admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-03T10:00:37.862736+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-03 10:03:32 +00:00
parent 63a4262be9
commit 29492ebd1d
16 changed files with 662 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-487xx/CVE-2023-48789.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48789",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T08:15:08.507",
"lastModified": "2024-06-03T08:15:08.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A client-side enforcement of server-side security in Fortinet FortiPortal version 6.0.0 through 6.0.14 allows attacker to improper access control via crafted HTTP requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-602"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-406",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2024/CVE-2024-231xx/CVE-2024-23107.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23107",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T08:15:08.837",
"lastModified": "2024-06-03T08:15:08.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor vulnerability [CWE-200] in FortiWeb version 7.4.0, version 7.2.4 and below, version 7.0.8 and below, 6.3 all versions may allow an authenticated attacker to read password hashes of other administrators via CLI commands."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-191",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2024/CVE-2024-314xx/CVE-2024-31493.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31493",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-06-03T08:15:09.097",
"lastModified": "2024-06-03T08:15:09.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-212"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-052",
"source": "psirt@fortinet.com"
}
]
}

55
CVE-2024/CVE-2024-356xx/CVE-2024-35637.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35637",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T09:15:09.390",
"lastModified": "2024-06-03T09:15:09.390",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in Church Admin.This issue affects Church Admin: from n/a through 4.3.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/church-admin/wordpress-church-admin-plugin-4-3-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-356xx/CVE-2024-35638.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35638",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T09:15:09.703",
"lastModified": "2024-06-03T09:15:09.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through 0.2.43."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/activedemand/wordpress-activedemand-plugin-0-2-43-cross-site-request-forgery-csrf-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-356xx/CVE-2024-35639.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35639",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T09:15:09.947",
"lastModified": "2024-06-03T09:15:09.947",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webliberty Simple Spoiler allows Stored XSS.This issue affects Simple Spoiler: from n/a through 1.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-spoiler/wordpress-simple-spoiler-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-356xx/CVE-2024-35640.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-35640",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-03T08:15:09.330",
"lastModified": "2024-06-03T08:15:09.330",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tomas Cordero Safety Exit allows Stored XSS.This issue affects Safety Exit: from n/a through 1.7.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/safety-exit/wordpress-safety-exit-plugin-1-7-0-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

48
CVE-2024/CVE-2024-369xx/CVE-2024-36960.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-36960",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-03T08:15:09.557",
"lastModified": "2024-06-03T08:15:09.557",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vmwgfx: Fix invalid reads in fence signaled events\n\nCorrectly set the length of the drm_event to the size of the structure\nthat's actually used.\n\nThe length of the drm_event was set to the parent structure instead of\nto the drm_vmw_event_fence which is supposed to be read. drm_read\nuses the length parameter to copy the event to the user space thus\nresuling in oob reads."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0dbfc73670b357456196130551e586345ca48e1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f527e3efd37c7c5e85e8aa86308856b619fa59f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3cd682357c6167f636aec8ac0efaa8ba61144d36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7b5fd3af4a250dd0a2a558e07b43478748eb5d22",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a37ef7613c00f2d72c8fc08bd83fb6cc76926c8c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b7bab33c4623c66e3398d5253870d4e88c52dfc0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cef0962f2d3e5fd0660c8efb72321083a1b531a9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/deab66596dfad14f1c54eeefdb72428340d72a77",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

