From 10f039c33a5b1331746a3212b93cabb504053368 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 11 Jun 2024 04:03:11 +0000 Subject: [PATCH] Auto-Update: 2024-06-11T04:00:18.881608+00:00 --- CVE-2023/CVE-2023-67xx/CVE-2023-6745.json | 47 ++++++++++++++++ CVE-2023/CVE-2023-67xx/CVE-2023-6748.json | 47 ++++++++++++++++ CVE-2024/CVE-2024-06xx/CVE-2024-0627.json | 47 ++++++++++++++++ CVE-2024/CVE-2024-06xx/CVE-2024-0653.json | 47 ++++++++++++++++ CVE-2024/CVE-2024-24xx/CVE-2024-2473.json | 47 ++++++++++++++++ CVE-2024/CVE-2024-281xx/CVE-2024-28164.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-330xx/CVE-2024-33001.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-346xx/CVE-2024-34683.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-346xx/CVE-2024-34684.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-346xx/CVE-2024-34686.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-346xx/CVE-2024-34688.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-346xx/CVE-2024-34690.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-346xx/CVE-2024-34691.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-371xx/CVE-2024-37130.json | 55 +++++++++++++++++++ CVE-2024/CVE-2024-371xx/CVE-2024-37176.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-371xx/CVE-2024-37177.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-371xx/CVE-2024-37178.json | 59 +++++++++++++++++++++ CVE-2024/CVE-2024-50xx/CVE-2024-5090.json | 47 ++++++++++++++++ README.md | 31 ++++++++--- _state.csv | 24 +++++++-- 20 files changed, 1030 insertions(+), 11 deletions(-) create mode 100644 CVE-2023/CVE-2023-67xx/CVE-2023-6745.json create mode 100644 CVE-2023/CVE-2023-67xx/CVE-2023-6748.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0627.json create mode 100644 CVE-2024/CVE-2024-06xx/CVE-2024-0653.json create mode 100644 CVE-2024/CVE-2024-24xx/CVE-2024-2473.json create mode 100644 CVE-2024/CVE-2024-281xx/CVE-2024-28164.json create mode 100644 CVE-2024/CVE-2024-330xx/CVE-2024-33001.json create mode 100644 CVE-2024/CVE-2024-346xx/CVE-2024-34683.json create mode 100644 CVE-2024/CVE-2024-346xx/CVE-2024-34684.json create mode 100644 CVE-2024/CVE-2024-346xx/CVE-2024-34686.json create mode 100644 CVE-2024/CVE-2024-346xx/CVE-2024-34688.json create mode 100644 CVE-2024/CVE-2024-346xx/CVE-2024-34690.json create mode 100644 CVE-2024/CVE-2024-346xx/CVE-2024-34691.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37130.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37176.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37177.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37178.json create mode 100644 CVE-2024/CVE-2024-50xx/CVE-2024-5090.json diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6745.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6745.json new file mode 100644 index 00000000000..561b582e7bc --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6745.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-6745", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-11T03:15:09.087", + "lastModified": "2024-06-11T03:15:09.087", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/25d07a99-d425-4e1a-8adf-d12071552882?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-67xx/CVE-2023-6748.json b/CVE-2023/CVE-2023-67xx/CVE-2023-6748.json new file mode 100644 index 00000000000..fb9c60abc66 --- /dev/null +++ b/CVE-2023/CVE-2023-67xx/CVE-2023-6748.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2023-6748", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-11T03:15:09.310", + "lastModified": "2024-06-11T03:15:09.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary post metadata." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7fcd0410-9423-4349-8d1c-3551de38a7c7?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0627.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0627.json new file mode 100644 index 00000000000..9e2999937f9 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0627.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0627", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-11T03:15:09.520", + "lastModified": "2024-06-11T03:15:09.