diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51570.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51570.json new file mode 100644 index 00000000000..076ff0ae5c2 --- /dev/null +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51570.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51570", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:08.467", + "lastModified": "2024-04-01T22:15:08.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Voltronic Power ViewPower Pro Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the RMI interface, which listens on TCP port 41009 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21012." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1876/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51571.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51571.json new file mode 100644 index 00000000000..db3421c348c --- /dev/null +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51571.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51571", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:09.673", + "lastModified": "2024-04-01T22:15:09.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Voltronic Power ViewPower Pro SocketService Missing Authentication Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SocketService module, which listens on UDP port 41222 by default. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21162." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1877/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51572.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51572.json new file mode 100644 index 00000000000..945ea655404 --- /dev/null +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51572.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51572", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:10.277", + "lastModified": "2024-04-01T22:15:10.277", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Voltronic Power ViewPower Pro getMacAddressByIp Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the getMacAddressByIP function. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-21163." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1878/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-515xx/CVE-2023-51573.json b/CVE-2023/CVE-2023-515xx/CVE-2023-51573.json new file mode 100644 index 00000000000..8a8c260472e --- /dev/null +++ b/CVE-2023/CVE-2023-515xx/CVE-2023-51573.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51573", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:10.880", + "lastModified": "2024-04-01T22:15:10.880", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the updateManagerPassword function. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21203." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-749" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-23-1879/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-06xx/CVE-2024-0637.json b/CVE-2024/CVE-2024-06xx/CVE-2024-0637.json new file mode 100644 index 00000000000..8f1d11b231b --- /dev/null +++ b/CVE-2024/CVE-2024-06xx/CVE-2024-0637.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0637", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:11.443", + "lastModified": "2024-04-01T22:15:11.443", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Centreon updateDirectory SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateDirectory function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22294." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-118/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1179.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1179.json new file mode 100644 index 00000000000..66861ee8a0d --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1179.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1179", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:12.030", + "lastModified": "2024-04-01T22:15:12.030", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TP-Link Omada ER605 DHCPv6 Client Options Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of DHCP options. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22420." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-085/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1863.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1863.json new file mode 100644 index 00000000000..12ffaff89c4 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1863.