24
CVE-2024/CVE-2024-369xx/CVE-2024-36961.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-36961",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-03T08:15:09.660",
"lastModified": "2024-06-03T08:15:09.660",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal/debugfs: Fix two locking issues with thermal zone debug\n\nWith the current thermal zone locking arrangement in the debugfs code,\nuser space can open the \"mitigations\" file for a thermal zone before\nthe zone's debugfs pointer is set which will result in a NULL pointer\ndereference in tze_seq_start().\n\nMoreover, thermal_debug_tz_remove() is not called under the thermal\nzone lock, so it can run in parallel with the other functions accessing\nthe thermal zone's struct thermal_debugfs object. Then, it may clear\ntz->debugfs after one of those functions has checked it and the\nstruct thermal_debugfs object may be freed prematurely.\n\nTo address the first problem, pass a pointer to the thermal zone's\nstruct thermal_debugfs object to debugfs_create_file() in\nthermal_debug_tz_add() and make tze_seq_start(), tze_seq_next(),\ntze_seq_stop(), and tze_seq_show() retrieve it from s->private\ninstead of a pointer to the thermal zone object. This will ensure\nthat tz_debugfs will be valid across the \"mitigations\" file accesses\nuntil thermal_debugfs_remove_id() called by thermal_debug_tz_remove()\nremoves that file.\n\nTo address the second problem, use tz->lock in thermal_debug_tz_remove()\naround the tz->debugfs value check (in case the same thermal zone is\nremoved at the same time in two different threads) and its reset to NULL.\n\nCc :6.8+ <stable@vger.kernel.org> # 6.8+"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6c57bdd0505422d5ccd2df541d993aec978c842e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c7f7c37271787a7f77d7eedc132b0b419a76b4c8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

32
CVE-2024/CVE-2024-369xx/CVE-2024-36962.json Normal file
View File

@ -0,0 +1,32 @@
{
"id": "CVE-2024-36962",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-03T08:15:09.740",
"lastModified": "2024-06-03T08:15:09.740",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: ks8851: Queue RX packets in IRQ handler instead of disabling BHs\n\nCurrently the driver uses local_bh_disable()/local_bh_enable() in its\nIRQ handler to avoid triggering net_rx_action() softirq on exit from\nnetif_rx(). The net_rx_action() could trigger this driver .start_xmit\ncallback, which is protected by the same lock as the IRQ handler, so\ncalling the .start_xmit from netif_rx() from the IRQ handler critical\nsection protected by the lock could lead to an attempt to claim the\nalready claimed lock, and a hang.\n\nThe local_bh_disable()/local_bh_enable() approach works only in case\nthe IRQ handler is protected by a spinlock, but does not work if the\nIRQ handler is protected by mutex, i.e. this works for KS8851 with\nParallel bus interface, but not for KS8851 with SPI bus interface.\n\nRemove the BH manipulation and instead of calling netif_rx() inside\nthe IRQ handler code protected by the lock, queue all the received\nSKBs in the IRQ handler into a queue first, and once the IRQ handler\nexits the critical section protected by the lock, dequeue all the\nqueued SKBs and push them all into netif_rx(). At this point, it is\nsafe to trigger the net_rx_action() softirq, since the netif_rx()\ncall is outside of the lock that protects the IRQ handler."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/7e2901a2a9195da76111f351584bf77552a038f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8a3ff43dcbab7c96f9e8cf2bd1049ab8d6e59545",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ae87f661f3c1a3134a7ed86ab69bf9f12af88993",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0863634bf9f7cf36291ebb5bfa2d16632f79c49",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

28
CVE-2024/CVE-2024-369xx/CVE-2024-36963.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2024-36963",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-03T08:15:09.820",
