Auto-Update: 2024-10-08T12:00:19.348672+00:00

fkie-cad · Oct 8, 2024 · 37e74a7 · 37e74a7
1 parent 1fbdbff
commit 37e74a7
Show file tree

Hide file tree

Showing 16 changed files with 731 additions and 122 deletions.
diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26315.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26315.json
@@ -2,8 +2,8 @@
  "id": "CVE-2023-26315",
  "sourceIdentifier": "[email protected]",
  "published": "2024-08-26T12:15:05.387",
- "lastModified": "2024-09-06T22:25:54.637",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-10-08T10:15:03.300",
+ "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
  {
@@ -69,6 +69,16 @@
  "value": "CWE-77"
  }
  ]
+ },
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
  }
  ],
  "configurations": [

diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26317.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26317.json
@@ -2,13 +2,13 @@
  "id": "CVE-2023-26317",
  "sourceIdentifier": "[email protected]",
  "published": "2023-08-02T14:15:10.407",
- "lastModified": "2023-08-07T16:18:22.053",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-10-08T10:15:03.907",
+ "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
  {
  "lang": "en",
- "value": "A vulnerability has been discovered in Xiaomi routers that could allow command injection through an external interface. This vulnerability arises from inadequate filtering of responses returned from the external interface. Attackers could exploit this vulnerability by hijacking the ISP or an upper-layer router to gain privileges on the Xiaomi router. Successful exploitation of this flaw could permit remote code execution and complete compromise of the device."
+ "value": "Xiaomi routers have an external interface that can lead to command injection. The vulnerability is caused by lax filtering of responses from external interfaces. Attackers can exploit this vulnerability to gain access to the router by hijacking the ISP or upper-layer routing."
  }
  ],
  "metrics": {
@@ -32,6 +32,26 @@
  },
  "exploitabilityScore": 3.9,
  "impactScore": 5.9
+ },
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:L",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "LOW",
+ "baseScore": 7.0,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 2.2,
+ "impactScore": 4.7
  }
  ]
  },
@@ -45,6 +65,16 @@
  "value": "CWE-77"
  }
  ]
+ },
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-78"
+ }
+ ]
  }
  ],
  "configurations": [

diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26319.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26319.json
@@ -2,7 +2,7 @@
  "id": "CVE-2023-26319",
  "sourceIdentifier": "[email protected]",
  "published": "2023-10-11T07:15:10.103",
- "lastModified": "2024-10-08T09:15:08.063",
+ "lastModified": "2024-10-08T10:15:04.190",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@@ -76,7 +76,7 @@
  "description": [
  {
  "lang": "en",
- "value": "CWE-78"
+ "value": "CWE-120"
  }
  ]
  }

diff --git a/CVE-2023/CVE-2023-263xx/CVE-2023-26320.json b/CVE-2023/CVE-2023-263xx/CVE-2023-26320.json
@@ -2,8 +2,8 @@
  "id": "CVE-2023-26320",
  "sourceIdentifier": "[email protected]",
  "published": "2023-10-11T07:15:10.257",
- "lastModified": "2023-10-16T19:04:10.920",
- "vulnStatus": "Analyzed",
+ "lastModified": "2024-10-08T10:15:04.293",
+ "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
  {
@@ -76,7 +76,7 @@
  "description": [
  {
  "lang": "en",
- "value": "CWE-77"
+ "value": "CWE-120"
  }
  ]
  }

diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3506.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3506.json
@@ -0,0 +1,100 @@
+{
+ "id": "CVE-2024-3506",
+ "sourceIdentifier": "cf45122d-9d50-442a-9b23-e05cde9943d8",
+ "published": "2024-10-08T10:15:04.417",
+ "lastModified": "2024-10-08T10:15:04.417",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A possible buffer overflow in selected cameras' drivers from XProtect Device Pack can allow an attacker with access to internal network to execute commands on Recording Server under strict conditions."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV40": [
+ {
+ "source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "4.0",
+ "vectorString": "CVSS:4.0/AV:A/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
+ "attackVector": "ADJACENT",
+ "attackComplexity": "HIGH",
+ "attackRequirements": "PRESENT",
+ "privilegesRequired": "NONE",
+ "userInteraction": "ACTIVE",
+ "vulnerableSystemConfidentiality": "HIGH",
+ "vulnerableSystemIntegrity": "HIGH",
+ "vulnerableSystemAvailability": "LOW",
+ "subsequentSystemConfidentiality": "LOW",
+ "subsequentSystemIntegrity": "LOW",
+ "subsequentSystemAvailability": "LOW",
+ "exploitMaturity": "NOT_DEFINED",
+ "confidentialityRequirements": "NOT_DEFINED",
+ "integrityRequirements": "NOT_DEFINED",
+ "availabilityRequirements": "NOT_DEFINED",
+ "modifiedAttackVector": "NOT_DEFINED",
+ "modifiedAttackComplexity": "NOT_DEFINED",
+ "modifiedAttackRequirements": "NOT_DEFINED",
+ "modifiedPrivilegesRequired": "NOT_DEFINED",
+ "modifiedUserInteraction": "NOT_DEFINED",
+ "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
+ "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
+ "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
+ "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
+ "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
+ "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
+ "safety": "NOT_DEFINED",
+ "automatable": "NOT_DEFINED",
+ "recovery": "NOT_DEFINED",
+ "valueDensity": "NOT_DEFINED",
+ "vulnerabilityResponseEffort": "NOT_DEFINED",
+ "providerUrgency": "NOT_DEFINED",
+ "baseScore": 7.3,
+ "baseSeverity": "HIGH"
+ }
+ }
+ ],
+ "cvssMetricV31": [
+ {
+ "source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.7,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 1.2,
+ "impactScore": 5.5
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "cf45122d-9d50-442a-9b23-e05cde9943d8",
+ "type": "Secondary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-120"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://supportcommunity.milestonesys.com/KBRedir?art=000065801&lang=en_US",
+ "source": "cf45122d-9d50-442a-9b23-e05cde9943d8"
+ }
+ ]
+}
diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45277.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45277.json
@@ -2,7 +2,7 @@
  "id": "CVE-2024-45277",
  "sourceIdentifier": "[email protected]",
  "published": "2024-10-08T04:15:08.133",
- "lastModified": "2024-10-08T04:15:08.133",
+ "lastModified": "2024-10-08T10:15:04.770",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
@@ -55,6 +55,10 @@
  {
  "url": "https://url.sap/sapsecuritypatchday",
  "source": "[email protected]"
+ },
+ {
+ "url": "https://www.npmjs.com/package/@sap/hana-client?activeTab=code",
+ "source": "[email protected]"
  }
  ]
 }
diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8422.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8422.json
@@ -0,0 +1,56 @@
+{
+ "id": "CVE-2024-8422",
+ "sourceIdentifier": "[email protected]",
+ "published": "2024-10-08T10:15:04.880",
+ "lastModified": "2024-10-08T10:15:04.880",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CWE-416: Use After Free vulnerability exists that could cause arbitrary code execution, denial\nof service and loss of confidentiality & integrity when application user opens a malicious Zelio\nSoft 2 project file."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Secondary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ },
+ "exploitabilityScore": 1.8,
+ "impactScore": 5.9
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-416"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-282-06&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-282-06.pdf",
+ "source": "[email protected]"
+ }
+ ]
+}
diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8433.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8433.json
@@ -0,0 +1,68 @@
+{
+ "id": "CVE-2024-8433",
+ "sourceIdentifier": "[email protected]",
+ "published": "2024-10-08T10:15:05.110",
+ "lastModified": "2024-10-08T10:15:05.110",
+ "vulnStatus": "Received",
+ "cveTags": [],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Easy Mega Menu Plugin for WordPress \u2013 ThemeHunk plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018themehunk_megamenu_bg_image' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that this was partially fixed in 1.1.0 due to the missing authorization protection that was added."
+ }
+ ],
+ "metrics": {
+ "cvssMetricV31": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "cvssData": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "attackVector": "NETWORK",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "LOW",
+ "userInteraction": "NONE",
+ "scope": "CHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ },
+ "exploitabilityScore": 3.1,
+ "impactScore": 2.7
+ }
+ ]
+ },
+ "weaknesses": [
+ {
+ "source": "[email protected]",
+ "type": "Primary",
+ "description": [
+ {
+ "lang": "en",
+ "value": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/themehunk-megamenu-plus/tags/1.1.0/views/admin/item_settings.php?rev=3156084#L196",
+ "source": "[email protected]"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/themehunk-megamenu-plus/trunk/inc/megamenu-base.php#L35",
+ "source": "[email protected]"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3163871%40themehunk-megamenu-plus&new=3163871%40themehunk-megamenu-plus&sfp_email=&sfph_mail=#file21",
+ "source": "[email protected]"
+ },
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fc661cfd-6290-4b36-858a-cf2269b5fcf9?source=cve",
+ "source": "[email protected]"
+ }
+ ]
+}