admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-04-01T23:55:29.652585+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-04-01 23:58:18 +00:00
parent ea94c19933
commit 358b8f4ccb
31 changed files with 1823 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
CVE-2023/CVE-2023-515xx/CVE-2023-51570.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51570",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:08.467",
"lastModified": "2024-04-01T22:15:08.467",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the RMI interface, which listens on TCP port 41009 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21012."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1876/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2023/CVE-2023-515xx/CVE-2023-51571.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51571",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:09.673",
"lastModified": "2024-04-01T22:15:09.673",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SocketService module, which listens on UDP port 41222 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21162."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1877/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2023/CVE-2023-515xx/CVE-2023-51572.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51572",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:10.277",
"lastModified": "2024-04-01T22:15:10.277",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the getMacAddressByIP function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21163."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1878/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2023/CVE-2023-515xx/CVE-2023-51573.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-51573",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:10.880",
"lastModified": "2024-04-01T22:15:10.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the updateManagerPassword function. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21203."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-749"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1879/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-06xx/CVE-2024-0637.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0637",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:11.443",
"lastModified": "2024-04-01T22:15:11.443",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateDirectory function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22294."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-118/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-11xx/CVE-2024-1179.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1179",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:12.030",
"lastModified": "2024-04-01T22:15:12.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-085/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-18xx/CVE-2024-1863.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1863",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:12.603",
"lastModified": "2024-04-01T22:15:12.603",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of HTTP requests on port 3000. When parsing the token parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-21539."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-193/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-231xx/CVE-2024-23115.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23115",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:13.173",