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1863", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:12.603", + "lastModified": "2024-04-01T22:15:12.603", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sante PACS Server Token Endpoint SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante PACS Server. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the processing of HTTP requests on port 3000. When parsing the token parameter, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-21539." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-193/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23115.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23115.json new file mode 100644 index 00000000000..9cd06d33551 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23115.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23115", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:13.173", + "lastModified": "2024-04-01T22:15:13.173", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Centreon updateGroups SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateGroups function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22295." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-117/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23116.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23116.json new file mode 100644 index 00000000000..1987d339ad0 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23116.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23116", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:13.777", + "lastModified": "2024-04-01T22:15:13.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Centreon updateLCARelation SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateLCARelation function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22296." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-116/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23117.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23117.json new file mode 100644 index 00000000000..4b13cb27f83 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23117.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23117", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:14.300", + "lastModified": "2024-04-01T22:15:14.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Centreon updateContactServiceCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateContactServiceCommands function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22297." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-115/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23118.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23118.json new file mode 100644 index 00000000000..e45612a5998 --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23118.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23118", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:14.833", + "lastModified": "2024-04-01T22:15:14.833", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Centreon updateContactHostCommands SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the updateContactHostCommands function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22298." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-114/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-231xx/CVE-2024-23119.json b/CVE-2024/CVE-2024-231xx/CVE-2024-23119.json new file mode 100644 index 00000000000..77a706e545e --- /dev/null +++ b/CVE-2024/CVE-2024-231xx/CVE-2024-23119.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-23119", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:15.393", + "lastModified": "2024-04-01T22:15:15.393", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Centreon insertGraphTemplate SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the insertGraphTemplate function. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-22339." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-113/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27323.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27323.json new file mode 100644 index 00000000000..20996b2df89 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27323.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27323", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:15.950", + "lastModified": "2024-04-01T22:15:15.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability.\n\nThe specific flaw exists within the update functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22224." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-198/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27324.