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/637f07c6-68cd-4ac6-83fd-65dbaab882fc?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0653.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0653.json new file mode 100644 index 00000000000..a1b2ea264f8 --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0653.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-0653", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-11T03:15:09.723", + "lastModified": "2024-06-11T03:15:09.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069937%40custom-field-template&new=3069937%40custom-field-template&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a88330e-fbeb-4ac7-a143-a59766accbeb?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-24xx/CVE-2024-2473.json b/CVE-2024/CVE-2024-24xx/CVE-2024-2473.json new file mode 100644 index 00000000000..4ccf1c5197a --- /dev/null +++ b/CVE-2024/CVE-2024-24xx/CVE-2024-2473.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-2473", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-11T03:15:10.183", + "lastModified": "2024-06-11T03:15:10.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may have been hidden by the plugin." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3099109/wps-hide-login", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd21c7d3-a5f1-4c3a-b6ab-0a979f070a62?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28164.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28164.json new file mode 100644 index 00000000000..2005375893f --- /dev/null +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28164.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28164", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T03:15:09.953", + "lastModified": "2024-06-11T03:15:09.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SAP NetWeaver AS Java (CAF - Guided Procedures)\nallows an unauthenticated user to access non-sensitive information about the\nserver which would otherwise be restricted causing low impact on\nconfidentiality of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + }, + { + "url": "https://me.sap.com/notes/3425571", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-330xx/CVE-2024-33001.json b/CVE-2024/CVE-2024-330xx/CVE-2024-33001.json new file mode 100644 index 00000000000..5a1e4d2786d --- /dev/null +++ b/CVE-2024/CVE-2024-330xx/CVE-2024-33001.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-33001", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T03:15:10.393", + "lastModified": "2024-06-11T03:15:10.393", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SAP NetWeaver and ABAP platform allows an\nattacker to impede performance for legitimate users by crashing or flooding the\nservice.\n\n\n\nAn\nimpact of this Denial of Service vulnerability might be long response delays\nand service interruptions, thus degrading the service quality experienced by\nlegitimate users causing high impact on availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3453170", + "source": "cna@sap.com" + }, + { + "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34683.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34683.json new file mode 100644 index 00000000000..9379b146152 --- /dev/null +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34683.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-34683", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T03:15:10.623", + "lastModified": "2024-06-11T03:15:10.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An authenticated attacker can upload malicious\nfile to SAP Document Builder service. When the victim accesses this file, the\nattacker is allowed to access, modify, or make the related information\nunavailable in the victim\u2019s browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3459379", + "source": "cna@sap.com" + }, + { + "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34684.