"lastModified": "2024-04-01T22:15:13.173",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateGroups function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22295."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-117/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-231xx/CVE-2024-23116.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23116",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:13.777",
"lastModified": "2024-04-01T22:15:13.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateLCARelation function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22296."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-116/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-231xx/CVE-2024-23117.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23117",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:14.300",
"lastModified": "2024-04-01T22:15:14.300",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateContactServiceCommands function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22297."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-115/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-231xx/CVE-2024-23118.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23118",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:14.833",
"lastModified": "2024-04-01T22:15:14.833",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateContactHostCommands function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22298."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-114/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-231xx/CVE-2024-23119.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-23119",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:15.393",
"lastModified": "2024-04-01T22:15:15.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the insertGraphTemplate function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22339."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-113/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27323.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27323",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:15.950",
"lastModified": "2024-04-01T22:15:15.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability.\n\nThe specific flaw exists within the update functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22224."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-198/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27324.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27324",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:16.503",
"lastModified": "2024-04-01T22:15:16.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22270."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-196/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27325.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27325",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:17.063",
"lastModified": "2024-04-01T22:15:17.063",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22275."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-203/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27326.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27326",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:17.597",
"lastModified": "2024-04-01T22:15:17.597",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22276."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-204/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27327.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27327",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:18.120",