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27324.json new file mode 100644 index 00000000000..7e0a5049ac0 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27324.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27324", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:16.503", + "lastModified": "2024-04-01T22:15:16.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22270." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-196/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27325.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27325.json new file mode 100644 index 00000000000..dd8770908de --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27325.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27325", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:17.063", + "lastModified": "2024-04-01T22:15:17.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22275." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-203/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27326.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27326.json new file mode 100644 index 00000000000..2890895716e --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27326.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27326", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:17.597", + "lastModified": "2024-04-01T22:15:17.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22276." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-204/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27327.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27327.json new file mode 100644 index 00000000000..0d56324acbc --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27327.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27327", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:18.120", + "lastModified": "2024-04-01T22:15:18.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22277." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-205/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27328.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27328.json new file mode 100644 index 00000000000..61e7f3083ca --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27328.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27328", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:18.670", + "lastModified": "2024-04-01T22:15:18.670", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22280." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-202/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27329.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27329.json new file mode 100644 index 00000000000..a306c79a185 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27329.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27329", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:19.193", + "lastModified": "2024-04-01T22:15:19.193", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22285." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-200/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27330.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27330.json new file mode 100644 index 00000000000..b13fb244f05 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27330.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27330", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:19.703", + "lastModified": "2024-04-01T22:15:19.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22286." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-199/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27331.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27331.json new file mode 100644 index 00000000000..f3ad2047ae4 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27331.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27331", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:20.253", + "lastModified": "2024-04-01T22:15:20.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22287." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-201/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27332.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27332.json new file mode 100644 index 00000000000..e8823e258c2 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27332.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27332", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T22:15:20.773", + "lastModified": "2024-04-01T22:15:20.