From 6d9e239a28ff9e9e15e9e00b9eb05a40df92b7d8 Mon Sep 17 00:00:00 2001 From: github-actions Date: Fri, 17 Jan 2025 14:04:05 +0000 Subject: [PATCH] NVD Sync 2025-01-17 14:04 --- cpematch/28/28590072-97B9-488D-ABC1-F87D86A0EB25.json | 1 + cpematch/4B/4BEDC5B5-4E5A-410D-885F-BC2B3B38408C.json | 1 + cpematch/90/901DACED-5F83-45F1-B5EC-F0C73BBAE52E.json | 1 + cve/2022/CVE-2022-36109.json | 2 +- cve/2024/CVE-2024-3428.json | 2 +- cve/2024/CVE-2024-3445.json | 2 +- cve/2024/CVE-2024-3464.json | 2 +- syncdate.json | 8 ++++---- 8 files changed, 11 insertions(+), 8 deletions(-) create mode 100644 cpematch/28/28590072-97B9-488D-ABC1-F87D86A0EB25.json create mode 100644 cpematch/4B/4BEDC5B5-4E5A-410D-885F-BC2B3B38408C.json create mode 100644 cpematch/90/901DACED-5F83-45F1-B5EC-F0C73BBAE52E.json diff --git a/cpematch/28/28590072-97B9-488D-ABC1-F87D86A0EB25.json b/cpematch/28/28590072-97B9-488D-ABC1-F87D86A0EB25.json new file mode 100644 index 00000000000..81069b78f1f --- /dev/null +++ b/cpematch/28/28590072-97B9-488D-ABC1-F87D86A0EB25.json @@ -0,0 +1 @@ +{"matchString": {"matchCriteriaId": "28590072-97B9-488D-ABC1-F87D86A0EB25", "criteria": "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.0.0", "versionEndExcluding": "7.3.3", "lastModified": "2025-01-17T13:50:04.930", "cpeLastModified": "2025-01-17T13:50:04.930", "created": "2025-01-17T13:50:04.930", "status": "Active", "matches": [{"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.0.0:*:*:*:*:*:*:*", "cpeNameId": "C8D0A4B2-9D02-4453-A9DC-F994F0F826B1"}, {"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.0.1:*:*:*:*:*:*:*", "cpeNameId": "A8137D98-9888-465A-9E5F-E636ED66AF47"}, {"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.0.2:*:*:*:*:*:*:*", "cpeNameId": "48235247-F94D-4592-9F9F-E2557AE1701E"}, {"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.0.3:*:*:*:*:*:*:*", "cpeNameId": "8CD372C7-2693-4F48-9C9E-658139E9CE05"}, {"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.2.0:*:*:*:*:*:*:*", "cpeNameId": "2DA9BFD8-49F4-41AD-ACD0-8F158C8B2C70"}, {"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.3.0:*:*:*:*:*:*:*", "cpeNameId": "352E271D-21C4-4291-8BD7-30B1F7A277CD"}, {"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.3.1:*:*:*:*:*:*:*", "cpeNameId": "1C27C2CB-F8E1-418D-BB0E-F814AB00CC31"}, {"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.3.2:*:*:*:*:*:*:*", "cpeNameId": "DADAEF5E-2B45-4FBB-879E-FC7776CF4AB1"}]}} \ No newline at end of file diff --git a/cpematch/4B/4BEDC5B5-4E5A-410D-885F-BC2B3B38408C.json b/cpematch/4B/4BEDC5B5-4E5A-410D-885F-BC2B3B38408C.json new file mode 100644 index 00000000000..fcabcd60183 --- /dev/null +++ b/cpematch/4B/4BEDC5B5-4E5A-410D-885F-BC2B3B38408C.json @@ -0,0 +1 @@ +{"matchString": {"matchCriteriaId": "4BEDC5B5-4E5A-410D-885F-BC2B3B38408C", "criteria": "cpe:2.3:a:fortinet:fortisoar:*:*:*:*:*:*:*:*", "versionStartIncluding": "7.4.0", "versionEndExcluding": "7.4.4", "lastModified": "2025-01-17T13:50:04.930", "cpeLastModified": "2025-01-17T13:50:04.930", "created": "2025-01-17T13:50:04.930", "status": "Active", "matches": [{"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.4.0:*:*:*:*:*:*:*", "cpeNameId": "AE60A03E-1EC8-4D58-8901-39AEDD7DC9C7"}, {"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.4.1:*:*:*:*:*:*:*", "cpeNameId": "F0C5C211-AC65-446A-BD8B-CD54BA026513"}, {"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.4.2:*:*:*:*:*:*:*", "cpeNameId": "18712E89-B97B-4CA2-AFC3-3E51B87FAB00"}, {"cpeName": "cpe:2.3:a:fortinet:fortisoar:7.4.3:*:*:*:*:*:*:*", "cpeNameId": "4B90A36E-E500-43AA-82B6-DB63C02100E1"}]}} \ No newline at end of file diff --git a/cpematch/90/901DACED-5F83-45F1-B5EC-F0C73BBAE52E.json b/cpematch/90/901DACED-5F83-45F1-B5EC-F0C73BBAE52E.json new file mode 100644 index 00000000000..453dbe75937 --- /dev/null +++ b/cpematch/90/901DACED-5F83-45F1-B5EC-F0C73BBAE52E.json @@ -0,0 +1 @@ +{"matchString": {"matchCriteriaId": "901DACED-5F83-45F1-B5EC-F0C73BBAE52E", "criteria": "cpe:2.3:a:jenkins:mq_notifier:*:*:*:*:*:jenkins:*:*", "versionEndExcluding": "1.4.1", "lastModified": "2025-01-17T13:55:41.427", "cpeLastModified": "2025-01-17T13:56:11.883", "created": "2025-01-17T13:55:41.427", "status": "Active"}} \ No newline at end of file diff --git a/cve/2022/CVE-2022-36109.json b/cve/2022/CVE-2022-36109.json index 99a4c62ae59..733d6b0d8d3 100644 --- a/cve/2022/CVE-2022-36109.json +++ b/cve/2022/CVE-2022-36109.json @@ -1 +1 @@ -{"cve": {"id": "CVE-2022-36109", "sourceIdentifier": "security-advisories@github.com", "published": "2022-09-09T18:15:10.540", "lastModified": "2024-11-21T07:12:24.560", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly."}, {"lang": "es", "value": "Moby es un proyecto de c\u00f3digo abierto creado por Docker para permitir una contenci\u00f3n de software. Ha sido encontrado un bug en Moby (Docker Engine) en el que los grupos complementarios no son configurados apropiadamente. Si un atacante presenta acceso directo a un contenedor y manipula su acceso a grupos suplementarios, puede ser capaz de usar el acceso a grupos suplementarios para omitir las restricciones de grupos primarios en algunos casos, obteniendo potencialmente acceso a informaci\u00f3n confidencial o ganando la capacidad de ejecutar c\u00f3digo en ese contenedor. Este error ha sido corregido en Moby (Docker Engine) versi\u00f3n 20.10.18. Los contenedores en ejecuci\u00f3n deben ser detenidos y reiniciados para que los permisos sean corregidos. Para usuarios que no puedan actualizar, este problema puede mitigarse al no usar la instrucci\u00f3n \"\"USER $USERNAME\"\" de Dockerfile. En su lugar, llamando a \"ENTRYPOINT [\"su\", \"-\", \"user\"]\" los grupos complementarios ser\u00e1n configurados apropiadamente"}], "metrics": {"cvssMetricV31": [{"source": "security-advisories@github.