"lastModified": "2024-04-01T22:15:18.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22277."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-205/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27328.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27328",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:18.670",
"lastModified": "2024-04-01T22:15:18.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22280."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-202/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27329.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27329",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:19.193",
"lastModified": "2024-04-01T22:15:19.193",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22285."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-200/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27330.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27330",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:19.703",
"lastModified": "2024-04-01T22:15:19.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22286."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-199/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27331.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27331",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:20.253",
"lastModified": "2024-04-01T22:15:20.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22287."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-201/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27332.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27332",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T22:15:20.773",
"lastModified": "2024-04-01T22:15:20.773",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22288."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-197/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

55
CVE-2024/CVE-2024-273xx/CVE-2024-27333.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-27333",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-04-01T23:15:08.483",
"lastModified": "2024-04-01T23:15:08.483",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21976."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-216/",
"source": "zdi-disclosures@trendmicro.com"
}
]
}

92
CVE-2024/CVE-2024-31xx/CVE-2024-3138.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-3138",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-01T22:15:21.283",
"lastModified": "2024-04-01T22:15:21.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.258911",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.258911",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.307450",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-31xx/CVE-2024-3139.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-3139",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-01T23:15:08.733",
"lastModified": "2024-04-01T23:15:08.733",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 4.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://github.com/Sospiro014/zday1/blob/main/Laboratory_Management_System.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.258914",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.258914",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.308207",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-31xx/CVE-2024-3140.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-3140",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-01T23:15:09.393",