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "PDF-XChange Editor JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22288." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-197/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27333.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27333.json new file mode 100644 index 00000000000..c17b69edd34 --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27333.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-27333", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-04-01T23:15:08.483", + "lastModified": "2024-04-01T23:15:08.483", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Kofax Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-21976." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-216/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3138.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3138.json new file mode 100644 index 00000000000..779f4cefcf5 --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3138.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3138", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-01T22:15:21.283", + "lastModified": "2024-04-01T22:15:21.283", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** DISPUTED ** A vulnerability was found in francoisjacquet RosarioSIS 11.5.1. It has been rated as problematic. This issue affects some unknown processing of the component Add Portal Note. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The associated identifier of this vulnerability is VDB-258911. NOTE: The vendor explains that the PDF is opened by the browser app in a sandbox, so no data from the website should be accessible." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://powerful-bulb-c36.notion.site/Stored-xss-via-malicious-PDF-upload-98fb1ea6b9bf4ddfaf04d61b2c05410a", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.258911", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.258911", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.307450", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3139.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3139.json new file mode 100644 index 00000000000..9623fac28ba --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3139.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3139", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-01T23:15:08.733", + "lastModified": "2024-04-01T23:15:08.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 4.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Sospiro014/zday1/blob/main/Laboratory_Management_System.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.258914", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.258914", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.308207", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3140.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3140.json new file mode 100644 index 00000000000..c414a989ae3 --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3140.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3140", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-01T23:15:09.393", + "lastModified": "2024-04-01T23:15:09.393", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file /classes/Users.php?f=save. The manipulation of the argument middlename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-258915." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Sospiro014/zday1/blob/main/xss_1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.258915", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.258915", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.308214", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3141.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3141.json new file mode 100644 index 00000000000..22033928869 --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3141.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3141", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-01T23:15:10.113", + "lastModified": "2024-04-01T23:15:10.113", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Clavister E10 and E80 up to 20240323 and classified as problematic. This vulnerability affects unknown code of the file /?Page=Node&OBJ=/System/AdvancedSettings/DeviceSettings/MiscSettings of the component Misc Settings Page. The manipulation of the argument WatchdogTimerTime/BufFloodRebootTime/MaxPipeUsers/AVCache Lifetime/HTTPipeliningMaxReq/Reassembly MaxConnections/Reassembly MaxProcessingMem/ScrSaveTime leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-258916. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/strik3r0x1/Vulns/blob/main/Clavister_E80-RXSS.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.258916", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.258916", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.303451", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3164.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3164.json new file mode 100644 index 00000000000..2dd1da231cf --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3164.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-3164", + "sourceIdentifier": "security@dotcms.com", + "published": "2024-04-01T22:15:22.507", + "lastModified": "2024-04-01T22:15:22.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In dotCMS dashboard, the Tools and Log Files tabs under System \u2192 Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admins. Users that get site admin but not a system admin, should not have access to the System Maintenance \u2192 Tools portlet. This would share database username and password under Log Files and download DB Dump and other dotCMS Content under Tools. Nothing in the System \u2192 Maintenance should be displayed for users with site admin role. Only system admins must have access to System Maintenance.\n\nOWASP Top 10 - A01) Broken Access Control\n\nOWASP Top 10 - A04) Insecure Design\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@dotcms.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@dotcms.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-552" + } + ] + } + ], + "references": [ + { + "url": "https://auth.dotcms.com/security/SI-69?token=dc1f0241-b697-41dd-8140-154658e90c54", + "source": "security@dotcms.com" + }, + { + "url": "https://github.com/dotCMS/core/issues/27909", + "source": "security@dotcms.com" + }, + { + "url": "https://github.com/dotCMS/core/pull/27912", + "source": "security@dotcms.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3165.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3165.json new file mode 100644 index 00000000000..91a418c7e2f --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3165.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-3165", + "sourceIdentifier": "security@dotcms.com", + "published": "2024-04-01T22:15:23.080", + "lastModified": "2024-04-01T22:15:23.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admin as well as that dbs are locked down by environment. \u00a0\n\nOWASP Top 10 - A05) Insecure Design\n\nOWASP Top 10 - A05) Security Misconfiguration\n\nOWASP Top 10 - A09) Security Logging and Monitoring Failure\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@dotcms.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@dotcms.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://auth.dotcms.com/security/SI-70?token=563ec927-3190-4478-bd77-0d6f8c6fc676", + "source": "security@dotcms.com" + }, + { + "url": "https://github.com/dotCMS/core/issues/27910", + "source": "security@dotcms.com" + }, + { + "url": "https://github.com/dotCMS/core/pull/28006", + "source": "security@dotcms.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 384cd8ac3f8..7b39c66de55 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-01T22:00:37.824104+00:00 +2024-04-01T23:55:29.652585+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-01T21:15:37.360000+00:00 +2024-04-01T23:15:10.113000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -243582 +243611 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `29` -- [CVE-2023-48906](CVE-2023/CVE-2023-489xx/CVE-2023-48906.json) (`2024-04-01T20:15:07.750`) -- [CVE-2024-29433](CVE-2024/CVE-2024-294xx/CVE-2024-29433.json) (`2024-04-01T20:15:14.117`) -- [CVE-2024-29435](CVE-2024/CVE-2024-294xx/CVE-2024-29435.json) (`2024-04-01T20:15:20.710`) +- [CVE-2024-0637](CVE-2024/CVE-2024-06xx/CVE-2024-0637.json) (`2024-04-01T22:15:11.443`) +- [CVE-2024-1179](CVE-2024/CVE-2024-11xx/CVE-2024-1179.json) (`2024-04-01T22:15:12.030`) +- [CVE-2024-1863](CVE-2024/CVE-2024-18xx/CVE-2024-1863.json) (`2024-04-01T22:15:12.603`) +- [CVE-2024-23115](CVE-2024/CVE-2024-231xx/CVE-2024-23115.json) (`2024-04-01T22:15:13.173`) +- [CVE-2024-23116](CVE-2024/CVE-2024-231xx/CVE-2024-23116.json) (`2024-04-01T22:15:13.777`) +- [CVE-2024-23117](CVE-2024/CVE-2024-231xx/CVE-2024-23117.json) (`2024-04-01T22:15:14.300`) +- [CVE-2024-23118](CVE-2024/CVE-2024-231xx/CVE-2024-23118.json) (`2024-04-01T22:15:14.833`) +- [CVE-2024-23119](CVE-2024/CVE-2024-231xx/CVE-2024-23119.json) (`2024-04-01T22:15:15.393`) +- [CVE-2024-27323](