"lastModified": "2024-06-03T08:15:09.820",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracefs: Reset permissions on remount if permissions are options\n\nThere's an inconsistency with the way permissions are handled in tracefs.\nBecause the permissions are generated when accessed, they default to the\nroot inode's permission if they were never set by the user. If the user\nsets the permissions, then a flag is set and the permissions are saved via\nthe inode (for tracefs files) or an internal attribute field (for\neventfs).\n\nBut if a remount happens that specify the permissions, all the files that\nwere not changed by the user gets updated, but the ones that were are not.\nIf the user were to remount the file system with a given permission, then\nall files and directories within that file system should be updated.\n\nThis can cause security issues if a file's permission was updated but the\nadmin forgot about it. They could incorrectly think that remounting with\npermissions set would update all files, but miss some.\n\nFor example:\n\n # cd /sys/kernel/tracing\n # chgrp 1002 current_tracer\n # ls -l\n[..]\n -rw-r----- 1 root root 0 May 1 21:25 buffer_size_kb\n -rw-r----- 1 root root 0 May 1 21:25 buffer_subbuf_size_kb\n -r--r----- 1 root root 0 May 1 21:25 buffer_total_size_kb\n -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer\n -rw-r----- 1 root root 0 May 1 21:25 dynamic_events\n -r--r----- 1 root root 0 May 1 21:25 dyn_ftrace_total_info\n -r--r----- 1 root root 0 May 1 21:25 enabled_functions\n\nWhere current_tracer now has group \"lkp\".\n\n # mount -o remount,gid=1001 .\n # ls -l\n -rw-r----- 1 root tracing 0 May 1 21:25 buffer_size_kb\n -rw-r----- 1 root tracing 0 May 1 21:25 buffer_subbuf_size_kb\n -r--r----- 1 root tracing 0 May 1 21:25 buffer_total_size_kb\n -rw-r----- 1 root lkp 0 May 1 21:25 current_tracer\n -rw-r----- 1 root tracing 0 May 1 21:25 dynamic_events\n -r--r----- 1 root tracing 0 May 1 21:25 dyn_ftrace_total_info\n -r--r----- 1 root tracing 0 May 1 21:25 enabled_functions\n\nEverything changed but the \"current_tracer\".\n\nAdd a new link list that keeps track of all the tracefs_inodes which has\nthe permission flags that tell if the file/dir should use the root inode's\npermission or not. Then on remount, clear all the flags so that the\ndefault behavior of using the root inode's permission is done for all\nfiles and directories."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/414fb08628143203d29ccd0264b5a83fb9523c03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5f91fc82794d4a6e41cdcd02d00baa377d94ca78",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/baa23a8d4360d981a49913841a726edede5cdd54",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

48
CVE-2024/CVE-2024-369xx/CVE-2024-36964.json Normal file
View File

@ -0,0 +1,48 @@
{
"id": "CVE-2024-36964",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-03T08:15:09.903",
"lastModified": "2024-06-03T08:15:09.903",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/9p: only translate RWX permissions for plain 9P2000\n\nGarbage in plain 9P2000's perm bits is allowed through, which causes it\nto be able to set (among others) the suid bit. This was presumably not\nthe intent since the unix extended bits are handled explicitly and\nconditionally on .u."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/157d468e34fdd3cb1ddc07c2be32fb3b02826b02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5a605930e19f451294bd838754f7d66c976a8a2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ad4f65328661392de74e3608bb736fedf3b67e32",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ca9b5c81f0c918c63d73d962ed8a8e231f840bc8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cd25e15e57e68a6b18dc9323047fe9c68b99290b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/df1962a199783ecd66734d563caf0fedecf08f96",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e55c601af3b1223a84f9f27f9cdbd2af5e203bf3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e90bc596a74bb905e0a45bf346038c3f9d1e868d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

4
CVE-2024/CVE-2024-53xx/CVE-2024-5311.json
View File

@ -8,6 +8,10 @@
{
"lang": "en",
"value": "DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to read, modify, and delete database records."
},
{
"lang": "es",
"value": "DigiWin EasyFlow .NET carece de validaci\u00f3n para ciertos par\u00e1metros de entrada. Un atacante remoto no autenticado puede inyectar comandos SQL arbitrarios para leer, modificar y eliminar registros de bases de datos."