"lastModified": "2024-04-01T23:15:09.393",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Sospiro014/zday1/blob/main/xss_1.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.258915",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.258915",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.308214",
"source": "cna@vuldb.com"
}
]
}

92
CVE-2024/CVE-2024-31xx/CVE-2024-3141.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-3141",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-01T23:15:10.113",
"lastModified": "2024-04-01T23:15:10.113",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Clavister E10 and E80 up to 20240323 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258916. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/strik3r0x1/Vulns/blob/main/Clavister_E80-RXSS.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.258916",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.258916",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.303451",
"source": "cna@vuldb.com"
}
]
}

63
CVE-2024/CVE-2024-31xx/CVE-2024-3164.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-3164",
"sourceIdentifier": "security@dotcms.com",
"published": "2024-04-01T22:15:22.507",
"lastModified": "2024-04-01T22:15:22.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In dotCMS dashboard, the Tools and Log Files tabs under System \u2192 Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System Maintenance \u2192 Tools portlet. This would share database username and password under Log Files and download DB Dump and other dotCMS Content under Tools. Nothing in the System \u2192 Maintenance should be displayed for users with site admin role. Only system admins must have access to System Maintenance.\n\nOWASP Top 10 - A01) Broken Access Control\n\nOWASP Top 10 - A04) Insecure Design\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@dotcms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@dotcms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://auth.dotcms.com/security/SI-69?token=dc1f0241-b697-41dd-8140-154658e90c54",
"source": "security@dotcms.com"
},
{
"url": "https://github.com/dotCMS/core/issues/27909",
"source": "security@dotcms.com"
},
{
"url": "https://github.com/dotCMS/core/pull/27912",
"source": "security@dotcms.com"
}
]
}

63
CVE-2024/CVE-2024-31xx/CVE-2024-3165.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-3165",
"sourceIdentifier": "security@dotcms.com",
"published": "2024-04-01T22:15:23.080",
"lastModified": "2024-04-01T22:15:23.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. \u00a0\n\nOWASP Top 10 - A05) Insecure Design\n\nOWASP Top 10 - A05) Security Misconfiguration\n\nOWASP Top 10 - A09) Security Logging and Monitoring Failure\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@dotcms.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@dotcms.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://auth.dotcms.com/security/SI-70?token=563ec927-3190-4478-bd77-0d6f8c6fc676",
"source": "security@dotcms.com"
},
{
"url": "https://github.com/dotCMS/core/issues/27910",
"source": "security@dotcms.com"
},
{
"url": "https://github.com/dotCMS/core/pull/28006",
"source": "security@dotcms.com"
}
]
}

40
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-04-01T22:00:37.824104+00:00
2024-04-01T23:55:29.652585+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-04-01T21:15:37.360000+00:00
2024-04-01T23:15:10.113000+00:00
```
### Last Data Feed Release
@ -33,24 +33,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
243582
243611
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `29`
- [CVE-2023-48906](CVE-2023/CVE-2023-489xx/CVE-2023-48906.json) (`2024-04-01T20:15:07.750`)
- [CVE-2024-29433](CVE-2024/CVE-2024-294xx/CVE-2024-29433.json) (`2024-04-01T20:15:14.117`)