CVE-2024/CVE-2024-273xx/CVE-2024-27323.json) (`2024-04-01T22:15:15.950`) +- [CVE-2024-27324](CVE-2024/CVE-2024-273xx/CVE-2024-27324.json) (`2024-04-01T22:15:16.503`) +- [CVE-2024-27325](CVE-2024/CVE-2024-273xx/CVE-2024-27325.json) (`2024-04-01T22:15:17.063`) +- [CVE-2024-27326](CVE-2024/CVE-2024-273xx/CVE-2024-27326.json) (`2024-04-01T22:15:17.597`) +- [CVE-2024-27327](CVE-2024/CVE-2024-273xx/CVE-2024-27327.json) (`2024-04-01T22:15:18.120`) +- [CVE-2024-27328](CVE-2024/CVE-2024-273xx/CVE-2024-27328.json) (`2024-04-01T22:15:18.670`) +- [CVE-2024-27329](CVE-2024/CVE-2024-273xx/CVE-2024-27329.json) (`2024-04-01T22:15:19.193`) +- [CVE-2024-27330](CVE-2024/CVE-2024-273xx/CVE-2024-27330.json) (`2024-04-01T22:15:19.703`) +- [CVE-2024-27331](CVE-2024/CVE-2024-273xx/CVE-2024-27331.json) (`2024-04-01T22:15:20.253`) +- [CVE-2024-27332](CVE-2024/CVE-2024-273xx/CVE-2024-27332.json) (`2024-04-01T22:15:20.773`) +- [CVE-2024-27333](CVE-2024/CVE-2024-273xx/CVE-2024-27333.json) (`2024-04-01T23:15:08.483`) +- [CVE-2024-3138](CVE-2024/CVE-2024-31xx/CVE-2024-3138.json) (`2024-04-01T22:15:21.283`) +- [CVE-2024-3139](CVE-2024/CVE-2024-31xx/CVE-2024-3139.json) (`2024-04-01T23:15:08.733`) +- [CVE-2024-3140](CVE-2024/CVE-2024-31xx/CVE-2024-3140.json) (`2024-04-01T23:15:09.393`) +- [CVE-2024-3141](CVE-2024/CVE-2024-31xx/CVE-2024-3141.json) (`2024-04-01T23:15:10.113`) +- [CVE-2024-3164](CVE-2024/CVE-2024-31xx/CVE-2024-3164.json) (`2024-04-01T22:15:22.507`) +- [CVE-2024-3165](CVE-2024/CVE-2024-31xx/CVE-2024-3165.json) (`2024-04-01T22:15:23.080`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2024-28734](CVE-2024/CVE-2024-287xx/CVE-2024-28734.json) (`2024-04-01T21:15:33.200`) -- [CVE-2024-28735](CVE-2024/CVE-2024-287xx/CVE-2024-28735.json) (`2024-04-01T21:15:37.360`) ## Download and Usage diff --git a/_state.csv b/_state.csv index f5286726607..9b4330c4798 100644 --- a/_state.csv +++ b/_state.csv @@ -234221,7 +234221,7 @@ CVE-2023-4890,0,0,eb2dc2ce98c453ac601fe50983ca46471e68e1127ec83f9b4a8e310d8b49d8 CVE-2023-48901,0,0,f446c92df2db4de5c13ee1f341836963e1038bdc6dccd7674bc84892c3fc7277,2024-03-21T12:58:51.093000 CVE-2023-48902,0,0,e7baaf30305f21ff2e35d33a7943067082763a78ecdcb49520e0cbc99bbc44a5,2024-03-21T12:58:51.093000 CVE-2023-48903,0,0,0e8dfe11061b4bd630c2eaabe9f3e9f7db7dd223d901bed09f4037e0835e473d,2024-03-21T12:58:51.093000 -CVE-2023-48906,1,1,a0876432476f4624946f3778dffad7e9d011ac8bd03ff7ecf77b71e2a5943f7d,2024-04-01T20:15:07.750000 +CVE-2023-48906,0,0,a0876432476f4624946f3778dffad7e9d011ac8bd03ff7ecf77b71e2a5943f7d,2024-04-01T20:15:07.750000 CVE-2023-48909,0,0,3e8e89114d21d750682bc99dc49eefbef7a7f8a9d7e81ae2ff795ea6d5358bdd,2024-01-22T16:33:28.663000 CVE-2023-4891,0,0,5af63557ded9a502489a61ec0faabf7c8df79ec616cf65a10034c6e6474fca38,2023-11-16T18:01:59.767000 CVE-2023-48910,0,0,e620722d33cd1da28062f51f4566aad3f1ded2e1dadf9cdffa8a5009e7d091cf,2023-12-07T21:02:12.637000 @@ -235653,6 +235653,10 @@ CVE-2023-51548,0,0,f14e09f9b0319b100605ca6a47b33f9ff0d4223d5e7c2d3789466c41cdde6 CVE-2023-5155,0,0,298b4bba8be463adec2c2cc42cc3f9129268d63f71ef5a46e888a6f7240d028a,2024-02-15T19:55:09.230000 CVE-2023-5156,0,0,98dd4e8ef7f2fc340fba89a7994b1389948aed75b9d79aa9bb9be942da1dcde9,2024-02-23T16:01:18.390000 CVE-2023-5157,0,0,1d0186e67e733b7b84da791fca027f69e033934cc5992086125652a51ae820a4,2023-12-22T19:25:31.627000 +CVE-2023-51570,1,1,679129331de46eb4673d20c28240e9b5d603897780792cd0c5018d7316ec00f3,2024-04-01T22:15:08.467000 +CVE-2023-51571,1,1,d6d905e9adec40a49da701e6a086b77ed88a70d3c0804ee30d1138a68a029a7c,2024-04-01T22:15:09.673000 +CVE-2023-51572,1,1,a9b39197804fbb65be51c1c6d397cb949f1eda82d76dcd3748e1a7fbd1858f7b,2024-04-01T22:15:10.277000 +CVE-2023-51573,1,1,822130091c4492767a9ad3cdb94f583ff7008f7a2ca244f773fe6e5bccc87c33,2024-04-01T22:15:10.880000 CVE-2023-5158,0,0,3c93f95e554dbf0d8a24b3084dca704f3090c1badc2b08f1704a50a6bb6e453c,2023-11-07T04:23:34.073000 CVE-2023-5159,0,0,39014b5f2c5d7822a79be3471a3564e6f73b358bf75b08ce90b2d8410bc0aec4,2023-10-03T17:18:32.967000 CVE-2023-5160,0,0,75365cd9916e4e5778ee92f396194a816cf49701cb8741923be6bfb2722a9e13,2023-10-04T12:18:36.543000 @@ -238433,6 +238437,7 @@ CVE-2024-0625,0,0,e6db3236f3f3d4946f9c7470ea75c8f4fd101b44f963c82c90bc3a0f21b31d CVE-2024-0628,0,0,6929f2a7a44b9bc6b3b457ec8d478ddb1d9368f01ad7383ad0399a751f886828,2024-02-13T19:18:46.020000 CVE-2024-0630,0,0,49e9d42e1e8004a90a8d62b54ea8a5d5f6ebecab9fac26e6e82dc914d2e02636,2024-02-13T15:42:35.563000 CVE-2024-0631,0,0,2f5c2ea731c38b842212d56f60f3b6dadcbef37badf95ddbebb4424c79d6cc97,2024-03-13T18:16:18.563000 +CVE-2024-0637,1,1,f2b57b7ef5163f05d5903cc066f44b6ac6a411ef87e4bab9ecea8fa8cc167e70,2024-04-01T22:15:11.443000 CVE-2024-0638,0,0,670847b0d970db122b3c23c1c351801a3e9da2204e4d04822c0f94a07c61f9c7,2024-03-22T12:45:36.130000 CVE-2024-0639,0,0,70e6108a4833d98566f9bceea8a86b5fbfb00264d1679279f76ea7c5de48b4aa,2024-02-14T13:15:08.107000 CVE-2024-0641,0,0,a011c2128d997633c3943566b2966020fb742742c755347ad42b0febd95e3094,2024-02-14T13:15:08.363000 @@ -238871,6 +238876,7 @@ CVE-2024-1174,0,0,555bf74716377de48f0b0503bce3291ee24504d70fbc5a562c00808b9867b2 CVE-2024-1176,0,0,c3e2f9f074256f32c40782bd3540058270027d3dda944431123aad76c42781f2,2024-03-13T18:16:18.563000 CVE-2024-1177,0,0,2975630ef7f8a77b7876a87ad1120fd917ca4ca2d762e9d0ae54267a750cb012,2024-02-13T14:06:04.817000 CVE-2024-1178,0,0,2956184307d83e7ee9b0f4a4e78f3d9e7b6aa234978af8029ac9021a0be5d94e,2024-03-05T13:41:01.900000 +CVE-2024-1179,1,1,e139aa766b3cadb5129c780d437e993494ab63776de617be0a6259d4fe69aefc,2024-04-01T22:15:12.030000 CVE-2024-1181,0,0,f4a978c4d2452d8950fb92a1a4c64615f2c478c04cd1bf9698d2acd20291fb2d,2024-03-20T13:00:16.367000 CVE-2024-1184,0,0,fbc2a4e18cfbe0c20a9cd841e359940f35b10a3e458b3837398077d481fc2f13,2024-03-21T02:51:36.537000 CVE-2024-1185,0,0,03d14ed2b0953a78fc7f4e6cfc2a091aca94364f60bcb14fb628576a0319372c,2024-03-21T02:51:36.633000 @@ -239312,6 +239318,7 @@ CVE-2024-1859,0,0,c19a8bbad570254357ebcf90235dc1b7204181d3a1a12c804d832963f66d9a CVE-2024-1860,0,0,53b7775f88dbda3fc2d4abeb2e913e87a2f0c7e010f7824d10356d98445fd8c8,2024-02-28T14:06:45.783000 CVE-2024-1861,0,0,363e90e453613fa7f323dd0890c48f34ab39b189b63bc72b87c77b28e0c67e6a,2024-02-28T14:06:45.783000 CVE-2024-1862,0,0,7079eafea984a6a1c6557a7bedc176aecc0ca2c7093590b5d597812517953f49,2024-03-13T18:15:58.530000 +CVE-2024-1863,1,1,c2e666ebf4ef81ad4a09cd6c369e65f1f64dfc6ec7fa09535aa9f07fb466fbee,2024-04-01T22:15:12.603000 CVE-2024-1864,0,0,797c711e6b44e5bc5fc07b8a96b3914e190ffab8282378f1e76f968098d88951,2024-02-27T22:15:14.807000 CVE-2024-1865,0,0,72c248580cf80b6b26359b857531fc6d6bafece63af2cd2d90fccedf68d28d3b,2024-02-27T22:15:14.847000 CVE-2024-1866,0,0,c996e8524f8bc688a87621835a946e6cc299eedbf430cec590d1bba5d1e5a6d0,2024-02-27T22:15:14.887000 @@ -240608,6 +240615,11 @@ CVE-2024-23109,0,0,c2686a38cd2651bfef8ab0e98ee0dbcce98e98fd7c1f1805290cb9df9c03f CVE-2024-23112,0,0,db97de9e46492b481e52ee1e1883233ddfe5123c1ba448f0e59ac92baa6de68f,2024-03-15T14:51:58.497000 CVE-2024-23113,0,0,29903cf0008dd4023f7698dfe9b07a61d8c5e19cfdea1fb0ce14ef659e7383ed,2024-02-22T15:33:00.970000 CVE-2024-23114,0,0,fa8f95e0e83961a881a09cd70451012be00683c9d1e43570d7214d2ff680cc51,2024-02-20T19:50:53.960000 +CVE-2024-23115,1,1,899473fe5073ca43029138dad2451d54799f9cdf615eb2372c3931a11dc67c82,2024-04-01T22:15:13.173000 +CVE-2024-23116,1,1,5b2eeb276d667c53cc13ab7e7c26ab903538c50d0ed7bb5a1465406a55f7b9ac,2024-04-01T22:15:13.777000 +CVE-2024-23117,1,1,aee198b8881be47bf904d186bada74c05e3403b14ed5e0d25800e4b3dc234831,2024-04-01T22:15:14.300000 +CVE-2024-23118,1,1,279c2117a13f83c3c75c33a5350d0c25ee56496c8cc1c2f69f09369b04e0419f,2024-04-01T22:15:14.833000 +CVE-2024-23119,1,1,8f6565c42595e97751e0e220c1f23a84051eb211e5d8ddbf6dca438fb77871cb,2024-04-01T22:15:15.393000 CVE-2024-23120,0,0,1fdd5384a3247451b572eec50acc63b80f4302d338e02a15db81dbcc92866844,2024-03-01T16:15:45.920000 CVE-2024-23121,0,0,ae89a79fcf6c313d61197ac6f338d68b00711a8ed1e7b84e5d9691d517b9b085,2024-03-13T03:15:06.320000 CVE-2024-23122,0,0,53a6a7f808f40f9f8ccc6c9426a05387fb59e2867d6b512f9c97f02c17acdf90,2024-03-13T03:15:06.390000 @@ -242455,6 +242467,17 @@ CVE-2024-27317,0,0,4c274cf3230c0a934555f5c84dc2c211701c44c03ccbc45b4514969783da0 CVE-2024-27318,0,0,a3f0f72595f3809c797819f31508bb028083ad173f51faf5deddf5194d7af605,2024-03-30T02:15:08.007000 CVE-2024-27319,0,0,d6fe8be68b6b995886693969b0a488a73d70bd11aff8f81dff41640aa7a63508,2024-03-30T02:15:08.090000 CVE-2024-2732,0,0,e03ad66ef2919450939364ab5f366c9e783ac3dc864d1d6c6c46703ad2edceae,2024-03-26T12:55:05.010000 +CVE-2024-27323,1,1,845b0a5ebd0c58db01e8199d3d5c45d66ec34370ea95f9f7d3e1aa9f39b4e820,2024-04-01T22:15:15.950000 +CVE-2024-27324,1,1,1230544ed56903d99a88b099a3d1a0ebe9337eba65b24dedad49ecc6db78410a,2024-04-01T22:15:16.503000 +CVE-2024-27325,1,1,86a298c8b2b245b6e152bb9ddec6fbce0833c6c3783754926c7c2514929735bd,2024-04-01T22:15:17.063000 +CVE-2024-27326,1,1,48292ab265a43d08512cea656c838789e43065df346edc3f5d16835ce7d4e244,2024-04-01T22:15:17.597000 +CVE-2024-27327,1,1,92ef53ace25919f3f39e8fcba77e58100e19aa8d1745ef71a55add10d189ae1d,2024-04-01T22:15:18.120000 +CVE-2024-27328,1,1,d52b51b82f22e16c67b9e53bb3d7845ba540f577a78443b56da86db7d1c96f11,2024-04-01T22:15:18.670000 +CVE-2024-27329,1,1,54e399fb07e30e03519d33ec73b5cc302e6f1fca2565e17f1a7e6e71f0cfacb4,2024-04-01T22:15:19.193000 +CVE-2024-27330,1,1,43980e9ca8a9d868a2cb5142c94463b08ab3855b2f68f0c88cff9cafd2cab9b7,2024-04-01T22:15:19.703000 +CVE-2024-27331,1,1,8f458be389c7c3da2c19b0a8fe4277f0b49eff4eb7e594289c3078e58b56816e,2024-04-01T22:15:20.253000 +CVE-2024-27332,1,1,ed8a316f6904083d115d752023825cde3715ad43eb44488b33eeb9970e31cd83,2024-04-01T22:15:20.773000 +CVE-2024-27333,1,1,92c1a699a59867a1368b047e9e2d4c159733efd91d84f2f80323156ab5597a89,2024-04-01T23:15:08.483000 CVE-2024-27350,0,0,dcd7c665f1de1305fedd66ae5b35ce18719811fd40fe202fcd475df4fa80bd9e,2024-02-26T16:32:25.577000 CVE-2024-27351,0,0,9ef8a308959f28d0bb06c89a90ca762d77a1bb29a4b6da70783cd634bdafb7aa,2024-03-17T22:38:29.433000 CVE-2024-27354,0,0,6669ef56de2629d6bd7a6c54cb75c8f6e454c14fc2065829ff46305d945b1196,2024-03-21T02:52:19.927000 @@ -242894,8 +242917,8 @@ CVE-2024-28713,0,0,e08dea2bd6ea41c86adfd6db0e66602ac0ddbc5b76865cfa0864771acc365 CVE-2024-28714,0,0,6f4831903bd7a2fd8e5ecdde87a1fca916cacb82c2dc00093fe15f409a0029ee,2024-03-29T12:45:02.937000 CVE-2024-28715,0,0,af77246106a78842a7b294f3e28f52ff784cab47ce869925f80951f17109d52a,2024-03-20T13:00:16.367000 CVE-2024-2873,0,0,38b44d61d3230fcaba1c551f8073fe8dda4eadd0cd50d8705b668e3c4529f628,2024-03-26T12:55:05.010000 -CVE-2024-28734,0,1,f4687488b267ac163f3e0d4b9d3eb38f6f5a041c19b985a560624c627a7f4e16,2024-04-01T21:15:33.200000 -CVE-2024-28735,0,1,8f92a77739da7a1ad54d0d429f2c770bfe994fab12ee8201b6dd80188dadc434,2024-04-01T21:15:37.360000 +CVE-2024-28734,0,0,f4687488b267ac163f3e0d4b9d3eb38f6f5a041c19b985a560624c627a7f4e16,2024-04-01T21:15:33.200000 +CVE-2024-28735,0,0,8f92a77739da7a1ad54d0d429f2c770bfe994fab12ee8201b6dd80188dadc434,2024-04-01T21:15:37.360000 CVE-2024-28745,0,0,15394cfaddabd1c5537f1c3a0b8bc4d088d58358d421e9d9475a38fad6a5e44f,2024-03-18T12:38:25.490000 CVE-2024-28746,0,0,4e08f19b517756fb15fbaf966494c1aeec3b9803b4e2b615b4d5a557eb48c84a,2024-03-14T12:52:09.877000 CVE-2024-28752,0,0,b6856abb589c0fed02798f341901c4f3025e287fced11706e9fa0c89b392cd6a,2024-03-15T12:53:06.423000 @@ -243098,8 +243121,8 @@ CVE-2024-2941,0,0,ce11630a400956dcbfeeac55ad32861fc5176b2eeccb4990e4aaf30900f5cb CVE-2024-29419,0,0,1f113c646466febbefbd1317ecc5036f9bdf6e219db156971cfdda70e05f32f0,2024-03-20T17:18:21.343000 CVE-2024-2942,0,0,3fa2fdee1f7a471c21b1ac1386874f056fa7e82fdcd541072fb7ea8f5bfccb08,2024-03-27T12:29:30.307000 CVE-2024-2943,0,0,b5b95bbcb0b53766ee2bd76974e535abb9029181348d10726e03c7804fb75e95,2024-03-27T12:29:30.307000 -CVE-2024-29433,1,1,21adc3c8a95a26c86b2b74b557f4e20bcf8905128e93c58ff4ba1fd286dde4e0,2024-04-01T20:15:14.117000 -CVE-2024-29435,1,1,0ab2f10ca872ebd6961fe8a7b35451c1492475f17c5cda887a4b0fb9b2673ddf,2024-04-01T20:15:20.710000 +CVE-2024-29433,0,0,21adc3c8a95a26c86b2b74b557f4e20bcf8905128e93c58ff4ba1fd286dde4e0,2024-04-01T20:15:14.117000 +CVE-2024-29435,0,0,0ab2f10ca872ebd6961fe8a7b35451c1492475f17c5cda887a4b0fb9b2673ddf,2024-04-01T20:15:20.710000 CVE-2024-2944,0,0,edbe06654b669678b299b573aae74f1e6525956b78541d7e0f3aff7e4dd8cf16,2024-03-27T12:29:30.307000 CVE-2024-29440,0,0,b41dbba691936eb263a6e48ee2f4c3b0c65bf928cbb922caedd1e0f5f03baacf,2024-03-26T12:55:05.010000 CVE-2024-29442,0,0,7905121fe561461f75c739d09685b7ffc46a6e6f08464603a503f7d567bf4eab,2024-03-26T12:55:05.010000 @@ -243581,3 +243604,9 @@ CVE-2024-3129,0,0,d56dc65048f8b5510a9b06891117a0b948b323d309c6396cedd8172433a25a CVE-2024-3130,0,0,ef2284dd9e84592c7cee32f0cffdd9950f2526390b774b97299e332f225b7f58,2024-04-01T12:49:00.877000 CVE-2024-3131,0,0,7dfaa24c8b195badc25edb04d978f1a937b34743cf98489290336cba65db3832,2024-04-01T17:16:19.970000 CVE-2024-3135,0,0,9fd41b50098c6d32295984c9d56fe9e173835dcf05ebbef747e5073b9780d1d3,2024-04-01T19:15:46.257000 +CVE-2024-3138,1,1,2692c1855f5f51a1106295f7f3aa10c547ed38f76a48d19f9c9e81cbd8feb9a1,2024-04-01T22:15:21.283000 +CVE-2024-3139,1,1,2e79401b1b9a893de41b033260dc3b4c9a5d1fec0fc2ff65113175f6874d19a7,2024-04-01T23:15:08.733000 +CVE-2024-3140,1,1,cf49fabe7a1ec3952c78f3c9416be0014a007c9f6282e7a8e00b4fcf63d0bc43,2024-04-01T23:15:09.393000 +CVE-2024-3141,1,1,0207431f6403aad0f8343475befacacf796d939b5297481a1c53b0eded12bab3,2024-04-01T23:15:10.113000 +CVE-2024-3164,1,1,a534750f1fbbb36d0ac5f3b6f86764c20a7f3e7c7e2e1436e8de49892432f986,2024-04-01T22:15:22.507000 +CVE-2024-3165,1,1,d69ea263df1f5517f6ca6befb857d024eae7d424954121054ee41c1816628507,2024-04-01T22:15:23.080000