}
],
"metrics": {

55
CVE-2024/CVE-2024-54xx/CVE-2024-5404.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-5404",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-06-03T09:15:10.193",
"lastModified": "2024-06-03T09:15:10.193",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An unauthenticated remote attacker\u00a0can change the admin password in a\u00a0moneo appliance due to weak password recovery mechanism.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "info@cert.vde.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
}
],
"references": [
{
"url": "https://cert.vde.com/en/advisories/VDE-2024-028",
"source": "info@cert.vde.com"
}
]
}

30
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-06-03T08:00:37.975346+00:00
2024-06-03T10:00:37.862736+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-06-03T07:15:10.163000+00:00
2024-06-03T09:15:10.193000+00:00
```
### Last Data Feed Release
@ -33,25 +33,33 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
252396
252409
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `13`
- [CVE-2024-35641](CVE-2024/CVE-2024-356xx/CVE-2024-35641.json) (`2024-06-03T07:15:09.100`)
- [CVE-2024-35642](CVE-2024/CVE-2024-356xx/CVE-2024-35642.json) (`2024-06-03T07:15:09.560`)
- [CVE-2024-35643](CVE-2024/CVE-2024-356xx/CVE-2024-35643.json) (`2024-06-03T07:15:09.850`)
- [CVE-2024-36042](CVE-2024/CVE-2024-360xx/CVE-2024-36042.json) (`2024-06-03T06:15:09.293`)
- [CVE-2024-37031](CVE-2024/CVE-2024-370xx/CVE-2024-37031.json) (`2024-06-03T06:15:10.143`)
- [CVE-2024-5311](CVE-2024/CVE-2024-53xx/CVE-2024-5311.json) (`2024-06-03T07:15:10.163`)
- [CVE-2023-48789](CVE-2023/CVE-2023-487xx/CVE-2023-48789.json) (`2024-06-03T08:15:08.507`)
- [CVE-2024-23107](CVE-2024/CVE-2024-231xx/CVE-2024-23107.json) (`2024-06-03T08:15:08.837`)
- [CVE-2024-31493](CVE-2024/CVE-2024-314xx/CVE-2024-31493.json) (`2024-06-03T08:15:09.097`)
- [CVE-2024-35637](CVE-2024/CVE-2024-356xx/CVE-2024-35637.json) (`2024-06-03T09:15:09.390`)
- [CVE-2024-35638](CVE-2024/CVE-2024-356xx/CVE-2024-35638.json) (`2024-06-03T09:15:09.703`)
- [CVE-2024-35639](CVE-2024/CVE-2024-356xx/CVE-2024-35639.json) (`2024-06-03T09:15:09.947`)
- [CVE-2024-35640](CVE-2024/CVE-2024-356xx/CVE-2024-35640.json) (`2024-06-03T08:15:09.330`)
- [CVE-2024-36960](CVE-2024/CVE-2024-369xx/CVE-2024-36960.json) (`2024-06-03T08:15:09.557`)
- [CVE-2024-36961](CVE-2024/CVE-2024-369xx/CVE-2024-36961.json) (`2024-06-03T08:15:09.660`)
- [CVE-2024-36962](CVE-2024/CVE-2024-369xx/CVE-2024-36962.json) (`2024-06-03T08:15:09.740`)