- [CVE-2024-29435](CVE-2024/CVE-2024-294xx/CVE-2024-29435.json) (`2024-04-01T20:15:20.710`)
- [CVE-2024-0637](CVE-2024/CVE-2024-06xx/CVE-2024-0637.json) (`2024-04-01T22:15:11.443`)
- [CVE-2024-1179](CVE-2024/CVE-2024-11xx/CVE-2024-1179.json) (`2024-04-01T22:15:12.030`)
- [CVE-2024-1863](CVE-2024/CVE-2024-18xx/CVE-2024-1863.json) (`2024-04-01T22:15:12.603`)
- [CVE-2024-23115](CVE-2024/CVE-2024-231xx/CVE-2024-23115.json) (`2024-04-01T22:15:13.173`)
- [CVE-2024-23116](CVE-2024/CVE-2024-231xx/CVE-2024-23116.json) (`2024-04-01T22:15:13.777`)
- [CVE-2024-23117](CVE-2024/CVE-2024-231xx/CVE-2024-23117.json) (`2024-04-01T22:15:14.300`)
- [CVE-2024-23118](CVE-2024/CVE-2024-231xx/CVE-2024-23118.json) (`2024-04-01T22:15:14.833`)
- [CVE-2024-23119](CVE-2024/CVE-2024-231xx/CVE-2024-23119.json) (`2024-04-01T22:15:15.393`)
- [CVE-2024-27323](CVE-2024/CVE-2024-273xx/CVE-2024-27323.json) (`2024-04-01T22:15:15.950`)
- [CVE-2024-27324](CVE-2024/CVE-2024-273xx/CVE-2024-27324.json) (`2024-04-01T22:15:16.503`)
- [CVE-2024-27325](CVE-2024/CVE-2024-273xx/CVE-2024-27325.json) (`2024-04-01T22:15:17.063`)
- [CVE-2024-27326](CVE-2024/CVE-2024-273xx/CVE-2024-27326.json) (`2024-04-01T22:15:17.597`)
- [CVE-2024-27327](CVE-2024/CVE-2024-273xx/CVE-2024-27327.json) (`2024-04-01T22:15:18.120`)
- [CVE-2024-27328](CVE-2024/CVE-2024-273xx/CVE-2024-27328.json) (`2024-04-01T22:15:18.670`)
- [CVE-2024-27329](CVE-2024/CVE-2024-273xx/CVE-2024-27329.json) (`2024-04-01T22:15:19.193`)
- [CVE-2024-27330](CVE-2024/CVE-2024-273xx/CVE-2024-27330.json) (`2024-04-01T22:15:19.703`)
- [CVE-2024-27331](CVE-2024/CVE-2024-273xx/CVE-2024-27331.json) (`2024-04-01T22:15:20.253`)
- [CVE-2024-27332](CVE-2024/CVE-2024-273xx/CVE-2024-27332.json) (`2024-04-01T22:15:20.773`)
- [CVE-2024-27333](CVE-2024/CVE-2024-273xx/CVE-2024-27333.json) (`2024-04-01T23:15:08.483`)
- [CVE-2024-3138](CVE-2024/CVE-2024-31xx/CVE-2024-3138.json) (`2024-04-01T22:15:21.283`)
- [CVE-2024-3139](CVE-2024/CVE-2024-31xx/CVE-2024-3139.json) (`2024-04-01T23:15:08.733`)
- [CVE-2024-3140](CVE-2024/CVE-2024-31xx/CVE-2024-3140.json) (`2024-04-01T23:15:09.393`)
- [CVE-2024-3141](CVE-2024/CVE-2024-31xx/CVE-2024-3141.json) (`2024-04-01T23:15:10.113`)
- [CVE-2024-3164](CVE-2024/CVE-2024-31xx/CVE-2024-3164.json) (`2024-04-01T22:15:22.507`)
- [CVE-2024-3165](CVE-2024/CVE-2024-31xx/CVE-2024-3165.json) (`2024-04-01T22:15:23.080`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `0`
- [CVE-2024-28734](CVE-2024/CVE-2024-287xx/CVE-2024-28734.json) (`2024-04-01T21:15:33.200`)
- [CVE-2024-28735](CVE-2024/CVE-2024-287xx/CVE-2024-28735.json) (`2024-04-01T21:15:37.360`)
## Download and Usage

39
_state.csv
View File

@ -234221,7 +234221,7 @@ CVE-2023-4890,0,0,eb2dc2ce98c453ac601fe50983ca46471e68e1127ec83f9b4a8e310d8b49d8
CVE-2023-48901,0,0,f446c92df2db4de5c13ee1f341836963e1038bdc6dccd7674bc84892c3fc7277,2024-03-21T12:58:51.093000
CVE-2023-48902,0,0,e7baaf30305f21ff2e35d33a7943067082763a78ecdcb49520e0cbc99bbc44a5,2024-03-21T12:58:51.093000
CVE-2023-48903,0,0,0e8dfe11061b4bd630c2eaabe9f3e9f7db7dd223d901bed09f4037e0835e473d,2024-03-21T12:58:51.093000
CVE-2023-48906,1,1,a0876432476f4624946f3778dffad7e9d011ac8bd03ff7ecf77b71e2a5943f7d,2024-04-01T20:15:07.750000
CVE-2023-48906,0,0,a0876432476f4624946f3778dffad7e9d011ac8bd03ff7ecf77b71e2a5943f7d,2024-04-01T20:15:07.750000
CVE-2023-48909,0,0,3e8e89114d21d750682bc99dc49eefbef7a7f8a9d7e81ae2ff795ea6d5358bdd,2024-01-22T16:33:28.663000
CVE-2023-4891,0,0,5af63557ded9a502489a61ec0faabf7c8df79ec616cf65a10034c6e6474fca38,2023-11-16T18:01:59.767000