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34684.json new file mode 100644 index 00000000000..d37252d76c0 --- /dev/null +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34684.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-34684", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T03:15:10.863", + "lastModified": "2024-06-11T03:15:10.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "On Unix, SAP BusinessObjects Business\nIntelligence Platform (Scheduling) allows an authenticated attacker with\nadministrator access on the local server to access the password of a local\naccount. As a result, an attacker can obtain non-administrative user\ncredentials, which will allow them to read or modify the remote server files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.6, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3441817", + "source": "cna@sap.com" + }, + { + "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34686.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34686.json new file mode 100644 index 00000000000..7f4700483ca --- /dev/null +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34686.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-34686", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T03:15:11.080", + "lastModified": "2024-06-11T03:15:11.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Due to insufficient input validation, SAP CRM\nWebClient UI allows an unauthenticated attacker to craft a URL link which\nembeds a malicious script. When a victim clicks on this link, the script will\nbe executed in the victim's browser giving the attacker the ability to access\nand/or modify information with no effect on availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3465129", + "source": "cna@sap.com" + }, + { + "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34688.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34688.json new file mode 100644 index 00000000000..05429f60bac --- /dev/null +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34688.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-34688", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T03:15:11.310", + "lastModified": "2024-06-11T03:15:11.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Due to unrestricted access to the Meta Model\nRepository services in SAP NetWeaver AS Java, attackers can perform DoS attacks\non the application, which may prevent legitimate users from accessing it. This\ncan result in no impact on confidentiality and integrity but a high impact on\nthe availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3460407", + "source": "cna@sap.com" + }, + { + "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.htmlhttps://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34690.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34690.json new file mode 100644 index 00000000000..fa3330d2293 --- /dev/null +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34690.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-34690", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T03:15:11.547", + "lastModified": "2024-06-11T03:15:11.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SAP Student Life Cycle\nManagement (SLcM) fails to conduct proper authorization checks for\nauthenticated users, leading to the potential escalation of privileges. On\nsuccessful exploitation it could allow an attacker to access and edit\nnon-sensitive report variants that are typically restricted, causing minimal\nimpact on the confidentiality and integrity of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + }, + { + "url": "https://me.sap.com/notes/3457265", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34691.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34691.json new file mode 100644 index 00000000000..f1c9751bf89 --- /dev/null +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34691.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-34691", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T03:15:11.780", + "lastModified": "2024-06-11T03:15:11.