- [CVE-2024-36963](CVE-2024/CVE-2024-369xx/CVE-2024-36963.json) (`2024-06-03T08:15:09.820`)
- [CVE-2024-36964](CVE-2024/CVE-2024-369xx/CVE-2024-36964.json) (`2024-06-03T08:15:09.903`)
- [CVE-2024-5404](CVE-2024/CVE-2024-54xx/CVE-2024-5404.json) (`2024-06-03T09:15:10.193`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `1`
- [CVE-2024-5311](CVE-2024/CVE-2024-53xx/CVE-2024-5311.json) (`2024-06-03T07:15:10.163`)
## Download and Usage

25
_state.csv
View File

@ -235698,6 +235698,7 @@ CVE-2023-48782,0,0,88145c135f3d36dc2324e589083cb79dceef7bf357c73c33782a57f9910e4
CVE-2023-48783,0,0,ebc0e9b096de11f5bb2feb6ecedfda87f1114290b6bb005e0f4f19fb8a6d2ef6,2024-01-17T18:24:38.617000
CVE-2023-48784,0,0,2c8c9b5cd73fccd6bf717ce3db3d03b76214161101a0e621003f928d07a57cf5,2024-04-17T12:15:07.353000
CVE-2023-48788,0,0,a76225488769211eb3f82baf06e8c2fdae1734ff7e897a76c118d8a783dbc141,2024-05-23T18:00:08.207000
CVE-2023-48789,1,1,0571bd4a37f3c97e6d8e9b10601719eec33455abb7eb3af2a2662d718dd67176,2024-06-03T08:15:08.507000
CVE-2023-4879,0,0,8ff2f4fac231edfb0e8e6c6042e670dbdf0da9230931b634f3b1ed60cbdab258,2023-09-18T18:58:43.767000
CVE-2023-48791,0,0,4e7d2cae3ad6ba11c4e276624bedca77887a0ee315b409ddadb10bd81db3bb45,2023-12-15T20:09:24.010000
CVE-2023-48792,0,0,a3c17617afe01ace18242f14c2f591f70a09281fccef1129ab04ab7743ac5ed0,2024-02-09T19:41:33.093000
@ -243586,6 +243587,7 @@ CVE-2024-2309,0,0,5e7d16d6f71f2f007544bcbcc47dd8107c18e2714e36b52143e4572bbdc634
CVE-2024-23094,0,0,8b7fd2c37601b9f636934db44ed8e567ef20eff4d921df465afdbb6ef925a041,2024-02-22T19:07:27.197000
CVE-2024-2310,0,0,0edce614ca737c9f4f6f172b9fca4020b1a932854b13e864a7ef93ffce2dc5e8,2024-04-26T12:58:17.720000
CVE-2024-23105,0,0,4f4ecfc1737be07823bcaafc96e8879d6b5c3ae1db58c428ada8e62f19153579,2024-05-23T15:52:39.123000
CVE-2024-23107,1,1,f95c78068a77be131b17b383b5dedbee5d41921bd626de291cf3de54dc105567,2024-06-03T08:15:08.837000
CVE-2024-23108,0,0,4bd66ae4e2150cd9c3073e095bacf489de77af9a273b611e130c3e3fa4edf7ea,2024-02-07T15:02:00.203000
CVE-2024-23109,0,0,c2686a38cd2651bfef8ab0e98ee0dbcce98e98fd7c1f1805290cb9df9c03fe78,2024-02-07T15:04:28.237000
CVE-2024-2311,0,0,738ffcbe7f411809b0dd04835f3243a6f3350cd455230e0887015d402141b408,2024-04-10T13:23:38.787000
@ -248819,6 +248821,7 @@ CVE-2024-31487,0,0,ffef7fcdc05bb476a1f2c02c71de4a76075ea7f0301d6a8889db629ce9b19
CVE-2024-31488,0,0,8fd4ea2d7a10d03e6cc8df9fdf21315abd98246cc112d9626a2dc74747d004e0,2024-05-14T19:17:55.627000
CVE-2024-31491,0,0,5f002356f8390a8ec883fdc05cbd199fbc913871302dee308e6ee0aa04c7ac67,2024-05-14T19:17:55.627000
