Auto-Update: 2024-03-24T03:00:29.954693+00:00

2025-07-11 16:13:34 +00:00 · 2024-03-24 03:03:17 +00:00 · 2024-03-24 03:03:17 +00:00 · 39a2f7d461
commit 39a2f7d461
parent eacb24be28
7 changed files with 206 additions and 10 deletions
--- a/CVE-2018/CVE-2018-251xx/CVE-2018-25100.json
+++ b/CVE-2018/CVE-2018-251xx/CVE-2018-25100.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2018-25100",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-24T01:15:45.380",
+  "lastModified": "2024-03-24T01:15:45.380",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/mojolicious/mojo/issues/1185",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/mojolicious/mojo/pull/1192",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://metacpan.org/dist/Mojolicious/changes",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2020/CVE-2020-368xx/CVE-2020-36827.json
+++ b/CVE-2020/CVE-2020-368xx/CVE-2020-36827.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2020-36827",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-24T01:15:45.453",
+  "lastModified": "2024-03-24T01:15:45.453",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/amaltsev/XAO-Web/commit/20dd1d3bc5b811503f5722a16037b60197fe7ef4",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://metacpan.org/dist/XAO-Web/changes",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-28xx/CVE-2024-2850.json
+++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2850.json
@ -0,0 +1,88 @@
+{
+  "id": "CVE-2024-2850",
+  "sourceIdentifier": "cna@vuldb.com",
+  "published": "2024-03-24T02:15:07.517",
+  "lastModified": "2024-03-24T02:15:07.517",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ],
+    "cvssMetricV2": [
+      {
+        "source": "cna@vuldb.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "2.0",
+          "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
+          "accessVector": "NETWORK",
+          "accessComplexity": "LOW",
+          "authentication": "SINGLE",
+          "confidentialityImpact": "COMPLETE",
+          "integrityImpact": "COMPLETE",
+          "availabilityImpact": "COMPLETE",
+          "baseScore": 9.0
+        },
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 8.0,
+        "impactScore": 10.0,
+        "acInsufInfo": false,
+        "obtainAllPrivilege": false,
+        "obtainUserPrivilege": false,
+        "obtainOtherPrivilege": false,
+        "userInteractionRequired": false
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cna@vuldb.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-121"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?ctiid.257774",
+      "source": "cna@vuldb.com"
+    },
+    {
+      "url": "https://vuldb.com/?id.257774",
+      "source": "cna@vuldb.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-301xx/CVE-2024-30156.json
+++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30156.json
@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-30156",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-24T01:15:45.530",
+  "lastModified": "2024-03-24T01:15:45.530",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://varnish-cache.org/security/VSV00014.html",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-301xx/CVE-2024-30161.json
+++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30161.json
@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-30161",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-03-24T01:15:45.583",
