From 39a2f7d461113a507cd32c86c7b8850d1a16213f Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 24 Mar 2024 03:03:17 +0000 Subject: [PATCH] Auto-Update: 2024-03-24T03:00:29.954693+00:00 --- CVE-2018/CVE-2018-251xx/CVE-2018-25100.json | 32 ++++++++ CVE-2020/CVE-2020-368xx/CVE-2020-36827.json | 24 ++++++ CVE-2024/CVE-2024-28xx/CVE-2024-2850.json | 88 +++++++++++++++++++++ CVE-2024/CVE-2024-301xx/CVE-2024-30156.json | 24 ++++++ CVE-2024/CVE-2024-301xx/CVE-2024-30161.json | 20 +++++ README.md | 19 +++-- _state.csv | 9 ++- 7 files changed, 206 insertions(+), 10 deletions(-) create mode 100644 CVE-2018/CVE-2018-251xx/CVE-2018-25100.json create mode 100644 CVE-2020/CVE-2020-368xx/CVE-2020-36827.json create mode 100644 CVE-2024/CVE-2024-28xx/CVE-2024-2850.json create mode 100644 CVE-2024/CVE-2024-301xx/CVE-2024-30156.json create mode 100644 CVE-2024/CVE-2024-301xx/CVE-2024-30161.json diff --git a/CVE-2018/CVE-2018-251xx/CVE-2018-25100.json b/CVE-2018/CVE-2018-251xx/CVE-2018-25100.json new file mode 100644 index 00000000000..c85df239882 --- /dev/null +++ b/CVE-2018/CVE-2018-251xx/CVE-2018-25100.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2018-25100", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-24T01:15:45.380", + "lastModified": "2024-03-24T01:15:45.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/mojolicious/mojo/issues/1185", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/mojolicious/mojo/pull/1192", + "source": "cve@mitre.org" + }, + { + "url": "https://metacpan.org/dist/Mojolicious/changes", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-368xx/CVE-2020-36827.json b/CVE-2020/CVE-2020-368xx/CVE-2020-36827.json new file mode 100644 index 00000000000..049e1011855 --- /dev/null +++ b/CVE-2020/CVE-2020-368xx/CVE-2020-36827.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2020-36827", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-24T01:15:45.453", + "lastModified": "2024-03-24T01:15:45.453", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/amaltsev/XAO-Web/commit/20dd1d3bc5b811503f5722a16037b60197fe7ef4", + "source": "cve@mitre.org" + }, + { + "url": "https://metacpan.org/dist/XAO-Web/changes", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-28xx/CVE-2024-2850.json b/CVE-2024/CVE-2024-28xx/CVE-2024-2850.json new file mode 100644 index 00000000000..5e205331165 --- /dev/null +++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2850.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-2850", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-03-24T02:15:07.517", + "lastModified": "2024-03-24T02:15:07.517", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.257774", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.257774", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30156.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30156.json new file mode 100644 index 00000000000..3f086586212 --- /dev/null +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30156.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-30156", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-24T01:15:45.530", + "lastModified": "2024-03-24T01:15:45.530", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security", + "source": "cve@mitre.org" + }, + { + "url": "https://varnish-cache.org/security/VSV00014.html", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30161.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30161.json new file mode 100644 index 00000000000..ffeee374cd5 --- /dev/null +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30161.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-30161", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-24T01:15:45.583", + "lastModified": "2024-03-24T01:15:45.583", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://codereview.qt-project.org/c/qt/qtbase/+/544314", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d245d3ea0f2..511fe01cd58 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-24T00:55:30.042572+00:00 +2024-03-24T03:00:29.954693+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-24T00:15:07.617000+00:00 +2024-03-24T02:15:07.517000+00:00 ``` ### Last Data Feed Release @@ -23,27 +23,30 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-03-23T01:00:20.240237+00:00 +2024-03-24T01:00:20.238624+00:00 ``` ### Total Number of included CVEs ```plain -242494 +242499 