* [CVE-2019-11507](CVE-2019/CVE-2019-115xx/CVE-2019-11507.json) (`2024-01-13T18:36:49.423`) -* [CVE-2019-11508](CVE-2019/CVE-2019-115xx/CVE-2019-11508.json) (`2024-01-13T18:36:49.423`) -* [CVE-2019-11510](CVE-2019/CVE-2019-115xx/CVE-2019-11510.json) (`2024-01-13T18:36:49.423`) -* [CVE-2019-11509](CVE-2019/CVE-2019-115xx/CVE-2019-11509.json) (`2024-01-13T18:36:49.423`) -* [CVE-2021-22893](CVE-2021/CVE-2021-228xx/CVE-2021-22893.json) (`2024-01-13T18:36:49.423`) -* [CVE-2021-22894](CVE-2021/CVE-2021-228xx/CVE-2021-22894.json) (`2024-01-13T18:36:49.423`) -* [CVE-2021-22899](CVE-2021/CVE-2021-228xx/CVE-2021-22899.json) (`2024-01-13T18:36:49.423`) -* [CVE-2021-22900](CVE-2021/CVE-2021-229xx/CVE-2021-22900.json) (`2024-01-13T18:36:49.423`) -* [CVE-2021-22908](CVE-2021/CVE-2021-229xx/CVE-2021-22908.json) (`2024-01-13T18:36:49.423`) +Recently modified CVEs: `2` + +* [CVE-2022-4603](CVE-2022/CVE-2022-46xx/CVE-2022-4603.json) (`2024-01-13T20:15:44.760`) +* [CVE-2024-0333](CVE-2024/CVE-2024-03xx/CVE-2024-0333.json) (`2024-01-13T20:15:45.073`) ## Download and Usage