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Manage Incoming Payment Files (F1680) of SAP\nS/4HANA does not perform necessary authorization checks for an authenticated\nuser, resulting in escalation of privileges. As a result, it has high impact on\nintegrity and no impact on the confidentiality and availability of the system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3466175", + "source": "cna@sap.com" + }, + { + "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37130.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37130.json new file mode 100644 index 00000000000..6515321a44c --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37130.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-37130", + "sourceIdentifier": "security_alert@emc.com", + "published": "2024-06-11T02:15:08.943", + "lastModified": "2024-06-11T02:15:08.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains a Local Privilege Escalation vulnerability via XSL Hijacking. A local low-privileged malicious user could potentially exploit this vulnerability and escalate their privilege to the admin user and gain full control of the machine. Exploitation may lead to a complete system compromise." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000225914/dsa-2024-264-dell-openmanage-server-administrator-omsa-security-update-for-local-privilege-escalation-via-xsl-hijacking-vulnerability", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37176.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37176.json new file mode 100644 index 00000000000..56851dc3f90 --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37176.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-37176", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T03:15:12.020", + "lastModified": "2024-06-11T03:15:12.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SAP BW/4HANA Transformation and Data Transfer\nProcess (DTP) allows an authenticated attacker to gain higher access levels\nthan they should have by exploiting improper authorization checks. This results\nin escalation of privileges. It has no impact on the confidentiality of data\nbut may have low impacts on the integrity and availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3465455", + "source": "cna@sap.com" + }, + { + "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37177.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37177.json new file mode 100644 index 00000000000..1bf3be71205 --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37177.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-37177", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T02:15:09.243", + "lastModified": "2024-06-11T02:15:09.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SAP Financial Consolidation allows data to enter\na Web application through an untrusted source. These endpoints are exposed over\nthe network and it allows the user to modify the content from the web site. On\nsuccessful exploitation, an attacker can cause significant impact to\nconfidentiality and integrity of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3457592", + "source": "cna@sap.com" + }, + { + "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37178.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37178.json new file mode 100644 index 00000000000..08f41fea6ee --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37178.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-37178", + "sourceIdentifier": "cna@sap.com", + "published": "2024-06-11T02:15:09.487", + "lastModified": "2024-06-11T02:15:09.487", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SAP Financial Consolidation does not\nsufficiently encode user-controlled inputs, resulting in Cross-Site Scripting\n(XSS) vulnerability. These endpoints are exposed over the network. The\nvulnerability can exploit resources beyond the vulnerable component. On\nsuccessful exploitation, an attacker can cause limited impact to\nconfidentiality of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3457592", + "source": "cna@sap.com" + }, + { + "url": "https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-50xx/CVE-2024-5090.json b/CVE-2024/CVE-2024-50xx/CVE-2024-5090.json new file mode 100644 index 00000000000..7e7fd46c8ed --- /dev/null +++ b/CVE-2024/CVE-2024-50xx/CVE-2024-5090.