CVE-2024-31492,0,0,a251126d380ad734bdcae40155276c0c8cd0f78c057d6c232814179759c90bf9,2024-04-10T19:49:51.183000
CVE-2024-31493,1,1,eb92f9f4c4feadf3b90c327ee2008f971dfc30631ea4767017e0b0d47be4af71,2024-06-03T08:15:09.097000
CVE-2024-31497,0,0,4e1eafb2dcb4144981ef085a5b8158282c3a0977a083d73fc04d3f981acbd1e7,2024-05-10T14:33:55.323000
CVE-2024-31498,0,0,db3c4e2337e3fccc66e084ef6016d8532925f451bef4124b0c2782f0c54d90b6,2024-04-08T00:15:08
CVE-2024-31502,0,0,52fc3984aab146fd5296bbc2584fa31ec06529d852df83c020a3abdb54510354,2024-04-29T12:42:03.667000
@ -250796,10 +250799,14 @@ CVE-2024-35618,0,0,fc2572e9e8823eb6313bf2bb54c527fc11c4117d0d0837dc8f8794515acd3
CVE-2024-35621,0,0,eff37f6109cc46dfb019de6bac1c1e4ffe46087d96bb684a690c4e1a8342c7d1,2024-05-28T17:11:47.007000
CVE-2024-35627,0,0,152f6a140367536a1e62d9a33b0213a3c0edb39ccbba33db112f0915411e954b,2024-05-24T01:15:30.977000
CVE-2024-35636,0,0,50355c13300a6ac082e1c483b1ab0ef66d8d81a837d0b58fd86ac7bbb9fe7982,2024-06-01T09:15:08.983000
CVE-2024-35637,1,1,a3bbaca3340add97b05922e5f3b6c323a82a11ee28efa6dacd9faac985e017af,2024-06-03T09:15:09.390000
CVE-2024-35638,1,1,d40f8eb039698819fa66f21f9769dac9687415417efb672407b31b270ecc7aa0,2024-06-03T09:15:09.703000
CVE-2024-35639,1,1,a9f6ceacf0b15e8d73d02a0e44ba7f868caccb9abf6430e27ee988ea745ef246,2024-06-03T09:15:09.947000
CVE-2024-3564,0,0,126b0ad745c05ac2b6e0879d574d7c57b3c5395a16548c8e712a48ce4bee21ab,2024-06-01T04:15:08.743000
CVE-2024-35641,1,1,ad916927f4dc66b26e37a696884d9ea1315a0f444182d47bd127409ab7975d3a,2024-06-03T07:15:09.100000
CVE-2024-35642,1,1,5f0cf1abc8073c52dfacad8fd9b2a937ae549d5addf8a17283021c02e90c70af,2024-06-03T07:15:09.560000
CVE-2024-35643,1,1,c2e75a738c426c54e453512f0b08e3b439606dd23983e8834340678e0539f0e2,2024-06-03T07:15:09.850000
CVE-2024-35640,1,1,358aecfa6522bfb60c0852d09cc5e4f8adc292000e1c5dc1db7c810f50935a8d,2024-06-03T08:15:09.330000
CVE-2024-35641,0,0,ad916927f4dc66b26e37a696884d9ea1315a0f444182d47bd127409ab7975d3a,2024-06-03T07:15:09.100000
CVE-2024-35642,0,0,5f0cf1abc8073c52dfacad8fd9b2a937ae549d5addf8a17283021c02e90c70af,2024-06-03T07:15:09.560000
CVE-2024-35643,0,0,c2e75a738c426c54e453512f0b08e3b439606dd23983e8834340678e0539f0e2,2024-06-03T07:15:09.850000
CVE-2024-35645,0,0,f4dc1bfaa7b7a0f9b97c8eccd36b4db9770029da3afa71c1b8b092b5602c6f29,2024-06-02T00:15:37.840000
CVE-2024-35646,0,0,136c9ad2a0ac2277b18388ab5956c506568c9b987f2be8806cb4e54a2838bfe4,2024-06-02T00:15:38.097000
CVE-2024-35647,0,0,1f9bcd2c82d474ba6e3d8a49b179040ead56f0520ffb164fd4be570952a50bc0,2024-06-02T00:15:38.310000