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "nvd@nist.gov", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}]}, "weaknesses": [{"source": "security-advisories@github.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}, {"source": "nvd@nist.gov", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.10.18", "matchCriteriaId": "6E6EEA64-3516-4248-BE60-F537623DA9E8"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}]}]}], "references": [{"url": "https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32", "source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/moby/moby/releases/tag/v20.10.18", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU/", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/", "source": "security-advisories@github.com"}, {"url": "https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/moby/moby/releases/tag/v20.10.18", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}} \ No newline at end of file +{"cve": {"id": "CVE-2022-36109", "sourceIdentifier": "security-advisories@github.com", "published": "2022-09-09T18:15:10.540", "lastModified": "2025-01-17T13:15:19.993", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the `\"USER $USERNAME\"` Dockerfile instruction. Instead by calling `ENTRYPOINT [\"su\", \"-\", \"user\"]` the supplementary groups will be set up properly."}, {"lang": "es", "value": "Moby es un proyecto de c\u00f3digo abierto creado por Docker para permitir una contenci\u00f3n de software. Ha sido encontrado un bug en Moby (Docker Engine) en el que los grupos complementarios no son configurados apropiadamente. Si un atacante presenta acceso directo a un contenedor y manipula su acceso a grupos suplementarios, puede ser capaz de usar el acceso a grupos suplementarios para omitir las restricciones de grupos primarios en algunos casos, obteniendo potencialmente acceso a informaci\u00f3n confidencial o ganando la capacidad de ejecutar c\u00f3digo en ese contenedor. Este error ha sido corregido en Moby (Docker Engine) versi\u00f3n 20.10.18. Los contenedores en ejecuci\u00f3n deben ser detenidos y reiniciados para que los permisos sean corregidos. Para usuarios que no puedan actualizar, este problema puede mitigarse al no usar la instrucci\u00f3n \"\"USER $USERNAME\"\" de Dockerfile. En su lugar, llamando a \"ENTRYPOINT [\"su\", \"-\", \"user\"]\" los grupos complementarios ser\u00e1n configurados apropiadamente"}], "metrics": {"cvssMetricV31": [{"source": "security-advisories@github.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.8, "impactScore": 3.4}, {"source": "nvd@nist.gov", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}]}, "weaknesses": [{"source": "security-advisories@github.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}, {"source": "nvd@nist.gov", "type": "Primary", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mobyproject:moby:*:*:*:*:*:*:*:*", "versionEndExcluding": "20.10.18", "matchCriteriaId": "6E6EEA64-3516-4248-BE60-F537623DA9E8"}]}]}, {"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}, {"vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}]}]}], "references": [{"url": "https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32", "source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/moby/moby/releases/tag/v20.10.18", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4", "source": "security-advisories@github.com", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU", "source": "security-advisories@github.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ", "source": "security-advisories@github.com"}, {"url": "https://www.benthamsgaze.org/2022/08/22/vulnerability-in-linux-containers-investigation-and-mitigation", "source": "security-advisories@github.com"}, {"url": "https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"]}, {"url": "https://github.com/moby/moby/releases/tag/v20.10.18", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ/", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-3428.json b/cve/2024/CVE-2024-3428.json index fea9907b6b4..b235fe48e40 100644 --- a/cve/2024/CVE-2024-3428.json +++ b/cve/2024/CVE-2024-3428.json @@ -1 +1 @@ -{"cve": {"id": "CVE-2024-3428", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-07T18:15:13.433", "lastModified": "2024-11-21T09:29:35.087", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en SourceCodester Online Courseware 1.0 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo edit.php. La manipulaci\u00f3n del argumento id conduce a cross-site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-259600."}], "metrics": {"cvssMetricV31": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}], "cvssMetricV2": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "cna@vuldb.