CVE-2023-48910,0,0,e620722d33cd1da28062f51f4566aad3f1ded2e1dadf9cdffa8a5009e7d091cf,2023-12-07T21:02:12.637000
@ -235653,6 +235653,10 @@ CVE-2023-51548,0,0,f14e09f9b0319b100605ca6a47b33f9ff0d4223d5e7c2d3789466c41cdde6
CVE-2023-5155,0,0,298b4bba8be463adec2c2cc42cc3f9129268d63f71ef5a46e888a6f7240d028a,2024-02-15T19:55:09.230000
CVE-2023-5156,0,0,98dd4e8ef7f2fc340fba89a7994b1389948aed75b9d79aa9bb9be942da1dcde9,2024-02-23T16:01:18.390000
CVE-2023-5157,0,0,1d0186e67e733b7b84da791fca027f69e033934cc5992086125652a51ae820a4,2023-12-22T19:25:31.627000
CVE-2023-51570,1,1,679129331de46eb4673d20c28240e9b5d603897780792cd0c5018d7316ec00f3,2024-04-01T22:15:08.467000
CVE-2023-51571,1,1,d6d905e9adec40a49da701e6a086b77ed88a70d3c0804ee30d1138a68a029a7c,2024-04-01T22:15:09.673000
CVE-2023-51572,1,1,a9b39197804fbb65be51c1c6d397cb949f1eda82d76dcd3748e1a7fbd1858f7b,2024-04-01T22:15:10.277000
CVE-2023-51573,1,1,822130091c4492767a9ad3cdb94f583ff7008f7a2ca244f773fe6e5bccc87c33,2024-04-01T22:15:10.880000
CVE-2023-5158,0,0,3c93f95e554dbf0d8a24b3084dca704f3090c1badc2b08f1704a50a6bb6e453c,2023-11-07T04:23:34.073000
CVE-2023-5159,0,0,39014b5f2c5d7822a79be3471a3564e6f73b358bf75b08ce90b2d8410bc0aec4,2023-10-03T17:18:32.967000
CVE-2023-5160,0,0,75365cd9916e4e5778ee92f396194a816cf49701cb8741923be6bfb2722a9e13,2023-10-04T12:18:36.543000
@ -238433,6 +238437,7 @@ CVE-2024-0625,0,0,e6db3236f3f3d4946f9c7470ea75c8f4fd101b44f963c82c90bc3a0f21b31d
CVE-2024-0628,0,0,6929f2a7a44b9bc6b3b457ec8d478ddb1d9368f01ad7383ad0399a751f886828,2024-02-13T19:18:46.020000
CVE-2024-0630,0,0,49e9d42e1e8004a90a8d62b54ea8a5d5f6ebecab9fac26e6e82dc914d2e02636,2024-02-13T15:42:35.563000
CVE-2024-0631,0,0,2f5c2ea731c38b842212d56f60f3b6dadcbef37badf95ddbebb4424c79d6cc97,2024-03-13T18:16:18.563000
CVE-2024-0637,1,1,f2b57b7ef5163f05d5903cc066f44b6ac6a411ef87e4bab9ecea8fa8cc167e70,2024-04-01T22:15:11.443000
CVE-2024-0638,0,0,670847b0d970db122b3c23c1c351801a3e9da2204e4d04822c0f94a07c61f9c7,2024-03-22T12:45:36.130000
CVE-2024-0639,0,0,70e6108a4833d98566f9bceea8a86b5fbfb00264d1679279f76ea7c5de48b4aa,2024-02-14T13:15:08.107000
CVE-2024-0641,0,0,a011c2128d997633c3943566b2966020fb742742c755347ad42b0febd95e3094,2024-02-14T13:15:08.363000
@ -238871,6 +238876,7 @@ CVE-2024-1174,0,0,555bf74716377de48f0b0503bce3291ee24504d70fbc5a562c00808b9867b2
CVE-2024-1176,0,0,c3e2f9f074256f32c40782bd3540058270027d3dda944431123aad76c42781f2,2024-03-13T18:16:18.563000
CVE-2024-1177,0,0,2975630ef7f8a77b7876a87ad1120fd917ca4ca2d762e9d0ae54267a750cb012,2024-02-13T14:06:04.817000
CVE-2024-1178,0,0,2956184307d83e7ee9b0f4a4e78f3d9e7b6aa234978af8029ac9021a0be5d94e,2024-03-05T13:41:01.900000
CVE-2024-1179,1,1,e139aa766b3cadb5129c780d437e993494ab63776de617be0a6259d4fe69aefc,2024-04-01T22:15:12.030000
CVE-2024-1181,0,0,f4a978c4d2452d8950fb92a1a4c64615f2c478c04cd1bf9698d2acd20291fb2d,2024-03-20T13:00:16.367000
CVE-2024-1184,0,0,fbc2a4e18cfbe0c20a9cd841e359940f35b10a3e458b3837398077d481fc2f13,2024-03-21T02:51:36.537000
CVE-2024-1185,0,0,03d14ed2b0953a78fc7f4e6cfc2a091aca94364f60bcb14fb628576a0319372c,2024-03-21T02:51:36.633000
@ -239312,6 +239318,7 @@ CVE-2024-1859,0,0,c19a8bbad570254357ebcf90235dc1b7204181d3a1a12c804d832963f66d9a
CVE-2024-1860,0,0,53b7775f88dbda3fc2d4abeb2e913e87a2f0c7e010f7824d10356d98445fd8c8,2024-02-28T14:06:45.783000
CVE-2024-1861,0,0,363e90e453613fa7f323dd0890c48f34ab39b189b63bc72b87c77b28e0c67e6a,2024-02-28T14:06:45.783000
CVE-2024-1862,0,0,7079eafea984a6a1c6557a7bedc176aecc0ca2c7093590b5d597812517953f49,2024-03-13T18:15:58.530000
CVE-2024-1863,1,1,c2e666ebf4ef81ad4a09cd6c369e65f1f64dfc6ec7fa09535aa9f07fb466fbee,2024-04-01T22:15:12.603000
