Auto-Update: 2024-04-05T06:00:37.918037+00:00

CVE-2024/CVE-2024-25xx/CVE-2024-2509.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-2509",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-04-05T05:15:07.463",
+  "lastModified": "2024-04-05T05:15:07.463",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Gutenberg Blocks by Kadence Blocks  WordPress plugin before 3.2.26 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/dec4a632-e04b-4fdd-86e4-48304b892a4f/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-32xx/CVE-2024-3272.json

@@ -2,12 +2,16 @@
   "id": "CVE-2024-3272",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-04-04T01:15:50.123",
-  "lastModified": "2024-04-04T12:48:41.700",
+  "lastModified": "2024-04-05T05:15:07.580",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
       "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as very critical, has been found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. This issue affects some unknown processing of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument user with the input messagebus leads to hard-coded credentials. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-259283. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
+    },
+    {
+      "lang": "es",
+      "value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** Se encontr\u00f3 una vulnerabilidad, que fue clasificada como muy cr\u00edtica, en D-Link DNS-320L, DNS-325, DNS-327L y DNS-340L hasta 20240403. Este problema afecta a algunos procesamientos desconocidos de el archivo /cgi-bin/nas_sharing.cgi del componente HTTP GET Request Handler. La manipulaci\u00f3n del argumento usuario con el bus de mensajes de entrada conduce a credenciales codificadas. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-259283. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
     }
   ],
   "metrics": {
@@ -76,6 +80,10 @@
       "url": "https://github.com/netsecfish/dlink",
       "source": "cna@vuldb.com"
     },
+    {
+      "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
+      "source": "cna@vuldb.com"
+    },
     {
       "url": "https://vuldb.com/?ctiid.259283",
       "source": "cna@vuldb.com"

CVE-2024/CVE-2024-32xx/CVE-2024-3273.json

@@ -2,12 +2,16 @@
   "id": "CVE-2024-3273",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-04-04T01:15:50.387",
-  "lastModified": "2024-04-04T12:48:41.700",
+  "lastModified": "2024-04-05T05:15:07.747",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
       "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
+    },
+    {
+      "lang": "es",
+      "value": "** NO SOPORTADO CUANDO SE ASIGN\u00d3 ** Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en D-Link DNS-320L, DNS-325, DNS-327L y DNS-340L hasta 20240403. Una funci\u00f3n desconocida del archivo / cgi-bin/nas_sharing.cgi del componente HTTP GET Request Handler. La manipulaci\u00f3n del SYSTEM de argumentos conduce a la inyecci\u00f3n de comandos. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-259284. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
     }
   ],
   "metrics": {
@@ -76,6 +80,10 @@
       "url": "https://github.com/netsecfish/dlink",
       "source": "cna@vuldb.com"
     },
+    {
+      "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
+      "source": "cna@vuldb.com"
+    },
     {
       "url": "https://vuldb.com/?ctiid.259284",
       "source": "cna@vuldb.com"

CVE-2024/CVE-2024-32xx/CVE-2024-3274.json

@@ -2,12 +2,16 @@
   "id": "CVE-2024-3274",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-04-04T02:15:07.627",
-  "lastModified": "2024-04-04T12:48:41.700",
+  "lastModified": "2024-04-05T05:15:07.843",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
       "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability has been found in D-Link DNS-320L, DNS-320LW and DNS-327L up to 20240403 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/info.cgi of the component HTTP GET Request Handler. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259285 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
+    },
+    {
+      "lang": "es",
+      "value": "** NO COMPATIBLE CUANDO SE ASIGN\u00d3 ** Se ha encontrado una vulnerabilidad en D-Link DNS-320L, DNS-320LW y DNS-327L hasta 20240403 y se ha clasificado como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /cgi-bin/info.cgi del componente HTTP GET Request Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n conduce a la divulgaci\u00f3n de informaci\u00f3n. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-259285. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante. NOTA: Se contact\u00f3 primeramente con el proveedor y se confirm\u00f3 de inmediato que el producto ha llegado al final de su vida \u00fatil. Deber\u00eda retirarse y reemplazarse."
     }
   ],
   "metrics": {
@@ -76,6 +80,10 @@
       "url": "https://github.com/netsecfish/info_cgi",
       "source": "cna@vuldb.com"
     },
+    {
+      "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
+      "source": "cna@vuldb.com"
+    },
     {
       "url": "https://vuldb.com/?ctiid.259285",
       "source": "cna@vuldb.com"

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-04-05T04:00:37.972565+00:00
+2024-04-05T06:00:37.918037+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-04-05T03:15:07.770000+00:00
+2024-04-05T05:15:07.843000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,20 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-244167
+244168
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `1`
 
-- [CVE-2023-5973](CVE-2023/CVE-2023-59xx/CVE-2023-5973.json) (`2024-04-05T03:15:07.770`)
+- [CVE-2024-2509](CVE-2024/CVE-2024-25xx/CVE-2024-2509.json) (`2024-04-05T05:15:07.463`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `3`
 
+- [CVE-2024-3272](CVE-2024/CVE-2024-32xx/CVE-2024-3272.json) (`2024-04-05T05:15:07.580`)
+- [CVE-2024-3273](CVE-2024/CVE-2024-32xx/CVE-2024-3273.json) (`2024-04-05T05:15:07.747`)
+- [CVE-2024-3274](CVE-2024/CVE-2024-32xx/CVE-2024-3274.json) (`2024-04-05T05:15:07.843`)
 
