From 17d202cc1e75f8a4ed934454d4d2b2c5510dd03c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 8 Jun 2024 14:03:10 +0000 Subject: [PATCH] Auto-Update: 2024-06-08T14:00:18.731960+00:00 --- CVE-2023/CVE-2023-527xx/CVE-2023-52756.json | 49 +-------- CVE-2023/CVE-2023-528xx/CVE-2023-52802.json | 110 +------------------- CVE-2024/CVE-2024-206xx/CVE-2024-20696.json | 10 +- CVE-2024/CVE-2024-206xx/CVE-2024-20697.json | 10 +- CVE-2024/CVE-2024-262xx/CVE-2024-26256.json | 18 +++- CVE-2024/CVE-2024-357xx/CVE-2024-35730.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35731.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35732.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35733.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35734.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35736.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35737.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35738.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35739.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35740.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35750.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35751.json | 55 ++++++++++ CVE-2024/CVE-2024-357xx/CVE-2024-35752.json | 55 ++++++++++ CVE-2024/CVE-2024-369xx/CVE-2024-36965.json | 40 +++++++ CVE-2024/CVE-2024-369xx/CVE-2024-36966.json | 28 +++++ CVE-2024/CVE-2024-369xx/CVE-2024-36967.json | 40 +++++++ CVE-2024/CVE-2024-369xx/CVE-2024-36968.json | 32 ++++++ CVE-2024/CVE-2024-369xx/CVE-2024-36969.json | 40 +++++++ CVE-2024/CVE-2024-369xx/CVE-2024-36970.json | 24 +++++ CVE-2024/CVE-2024-374xx/CVE-2024-37407.json | 28 +++++ CVE-2024/CVE-2024-57xx/CVE-2024-5766.json | 88 ++++++++++++++++ README.md | 39 +++++-- _state.csv | 37 +++++-- 28 files changed, 1139 insertions(+), 169 deletions(-) create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35730.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35731.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35732.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35733.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35734.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35736.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35737.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35738.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35739.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35740.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35750.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35751.json create mode 100644 CVE-2024/CVE-2024-357xx/CVE-2024-35752.json create mode 100644 CVE-2024/CVE-2024-369xx/CVE-2024-36965.json create mode 100644 CVE-2024/CVE-2024-369xx/CVE-2024-36966.json create mode 100644 CVE-2024/CVE-2024-369xx/CVE-2024-36967.json create mode 100644 CVE-2024/CVE-2024-369xx/CVE-2024-36968.json create mode 100644 CVE-2024/CVE-2024-369xx/CVE-2024-36969.json create mode 100644 CVE-2024/CVE-2024-369xx/CVE-2024-36970.json create mode 100644 CVE-2024/CVE-2024-374xx/CVE-2024-37407.json create mode 100644 CVE-2024/CVE-2024-57xx/CVE-2024-5766.json diff --git a/CVE-2023/CVE-2023-527xx/CVE-2023-52756.json b/CVE-2023/CVE-2023-527xx/CVE-2023-52756.json index 75bbe8b8559..d7a23f940d4 100644 --- a/CVE-2023/CVE-2023-527xx/CVE-2023-52756.json +++ b/CVE-2023/CVE-2023-527xx/CVE-2023-52756.json @@ -2,55 +2,14 @@ "id": "CVE-2023-52756", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:15.113", - "lastModified": "2024-05-21T16:53:56.550", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-06-08T12:15:09.513", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\npwm: Fix double shift bug\n\nThese enums are passed to set/test_bit(). The set/test_bit() functions\ntake a bit number instead of a shifted value. Passing a shifted value\nis a double shift bug like doing BIT(BIT(1)). The double shift bug\ndoesn't cause a problem here because we are only checking 0 and 1 but\nif the value was 5 or above then it can lead to a buffer overflow." - }, - { - "lang": "es", - "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pwm: corrige el error de double shift. Estas enumeraciones se pasan a set/test_bit(). Las funciones set/test_bit() toman un n\u00famero de bit en lugar de un valor desplazado. Pasar un valor desplazado es un error de doble desplazamiento, como hacer BIT(BIT(1)). El error de doble turno no causa un problema aqu\u00ed porque solo estamos verificando 0 y 1, pero si el valor era 5 o superior, puede provocar un desbordamiento del b\u00fafer." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], "metrics": {}, - "references": [ - { - "url": "https://git.kernel.org/stable/c/1fb3a9c59e7f7d2b1d737a0d6e02e31d5b516455", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/45d0a298e05adee521f6fe605d6a88341ba07edd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/a7ee519e8095d9c834086d0ff40da11415e1e4d7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/a98ff250b5af87f92f17bb9725cb21de1931ee57", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/bce1f7c7e9812da57de1dda293cba87c693e9958", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/c19a8794bf4fe45cff997f07a75ea84cc9e5d89c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/d27abbfd4888d79dd24baf50e774631046ac4732", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/e52518b9cb9fc98fc043c8fb2b8cfc619ca8a88b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/eca19db60f99925461f49c3fd743733881395728", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - } - ] + "references": [] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-528xx/CVE-2023-52802.json b/CVE-2023/CVE-2023-528xx/CVE-2023-52802.json index b66aa47c4f6..5974ac67222 100644 --- a/CVE-2023/CVE-2023-528xx/CVE-2023-52802.json +++ b/CVE-2023/CVE-2023-528xx/CVE-2023-52802.json @@ -2,114 +2,14 @@ "id": "CVE-2023-52802", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:18.680", - "lastModified": "2024-05-24T01:14:17.313", - "vulnStatus": "Analyzed", + "lastModified": "2024-06-08T12:15:09.783", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: stm32-adc: harden against NULL pointer deref in stm32_adc_probe()\n\nof_match_device() may fail and returns a NULL pointer.