@ -251084,7 +251091,7 @@ CVE-2024-36033,0,0,761ce8e91fd8ec725f5fd70906c3e8b3e4ae739a30faa4a1ecc4c7502a89a
CVE-2024-36036,0,0,399529c38d111e737eeb859298f0b12af936846a2a63555a4e1fd24103a1ae63,2024-05-28T12:39:28.377000
CVE-2024-36037,0,0,e8ddc31f39a62a0d6f93584a2886b907bf85fcebcdd4d47a54b701feefb8d09a,2024-05-31T11:15:09.563000
CVE-2024-36039,0,0,a8363180f0299206d54e6558901cb5cddfc68c9874309661faf6b2f8a76377e4,2024-05-21T16:53:56.550000
CVE-2024-36042,1,1,37361fcb5ee378b05e6a5d8d266f49631e8a7315fcc714abcb9a572cf619ed9b,2024-06-03T06:15:09.293000
CVE-2024-36042,0,0,37361fcb5ee378b05e6a5d8d266f49631e8a7315fcc714abcb9a572cf619ed9b,2024-06-03T06:15:09.293000
CVE-2024-36043,0,0,a692d077d358c1feb0a509deb9a8e16caf647bf207b7ab7a4cd103038bbab39e,2024-05-20T13:00:04.957000
CVE-2024-36048,0,0,e007b0325d407bc8859f041fde0fd19208cc3895dbb6e40867a5a83e255b52f5,2024-05-20T13:00:04.957000
CVE-2024-36049,0,0,3a7a1da30d4597dad4c167032717d4ea0f9bb4c5d5396bc121febaf5ae683a7e,2024-05-24T18:09:20.027000
@ -251297,13 +251304,18 @@ CVE-2024-36957,0,0,14a25382151b1945f300cd0f690fdd6ed21995daebf481bf33bcbc3cfcf88
CVE-2024-36958,0,0,27ba702862686ffcbfc7435dcc4011c841c4be08d6d6bff774be51941829ca30,2024-05-30T18:18:58.870000
CVE-2024-36959,0,0,d6bbacbe3376b8ea605862991764d4131cc35403035f548e6498def7a4bbd69c,2024-05-30T18:18:58.870000
CVE-2024-3696,0,0,54c8c42492f1c31e1d0d081b12ae9fb101d447905039b557dcc4372130239b90,2024-05-17T02:40:04.613000
CVE-2024-36960,1,1,acf3c6f441eac5469a9c25fd1ebfdd6f1cf461c1d844318f9c119d13aa112a81,2024-06-03T08:15:09.557000
CVE-2024-36961,1,1,f6fb90cc986c6069fd23d1d9888817e08e921f71b08213bf2b70aa68a6c4297d,2024-06-03T08:15:09.660000
CVE-2024-36962,1,1,0786e9d15d91a5bfc2f5fd63a100e44f0f095cc32cc0a7e91d3e96757091e975,2024-06-03T08:15:09.740000
CVE-2024-36963,1,1,6783d7e9cad5d6855f4047fc4da40186696c7d06fdbfcf7e02f88b8f9412d9ad,2024-06-03T08:15:09.820000
CVE-2024-36964,1,1,ab7328b637a6af08291107a29c8eba501cdb343a15c8c594a58247f3b8e08077,2024-06-03T08:15:09.903000
CVE-2024-3697,0,0,cc8cf5a7af305c88ebdfa6655aacb4fa5ec406664965d679a29a0cbf17ffb930,2024-05-17T02:40:04.710000
CVE-2024-3698,0,0,13b4029eb6179dbe788598788e16556a1995d850ddfc4af1ee0c4e86961a3a21,2024-05-17T02:40:04.800000
CVE-2024-3701,0,0,d78f52a76181001272debccb095fb5971bb478ebc111313d9ff2994f4ec0598f,2024-04-15T13:15:31.997000
CVE-2024-37017,0,0,44054da22aca73b93b60ec210b10224ee227f383aaf683a683cb33e0b77e6e79,2024-05-31T13:01:46.727000
CVE-2024-37018,0,0,03f52f6206f7266f58022a58d4acdc5cdc5faead7410ee302d981bc236bc0afc,2024-05-31T13:01:46.727000