 
 ## Download and Usage

_state.csv

@@ -237008,7 +237008,7 @@ CVE-2023-5968,0,0,3df68a2dd455892737ae4ccd5a51eebeb6501735dcdf4b0df0cec23abf6d9c
 CVE-2023-5969,0,0,134a47156763573087c261bbe70bb15989d9036802658ea7ded005b60736db52,2023-11-14T17:13:54.790000
 CVE-2023-5970,0,0,a3d173231982020ef5f7b38c5168b740ee778873f57c322454e8fe7b89485a50,2023-12-13T15:32:02.247000
 CVE-2023-5972,0,0,656064d47e5a67cc669b3046e3f9950e9c88ceaf574ff9ba75f67da5f86ce1b3,2023-11-30T20:31:31.227000
-CVE-2023-5973,1,1,32a44e92efb19c712cd19c194485505b305f6c23b4a7c9444fc75fd9a02a489d,2024-04-05T03:15:07.770000
+CVE-2023-5973,0,0,32a44e92efb19c712cd19c194485505b305f6c23b4a7c9444fc75fd9a02a489d,2024-04-05T03:15:07.770000
 CVE-2023-5974,0,0,fa5f45166fa670d4c6344a3fb91459f3146ad2d35e7850fcf71ad2fdc079fd1e,2023-12-01T20:14:58.070000
 CVE-2023-5975,0,0,30b6644af3852b24c8154dd79a3d90d108a53c8bc9032f107504cbc0845a2880,2023-11-14T18:11:18.403000
 CVE-2023-5976,0,0,97d27a9c52f95e55c71eed6991c193cbb58fd61fdb979d5c6cfd47c0258b66ff,2023-11-14T18:39:05.787000
@@ -241658,6 +241658,7 @@ CVE-2024-25081,0,0,c28ed534590feb1739659669df4a7c74247df29d1ac0d5daa9ed512959af8
 CVE-2024-25082,0,0,0376e5832e39b19bc504b78433ebb158054a5715ce980118648e2b6c7f603eff,2024-03-23T03:15:11.393000
 CVE-2024-25083,0,0,ecc895ce722780048524674e78ace2df40ec2c99910e00911749a5ffd9d0dca3,2024-02-16T21:39:50.223000
 CVE-2024-25089,0,0,5efabd2c26974f37d1846cb1668b5b36df31dff51c549d5b8d4c512bfb0c7d05,2024-02-13T00:38:12.137000
+CVE-2024-2509,1,1,e34a229d63bc84791384d23b01283323f1475cd5ed4d696c700df524b07d1dcb,2024-04-05T05:15:07.463000
 CVE-2024-25091,0,0,01b357047b564e780ed13b7e87b2fb8ec79ae12ad4e744cc9437e3dc74a94964,2024-03-01T14:04:04.827000
 CVE-2024-25093,0,0,c29d732f68144a1dd5d537415c8d51940073ac1e6ff114431aa6a52d78b263f0,2024-02-29T13:49:29.390000
 CVE-2024-25094,0,0,6ba9f5c53aa4aac51446efc522144ae35e985d8a070a664685b43e0df39aa007,2024-02-29T13:49:29.390000
@@ -244154,9 +244155,9 @@ CVE-2024-3258,0,0,16d450bc3554c2a319117adc94d8a7dcb1f68b8821fc173e15562a1ba48b30
 CVE-2024-3259,0,0,59128ca045cd2f7fbe88d58e11ffcce19ef1d2f5d6abea61087e98d65d4fd821,2024-04-03T17:24:18.150000
 CVE-2024-3262,0,0,cf821e2b5e43ebb35bf150d05529241937c1e196ce499175549668020b0990b1,2024-04-04T12:48:22.650000
 CVE-2024-3270,0,0,06803f1697053009ed748b01b78c6c9cfb2903b8272aa543347ffd9d7a62c641,2024-04-04T12:48:41.700000
-CVE-2024-3272,0,0,f5835433047c6a0c2284c0da39d8664773c7fc640a51a26f69a0df8df0141ed9,2024-04-04T12:48:41.700000
-CVE-2024-3273,0,0,6c4361eb020cbc89b8e3680431d3975940d415eea637023ddf0a1fa43ba10972,2024-04-04T12:48:41.700000
-CVE-2024-3274,0,0,b6fe16ea3476ba5bfff59d78cd515051a8d17caf21476f4663ff5fcf2d000465,2024-04-04T12:48:41.700000
+CVE-2024-3272,0,1,32d3ad93a54dc7dcb0170715c810c40dd0605ff3f1d2f7f8a6ff591782374412,2024-04-05T05:15:07.580000
+CVE-2024-3273,0,1,1ae2eaf61f98318aed8ff92c4b5febb2d8229962f8b7b2bc67bc40cbaea73f73,2024-04-05T05:15:07.747000
+CVE-2024-3274,0,1,64bfe86321ec1e05b957bdddb515317b23c7b94e70b2d69aa950c222026c2d4b,2024-04-05T05:15:07.843000
 CVE-2024-3296,0,0,166fd19b54c7f066a468db032b1192efadbbddbd2bd126df3550e4cdc8bb66bf,2024-04-04T16:33:06.610000
 CVE-2024-3298,0,0,56186a0c5d2e3bcaa6b6bd1b394585c42533a8f19e8ba33fa08b025b47b84ed1,2024-04-04T16:33:06.610000
 CVE-2024-3299,0,0,e27ead5ec50888cbdeacdd9f017ce3d5215207dea15a19473541db1dd6d943fd,2024-04-04T16:33:06.610000