CVE-2024-1864,0,0,797c711e6b44e5bc5fc07b8a96b3914e190ffab8282378f1e76f968098d88951,2024-02-27T22:15:14.807000
CVE-2024-1865,0,0,72c248580cf80b6b26359b857531fc6d6bafece63af2cd2d90fccedf68d28d3b,2024-02-27T22:15:14.847000
CVE-2024-1866,0,0,c996e8524f8bc688a87621835a946e6cc299eedbf430cec590d1bba5d1e5a6d0,2024-02-27T22:15:14.887000
@ -240608,6 +240615,11 @@ CVE-2024-23109,0,0,c2686a38cd2651bfef8ab0e98ee0dbcce98e98fd7c1f1805290cb9df9c03f
CVE-2024-23112,0,0,db97de9e46492b481e52ee1e1883233ddfe5123c1ba448f0e59ac92baa6de68f,2024-03-15T14:51:58.497000
CVE-2024-23113,0,0,29903cf0008dd4023f7698dfe9b07a61d8c5e19cfdea1fb0ce14ef659e7383ed,2024-02-22T15:33:00.970000
CVE-2024-23114,0,0,fa8f95e0e83961a881a09cd70451012be00683c9d1e43570d7214d2ff680cc51,2024-02-20T19:50:53.960000
CVE-2024-23115,1,1,899473fe5073ca43029138dad2451d54799f9cdf615eb2372c3931a11dc67c82,2024-04-01T22:15:13.173000
CVE-2024-23116,1,1,5b2eeb276d667c53cc13ab7e7c26ab903538c50d0ed7bb5a1465406a55f7b9ac,2024-04-01T22:15:13.777000
CVE-2024-23117,1,1,aee198b8881be47bf904d186bada74c05e3403b14ed5e0d25800e4b3dc234831,2024-04-01T22:15:14.300000
CVE-2024-23118,1,1,279c2117a13f83c3c75c33a5350d0c25ee56496c8cc1c2f69f09369b04e0419f,2024-04-01T22:15:14.833000
CVE-2024-23119,1,1,8f6565c42595e97751e0e220c1f23a84051eb211e5d8ddbf6dca438fb77871cb,2024-04-01T22:15:15.393000
CVE-2024-23120,0,0,1fdd5384a3247451b572eec50acc63b80f4302d338e02a15db81dbcc92866844,2024-03-01T16:15:45.920000
CVE-2024-23121,0,0,ae89a79fcf6c313d61197ac6f338d68b00711a8ed1e7b84e5d9691d517b9b085,2024-03-13T03:15:06.320000
CVE-2024-23122,0,0,53a6a7f808f40f9f8ccc6c9426a05387fb59e2867d6b512f9c97f02c17acdf90,2024-03-13T03:15:06.390000
@ -242455,6 +242467,17 @@ CVE-2024-27317,0,0,4c274cf3230c0a934555f5c84dc2c211701c44c03ccbc45b4514969783da0
CVE-2024-27318,0,0,a3f0f72595f3809c797819f31508bb028083ad173f51faf5deddf5194d7af605,2024-03-30T02:15:08.007000
CVE-2024-27319,0,0,d6fe8be68b6b995886693969b0a488a73d70bd11aff8f81dff41640aa7a63508,2024-03-30T02:15:08.090000
CVE-2024-2732,0,0,e03ad66ef2919450939364ab5f366c9e783ac3dc864d1d6c6c46703ad2edceae,2024-03-26T12:55:05.010000
CVE-2024-27323,1,1,845b0a5ebd0c58db01e8199d3d5c45d66ec34370ea95f9f7d3e1aa9f39b4e820,2024-04-01T22:15:15.950000
CVE-2024-27324,1,1,1230544ed56903d99a88b099a3d1a0ebe9337eba65b24dedad49ecc6db78410a,2024-04-01T22:15:16.503000
CVE-2024-27325,1,1,86a298c8b2b245b6e152bb9ddec6fbce0833c6c3783754926c7c2514929735bd,2024-04-01T22:15:17.063000
CVE-2024-27326,1,1,48292ab265a43d08512cea656c838789e43065df346edc3f5d16835ce7d4e244,2024-04-01T22:15:17.597000
CVE-2024-27327,1,1,92ef53ace25919f3f39e8fcba77e58100e19aa8d1745ef71a55add10d189ae1d,2024-04-01T22:15:18.120000
CVE-2024-27328,1,1,d52b51b82f22e16c67b9e53bb3d7845ba540f577a78443b56da86db7d1c96f11,2024-04-01T22:15:18.670000
CVE-2024-27329,1,1,54e399fb07e30e03519d33ec73b5cc302e6f1fca2565e17f1a7e6e71f0cfacb4,2024-04-01T22:15:19.193000
CVE-2024-27330,1,1,43980e9ca8a9d868a2cb5142c94463b08ab3855b2f68f0c88cff9cafd2cab9b7,2024-04-01T22:15:19.703000
CVE-2024-27331,1,1,8f458be389c7c3da2c19b0a8fe4277f0b49eff4eb7e594289c3078e58b56816e,2024-04-01T22:15:20.253000
CVE-2024-27332,1,1,ed8a316f6904083d115d752023825cde3715ad43eb44488b33eeb9970e31cd83,2024-04-01T22:15:20.773000
CVE-2024-27333,1,1,92c1a699a59867a1368b047e9e2d4c159733efd91d84f2f80323156ab5597a89,2024-04-01T23:15:08.483000
CVE-2024-27350,0,0,dcd7c665f1de1305fedd66ae5b35ce18719811fd40fe202fcd475df4fa80bd9e,2024-02-26T16:32:25.577000
CVE-2024-27351,0,0,9ef8a308959f28d0bb06c89a90ca762d77a1bb29a4b6da70783cd634bdafb7aa,2024-03-17T22:38:29.433000
CVE-2024-27354,0,0,6669ef56de2629d6bd7a6c54cb75c8f6e454c14fc2065829ff46305d945b1196,2024-03-21T02:52:19.927000