\n\nIn practice there is no known reasonable way to trigger this, but\nin case one is added in future, harden the code by adding the check" - }, - { - "lang": "es", - "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: stm32-adc: endurece contra puntero NULL deref en stm32_adc_probe() of_match_device() puede fallar y devuelve un puntero NULL. En la pr\u00e1ctica, no se conoce una forma razonable de activar esto, pero en caso de que se agregue una en el futuro, endurezca el c\u00f3digo agregando la verificaci\u00f3n" + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", - "attackVector": "LOCAL", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "NONE", - "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" - }, - "exploitabilityScore": 1.8, - "impactScore": 3.6 - } - ] - }, - "weaknesses": [ - { - "source": "nvd@nist.gov", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-476" - } - ] - } - ], - "configurations": [ - { - "nodes": [ - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionEndExcluding": "6.1.64", - "matchCriteriaId": "B8093658-5835-493E-9047-EEC6269C0BB1" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "6.2", - "versionEndExcluding": "6.5.13", - "matchCriteriaId": "674C4F82-C336-4B49-BF64-1DE422E889C4" - }, - { - "vulnerable": true, - "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", - "versionStartIncluding": "6.6", - "versionEndExcluding": "6.6.3", - "matchCriteriaId": "B58252FA-A49C-411F-9B28-DC5FE44BC5A0" - } - ] - } - ] - } - ], - "references": [ - { - "url": "https://git.kernel.org/stable/c/3a23b384e7e3d64d5587ad10729a34d4f761517e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", - "tags": [ - "Patch" - ] - }, - { - "url": "https://git.kernel.org/stable/c/5b82e4240533bcd4691e50b64ec86d0d7fbd21b9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", - "tags": [ - "Patch" - ] - }, - { - "url": "https://git.kernel.org/stable/c/b028f89c56e964a22d3ddb8eab1a0e7e980841b9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", - "tags": [ - "Patch" - ] - }, - { - "url": "https://git.kernel.org/stable/c/b80aaff5f7817d50798ac61ed75973f004dd5202", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", - "tags": [ - "Patch" - ] - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20696.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20696.json index 728bfb1ce29..f68cd01662e 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20696.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20696.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20696", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T18:15:52.927", - "lastModified": "2024-05-29T00:15:16.003", + "lastModified": "2024-06-08T13:15:54.193", "vulnStatus": "Modified", "descriptions": [ { @@ -127,6 +127,14 @@ } ], "references": [ + { + "url": "https://clearbluejar.github.io/posts/patch-tuesday-diffing-cve-2024-20696-windows-libarchive-rce/", + "source": "secure@microsoft.com" + }, + { + "url": "https://github.com/clearbluejar/CVE-2024-20696", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696", "source": "secure@microsoft.com", diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20697.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20697.json index 4932029a44c..7be25609c5b 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20697.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20697.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20697", "sourceIdentifier": "secure@microsoft.com", "published": "2024-01-09T18:15:53.130", - "lastModified": "2024-05-29T00:15:16.127", + "lastModified": "2024-06-08T13:15:54.397", "vulnStatus": "Modified", "descriptions": [ { @@ -102,6 +102,10 @@ } ], "references": [ + { + "url": "https://github.com/advisories/GHSA-w6xv-37jv-7cjr", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697", "source": "secure@microsoft.com", @@ -109,6 +113,10 @@ "Patch", "Vendor Advisory" ] + }, + { + "url": "https://www.zerodayinitiative.com/blog/2024/4/17/cve-2024-20697-windows-libarchive-remote-code-execution-vulnerability", + "source": "secure@microsoft.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-262xx/CVE-2024-26256.json b/CVE-2024/CVE-2024-262xx/CVE-2024-26256.json index a68d98fed9f..df7df026778 100644 --- a/CVE-2024/CVE-2024-262xx/CVE-2024-26256.json +++ b/CVE-2024/CVE-2024-262xx/CVE-2024-26256.json @@ -2,7 +2,7 @@ "id": "CVE-2024-26256", "sourceIdentifier": "secure@microsoft.com", "published": "2024-04-09T17:15:47.507", - "lastModified": "2024-04-10T13:24:00.070", + "lastModified": "2024-06-08T13:15:54.527", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -51,9 +51,25 @@ } ], "references": [ + { + "url": "https://github.com/LeSuisse/nixpkgs/commit/81b82a2934521dffef76f7ca305d8d4e22fe7262", + "source": "secure@microsoft.com" + }, + { + "url": "https://github.com/libarchive/libarchive/commit/eb7939b24a681a04648a59cdebd386b1e9dc9237.patch", + "source": "secure@microsoft.com" + }, + { + "url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4", + "source": "secure@microsoft.com" + }, { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26256", "source": "secure@microsoft.com" + }, + { + "url": "https://www.openwall.com/lists/oss-security/2024/06/04/2", + "source": "secure@microsoft.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35730.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35730.json new file mode 100644 index 00000000000..ba5f1e05c75 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35730.