From f1927030dfa48a0f2ca523287e2f35c121305fb2 Mon Sep 17 00:00:00 2001 From: cvelistV5 Github Action Date: Sat, 19 Oct 2024 23:00:18 +0000 Subject: [PATCH] 2 changes (1 new | 1 updated): - 1 new CVEs: CVE-2024-10158 - 1 updated CVEs: CVE-2024-29916 --- cves/2024/10xxx/CVE-2024-10158.json | 151 ++++++++++++++++++++++++++++ cves/2024/29xxx/CVE-2024-29916.json | 11 +- cves/delta.json | 21 ++-- cves/deltaLog.json | 75 ++++---------- 4 files changed, 193 insertions(+), 65 deletions(-) create mode 100644 cves/2024/10xxx/CVE-2024-10158.json diff --git a/cves/2024/10xxx/CVE-2024-10158.json b/cves/2024/10xxx/CVE-2024-10158.json new file mode 100644 index 000000000000..512ae709552c --- /dev/null +++ b/cves/2024/10xxx/CVE-2024-10158.json @@ -0,0 +1,151 @@ +{ + "dataType": "CVE_RECORD", + "dataVersion": "5.1", + "cveMetadata": { + "cveId": "CVE-2024-10158", + "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "state": "PUBLISHED", + "assignerShortName": "VulDB", + "dateReserved": "2024-10-18T19:16:44.505Z", + "datePublished": "2024-10-19T23:00:07.132Z", + "dateUpdated": "2024-10-19T23:00:07.132Z" + }, + "containers": { + "cna": { + "providerMetadata": { + "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", + "shortName": "VulDB", + "dateUpdated": "2024-10-19T23:00:07.132Z" + }, + "title": "PHPGurukul Boat Booking System session_start session fixiation", + "problemTypes": [ + { + "descriptions": [ + { + "type": "CWE", + "cweId": "CWE-384", + "lang": "en", + "description": "Session Fixiation" + } + ] + } + ], + "affected": [ + { + "vendor": "PHPGurukul", + "product": "Boat Booking System", + "versions": [ + { + "version": "1.0", + "status": "affected" + } + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as problematic has been found in PHPGurukul Boat Booking System 1.0. Affected is the function session_start. The manipulation leads to session fixiation. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "de", + "value": "Es wurde eine problematische Schwachstelle in PHPGurukul Boat Booking System 1.0 entdeckt. Betroffen hiervon ist die Funktion session_start. Durch Manipulation mit unbekannten Daten kann eine session fixiation-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung." + } + ], + "metrics": [ + { + "cvssV4_0": { + "version": "4.0", + "baseScore": 6.9, + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_1": { + "version": "3.1", + "baseScore": 4.3, + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV3_0": { + "version": "3.0", + "baseScore": 4.3, + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseSeverity": "MEDIUM" + } + }, + { + "cvssV2_0": { + "version": "2.0", + "baseScore": 5, + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N" + } + } + ], + "timeline": [ + { + "time": "2024-10-18T00:00:00.000Z", + "lang": "en", + "value": "Advisory disclosed" + }, + { + "time": "2024-10-18T02:00:00.000Z", + "lang": "en", + "value": "VulDB entry created" + }, + { + "time": "2024-10-18T21:22:13.000Z", + "lang": "en", + "value": "VulDB entry last update" + } + ], + "credits": [ + { + "lang": "en", + "value": "jadu101 (VulDB User)", + "type": "reporter" + } + ], + "references": [ + { + "url": "https://vuldb.com/?id.280944", + "name": "VDB-280944 | PHPGurukul Boat Booking System session_start session fixiation", + "tags": [ + "vdb-entry", + "technical-description" + ] + }, + { + "url": "https://vuldb.com/?ctiid.280944", + "name": "VDB-280944 | CTI Indicators (IOB, IOC, IOA)", + "tags": [ + "signature", + "permissions-required" + ] + }, + { + "url": "https://vuldb.com/?submit.425414", + "name": "Submit #425414 | PHPGurukul Boat Booking System 1.0 Session Fixiation", + "tags": [ + "third-party-advisory" + ] + }, + { + "url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_boat_booking_system_session_fixation.md", + "tags": [ + "exploit" + ] + }, + { + "url": "https://phpgurukul.com/", + "tags": [ + "product" + ] + } + ] + } + } +} \ No newline at end of file diff --git a/cves/2024/29xxx/CVE-2024-29916.json b/cves/2024/29xxx/CVE-2024-29916.json index bcf4f210a6e6..a7dbe5f74089 100644 --- a/cves/2024/29xxx/CVE-2024-29916.json +++ b/cves/2024/29xxx/CVE-2024-29916.json @@ -1,12 +1,11 @@ { "dataType": "CVE_RECORD", - "dataVersion": "5.1", "cveMetadata": { "state": "PUBLISHED", "cveId": "CVE-2024-29916", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", - "dateUpdated": "2024-08-02T01:17:58.598Z", + "dateUpdated": "2024-10-19T22:56:01.256760", "dateReserved": "2024-03-21T00:00:00", "datePublished": "2024-03-21T00:00:00" }, @@ -15,7 +14,7 @@ "providerMetadata": { "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", - "dateUpdated": "2024-03-21T16:54:26.023680" + "dateUpdated": "2024-10-19T22:56:01.256760" }, "descriptions": [ { @@ -44,6 +43,9 @@ }, { "url": "https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/" + }, + { + "url": "https://www.youtube.com/watch?v=4cx0RUV7i0s" } ], "problemTypes": [ @@ -230,5 +232,6 @@ ] } ] - } + }, + "dataVersion": "5.1" } \ No newline at end of file diff --git a/cves/delta.json b/cves/delta.json index 8d2a4fbdfef5..8ed321d04b6b 100644 --- a/cves/delta.json +++ b/cves/delta.json @@ -1,14 +1,21 @@ { - "fetchTime": "2024-10-19T22:36:15.704Z", - "numberOfChanges": 1, + "fetchTime": "2024-10-19T23:00:11.627Z", + "numberOfChanges": 2, "new": [ { - "cveId": "CVE-2024-10157", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-10157", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/10xxx/CVE-2024-10157.json", - "dateUpdated": "2024-10-19T22:31:05.359Z" + "cveId": "CVE-2024-10158", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-10158", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/10xxx/CVE-2024-10158.json", + "dateUpdated": "2024-10-19T23:00:07.132Z" + } + ], + "updated": [ + { + "cveId": "CVE-2024-29916", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-29916", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/29xxx/CVE-2024-29916.json", + "dateUpdated": "2024-10-19T22:56:01.256760" } ], - "updated": [], "error": [] } \ No newline at end of file diff --git a/cves/deltaLog.json b/cves/deltaLog.json index ab3a5bc39f90..60572f70ab73 100644 --- a/cves/deltaLog.json +++ b/cves/deltaLog.json @@ -1,4 +1,25 @@ [ + { + "fetchTime": "2024-10-19T23:00:11.627Z", + "numberOfChanges": 2, + "new": [ + { + "cveId": "CVE-2024-10158", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-10158", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/10xxx/CVE-2024-10158.json", + "dateUpdated": "2024-10-19T23:00:07.132Z" + } + ], + "updated": [ + { + "cveId": "CVE-2024-29916", + "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-29916", + "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/29xxx/CVE-2024-29916.json", + "dateUpdated": "2024-10-19T22:56:01.256760" + } + ], + "error": [] + }, { "fetchTime": "2024-10-19T22:36:15.704Z", "numberOfChanges": 1, @@ -130982,59 +131003,5 @@ ], "updated": [], "error": [] - }, - { - "fetchTime": "2024-09-19T22:55:34.851Z", - "numberOfChanges": 2, - "new": [ - { - "cveId": "CVE-2023-27584", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-27584", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/27xxx/CVE-2023-27584.json", - "dateUpdated": "2024-09-19T22:54:40.045Z" - }, - { - "cveId": "CVE-2024-45410", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-45410", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/45xxx/CVE-2024-45410.json", - "dateUpdated": "2024-09-19T22:51:02.622Z" - } - ], - "updated": [], - "error": [] - }, - { - "fetchTime": "2024-09-19T22:47:42.045Z", - "numberOfChanges": 2, - "new": [ - { - "cveId": "CVE-2024-45614", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-45614", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/45xxx/CVE-2024-45614.json", - "dateUpdated": "2024-09-19T22:42:33.974Z" - }, - { - "cveId": "CVE-2024-46983", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-46983", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/46xxx/CVE-2024-46983.json", - "dateUpdated": "2024-09-19T22:47:14.438Z" - } - ], - "updated": [], - "error": [] - }, - { - "fetchTime": "2024-09-19T22:39:51.430Z", - "numberOfChanges": 1, - "new": [ - { - "cveId": "CVE-2024-46984", - "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-46984", - "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/46xxx/CVE-2024-46984.json", - "dateUpdated": "2024-09-19T22:38:21.169Z" - } - ], - "updated": [], - "error": [] } ] \ No newline at end of file