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-5090", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-11T03:15:12.253", + "lastModified": "2024-06-11T03:15:12.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's SiteOrigin Blog Widget in all versions up to, and including, 1.61.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3098819/so-widgets-bundle", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2878de45-0123-4e07-bfec-015b36b11d01?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 76d259f7381..5744ca92f95 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-11T02:00:18.159547+00:00 +2024-06-11T04:00:18.881608+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-11T01:16:50.817000+00:00 +2024-06-11T03:15:12.253000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,37 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -253351 +253369 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `18` -- [CVE-2024-22261](CVE-2024/CVE-2024-222xx/CVE-2024-22261.json) (`2024-06-11T00:15:13.790`) +- [CVE-2023-6745](CVE-2023/CVE-2023-67xx/CVE-2023-6745.json) (`2024-06-11T03:15:09.087`) +- [CVE-2023-6748](CVE-2023/CVE-2023-67xx/CVE-2023-6748.json) (`2024-06-11T03:15:09.310`) +- [CVE-2024-0627](CVE-2024/CVE-2024-06xx/CVE-2024-0627.json) (`2024-06-11T03:15:09.520`) +- [CVE-2024-0653](CVE-2024/CVE-2024-06xx/CVE-2024-0653.json) (`2024-06-11T03:15:09.723`) +- [CVE-2024-2473](CVE-2024/CVE-2024-24xx/CVE-2024-2473.json) (`2024-06-11T03:15:10.183`) +- [CVE-2024-28164](CVE-2024/CVE-2024-281xx/CVE-2024-28164.json) (`2024-06-11T03:15:09.953`) +- [CVE-2024-33001](CVE-2024/CVE-2024-330xx/CVE-2024-33001.json) (`2024-06-11T03:15:10.393`) +- [CVE-2024-34683](CVE-2024/CVE-2024-346xx/CVE-2024-34683.json) (`2024-06-11T03:15:10.623`) +- [CVE-2024-34684](CVE-2024/CVE-2024-346xx/CVE-2024-34684.json) (`2024-06-11T03:15:10.863`) +- [CVE-2024-34686](CVE-2024/CVE-2024-346xx/CVE-2024-34686.json) (`2024-06-11T03:15:11.080`) +- [CVE-2024-34688](CVE-2024/CVE-2024-346xx/CVE-2024-34688.json) (`2024-06-11T03:15:11.310`) +- [CVE-2024-34690](CVE-2024/CVE-2024-346xx/CVE-2024-34690.json) (`2024-06-11T03:15:11.547`) +- [CVE-2024-34691](CVE-2024/CVE-2024-346xx/CVE-2024-34691.json) (`2024-06-11T03:15:11.780`) +- [CVE-2024-37130](CVE-2024/CVE-2024-371xx/CVE-2024-37130.json) (`2024-06-11T02:15:08.943`) +- [CVE-2024-37176](CVE-2024/CVE-2024-371xx/CVE-2024-37176.json) (`2024-06-11T03:15:12.020`) +- [CVE-2024-37177](CVE-2024/CVE-2024-371xx/CVE-2024-37177.json) (`2024-06-11T02:15:09.243`) +- [CVE-2024-37178](CVE-2024/CVE-2024-371xx/CVE-2024-37178.json) (`2024-06-11T02:15:09.487`) +- [CVE-2024-5090](CVE-2024/CVE-2024-50xx/CVE-2024-5090.json) (`2024-06-11T03:15:12.253`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2023-49897](CVE-2023/CVE-2023-498xx/CVE-2023-49897.json) (`2024-06-11T01:16:50.817`) -- [CVE-2024-34554](CVE-2024/CVE-2024-345xx/CVE-2024-34554.json) (`2024-06-11T01:14:18.350`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 9fd812fa42d..452a42ee96b 100644 --- a/_state.csv +++ b/_state.csv @@ -236497,7 +236497,7 @@ CVE-2023-49877,0,0,40508aabfe80e8e67abd8161a4a6f36f1d0aee4334618bbd25d10f9810bc9 CVE-2023-49878,0,0,ce6b18e9fc0f6f078ce71d5c13b4e0059c76133446f2c4d8ae96953eab808567,2023-12-19T15:31:33.753000 CVE-2023-4988,0,0,ae249f5d883a050b702f8137ea4b353556e35312b21f554aba397270a2fd24c0,2024-05-17T02:31:55.140000 CVE-2023-49880,0,0,257c43be93776568a0b52b8a6e628304074ba9fd82011c7d2857ed2bb2f10bbf,2024-01-03T21:03:07.817000 -CVE-2023-49897,0,1,0b1660e1b7ff21d7263bbe17c171ac2cfcdfd0d94bdfa9a3263c74f5d1d47004,2024-06-11T01:16:50.817000 +CVE-2023-49897,0,0,0b1660e1b7ff21d7263bbe17c171ac2cfcdfd0d94bdfa9a3263c74f5d1d47004,2024-06-11T01:16:50.817000 CVE-2023-49898,0,0,b2a1db122e368d3cde8339cc3a7f10b600032b56ed6d4a0eb150bd85f0d23b04,2024-01-05T20:00:50.767000 CVE-2023-4990,0,0,6c714ad5429626565156c819a6158c984ff4f11be9d2b200d6059e25722c351b,2023-10-16T19:14:35.937000 