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35730", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:54.667", + "lastModified": "2024-06-08T13:15:54.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in realmag777 Active Products Tables for WooCommerce allows Reflected XSS.This issue affects Active Products Tables for WooCommerce: from n/a through 1.0.6.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/profit-products-tables-for-woocommerce/wordpress-active-products-tables-for-woocommerce-plugin-1-0-6-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35731.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35731.json new file mode 100644 index 00000000000..8b149058a90 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35731.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35731", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:54.917", + "lastModified": "2024-06-08T13:15:54.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Moose Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor allows Stored XSS.This issue affects Kenta Gutenberg Blocks Responsive Blocks and block templates library for Gutenberg Editor: from n/a through 1.3.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/kenta-blocks/wordpress-kenta-gutenberg-blocks-plugin-1-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35732.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35732.json new file mode 100644 index 00000000000..a6908af2910 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35732.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35732", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:55.150", + "lastModified": "2024-06-08T13:15:55.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/yith-custom-login/wordpress-yith-custom-login-plugin-1-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35733.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35733.json new file mode 100644 index 00000000000..e31e2795614 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35733.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35733", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:55.410", + "lastModified": "2024-06-08T13:15:55.410", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RLDD Auto Coupons for WooCommerce allows Reflected XSS.This issue affects Auto Coupons for WooCommerce: from n/a through 3.0.14." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/woo-auto-coupons/wordpress-auto-coupons-for-woocommerce-plugin-3-0-14-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35734.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35734.json new file mode 100644 index 00000000000..6ba85d6a92e --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35734.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35734", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:55.647", + "lastModified": "2024-06-08T13:15:55.647", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodePeople WP Time Slots Booking Form allows Stored XSS.This issue affects WP Time Slots Booking Form: from n/a through 1.2.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-time-slots-booking-form/wordpress-wp-time-slots-booking-form-plugin-1-2-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35736.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35736.json new file mode 100644 index 00000000000..f91b0620e72 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35736.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35736", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:55.897", + "lastModified": "2024-06-08T13:15:55.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/visualizer/wordpress-visualizer-plugin-3-11-1-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35737.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35737.json new file mode 100644 index 00000000000..1ebb8296266 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35737.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35737", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:56.140", + "lastModified": "2024-06-08T13:15:56.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loopus WP Visitors Tracker allows Reflected XSS.This issue affects WP Visitors Tracker: from n/a through 2.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp_visitorstracker/wordpress-wp-visitors-tracker-plugin-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35738.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35738.json new file mode 100644 index 00000000000..77dd2d69319 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35738.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35738", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:56.430", + "lastModified": "2024-06-08T13:15:56.430", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kognetiks Kognetiks Chatbot for WordPress allows Stored XSS.This issue affects Kognetiks Chatbot for WordPress: from n/a through 1.9.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/chatbot-chatgpt/wordpress-kognetiks-chatbot-for-wordpress-plugin-1-9-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35739.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35739.json new file mode 100644 index 00000000000..79b27377b21 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35739.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35739", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:56.660", + "lastModified": "2024-06-08T13:15:56.660", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RadiusTheme The Post Grid allows Stored XSS.This issue affects The Post Grid: from n/a through 7.7.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/the-post-grid/wordpress-the-post-grid-plugin-7-7-1-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35740.