+  "lastModified": "2024-03-24T01:15:45.583",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://codereview.qt-project.org/c/qt/qtbase/+/544314",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-03-24T00:55:30.042572+00:00
+2024-03-24T03:00:29.954693+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-03-24T00:15:07.617000+00:00
+2024-03-24T02:15:07.517000+00:00
 ```

 ### Last Data Feed Release
@ -23,27 +23,30 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-03-23T01:00:20.240237+00:00
+2024-03-24T01:00:20.238624+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-242494
+242499
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `5`

-* [CVE-2024-24725](CVE-2024/CVE-2024-247xx/CVE-2024-24725.json) (`2024-03-23T23:15:07.193`)
+* [CVE-2018-25100](CVE-2018/CVE-2018-251xx/CVE-2018-25100.json) (`2024-03-24T01:15:45.380`)
+* [CVE-2020-36827](CVE-2020/CVE-2020-368xx/CVE-2020-36827.json) (`2024-03-24T01:15:45.453`)
+* [CVE-2024-2850](CVE-2024/CVE-2024-28xx/CVE-2024-2850.json) (`2024-03-24T02:15:07.517`)
+* [CVE-2024-30156](CVE-2024/CVE-2024-301xx/CVE-2024-30156.json) (`2024-03-24T01:15:45.530`)
+* [CVE-2024-30161](CVE-2024/CVE-2024-301xx/CVE-2024-30161.json) (`2024-03-24T01:15:45.583`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

-* [CVE-2024-1603](CVE-2024/CVE-2024-16xx/CVE-2024-1603.json) (`2024-03-24T00:15:07.617`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -121369,6 +121369,7 @@ CVE-2018-25096,0,0,65946b951ad2c28cc99779b55c9189a3eff50639dbf842e942c8a91e53b43
 CVE-2018-25097,0,0,2c5fa32a0d772992a56fb020de703568956d2982c6480d087346ecda7afe11fd,2024-02-29T01:23:15.543000
 CVE-2018-25098,0,0,37d4c449b9e769fa372d3a284d5f7c94226d641b16e61e76e9d5cd58b62d1343,2024-02-29T01:23:15.647000
 CVE-2018-25099,0,0,4477c16cb5a3503e957873dbddbd3b50ffb7092ffd27acf2a352c93f686dfb7f,2024-03-18T12:38:25.490000
+CVE-2018-25100,1,1,c1dc1081fb7cc18ab424efba7dcbe204bb01db6aaa6774d7b34446e8366478f0,2024-03-24T01:15:45.380000
 CVE-2018-2515,0,0,158f882e4275a7485a2b9ce17e7e57c4ea22cf74c55a78a9900c73a4caa327c0,2023-11-07T02:57:57.887000
 CVE-2018-2560,0,0,0bb1a26d6c05fddeb488697adb0bbe667a3dd77c1a5bc7af495c8721df5b1197,2020-08-24T17:37:01.140000
 CVE-2018-2561,0,0,b76feaa260e2f54fc8eeb8d50d578ffdd22b603f486ac4f8f5b3bc42df22fa45,2018-01-25T13:53:15.120000
@ -159236,6 +159237,7 @@ CVE-2020-3679,0,0,afde5c571c6799f82db69f1984f97d2103767c09176e5f828078551066c249
 CVE-2020-3680,0,0,8c1c6b8d5f4d7704e9bf3f9ae4b8143f4d26da3b4ea95adcafe78c8ee378c04b,2020-06-03T13:44:37.213000
 CVE-2020-3681,0,0,2a27714f9cda4a3b1ca09258288b953b4e59f794e1fb4aae9d87a0e135b0c06d,2020-08-10T18:40:44.703000
 CVE-2020-3682,0,0,24a4348c2423fb50a4d883ab97a98087dac9114a52e3cd5f84438c3d7a885f75,2023-11-07T03:23:01.990000
+CVE-2020-36827,1,1,dc880549177189098f14beb3e5e09b043728d96337617fb6097ba2f88c8b24fa,2024-03-24T01:15:45.453000
 CVE-2020-3684,0,0,931f112566786124f7d6fcb2bd46c9dcab315dc8e46c2a552446825ac25c83c4,2020-11-06T16:29:14.480000
 CVE-2020-3685,0,0,d53e7f1d143037625a0e7accdd772a2ca67acd945a19ee6a44795cb898b977ad,2021-01-29T23:46:03.037000
 CVE-2020-3686,0,0,2751b7fc7694785f090b1a831e3239e3ac41b203ebf4010fe60035bec637d53b,2021-01-30T00:10:19.887000
@ -238911,7 +238913,7 @@ CVE-2024-1591,0,0,813b185516fa7310825023c3e019d8a3dad8db3ac6e030a92367a91ad355f3