CVE-2023-49906,0,0,fead0920487f37626e411045e94c39fd6e25b001b956bce487d5bd3ad6eff216,2024-04-10T13:24:22.187000 @@ -239849,8 +239849,10 @@ CVE-2023-6741,0,0,f3cfa6a296f1bf591f660cce7219d255270ea32760833cce9baf8d0502b5e2 CVE-2023-6742,0,0,2900d5e0aa2d1c06635c4fffaee0ae1fdedcaaf400dcd73fc0f3de3312990d2e,2024-01-17T20:39:17.207000 CVE-2023-6743,0,0,8a725344903a0f8be94e282d64e3887d716f8724061c271e685a3306a5529d76,2024-05-29T13:02:09.280000 CVE-2023-6744,0,0,cafe581d93d588e81a40996c38c7b4f050782ddaaee60ffcfa254816bf0938ee,2023-12-29T06:22:35.867000 +CVE-2023-6745,1,1,4103cf55d859c082d115341900c2dd9b8fe746d7fd76dab4edefd36d0056f830,2024-06-11T03:15:09.087000 CVE-2023-6746,0,0,e4ec5eee6cefe9c4b3d874e5626fb5cd1b37e4b2d10a3d871da98e72afe14158,2024-01-10T16:15:50.060000 CVE-2023-6747,0,0,4f443d7064232a500fc6ebb25b721d7e601e212563d327a344ddcb8161d70557,2024-01-30T14:15:47.380000 +CVE-2023-6748,1,1,6be30877aeb59c85e589b11c56da2b1f46a14e37a634db0671b09b0589029316,2024-06-11T03:15:09.310000 CVE-2023-6749,0,0,41dee049bc38a4e1846c6504ff568027ac0bf6dccdca0ff09ead1397b56654b8,2024-02-20T19:50:53.960000 CVE-2023-6750,0,0,cfc8624b738626ca31d5ff0a22e68ee3a72d63eb1ed968c98174fc7313a1edb3,2024-01-11T20:01:30.297000 CVE-2023-6751,0,0,e8247e54b165a6c12110948d98c7597dd9d95407efb80f34da128605fcc96d9c,2024-01-18T17:46:25.627000 @@ -240801,6 +240803,7 @@ CVE-2024-0623,0,0,435a12ca9bf560f92a091a8adc9fed70987d56024bbadeb6cd09719f8de0c9 CVE-2024-0624,0,0,193a94c59e6aef2611f3b709bfcfdfe730e53076589746822f137984322f4a3a,2024-01-31T19:03:53.193000 CVE-2024-0625,0,0,e6db3236f3f3d4946f9c7470ea75c8f4fd101b44f963c82c90bc3a0f21b31db9,2024-02-02T05:08:07.047000 CVE-2024-0626,0,0,99f69af94a80c3ff521223c10206b5e62d73f526e3736bdf7c339e8efe1faca9,2024-04-10T13:24:00.070000 +CVE-2024-0627,1,1,bf4d305cf87fdefeb69e422cb9693fb8c4e1540556f5e6cee59c27719ebbcc7c,2024-06-11T03:15:09.520000 CVE-2024-0628,0,0,6929f2a7a44b9bc6b3b457ec8d478ddb1d9368f01ad7383ad0399a751f886828,2024-02-13T19:18:46.020000 CVE-2024-0629,0,0,f56201e6826667fe713f864f6ba3053fc186d9ef801a5f82ecef869bbb380e44,2024-05-02T18:00:37.360000 CVE-2024-0630,0,0,49e9d42e1e8004a90a8d62b54ea8a5d5f6ebecab9fac26e6e82dc914d2e02636,2024-02-13T15:42:35.563000 @@ -240820,6 +240823,7 @@ CVE-2024-0649,0,0,98c87adfd3ec3e509476dd2daf7d28506639295b791b27cafeafbee41a9bb7 CVE-2024-0650,0,0,5d6cdc041d1c25f843bde711e250a47a7c3a9acd7d7c32e1f1aad64372dfa767,2024-05-17T02:34:50.433000 CVE-2024-0651,0,0,ff09cb592d9768a0b4b240f95e42b969a412d9f74b01f1ebfde4fd7e07ef2e68,2024-05-17T02:34:50.597000 CVE-2024-0652,0,0,edef2011d20187e2fe97070f13bdbfaba189c8d8103e7093b82b2bf436de4d23,2024-05-17T02:34:50.700000 +CVE-2024-0653,1,1,cc76f3e8b608b7215b79336450b15ae1ef23fec43df86a29e4fd073979e49ab8,2024-06-11T03:15:09.723000 CVE-2024-0654,0,0,a75d1f886393fe65bd498394d4a9cfa1edb8556159763825f130d309f83e3ffd,2024-05-17T02:34:50.803000 CVE-2024-0655,0,0,d1e299d826837ddfcd0fcb08552681da893c030239d29f72a43c1e900f27e224,2024-05-17T02:34:50.910000 CVE-2024-0656,0,0,76b426be0ea0722d4a4bedfbe392319a1af8c0a094b2ffa74a3d311d7d767733,2024-02-29T13:49:29.390000 @@ -243363,7 +243367,7 @@ CVE-2024-22257,0,0,874ff0a72fdff7945c5fa3fbbe0cdd5ca05cc513db9be5811beb7a84e897f CVE-2024-22258,0,0,73834c066fffbf1ceac081ac0d8fd511b8fd9e870301a54667895cd45741a179,2024-03-20T13:00:16.367000 CVE-2024-22259,0,0,dce7d33f8caf96926ed38e47ae4f4d2a0e606a3507b6c30493d6119b160a21fd,2024-06-10T18:15:25.853000 CVE-2024-2226,0,0,ee8f1ca60db458688b285f09c24138ba2af43e7eda48e7abf64d7861f3a6fd0e,2024-04-10T13:23:38.787000 -CVE-2024-22261,1,1,e156e347d3edee5396e3991c3504f8762ef4382081f9c4802d8b5d2057583a24,2024-06-11T00:15:13.790000 +CVE-2024-22261,0,0,e156e347d3edee5396e3991c3504f8762ef4382081f9c4802d8b5d2057583a24,2024-06-11T00:15:13.790000 CVE-2024-22262,0,0,f19b1c11ec8069ac727f7996014f3456fd5a6417d431b01d11ac200419a9bbec,2024-06-10T18:15:25.940000 CVE-2024-22264,0,0,96bdae8486634c5f71f7c0824f656da1157e383d5f4bd5d08e042b1398b50bf7,2024-05-08T13:15:00.690000 CVE-2024-22266,0,0,00ca0b0bb686e5de0808c372a0dca387ad248949c8bb90b3dfb3008d90a00e7f,2024-05-08T13:15:00.690000 @@ -244701,6 +244705,7 @@ CVE-2024-24721,0,0,f811f7b97630e39f8e09dfe35ae447277604cf213cb4d45448493cc8fa15f CVE-2024-24722,0,0,952e66641f17a0fb9dfe3803e528e36e48f057663a4934472c4c7db463b9f3c7,2024-02-20T19:50:53.960000 CVE-2024-24724,0,0,e42eaee1eef35b64cf72e5bbda0c5779a84559031ee2ff005968828ccd5bd355,2024-04-03T12:38:04.840000 CVE-2024-24725,0,0,847989010b93725525e690ac5c8bea0d7ea2827b26bf9cb1ecebf4f319d3e989,2024-03-25T01:51:01.223000 +CVE-2024-2473,1,1,6569fd5ed0a7017bab49cbd2e84412e2812459aa3081644cb1e10704da4c7019,2024-06-11T03:15:10.183000 CVE-2024-24736,0,0,608c2f3e65ddbb1c2eb07c75b404de7eb78db210e5f752bbc8c9942f5e722b68,2024-02-02T02:08:23.417000 CVE-2024-24739,0,0,0429371c5cb9ecc13abbb3d02a9a54fdca7eb3accb432d640f9262793fd2a716,2024-02-13T14:01:40.577000 CVE-2024-2474,0,0,a6869e151e4e2e3d633a979c3bef2970246a6be980c242b46002754bb0136d56,2024-03-20T13:00:16.367000 @@ -247139,6 +247144,7 @@ CVE-2024-28160,0,0,23f770675294c04a43f495820e4c5fdc452a7dd81cf7eee4a83fcb5b398cf CVE-2024-28161,0,0,86748c4691866964f8e57f4f7d00c680f8676b105c533880bae7ac7f14ee37a7,2024-05-01T18:15:17.180000 CVE-2024-28162,0,0,b7be834b370f066dd502d3e2eb138145374b8a6f3fffd7c594a51d4f8e7dd882,2024-05-01T18:15:17.223000 CVE-2024-28163,0,0,04503ad76f6d74637a8e6f8a7d443052dfa73d2acab964dffd0d8da32b69e3b5,2024-03-12T12:40:13.500000 +CVE-2024-28164,1,1,5ea51e20a9a72a019968b8aebc5c7654eb0c655c853de3a96d7b4f3ed60f5d49,2024-06-11T03:15:09.953000 CVE-2024-28165,0,0,9d7262340b598174afa112673cc6ec6579b17c155d631a1daa1609c5814ec985,2024-05-14T19:18:31.490000 CVE-2024-28167,0,0,0d05aeb691ba11cae01e2ab2c399918da8edc50da4b1f7f29cffd4e2facff21d,2024-04-09T12:48:04.090000 CVE-2024-2817,0,0,588f647576c5ffb469bd86a5ecaf553a5c2dcef2568730202f1a9ad3030bf8cf,2024-05-17T02:38:32.210000 @@ -250084,6 +250090,7 @@ CVE-2024-32998,0,0,ff16e761f78627e7a77ad8c8b5be313dc4ef2271e0ac3f8e475011b7ea7da CVE-2024-32999,0,0,abf8b25720fef12ee34ea586757cea20f2b44caebf9814e3eef90c002656e80c,2024-05-14T16:12:23.490000 CVE-2024-3300,0,0,1a6109c8bd1508593cc8e2af285bc52264cb760861dae976ffae5c6edde38173,2024-05-30T18:18:58.870000 CVE-2024-33000,0,0,f7c3878da3443e0af1f9be9089c259d82c336c00736d57f8315ffc60cf2a4cb2,2024-05-14T19:17:55.627000 +CVE-2024-33001,1,1,566514e94e73aef66822df42fad78ceb46a91882de33de071fddd64b858fb0f0,2024-06-11T03:15:10.393000 CVE-2024-33002,0,0,0a262bd708eaa5ab273c1c7f9a9a8a5a7eb11d008d67ffa1b16928e33aeb1977,2024-05-14T19:17:55.627000 CVE-2024-33004,0,0,e215b1e86cf9a7a74a4edd2089d53fd92990757783506e6df8b869a1dbdd318e,2024-05-14T19:17:55.627000 CVE-2024-33006,0,0,3de8db02467d1c66da918aa215665a9f6424098c0742ce05aa96a3aaae6ee0bc,2024-05-14T19:17:55.627000 @@ -250876,7 +250883,7 @@ CVE-2024-34550,0,0,9804dc87b996a6b794c34bf7ec4acb0dcc0359b152978276d0913d1c30e6c CVE-2024-34551,0,0,892828faba4195bc97f006b12163dc42b343f5b30e0f4ba775f558222cd90309,2024-06-10T20:53:11.237000 CVE-2024-34552,0,0,89ca43ab2cfe0956e00fb77ea0ecbefa3f795e349057634088a19803a0f830d0,2024-06-10T20:52:46.383000 CVE-2024-34553,0,0,1304ae8bb8e28c589f4f4c4923637af1159951d928589d0c318d92743d849bb1,2024-05-08T13:15:00.690000 -CVE-2024-34554,0,1,fc8431b3d373a5e041a3d119fa6c9d2b3ea6b2ac818d4dcc8b249c87ff3e82da,2024-06-11T01:14:18.350000 +CVE-2024-34554,0,0,fc8431b3d373a5e041a3d119fa6c9d2b3ea6b2ac818d4dcc8b249c87ff3e82da,2024-06-11T01:14:18.350000 CVE-2024-34555,0,0,ab9efb16b90b46c2a3029ce0ca13fbdbf0df8e346a901d4658defa02dab8c221,2024-05-14T16:12:23.490000 CVE-2024-34556,0,0,82befdd8a3ee574dd7b943317c69c9e829905ebe849c999a96fcb92cd1229c8b,2024-05-14T16:12:23.490000 CVE-2024-34557,0,0,21c279ae1093aad66d3f2e2c6b9d12e4a4e8708d620897234832cdcc1fda6a91,2024-05-14T16:12:23.490000 @@ -250910,8 +250917,14 @@ CVE-2024-3463,0,0,ec14f43c3b7b14f535006ee59b80bf351769520d95be8808071caf75bd2749 CVE-2024-3464,0,0,e1a6a35891c3c38cf23929aa88b7dd55b7b7561b2b012478c752dccfb0271743,2024-05-17T02:39:57.540000 CVE-2024-3465,0,0,cc7142bc1559aee30fd4240971422ac4fbc49f323b8e88820a6b582cede6d695,2024-05-17T02:39:57.623000 CVE-2024-3466,0,0,f437d504c2a4423db5fc4e7046f91c0c20332b67987c55770e18cacdf9497a6d,2024-05-17T02:39:57.717000 +CVE-2024-34683,1,1,8942c27c1f619c896dcd2ce25c7b143ba9ff483e9c922bb5b661829a4913ce4c,2024-06-11T03:15:10.623000 +CVE-2024-34684,1,1,00c5734e6f4c49d820db9f9a4dbc3c4b2d3d44f1503eb8be359a4a4b652a10fd,2024-06-11T03:15:10.863000 +CVE-2024-34686,1,1,ea6073452b068a9fd5cc317d18e558d5b4c244a642cb718ee3671a76902f0596,2024-06-11T03:15:11.080000 CVE-2024-34687,0,0,4ff76c42affc0861ee718b9e208e6eefdbf0a3ab639bfa3166f3943bc94075ba,2024-05-14T19:17:55.627000 +CVE-2024-34688,1,1,33420119945ac2bb2d071f0655cf31881653a333a4317bc150be777f40f897ec,2024-06-11T03:15:11.310000 CVE-2024-3469,0,0,d1288c39f8f011625990493f472d2caae53932004068c7cd0aeac85640cf553f,2024-06-06T14:17:35.017000 +CVE-2024-34690,1,1,61534bae217b0f4485750583339ff17f4ea58689e5d4e94da70264fc11380bf3,2024-06-11T03:15:11.547000 +CVE-2024-34691,1,1,2f3b5879819ed6c25796b50ebab3a263f2bb263bd5aa92d2ab378a1d033f2730,2024-06-11T03:15:11.780000 CVE-2024-34695,0,0,d5ed5d99c8f0d08b73ea3cb249327295e787f14594542dd2f27279ab9312830c,2024-05-14T16:12:23.490000 CVE-2024-34697,0,0,95295a45851b4a50f600527e364638272a5d24a08a1ec02edb19abea712755b2,2024-05-14T16:12:23.490000 CVE-2024-34698,0,0,10e59d69dc4df1155204551f8483405755bab4be109bdea52b3a75e369d53b1b,2024-05-14T16:12:23.490000 @@ -252024,6 +252037,7 @@ CVE-2024-37065,0,0,77b183f2030b7bd581e452e09e55b74dee78fc06c1bd0201bb553e7d45698 CVE-2024-3707,0,0,cb892298714e8d1628bf09ece0bc00ef0a1a1429034ce83bb3286f4d822c160d,2024-04-15T13:15:51.577000 CVE-2024-3708,0,0,09132fb1644ebf0c808002aa8ac15b19f13ae71d0beb378f7a9664a5ae685f9a,2024-05-24T01:15:30.977000 CVE-2024-3711,0,0,00ee502ae0ae8bdc802cd38eb1ec1e1356c10e1c18d766a4effd20297a066f55,2024-05-24T01:15:30.977000 +CVE-2024-37130,1,1,4730332ff038a602c3edf0a47e54486b493ca9c344cd49779e76f787151f6bad,2024-06-11T02:15:08.943000 CVE-2024-3714,0,0,29d3de80cc1f6e0ff07b09e17d8d58f6e17e5f0164ed94da7b2235ed17131c18,2024-05-20T13:00:34.807000 CVE-2024-3715,0,0,902861be5261e2c029ed83a5c6920fde180817c53e05bb93208dc31c820658c5,2024-05-02T18:00:37.360000 CVE-2024-37150,0,0,97cf533630a2e81b430f11fe12ccc7be397791e2299035e9f7d7a243e494791c,2024-06-07T14:56:05.647000 @@ -252039,6 +252053,9 @@ CVE-2024-37166,0,0,1d4e507d0bfe71bf846c708709fca16659354baf40fea347a3a456fde8974 CVE-2024-37168,0,0,a19a53fdf016f6cd29feb9ba89034763a39d78b3a2874c9e8c67df9370b8afd0,2024-06-10T22:15:12.433000 CVE-2024-37169,0,0,35c40eea8be191f1b9c0de3eb03ecf7298eb0fc0631a76e8fb04816a03c10d31,2024-06-10T22:15:12.663000 CVE-2024-3717,0,0,f925293668cd733410cea58d8de3d8ac1f08ce4fec8b5812651df64ea2fd428a,2024-05-02T18:00:37.360000 +CVE-2024-37176,1,1,d5d1237b8472b74a991951382a802d0a694ec0cf076aae952c75091cebf3ba63,2024-06-11T03:15:12.020000 +CVE-2024-37177,1,1,d7353354ef8b99e345b99fe0600a226962631dfbf5e7a97fb626f4e63a307a92,2024-06-11T02:15:09.243000 +CVE-2024-37178,1,1,cc27ca9a2ea1197ae67aee109d655b8802e2d003109585743c9787e9aa4daffa,2024-06-11T02:15:09.487000 CVE-2024-3718,0,0,a740a1633905d284711162c33f52150d8f35c5a9e41e141a82d07851d64c55d1,2024-05-24T13:03:05.093000 CVE-2024-3719,0,0,d2320674d04cefde56a0b36b463f74328d6f18494803030bdfe9b0b1b4374afd,2024-06-04T19:20:23.553000 CVE-2024-3720,0,0,f4e69514093cc630aeda39d0a41fe705e0d9916a1077cef429b7dcf05a404308,2024-06-04T19:20:23.660000 @@ -253012,6 +253029,7 @@ CVE-2024-5086,0,0,931e0bac2fddd1d3017185ad2896bc6a71c950877469373fd8fb74c0da6b67 CVE-2024-5087,0,0,631056bc77ed0f782411ed02a26e215c20067f7c6fc13aceb93f243c71303abd,2024-06-10T02:52:08.267000 CVE-2024-5088,0,0,670ed03c49211ecb2fb7d707640c3762718821887df98f6c48b414573abc37eb,2024-05-20T13:00:34.807000 CVE-2024-5089,0,0,1b747912b9ca78f56cee36088b5d02d248b45a5a454d24110a362b62386eddf1,2024-06-06T09:15:14.897000 +CVE-2024-5090,1,1,9d5b2f16c0ca2ab602474830c2b31e2cc934f2932a1becc4275b0851b2bbffac,2024-06-11T03:15:12.253000 CVE-2024-5091,0,0,5d1bf35f507407f45a5d533e81444a5d7c8eb4174ca3b49ac0f53b0fcf93ec4a,2024-06-10T02:52:08.267000 CVE-2024-5092,0,0,42d960073f235db3a1d896466f3bea026be5b117dc5effbb8a82da60874fb373,2024-05-22T12:46:53.887000 CVE-2024-5093,0,0,d2d6eaa6c80785824276c0a81dd265ac7bb3ca056730de7cd7f1d7d5170a9109,2024-06-04T19:20:58.343000