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35740.json new file mode 100644 index 00000000000..ec25dd56b2a --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35740.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35740", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:56.910", + "lastModified": "2024-06-08T13:15:56.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Freesia Pixgraphy allows Stored XSS.This issue affects Pixgraphy: from n/a through 1.3.8." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/pixgraphy/wordpress-pixgraphy-theme-1-3-8-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35750.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35750.json new file mode 100644 index 00000000000..251ed6ec693 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35750.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35750", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:57.137", + "lastModified": "2024-06-08T13:15:57.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 8.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/gallery-album/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35751.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35751.json new file mode 100644 index 00000000000..b005dd36875 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35751.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35751", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:57.370", + "lastModified": "2024-06-08T13:15:57.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Creative Motion, Will Bontrager Software, LLC Woody ad snippets allows Stored XSS.This issue affects Woody ad snippets: from n/a through 2.4.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/insert-php/wordpress-woody-code-snippets-plugin-2-4-10-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35752.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35752.json new file mode 100644 index 00000000000..7a844af1a06 --- /dev/null +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35752.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-35752", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-06-08T13:15:57.607", + "lastModified": "2024-06-08T13:15:57.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Enea Overclokk Stellissimo Text Box allows Stored XSS.This issue affects Stellissimo Text Box: from n/a through 1.1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/stellissimo-text-box/wordpress-stellissimo-text-box-plugin-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36965.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36965.json new file mode 100644 index 00000000000..8ed818ba8bf --- /dev/null +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36965.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2024-36965", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-06-08T13:15:57.820", + "lastModified": "2024-06-08T13:15:57.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nremoteproc: mediatek: Make sure IPI buffer fits in L2TCM\n\nThe IPI buffer location is read from the firmware that we load to the\nSystem Companion Processor, and it's not granted that both the SRAM\n(L2TCM) size that is defined in the devicetree node is large enough\nfor that, and while this is especially true for multi-core SCP, it's\nstill useful to check on single-core variants as well.\n\nFailing to perform this check may make this driver perform R/W\noperations out of the L2TCM boundary, resulting (at best) in a\nkernel panic.\n\nTo fix that, check that the IPI buffer fits, otherwise return a\nfailure and refuse to boot the relevant SCP core (or the SCP at\nall, if this is single core)." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/00548ac6b14428719c970ef90adae2b3b48c0cdf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1d9e2de24533daca36cbf09e8d8596bf72b526b2", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/26c6d7dc8c6a9fde9d362ab2eef6390efeff145e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/331f91d86f71d0bb89a44217cc0b2a22810bbd42", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/36c79eb4845551e9f6d28c663b38ce0ab03b84a9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/838b49e211d59fa827ff9df062d4020917cffbdf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36966.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36966.json new file mode 100644 index 00000000000..a192f1d294e --- /dev/null +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36966.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-36966", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-06-08T13:15:57.917", + "lastModified": "2024-06-08T13:15:57.917", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: reliably distinguish block based and fscache mode\n\nWhen erofs_kill_sb() is called in block dev based mode, s_bdev may not\nhave been initialised yet, and if CONFIG_EROFS_FS_ONDEMAND is enabled,\nit will be mistaken for fscache mode, and then attempt to free an anon_dev\nthat has never been allocated, triggering the following warning:\n\n============================================\nida_free called for id=0 which is not allocated.\nWARNING: CPU: 14 PID: 926 at lib/idr.c:525 ida_free+0x134/0x140\nModules linked in:\nCPU: 14 PID: 926 Comm: mount Not tainted 6.9.0-rc3-dirty #630\nRIP: 0010:ida_free+0x134/0x140\nCall Trace:\n \n erofs_kill_sb+0x81/0x90\n deactivate_locked_super+0x35/0x80\n get_tree_bdev+0x136/0x1e0\n vfs_get_tree+0x2c/0xf0\n do_new_mount+0x190/0x2f0\n [...]\n============================================\n\nNow when erofs_kill_sb() is called, erofs_sb_info must have been\ninitialised, so use sbi->fsid to distinguish between the two modes." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/7af2ae1b1531feab5d38ec9c8f472dc6cceb4606", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dcdd49701e429c55b3644fd70fc58d85745f8cfe", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f9b877a7ee312ec8ce17598a7ef85cb820d7c371", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36967.