CVE-2024-3703,0,0,46d289814974ee20b6160fe56cc828277066d832a1c60ccf5d9c1a62d06c47e2,2024-05-03T12:48:41.067000
CVE-2024-37031,1,1,4a187f72a5e3a84f14ee281be9b6bdd284b2e6c43a60778c6d53de323e076a75,2024-06-03T06:15:10.143000
CVE-2024-37031,0,0,4a187f72a5e3a84f14ee281be9b6bdd284b2e6c43a60778c6d53de323e076a75,2024-06-03T06:15:10.143000
CVE-2024-37032,0,0,2685d1c2a61b0baf7e7faa92d5cf7d5d7556f92ff89a923043de9b45c0417821,2024-05-31T13:01:46.727000
CVE-2024-3704,0,0,ad7f205e31bc442943bbd584692b194a3485d815654eeb83e4eefef6a6eff393,2024-04-15T13:15:51.577000
CVE-2024-3705,0,0,44f1c76d2f6cd8dab882ddfdbdbe908a4e3a8f22d6a90f31f0279b7faf87a669,2024-04-15T13:15:51.577000
@ -252288,7 +252300,7 @@ CVE-2024-5297,0,0,00a87902d7cb688c5f453a52360105eb024acff7ed2743a841cec085f6c70d
CVE-2024-5298,0,0,06eb32cfed51faae03040e262c135cd2456565f192a3fa9c39d1028a133d926f,2024-05-24T01:15:30.977000
CVE-2024-5299,0,0,ae65325eb08b6dc79f15a33a7800bb0b9af221d170dea70dbcb229fe698b5075,2024-05-24T01:15:30.977000
CVE-2024-5310,0,0,aff5601be87ae3c08dc3ce041153e17c3e7a6faa41ba6b44778c9142e5941031,2024-05-24T13:03:05.093000
CVE-2024-5311,1,1,79334b2bfa46279f457a1eaa844724cc62a626a01cf90f6a54850bb30b6b73d5,2024-06-03T07:15:10.163000
CVE-2024-5311,0,1,bc0dd8fe2c9b76c0164439ed50a0a9214ee8a9c28beab0c44f8ee299d96c6945,2024-06-03T07:15:10.163000
CVE-2024-5312,0,0,3a9d8301087c1d7edb8976207e286d0d247ebf6ccf4b5edb4137e81b02e5ec2b,2024-05-24T13:03:05.093000
CVE-2024-5314,0,0,fb6304ffb5d50ce8724d643a46fad25ba80695f7c0c0eb4ec33a07d41bc4980a,2024-05-24T13:03:05.093000
CVE-2024-5315,0,0,e1b0baaf93d62cf125eea53091da57c404cdf61d625ae810529ebef84e73357d,2024-05-24T13:03:05.093000
@ -252350,6 +252362,7 @@ CVE-2024-5397,0,0,3fa492ac656a0dc8b44c0c2439095185551e47b9b3d1d85bd44fafa325950b
CVE-2024-5399,0,0,fa7eef6bbf34e07faf1acdcbb967da16ac637ca3df72c0acc1bd2e0f60228b23,2024-05-28T12:39:28.377000
CVE-2024-5400,0,0,d3c501060bf431388a2cf50edbec679a7265e7c25a2addcb59a0d9057b8884e3,2024-05-28T12:39:28.377000
CVE-2024-5403,0,0,21ef2036234b077bc1f129f4d78aa7befab02d334c0d4840a63d95ad54da2b3d,2024-05-28T12:39:28.377000
CVE-2024-5404,1,1,2f2c39786498ab4718cdc5931c7e32f2881d2453b1870cf774e75a751aeadd2e,2024-06-03T09:15:10.193000
CVE-2024-5405,0,0,0726f3329c87a86f8903abd8a0efb034839b1c4fb01bb69fa1c55fb7fdc0b2ce,2024-05-28T12:39:28.377000
CVE-2024-5406,0,0,128407d22b74a56625ebded67c527f89f63de550e972932c839965bdff9c4612,2024-05-28T12:39:28.377000
CVE-2024-5407,0,0,2fcd76e27db1c908eadad490ca75346b74b5c01495e67a00eb793a48de914bb1,2024-05-28T12:39:28.377000

Can't render this file because it is too large.