 CVE-2024-1592,0,0,4582ff945ad5ca026cbf9802fe1ff930654543e6af8959ddb0064a96f357fa86,2024-03-04T13:58:23.447000
 CVE-2024-1595,0,0,0ac9aed2c4ed6b9e7bc181d6ab55412b8033a5bfcbc541a4a4b602392614e428,2024-03-01T14:04:26.010000
 CVE-2024-1597,0,0,dad3e119f3d700a1c715023d3b907f7acb417c1af7c66fb952db74c56577622b,2024-03-23T03:15:10.860000
-CVE-2024-1603,0,1,bff81ba802c7b08f2659fddbf0c2656300f154bf9f1183133c3c95a7cc940b1d,2024-03-24T00:15:07.617000
+CVE-2024-1603,0,0,bff81ba802c7b08f2659fddbf0c2656300f154bf9f1183133c3c95a7cc940b1d,2024-03-24T00:15:07.617000
 CVE-2024-1604,0,0,5eb6bfa2b690cdc5042b3cd6683eec4697c9011ce1615c69d454ffb962b9e2b0,2024-03-18T12:38:25.490000
 CVE-2024-1605,0,0,7074df8750d7a162d5543d10d5434be9d2e408e307c5952acb4cd8e797b0b6be,2024-03-18T12:38:25.490000
 CVE-2024-1606,0,0,c36cce5ef22cd77fc10abd764d2af4d1af3e80b0452c270d3845af04c4c46ba6,2024-03-18T12:38:25.490000
@ -240947,7 +240949,7 @@ CVE-2024-24717,0,0,147b72859f44e71d91234d2c3714411052617c05a0596c74544e6604ed455
 CVE-2024-24720,0,0,168cdc237ea9af641a6fa55d263239a522401ac618a437c23183ffc24b80de9d,2024-02-27T14:20:06.637000
 CVE-2024-24721,0,0,f811f7b97630e39f8e09dfe35ae447277604cf213cb4d45448493cc8fa15fbc5,2024-02-27T14:20:06.637000
 CVE-2024-24722,0,0,952e66641f17a0fb9dfe3803e528e36e48f057663a4934472c4c7db463b9f3c7,2024-02-20T19:50:53.960000
-CVE-2024-24725,1,1,dfcf2170858f4e52086c68426213d21b7e555903245565b6dea1531c9bab778d,2024-03-23T23:15:07.193000
+CVE-2024-24725,0,0,dfcf2170858f4e52086c68426213d21b7e555903245565b6dea1531c9bab778d,2024-03-23T23:15:07.193000
 CVE-2024-24736,0,0,608c2f3e65ddbb1c2eb07c75b404de7eb78db210e5f752bbc8c9942f5e722b68,2024-02-02T02:08:23.417000
 CVE-2024-24739,0,0,0429371c5cb9ecc13abbb3d02a9a54fdca7eb3accb432d640f9262793fd2a716,2024-02-13T14:01:40.577000
 CVE-2024-2474,0,0,e295561a11995d9c40e939a773b47208b6445581a981c9a04645753adc140ddf,2024-03-20T13:00:16.367000
@ -242298,6 +242300,7 @@ CVE-2024-28441,0,0,5f38f329aa34d3551b4435a62b00ae0d72806d981cac257e26fcd8895c19c
 CVE-2024-28446,0,0,e3b0d814ee24ce9a2740eda808696f714c3071d6722fa7bd76f62923d12a194d,2024-03-19T13:26:46
 CVE-2024-28447,0,0,729795bf39bd106c71b5b798b10fa8f526cc5d6a6eb2785b0edfa8459a535a4c,2024-03-19T13:26:46
 CVE-2024-2849,0,0,e255554df31d5a2be5f1c68b740cace49b575f03af154cb1af4922f66122e90f,2024-03-23T18:15:07.770000
+CVE-2024-2850,1,1,4cd3be288e79bf59ffaa181573a0e5480a6cd00aa673c85dc83831b442015b08,2024-03-24T02:15:07.517000
 CVE-2024-28521,0,0,8ab5b6bd1cc025dda03cab07eeddd7e1f81756c34e55025f1870bf6a0feb8a5b,2024-03-22T12:45:36.130000
 CVE-2024-28535,0,0,174c70ce71a26af929a40c7b6a103a5242ac3321f34f35a982d598e918b67152,2024-03-21T20:58:46.217000
 CVE-2024-28537,0,0,ff6bf2a37289dca28bccb57e311acb6479e1a577841d298af6b3b484403dfc2c,2024-03-18T19:40:00.173000
@ -242493,3 +242496,5 @@ CVE-2024-29880,0,0,e4ba47a3336aba44b26bc2b767c682c9997cfe6f0e16a9457e7fe50a3abea
 CVE-2024-29916,0,0,dd300e18b662f862d3dd0881eace85d81be3f3aaeb79c908bcef100a80a89dd1,2024-03-21T19:47:03.943000
 CVE-2024-29943,0,0,39d573a490fc5d2b219e8af270d3feeff9aa72e4341ddd52f10b0ddfa677f78e,2024-03-22T15:34:43.663000
 CVE-2024-29944,0,0,ca73c86aa90858e489f00f7276bc4b89981cc800e753e2418a893b48aedeba4f,2024-03-22T17:15:09.043000
+CVE-2024-30156,1,1,b1db1d17d5a834d757151afcea884bc0d17dc70190c3b0de966596026bc0f17e,2024-03-24T01:15:45.530000
+CVE-2024-30161,1,1,8ff2db1f3739f763cd1394c79278ed5e5daaf7a12364b66279e91dbc28ce4964,2024-03-24T01:15:45.583000