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36967.json new file mode 100644 index 00000000000..b2be04d7645 --- /dev/null +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36967.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2024-36967", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-06-08T13:15:58.000", + "lastModified": "2024-06-08T13:15:58.000", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: Fix memory leak in tpm2_key_encode()\n\n'scratch' is never freed. Fix this by calling kfree() in the success, and\nin the error case." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/189c768932d435045b1fae12bf63e53866f06a28", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/1e6914fa8e7798bcf3ce4a5b96ea4ac1d5571cdf", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/5d91238b590bd883c86ba7707c5c9096469c08b7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/cf26a92f560eed5d6ddc3d441cc645950cbabc56", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/e62835264d0352be6086975f18fdfed2b5520b13", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ffcaa2172cc1a85ddb8b783de96d38ca8855e248", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36968.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36968.json new file mode 100644 index 00000000000..e6d7cf69d32 --- /dev/null +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36968.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-36968", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-06-08T13:15:58.093", + "lastModified": "2024-06-08T13:15:58.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()\n\nl2cap_le_flowctl_init() can cause both div-by-zero and an integer\noverflow since hdev->le_mtu may not fall in the valid range.\n\nMove MTU from hci_dev to hci_conn to validate MTU and stop the connection\nprocess earlier if MTU is invalid.\nAlso, add a missing validation in read_buffer_size() and make it return\nan error value if the validation fails.\nNow hci_conn_add() returns ERR_PTR() as it can fail due to the both a\nkzalloc failure and invalid MTU value.\n\ndivide error: 0000 [#1] PREEMPT SMP KASAN NOPTI\nCPU: 0 PID: 67 Comm: kworker/u5:0 Tainted: G W 6.9.0-rc5+ #20\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci0 hci_rx_work\nRIP: 0010:l2cap_le_flowctl_init+0x19e/0x3f0 net/bluetooth/l2cap_core.c:547\nCode: e8 17 17 0c 00 66 41 89 9f 84 00 00 00 bf 01 00 00 00 41 b8 02 00 00 00 4c\n89 fe 4c 89 e2 89 d9 e8 27 17 0c 00 44 89 f0 31 d2 <66> f7 f3 89 c3 ff c3 4d 8d\nb7 88 00 00 00 4c 89 f0 48 c1 e8 03 42\nRSP: 0018:ffff88810bc0f858 EFLAGS: 00010246\nRAX: 00000000000002a0 RBX: 0000000000000000 RCX: dffffc0000000000\nRDX: 0000000000000000 RSI: ffff88810bc0f7c0 RDI: ffffc90002dcb66f\nRBP: ffff88810bc0f880 R08: aa69db2dda70ff01 R09: 0000ffaaaaaaaaaa\nR10: 0084000000ffaaaa R11: 0000000000000000 R12: ffff88810d65a084\nR13: dffffc0000000000 R14: 00000000000002a0 R15: ffff88810d65a000\nFS: 0000000000000000(0000) GS:ffff88811ac00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000020000100 CR3: 0000000103268003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \n l2cap_le_connect_req net/bluetooth/l2cap_core.c:4902 [inline]\n l2cap_le_sig_cmd net/bluetooth/l2cap_core.c:5420 [inline]\n l2cap_le_sig_channel net/bluetooth/l2cap_core.c:5486 [inline]\n l2cap_recv_frame+0xe59d/0x11710 net/bluetooth/l2cap_core.c:6809\n l2cap_recv_acldata+0x544/0x10a0 net/bluetooth/l2cap_core.c:7506\n hci_acldata_packet net/bluetooth/hci_core.c:3939 [inline]\n hci_rx_work+0x5e5/0xb20 net/bluetooth/hci_core.c:4176\n process_one_work kernel/workqueue.c:3254 [inline]\n process_scheduled_works+0x90f/0x1530 kernel/workqueue.c:3335\n worker_thread+0x926/0xe70 kernel/workqueue.c:3416\n kthread+0x2e3/0x380 kernel/kthread.c:388\n ret_from_fork+0x5c/0x90 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244\n \nModules linked in:\n---[ end trace 0000000000000000 ]---" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/a5b862c6a221459d54e494e88965b48dcfa6cc44", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/ad3f7986c5a0f82b8b66a0afe1cc1f5421e1d674", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d2b2f7d3936dc5990549bc36ab7ac7ac37f22c30", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/dfece2b4e3759759b2bdfac2cd6d0ee9fbf055f3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36969.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36969.json new file mode 100644 index 00000000000..a04257a2f62 --- /dev/null +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36969.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2024-36969", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-06-08T13:15:58.170", + "lastModified": "2024-06-08T13:15:58.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Fix division by zero in setup_dsc_config\n\nWhen slice_height is 0, the division by slice_height in the calculation\nof the number of slices will cause a division by zero driver crash. This\nleaves the kernel in a state that requires a reboot. This patch adds a\ncheck to avoid the division by zero.\n\nThe stack trace below is for the 6.8.4 Kernel. I reproduced the issue on\na Z16 Gen 2 Lenovo Thinkpad with a Apple Studio Display monitor\nconnected via Thunderbolt. The amdgpu driver crashed with this exception\nwhen I rebooted the system with the monitor connected.