@ -242894,8 +242917,8 @@ CVE-2024-28713,0,0,e08dea2bd6ea41c86adfd6db0e66602ac0ddbc5b76865cfa0864771acc365
CVE-2024-28714,0,0,6f4831903bd7a2fd8e5ecdde87a1fca916cacb82c2dc00093fe15f409a0029ee,2024-03-29T12:45:02.937000
CVE-2024-28715,0,0,af77246106a78842a7b294f3e28f52ff784cab47ce869925f80951f17109d52a,2024-03-20T13:00:16.367000
CVE-2024-2873,0,0,38b44d61d3230fcaba1c551f8073fe8dda4eadd0cd50d8705b668e3c4529f628,2024-03-26T12:55:05.010000
CVE-2024-28734,0,1,f4687488b267ac163f3e0d4b9d3eb38f6f5a041c19b985a560624c627a7f4e16,2024-04-01T21:15:33.200000
CVE-2024-28735,0,1,8f92a77739da7a1ad54d0d429f2c770bfe994fab12ee8201b6dd80188dadc434,2024-04-01T21:15:37.360000
CVE-2024-28734,0,0,f4687488b267ac163f3e0d4b9d3eb38f6f5a041c19b985a560624c627a7f4e16,2024-04-01T21:15:33.200000
CVE-2024-28735,0,0,8f92a77739da7a1ad54d0d429f2c770bfe994fab12ee8201b6dd80188dadc434,2024-04-01T21:15:37.360000
CVE-2024-28745,0,0,15394cfaddabd1c5537f1c3a0b8bc4d088d58358d421e9d9475a38fad6a5e44f,2024-03-18T12:38:25.490000
CVE-2024-28746,0,0,4e08f19b517756fb15fbaf966494c1aeec3b9803b4e2b615b4d5a557eb48c84a,2024-03-14T12:52:09.877000
CVE-2024-28752,0,0,b6856abb589c0fed02798f341901c4f3025e287fced11706e9fa0c89b392cd6a,2024-03-15T12:53:06.423000
@ -243098,8 +243121,8 @@ CVE-2024-2941,0,0,ce11630a400956dcbfeeac55ad32861fc5176b2eeccb4990e4aaf30900f5cb
CVE-2024-29419,0,0,1f113c646466febbefbd1317ecc5036f9bdf6e219db156971cfdda70e05f32f0,2024-03-20T17:18:21.343000
CVE-2024-2942,0,0,3fa2fdee1f7a471c21b1ac1386874f056fa7e82fdcd541072fb7ea8f5bfccb08,2024-03-27T12:29:30.307000
CVE-2024-2943,0,0,b5b95bbcb0b53766ee2bd76974e535abb9029181348d10726e03c7804fb75e95,2024-03-27T12:29:30.307000
CVE-2024-29433,1,1,21adc3c8a95a26c86b2b74b557f4e20bcf8905128e93c58ff4ba1fd286dde4e0,2024-04-01T20:15:14.117000
CVE-2024-29435,1,1,0ab2f10ca872ebd6961fe8a7b35451c1492475f17c5cda887a4b0fb9b2673ddf,2024-04-01T20:15:20.710000
CVE-2024-29433,0,0,21adc3c8a95a26c86b2b74b557f4e20bcf8905128e93c58ff4ba1fd286dde4e0,2024-04-01T20:15:14.117000
CVE-2024-29435,0,0,0ab2f10ca872ebd6961fe8a7b35451c1492475f17c5cda887a4b0fb9b2673ddf,2024-04-01T20:15:20.710000
CVE-2024-2944,0,0,edbe06654b669678b299b573aae74f1e6525956b78541d7e0f3aff7e4dd8cf16,2024-03-27T12:29:30.307000
CVE-2024-29440,0,0,b41dbba691936eb263a6e48ee2f4c3b0c65bf928cbb922caedd1e0f5f03baacf,2024-03-26T12:55:05.010000
CVE-2024-29442,0,0,7905121fe561461f75c739d09685b7ffc46a6e6f08464603a503f7d567bf4eab,2024-03-26T12:55:05.010000
@ -243581,3 +243604,9 @@ CVE-2024-3129,0,0,d56dc65048f8b5510a9b06891117a0b948b323d309c6396cedd8172433a25a
CVE-2024-3130,0,0,ef2284dd9e84592c7cee32f0cffdd9950f2526390b774b97299e332f225b7f58,2024-04-01T12:49:00.877000
CVE-2024-3131,0,0,7dfaa24c8b195badc25edb04d978f1a937b34743cf98489290336cba65db3832,2024-04-01T17:16:19.970000
CVE-2024-3135,0,0,9fd41b50098c6d32295984c9d56fe9e173835dcf05ebbef747e5073b9780d1d3,2024-04-01T19:15:46.257000
CVE-2024-3138,1,1,2692c1855f5f51a1106295f7f3aa10c547ed38f76a48d19f9c9e81cbd8feb9a1,2024-04-01T22:15:21.283000
CVE-2024-3139,1,1,2e79401b1b9a893de41b033260dc3b4c9a5d1fec0fc2ff65113175f6874d19a7,2024-04-01T23:15:08.733000
CVE-2024-3140,1,1,cf49fabe7a1ec3952c78f3c9416be0014a007c9f6282e7a8e00b4fcf63d0bc43,2024-04-01T23:15:09.393000
CVE-2024-3141,1,1,0207431f6403aad0f8343475befacacf796d939b5297481a1c53b0eded12bab3,2024-04-01T23:15:10.113000
CVE-2024-3164,1,1,a534750f1fbbb36d0ac5f3b6f86764c20a7f3e7c7e2e1436e8de49892432f986,2024-04-01T22:15:22.507000
CVE-2024-3165,1,1,d69ea263df1f5517f6ca6befb857d024eae7d424954121054ee41c1816628507,2024-04-01T22:15:23.080000

Can't render this file because it is too large.