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-13.md", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.259600", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.259600", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.311607", "source": "cna@vuldb.com"}, {"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-13.md", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?ctiid.259600", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.259600", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?submit.311607", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}} \ No newline at end of file +{"cve": {"id": "CVE-2024-3428", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-07T18:15:13.433", "lastModified": "2025-01-17T13:44:10.790", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability has been found in SourceCodester Online Courseware 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259600."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en SourceCodester Online Courseware 1.0 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo edit.php. La manipulaci\u00f3n del argumento id conduce a cross-site scripting. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-259600."}], "metrics": {"cvssMetricV31": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "baseScore": 3.5, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.1, "impactScore": 1.4}, {"source": "nvd@nist.gov", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}], "cvssMetricV2": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "baseScore": 4.0, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "availabilityImpact": "NONE"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "cna@vuldb.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:argie:online_courseware:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "A5C774C8-8C38-4E34-B5D3-74872B5F672A"}]}]}], "references": [{"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-13.md", "source": "cna@vuldb.com", "tags": ["Exploit"]}, {"url": "https://vuldb.com/?ctiid.259600", "source": "cna@vuldb.com", "tags": ["Permissions Required"]}, {"url": "https://vuldb.com/?id.259600", "source": "cna@vuldb.com", "tags": ["Third Party Advisory"]}, {"url": "https://vuldb.com/?submit.311607", "source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/thisissuperann/Vul/blob/Online-Courseware/Online-Courseware-13.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"]}, {"url": "https://vuldb.com/?ctiid.259600", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"]}, {"url": "https://vuldb.com/?id.259600", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"]}, {"url": "https://vuldb.com/?submit.311607", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"]}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-3445.json b/cve/2024/CVE-2024-3445.json index b1ef9e8786e..02a847d258e 100644 --- a/cve/2024/CVE-2024-3445.json +++ b/cve/2024/CVE-2024-3445.json @@ -1 +1 @@ -{"cve": {"id": "CVE-2024-3445", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-08T16:15:08.410", "lastModified": "2024-11-21T09:29:37.427", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Laundry Management System 1.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /karyawan/laporan_filter. La manipulaci\u00f3n del argumento data_karyawan conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-259702 es el identificador asignado a esta vulnerabilidad."}], "metrics": {"cvssMetricV31": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "cna@vuldb.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/fubxx/CVE/blob/main/LaundryManagementSystemSQL.md", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.259702", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.259702", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.312296", "source": "cna@vuldb.com"}, {"url": "https://github.com/fubxx/CVE/blob/main/LaundryManagementSystemSQL.md", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?ctiid.259702", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.259702", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?submit.312296", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}} \ No newline at end of file +{"cve": {"id": "CVE-2024-3445", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-08T16:15:08.410", "lastModified": "2025-01-17T13:48:36.867", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Laundry Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /karyawan/laporan_filter. The manipulation of the argument data_karyawan leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259702 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en SourceCodester Laundry Management System 1.0. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /karyawan/laporan_filter. La manipulaci\u00f3n del argumento data_karyawan conduce a la inyecci\u00f3n de SQL. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. VDB-259702 es el identificador asignado a esta vulnerabilidad."}], "metrics": {"cvssMetricV31": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "nvd@nist.gov", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "cna@vuldb.