\n\nkernel: ? die (arch/x86/kernel/dumpstack.c:421 arch/x86/kernel/dumpstack.c:434 arch/x86/kernel/dumpstack.c:447)\nkernel: ? do_trap (arch/x86/kernel/traps.c:113 arch/x86/kernel/traps.c:154)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? do_error_trap (./arch/x86/include/asm/traps.h:58 arch/x86/kernel/traps.c:175)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? exc_divide_error (arch/x86/kernel/traps.c:194 (discriminator 2))\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: ? asm_exc_divide_error (./arch/x86/include/asm/idtentry.h:548)\nkernel: ? setup_dsc_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1053) amdgpu\nkernel: dc_dsc_compute_config (drivers/gpu/drm/amd/amdgpu/../display/dc/dsc/dc_dsc.c:1109) amdgpu\n\nAfter applying this patch, the driver no longer crashes when the monitor\nis connected and the system is rebooted. I believe this is the same\nissue reported for 3113." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/130afc8a886183a94cf6eab7d24f300014ff87ba", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/308de6be0c9c7ba36915c0d398e771725c0ea911", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/7e4f50dfc98c49b3dc6875a35c3112522fb25639", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/91402e0e5de9124a3108db7a14163fcf9a6d322f", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/a32c8f951c8a456c1c251e1dcdf21787f8066445", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f187fcbbb8f8bf10c6687f0beae22509369f7563", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36970.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36970.json new file mode 100644 index 00000000000..47d3c34ad09 --- /dev/null +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36970.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-36970", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-06-08T13:15:58.260", + "lastModified": "2024-06-08T13:15:58.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlwifi: Use request_module_nowait\n\nThis appears to work around a deadlock regression that came in\nwith the LED merge in 6.9.\n\nThe deadlock happens on my system with 24 iwlwifi radios, so maybe\nit something like all worker threads are busy and some work that needs\nto complete cannot complete.\n\n[also remove unnecessary \"load_module\" var and now-wrong comment]" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/3d913719df14c28c4d3819e7e6d150760222bda4", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/d20013259539e2fde2deeac85354851097afdf9e", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-374xx/CVE-2024-37407.json b/CVE-2024/CVE-2024-374xx/CVE-2024-37407.json new file mode 100644 index 00000000000..9b5f1d2dd8a --- /dev/null +++ b/CVE-2024/CVE-2024-374xx/CVE-2024-37407.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-37407", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-06-08T13:15:58.337", + "lastModified": "2024-06-08T13:15:58.337", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in archive_read_support_format_zip.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/libarchive/libarchive/commit/b6a979481b7d77c12fa17bbed94576b63bbcb0c0", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/libarchive/libarchive/pull/2145", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/libarchive/libarchive/releases/tag/v3.7.4", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5766.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5766.json new file mode 100644 index 00000000000..a454f0095ab --- /dev/null +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5766.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-5766", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-06-08T12:15:10.117", + "lastModified": "2024-06-08T12:15:10.117", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Likeshop up to 2.5.7 and classified as problematic. This issue affects some unknown processing of the file /admin of the component Merchandise Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-267449 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/likeshop_gitee/likeshop/issues/I9TAHP", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.267449", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.267449", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a9450d65062..f2b5eef88fb 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-08T12:00:17.923794+00:00 +2024-06-08T14:00:18.731960+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-08T11:15:50.007000+00:00 +2024-06-08T13:15:58.337000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -253033 +253054 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `21` -- [CVE-2024-35753](CVE-2024/CVE-2024-357xx/CVE-2024-35753.json) (`2024-06-08T11:15:49.193`) -- [CVE-2024-35755](CVE-2024/CVE-2024-357xx/CVE-2024-35755.json) (`2024-06-08T11:15:49.780`) -- [CVE-2024-35756](CVE-2024/CVE-2024-357xx/CVE-2024-35756.json) (`2024-06-08T11:15:50.007`) +- [CVE-2024-35730](CVE-2024/CVE-2024-357xx/CVE-2024-35730.json) (`2024-06-08T13:15:54.667`) +- [CVE-2024-35731](CVE-2024/CVE-2024-357xx/CVE-2024-35731.json) (`2024-06-08T13:15:54.917`) +- [CVE-2024-35732](CVE-2024/CVE-2024-357xx/CVE-2024-35732.json) (`2024-06-08T13:15:55.150`) +- [CVE-2024-35733](CVE-2024/CVE-2024-357xx/CVE-2024-35733.json) (`2024-06-08T13:15:55.410`) +- [CVE-2024-35734](CVE-2024/CVE-2024-357xx/CVE-2024-35734.json) (`2024-06-08T13:15:55.647`) +- [CVE-2024-35736](CVE-2024/CVE-2024-357xx/CVE-2024-35736.json) (`2024-06-08T13:15:55.897`) +- [CVE-2024-35737](CVE-2024/CVE-2024-357xx/CVE-2024-35737.json) (`2024-06-08T13:15:56.140`) +- [CVE-2024-35738](CVE-2024/CVE-2024-357xx/CVE-2024-35738.json) (`2024-06-08T13:15:56.430`) +- [CVE-2024-35739](CVE-2024/CVE-2024-357xx/CVE-2024-35739.json) (`2024-06-08T13:15:56.660`) +- [CVE-2024-35740](CVE-2024/CVE-2024-357xx/CVE-2024-35740.json) (`2024-06-08T13:15:56.910`) +- [CVE-2024-35750](CVE-2024/CVE-2024-357xx/CVE-2024-35750.json) (`2024-06-08T13:15:57.137`) +- [CVE-2024-35751](CVE-2024/CVE-2024-357xx/CVE-2024-35751.json) (`2024-06-08T13:15:57.370`) +- [CVE-2024-35752](CVE-2024/CVE-2024-357xx/CVE-2024-35752.json) (`2024-06-08T13:15:57.607`) +- [CVE-2024-36965](CVE-2024/CVE-2024-369xx/CVE-2024-36965.json) (`2024-06-08T13:15:57.820`) +- [CVE-2024-36966](CVE-2024/CVE-2024-369xx/CVE-2024-36966.json) (`2024-06-08T13:15:57.917`) +- [CVE-2024-36967](CVE-2024/CVE-2024-369xx/CVE-2024-36967.json) (`2024-06-08T13:15:58.000`) +- [CVE-2024-36968](CVE-2024/CVE-2024-369xx/CVE-2024-36968.json) (`2024-06-08T13:15:58.093`) +- [CVE-2024-36969](CVE-2024/CVE-2024-369xx/CVE-2024-36969.json) (`2024-06-08T13:15:58.170`) +- [CVE-2024-36970](CVE-2024/CVE-2024-369xx/CVE-2024-36970.json) (`2024-06-08T13:15:58.260`) +- [CVE-2024-37407](CVE-2024/CVE-2024-374xx/CVE-2024-37407.json) (`2024-06-08T13:15:58.337`) +- [CVE-2024-5766](CVE-2024/CVE-2024-57xx/CVE-2024-5766.json) (`2024-06-08T12:15:10.117`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `5` +- [CVE-2023-52756](CVE-2023/CVE-2023-527xx/CVE-2023-52756.json) (`2024-06-08T12:15:09.513`) +- [CVE-2023-52802](CVE-2023/CVE-2023-528xx/CVE-2023-52802.json) (`2024-06-08T12:15:09.783`) +- [CVE-2024-20696](CVE-2024/CVE-2024-206xx/CVE-2024-20696.json) (`2024-06-08T13:15:54.193`) +- [CVE-2024-20697](CVE-2024/CVE-2024-206xx/CVE-2024-20697.json) (`2024-06-08T13:15:54.397`) +- [CVE-2024-26256](CVE-2024/CVE-2024-262xx/CVE-2024-26256.json) (`2024-06-08T13:15:54.527`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 2df52accc13..e8973aa7544 100644 --- a/_state.csv +++ b/_state.csv @@ -238401,7 +238401,7 @@ CVE-2023-52752,0,0,25de89af3d4053d37f8f8e8a25e68095a261521025a1fab0bcc59aaf799f0 CVE-2023-52753,0,0,01ad314fc21f348a08f59b0508c438f15217c5b77323cc27c5533e8fcf19711c,2024-05-24T01:12:46.227000 CVE-2023-52754,0,0,6c3f909df442358f10009af2374d307a27574624f35992cb0e89815656c4ead5,2024-05-21T16:53:56.550000 CVE-2023-52755,0,0,363ad3830894b1997ea949ce826bd999a8f15d7d0e03a2a28cfadc8e6277ff11,2024-05-21T16:53:56.550000 -CVE-2023-52756,0,0,3d88cffb26f2e88efcf7e015115928ea98f957206d107a0b007218a1d1854206,2024-05-21T16:53:56.550000 +CVE-2023-52756,0,1,4f335ff0b69403bd52d52b8d688ec5d5010d82211d565f520b78606f8596b3dc,2024-06-08T12:15:09.513000 CVE-2023-52757,0,0,a3f7e9b496d7a1b0e1a086720f61d4780919b8bc433816b11c05419d90c92177,2024-05-21T16:53:56.550000 CVE-2023-52758,0,0,697a841d5c4c62a9a5e867a3f36ba9059087126e2106f7ec3783d08e037de4b7,2024-05-24T16:15:09.010000 CVE-2023-52759,0,0,cdacf0be4399f4a8784d1dc753dc6263170b989ec3a6e49dda949f8349b098c5,2024-05-21T16:53:56.550000 @@ -238452,7 +238452,7 @@ CVE-2023-52799,0,0,cde34f1c080e291d19b6bead7c097c43ba74339851e793355ab446b5c7779 CVE-2023-5280,0,0,05e6a37f5f9bd5a1bc94abc6e2d70e08893d7b367c610c9b600bbd1ae1bd72af,2024-06-04T19:18:10.060000 CVE-2023-52800,0,0,6094ca9eec86821482714021ea5ff6a4ed14e109d9b84ed733b5609c4c4727b4,2024-05-21T16:53:56.550000 CVE-2023-52801,0,0,b535c81deacc001cc55809f26279fcc8f943e4b47f03e1d38835d1eabced2661,2024-05-21T16:53:56.550000 -CVE-2023-52802,0,0,a285db54a3d15762b7d79571eb48e6fa61b18d431e291db90d82afb7d09acf2a,2024-05-24T01:14:17.313000 +CVE-2023-52802,0,1,7a66c54da530bf46ad265c5d3722bf29ac68c9be9672cf77b5fe3d0070a86e8a,2024-06-08T12:15:09.783000 CVE-2023-52803,0,0,d97cd26a8945749301c75b128288d9947cc059912546c7832626e8b531842222,2024-05-21T16:53:56.550000 CVE-2023-52804,0,0,42b607e83ed9029b8db30ea60d460b5ef07801a80958b4f415168da424d1d25d,2024-05-21T16:53:56.550000 CVE-2023-52805,0,0,423ff2bb4d16a7d3d99ff6cde998a0081fe09b7559dc9abf0978f00ee5d7aaf4,2024-05-21T16:53:56.550000 @@ -242263,8 +242263,8 @@ CVE-2024-20692,0,0,87d7a3ce2bf78c3580f3f4d77627a76351b0ace1cefed56e8e3a1b65ff225 CVE-2024-20693,0,0,58b2c5f69bf7013e2db66a3ca1c15a7c56f3eeb06bade8eb94e849e9cb18c8ff,2024-04-10T13:24:00.070000 CVE-2024-20694,0,0,24a71f7a33d32ecc1a00f3d25b396148c2e2497db58724f92d99f85897c07226,2024-05-29T00:15:15.630000 CVE-2024-20695,0,0,3140b865165e7a1476184c26b052bdb37f127b446790c95987e7bbb86f6ca050,2024-05-29T00:15:15.823000 -CVE-2024-20696,0,0,dd5eef9027db36a9488b50064a145faa93598e8e6ce030ddee02878063d7f804,2024-05-29T00:15:16.003000 -CVE-2024-20697,0,0,1d678eee30fdbc654471baf8a521effc36e8b984d6d4e5b0c701a4cce5b6421c,2024-05-29T00:15:16.127000 +CVE-2024-20696,0,1,d1cacd6fe0ea80f1a077841d88f8ad5ef184f1bf8e5f953666653fe05e6d5ae3,2024-06-08T13:15:54.193000 +CVE-2024-20697,0,1,471a66ffb07ee7b7a0c1045b5cef7af1394de5ad3426d872d8cee1e05666475f,2024-06-08T13:15:54.397000 CVE-2024-20698,0,0,c87681a712debff74de386c4bd26867a56e17e9c3f279b52fd0c11e97aa17c64,2024-05-29T00:15:16.343000 CVE-2024-20699,0,0,a5a67c53871242abe30e37856eae34909fef80235b80c02497150a284066de22,2024-01-14T21:57:27.553000 CVE-2024-2070,0,0,96e6b267a155e30e7af56a9cf12a74717d1ea58df3f9d2000eda21f3b659ea73,2024-05-17T02:38:01.770000 @@ -245714,7 +245714,7 @@ CVE-2024-26252,0,0,df562f5c83abdc407ed37aaf1c1c037cf6f8550dbd77ed7347471880b8672 CVE-2024-26253,0,0,34481f020a86a742b6ced94cd3663067ce41019d1907c6b06ed17f950058a134,2024-04-10T13:24:00.070000 CVE-2024-26254,0,0,07a4b81b26bc3f1c97cbd450d7200968eabb824affdc4e125ab1428b8b376be4,2024-04-10T13:24:00.070000 CVE-2024-26255,0,0,85638effedfaf37162394543c2ea8be3fea3cadc51d4bb0413585c9f3e228970,2024-04-10T13:24:00.070000 -CVE-2024-26256,0,0,f714f94a944624e570ad65ecd1d4f933197efdaca8ea3947e2937a6a17fb1db6,2024-04-10T13:24:00.070000 +CVE-2024-26256,0,1,3a8423bb6f4da4b0932feee1ae95deeb529afc0cf7244e4ee4334e89a457e1d6,2024-06-08T13:15:54.527000 CVE-2024-26257,0,0,05a28d03660a848990668904555214fae6f00026d23d1677e03b07f5dc8dee4e,2024-04-10T13:24:00.070000 CVE-2024-26258,0,0,e2948ebecdedd5be931de1508231bfb7181246b38ce20c139f19e68ae9750f3d,2024-04-04T12:48:41.700000 CVE-2024-2626,0,0,0f82bfcd678adfe2206a7b49362dbece30aa00242a9c52e3ba26851c15f6dba3,2024-04-01T15:22:37.883000 @@ -251155,11 +251155,24 @@ CVE-2024-35700,0,0,beeb20b759af9a32a69313385147a7395fc3bf7cb0ca31c5082e011236ebc CVE-2024-3571,0,0,69cf6aaba9ed550ce2e1f492d0ecd149e8d5cd4d3ef343f36ac06a714698dced,2024-04-16T13:24:07.103000 CVE-2024-3572,0,0,fac7085e464e1d98d017bfc9635e53b969d9f55d28ae04030a557f0ab1b04301,2024-04-16T13:24:07.103000 CVE-2024-3573,0,0,f978306925f93ca64332932b6f5a09fb648fa8e8ad9d4b00bd427fd81ec82478,2024-04-16T13:24:07.103000 +CVE-2024-35730,1,1,eda07e2bd0d745309a6da01e7276a1bd86c8bc3eb422555836a242da6bf2a60a,2024-06-08T13:15:54.667000 +CVE-2024-35731,1,1,8d1d7136224b5d7fadee4c3c9c2319df59bb7e710875d72bc165453e3395f2be,2024-06-08T13:15:54.917000 +CVE-2024-35732,1,1,8fc2b3495232e544d0c8db1d44c16532da7dd6cbf29f7a361eb183f184d2a351,2024-06-08T13:15:55.150000 +CVE-2024-35733,1,1,1a802e37ee2b847870487f1a16cc3a51c709fdef74fc8cbde0d3b34ca0ec35f5,2024-06-08T13:15:55.410000 +CVE-2024-35734,1,1,ce67a2cac4d0667b36f5dcbb596f57fc2ddc4c6a0053674a2ac3e1b5c5a5aae5,2024-06-08T13:15:55.647000 +CVE-2024-35736,1,1,f9fe86674ece14ed800ec3f44fbfd4b28c9f905a0aa5aec19f85950b5001f53a,2024-06-08T13:15:55.897000 +CVE-2024-35737,1,1,bc38fc059694157c279b9b404dd18a66da63390f365f7cafe1cc34bd040318b5,2024-06-08T13:15:56.140000 +CVE-2024-35738,1,1,50eb27decedbd60f4bf188c7d2a7e54e8c272287c5228ed771c42f560d1c0e95,2024-06-08T13:15:56.430000 +CVE-2024-35739,1,1,707dc0e914a581dde6c79562ece05de14b7ccaace04c87e048564f44c169d6cc,2024-06-08T13:15:56.660000 CVE-2024-3574,0,0,a6cc99c8a389ea7db1c37fe05b40106752b73810cdac85caab18aeb26d6bc576,2024-04-16T13:24:07.103000 +CVE-2024-35740,1,1,c7b15495ca75021a0f3ae856348840f0df6e7628338c252bbcb913e6f43d990d,2024-06-08T13:15:56.910000 CVE-2024-3575,0,0,59be73eca5c53cbbcf99414bd65c6b74b4dff22ff5983c2d091439c46f610b22,2024-04-16T13:24:07.103000 -CVE-2024-35753,1,1,d8ea54bb3de63681c830d87a5e3ae966e236ec4d04a6e569c34a9674aca5ed2f,2024-06-08T11:15:49.193000 -CVE-2024-35755,1,1,b90d8dbe1381b90363531c9931c16e892b0f999eba27224314b1b64f103dc4bc,2024-06-08T11:15:49.780000 -CVE-2024-35756,1,1,784141ebe086abedbfa21727ba51d60c64e728f0df0555f711b70d06e1a7fa25,2024-06-08T11:15:50.007000 +CVE-2024-35750,1,1,18b23d32a06a11540e6102be3499b0c8e2e94e7d4a2cd6a0e378b9c4e0f6c3f1,2024-06-08T13:15:57.137000 +CVE-2024-35751,1,1,a592cf7a13db9e1979a7c2b43c01d3c996c69c3852da1c78eb5ab8dce059226e,2024-06-08T13:15:57.370000 +CVE-2024-35752,1,1,9893ef32892c1556c2a03a37e153b4fa116ddafd2b9e66701b63d71cf975d37f,2024-06-08T13:15:57.607000 +CVE-2024-35753,0,0,d8ea54bb3de63681c830d87a5e3ae966e236ec4d04a6e569c34a9674aca5ed2f,2024-06-08T11:15:49.193000 +CVE-2024-35755,0,0,b90d8dbe1381b90363531c9931c16e892b0f999eba27224314b1b64f103dc4bc,2024-06-08T11:15:49.780000 +CVE-2024-35756,0,0,784141ebe086abedbfa21727ba51d60c64e728f0df0555f711b70d06e1a7fa25,2024-06-08T11:15:50.007000 CVE-2024-3576,0,0,da3479f65547a923ac9b6fc5d4e01aab352d357f2ab0f89f14bd434e8562f642,2024-05-07T09:15:38.747000 CVE-2024-35782,0,0,1a0373b5f1f7deeeedd7f390a32d36b4e5b6a7fa2bc73f703a0a9b8d71fdc6f1,2024-06-05T19:50:20.463000 CVE-2024-35784,0,0,777c9d07d4e578c087e7dca5451415bcc43ec9a1a18957eb76a5068c9b97dba4,2024-05-17T18:35:35.070000 @@ -251711,7 +251724,13 @@ CVE-2024-36961,0,0,23b0844a9529f3ecfd6285bf875a287ce67af9417a3eb4ff1001834e83635 CVE-2024-36962,0,0,5fce798c0bb35579e13c17bb9f54632747360d5004ae06492f537a1e1919292d,2024-06-03T14:46:24.250000 CVE-2024-36963,0,0,603c4aee8277db74a501815fd4789e2662e4b99b616454a415c4c767068ca598,2024-06-03T14:46:24.250000 CVE-2024-36964,0,0,1e5a2c376d4fab926c22a070cc2c21ccc7f01422382c5ba38368e087bbce6bb0,2024-06-03T14:46:24.250000 +CVE-2024-36965,1,1,94dcb7e91e830000be79e09336cbf7f744ab863403db239e529a62fef5daf756,2024-06-08T13:15:57.820000 +CVE-2024-36966,1,1,89402698bbbfe61c3e2a0023f1ae17d9f7ec0b194220c81b2d5bd5be1dfb7789,2024-06-08T13:15:57.917000 +CVE-2024-36967,1,1,dc91eadb83cf22db3586cf512e4a10ed364661cc740bcd8e6e00f47cca5bb5ce,2024-06-08T13:15:58 +CVE-2024-36968,1,1,6ed8313f772c804655ce95bdc810f04c7ad3261c63e2491fadbfd02afd28d42d,2024-06-08T13:15:58.093000 +CVE-2024-36969,1,1,93df68a3d756525f62d08a7306769992595636d28de5356e33ffbc6477480270,2024-06-08T13:15:58.170000 CVE-2024-3697,0,0,600d9314ffac8217c56b5ddb9a6dd8f383edc3a52ae15aefe26cd04d9d92b65a,2024-06-04T19:20:23.323000 +CVE-2024-36970,1,1,7d534aaf513e3ce951bbff7c723742de5e9980b05c8986370391e5e0c6fe2f73,2024-06-08T13:15:58.260000 CVE-2024-3698,0,0,13b4029eb6179dbe788598788e16556a1995d850ddfc4af1ee0c4e86961a3a21,2024-05-17T02:40:04.800000 CVE-2024-3701,0,0,d78f52a76181001272debccb095fb5971bb478ebc111313d9ff2994f4ec0598f,2024-04-15T13:15:31.997000 CVE-2024-37017,0,0,44054da22aca73b93b60ec210b10224ee227f383aaf683a683cb33e0b77e6e79,2024-05-31T13:01:46.727000 @@ -251780,6 +251799,7 @@ CVE-2024-37385,0,0,ab67b8a0f073ce7f5c28ca11584627dbf70b59e11b1337a1068ce1887aeb0 CVE-2024-37388,0,0,4bb786bca42a11ef8edd07a6799bb4caedfa95038e4371ae55f637f2792eab26,2024-06-07T19:24:09.243000 CVE-2024-3739,0,0,18ca969c974b63c6d16494fbcc2d63756747cacc5947332fefb20d9c592537e4,2024-05-17T02:40:06.067000 CVE-2024-3740,0,0,1025f598f3437296a5a18526d2723c88eb3b5b46ea06c50b765dc694c6a0bd1a,2024-05-17T02:40:06.170000 +CVE-2024-37407,1,1,bdd62b1a60b2f9e74c2506449b022f66f37f10b9b76c2c27ea7d4196ce5e4faf,2024-06-08T13:15:58.337000 CVE-2024-3741,0,0,a12bddc029cd8ca7f24831417695630babe629dc15b981c15e3d0a9ffa405fdc,2024-05-28T17:15:11.327000 CVE-2024-3742,0,0,78c61e704f37a9137f7f9be10f02b0ed07c0bef31d61c3d6452a359112382921,2024-05-28T17:15:11.450000 CVE-2024-3743,0,0,a066d49023268d129172d910e0990b3a457ebf914ca5a08a9f020fc0da48a3af,2024-05-02T18:00:37.360000 @@ -253031,4 +253051,5 @@ CVE-2024-5734,0,0,6c2e32afe9f36cd041d920f75c3584a92a72063480e933c9394a66845b5726 CVE-2024-5745,0,0,8788b99580d43fd9eb900afb700ee157c954d289b603d58451eabd57873852f0,2024-06-08T04:15:10.027000 CVE-2024-5758,0,0,256bdf36325369b4c0dc6f8fe6e02f8840c37558f437c19f80b9b4e84e6dc39b,2024-06-08T07:15:08.630000 CVE-2024-5761,0,0,e0022a8d80317cd3941058bae14b514f68707790a5051038049a1d552ba8de69,2024-06-07T19:15:24.467000 +CVE-2024-5766,1,1,b382821a65eefd874d3990e716beed64ed6e05799058a5dbfa1ab76c832644a2,2024-06-08T12:15:10.117000 CVE-2024-5770,0,0,fe310be1d952d0455f64ae72c485c582bcaeef4aad88d85c194ca59111d07deb,2024-06-08T05:15:40.320000