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oretnom23:laundry_shop_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "77F8478B-4E78-42A1-8B3A-94E6C764FCCE"}]}]}], "references": [{"url": "https://github.com/fubxx/CVE/blob/main/LaundryManagementSystemSQL.md", "source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.259702", "source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"]}, {"url": "https://vuldb.com/?id.259702", "source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.312296", "source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/fubxx/CVE/blob/main/LaundryManagementSystemSQL.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.259702", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"]}, {"url": "https://vuldb.com/?id.259702", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.312296", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"]}]}} \ No newline at end of file diff --git a/cve/2024/CVE-2024-3464.json b/cve/2024/CVE-2024-3464.json index 428a138197e..cf17e9c0aeb 100644 --- a/cve/2024/CVE-2024-3464.json +++ b/cve/2024/CVE-2024-3464.json @@ -1 +1 @@ -{"cve": {"id": "CVE-2024-3464", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-08T20:15:08.990", "lastModified": "2024-11-21T09:29:39.347", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en SourceCodester Laundry Management System 1.0 y clasificada como cr\u00edtica. Este problema afecta la funci\u00f3n laporan_filter del archivo /application/controller/Pelanggan.php. La manipulaci\u00f3n del argumento jeniskelamin conduce a la inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-259745."}], "metrics": {"cvssMetricV31": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}], "cvssMetricV2": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "cna@vuldb.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "references": [{"url": "https://github.com/fubxx/CVE/blob/main/LaundryManagementSystemSQL2.md", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.259745", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.259745", "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?submit.312304", "source": "cna@vuldb.com"}, {"url": "https://github.com/fubxx/CVE/blob/main/LaundryManagementSystemSQL2.md", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?ctiid.259745", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?id.259745", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://vuldb.com/?submit.312304", "source": "af854a3a-2127-422b-91ae-364da2661108"}]}} \ No newline at end of file +{"cve": {"id": "CVE-2024-3464", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-08T20:15:08.990", "lastModified": "2025-01-17T13:53:08.980", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in SourceCodester Laundry Management System 1.0 and classified as critical. This issue affects the function laporan_filter of the file /application/controller/Pelanggan.php. The manipulation of the argument jeniskelamin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259745 was assigned to this vulnerability."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en SourceCodester Laundry Management System 1.0 y clasificada como cr\u00edtica. Este problema afecta la funci\u00f3n laporan_filter del archivo /application/controller/Pelanggan.php. La manipulaci\u00f3n del argumento jeniskelamin conduce a la inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-259745."}], "metrics": {"cvssMetricV31": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "nvd@nist.gov", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 5.9}], "cvssMetricV2": [{"source": "cna@vuldb.com", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "cna@vuldb.com", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:oretnom23:laundry_shop_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "77F8478B-4E78-42A1-8B3A-94E6C764FCCE"}]}]}], "references": [{"url": "https://github.com/fubxx/CVE/blob/main/LaundryManagementSystemSQL2.md", "source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.259745", "source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"]}, {"url": "https://vuldb.com/?id.259745", "source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.312304", "source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://github.com/fubxx/CVE/blob/main/LaundryManagementSystemSQL2.md", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.259745", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required", "Third Party Advisory"]}, {"url": "https://vuldb.com/?id.259745", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.312304", "source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"]}]}} \ No newline at end of file diff --git a/syncdate.json b/syncdate.json index 044077d01cf..2e9137faf42 100644 --- a/syncdate.json +++ b/syncdate.json @@ -1,10 +1,10 @@ { "vulnerabilities": { - "lastModStartDate": "2025-01-17T10:03:16.833", - "lastModEndDate": "2025-01-17T12:03:42.793" + "lastModStartDate": "2025-01-17T12:03:42.793", + "lastModEndDate": "2025-01-17T14:04:00.647" }, "matchStrings": { - "lastModStartDate": "2025-01-17T10:03:04.323", - "lastModEndDate": "2025-01-17T12:03:34.390" + "lastModStartDate": "2025-01-17T12:03:34.390", + "lastModEndDate": "2025-01-17T14:03:26.090" } } \ No newline at end of file