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `5` -* [CVE-2024-24725](CVE-2024/CVE-2024-247xx/CVE-2024-24725.json) (`2024-03-23T23:15:07.193`) +* [CVE-2018-25100](CVE-2018/CVE-2018-251xx/CVE-2018-25100.json) (`2024-03-24T01:15:45.380`) +* [CVE-2020-36827](CVE-2020/CVE-2020-368xx/CVE-2020-36827.json) (`2024-03-24T01:15:45.453`) +* [CVE-2024-2850](CVE-2024/CVE-2024-28xx/CVE-2024-2850.json) (`2024-03-24T02:15:07.517`) +* [CVE-2024-30156](CVE-2024/CVE-2024-301xx/CVE-2024-30156.json) (`2024-03-24T01:15:45.530`) +* [CVE-2024-30161](CVE-2024/CVE-2024-301xx/CVE-2024-30161.json) (`2024-03-24T01:15:45.583`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -* [CVE-2024-1603](CVE-2024/CVE-2024-16xx/CVE-2024-1603.json) (`2024-03-24T00:15:07.617`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 7ad0edb9b5c..4900120cc15 100644 --- a/_state.csv +++ b/_state.csv @@ -121369,6 +121369,7 @@ CVE-2018-25096,0,0,65946b951ad2c28cc99779b55c9189a3eff50639dbf842e942c8a91e53b43 CVE-2018-25097,0,0,2c5fa32a0d772992a56fb020de703568956d2982c6480d087346ecda7afe11fd,2024-02-29T01:23:15.543000 CVE-2018-25098,0,0,37d4c449b9e769fa372d3a284d5f7c94226d641b16e61e76e9d5cd58b62d1343,2024-02-29T01:23:15.647000 CVE-2018-25099,0,0,4477c16cb5a3503e957873dbddbd3b50ffb7092ffd27acf2a352c93f686dfb7f,2024-03-18T12:38:25.490000 +CVE-2018-25100,1,1,c1dc1081fb7cc18ab424efba7dcbe204bb01db6aaa6774d7b34446e8366478f0,2024-03-24T01:15:45.380000 CVE-2018-2515,0,0,158f882e4275a7485a2b9ce17e7e57c4ea22cf74c55a78a9900c73a4caa327c0,2023-11-07T02:57:57.887000 CVE-2018-2560,0,0,0bb1a26d6c05fddeb488697adb0bbe667a3dd77c1a5bc7af495c8721df5b1197,2020-08-24T17:37:01.140000 CVE-2018-2561,0,0,b76feaa260e2f54fc8eeb8d50d578ffdd22b603f486ac4f8f5b3bc42df22fa45,2018-01-25T13:53:15.120000 @@ -159236,6 +159237,7 @@ CVE-2020-3679,0,0,afde5c571c6799f82db69f1984f97d2103767c09176e5f828078551066c249 CVE-2020-3680,0,0,8c1c6b8d5f4d7704e9bf3f9ae4b8143f4d26da3b4ea95adcafe78c8ee378c04b,2020-06-03T13:44:37.213000 CVE-2020-3681,0,0,2a27714f9cda4a3b1ca09258288b953b4e59f794e1fb4aae9d87a0e135b0c06d,2020-08-10T18:40:44.703000 CVE-2020-3682,0,0,24a4348c2423fb50a4d883ab97a98087dac9114a52e3cd5f84438c3d7a885f75,2023-11-07T03:23:01.990000 +CVE-2020-36827,1,1,dc880549177189098f14beb3e5e09b043728d96337617fb6097ba2f88c8b24fa,2024-03-24T01:15:45.453000 CVE-2020-3684,0,0,931f112566786124f7d6fcb2bd46c9dcab315dc8e46c2a552446825ac25c83c4,2020-11-06T16:29:14.480000 CVE-2020-3685,0,0,d53e7f1d143037625a0e7accdd772a2ca67acd945a19ee6a44795cb898b977ad,2021-01-29T23:46:03.037000 CVE-2020-3686,0,0,2751b7fc7694785f090b1a831e3239e3ac41b203ebf4010fe60035bec637d53b,2021-01-30T00:10:19.887000 @@ -238911,7 +238913,7 @@ CVE-2024-1591,0,0,813b185516fa7310825023c3e019d8a3dad8db3ac6e030a92367a91ad355f3 CVE-2024-1592,0,0,4582ff945ad5ca026cbf9802fe1ff930654543e6af8959ddb0064a96f357fa86,2024-03-04T13:58:23.447000 CVE-2024-1595,0,0,0ac9aed2c4ed6b9e7bc181d6ab55412b8033a5bfcbc541a4a4b602392614e428,2024-03-01T14:04:26.010000 CVE-2024-1597,0,0,dad3e119f3d700a1c715023d3b907f7acb417c1af7c66fb952db74c56577622b,2024-03-23T03:15:10.860000 -CVE-2024-1603,0,1,bff81ba802c7b08f2659fddbf0c2656300f154bf9f1183133c3c95a7cc940b1d,2024-03-24T00:15:07.617000 +CVE-2024-1603,0,0,bff81ba802c7b08f2659fddbf0c2656300f154bf9f1183133c3c95a7cc940b1d,2024-03-24T00:15:07.617000 CVE-2024-1604,0,0,5eb6bfa2b690cdc5042b3cd6683eec4697c9011ce1615c69d454ffb962b9e2b0,2024-03-18T12:38:25.490000 CVE-2024-1605,0,0,7074df8750d7a162d5543d10d5434be9d2e408e307c5952acb4cd8e797b0b6be,2024-03-18T12:38:25.490000 CVE-2024-1606,0,0,c36cce5ef22cd77fc10abd764d2af4d1af3e80b0452c270d3845af04c4c46ba6,2024-03-18T12:38:25.490000 @@ -240947,7 +240949,7 @@ CVE-2024-24717,0,0,147b72859f44e71d91234d2c3714411052617c05a0596c74544e6604ed455 CVE-2024-24720,0,0,168cdc237ea9af641a6fa55d263239a522401ac618a437c23183ffc24b80de9d,2024-02-27T14:20:06.637000 CVE-2024-24721,0,0,f811f7b97630e39f8e09dfe35ae447277604cf213cb4d45448493cc8fa15fbc5,2024-02-27T14:20:06.637000 CVE-2024-24722,0,0,952e66641f17a0fb9dfe3803e528e36e48f057663a4934472c4c7db463b9f3c7,2024-02-20T19:50:53.960000 -CVE-2024-24725,1,1,dfcf2170858f4e52086c68426213d21b7e555903245565b6dea1531c9bab778d,2024-03-23T23:15:07.193000 +CVE-2024-24725,0,0,dfcf2170858f4e52086c68426213d21b7e555903245565b6dea1531c9bab778d,2024-03-23T23:15:07.193000 CVE-2024-24736,0,0,608c2f3e65ddbb1c2eb07c75b404de7eb78db210e5f752bbc8c9942f5e722b68,2024-02-02T02:08:23.417000 CVE-2024-24739,0,0,0429371c5cb9ecc13abbb3d02a9a54fdca7eb3accb432d640f9262793fd2a716,2024-02-13T14:01:40.577000 CVE-2024-2474,0,0,e295561a11995d9c40e939a773b47208b6445581a981c9a04645753adc140ddf,2024-03-20T13:00:16.367000 @@ -242298,6 +242300,7 @@ CVE-2024-28441,0,0,5f38f329aa34d3551b4435a62b00ae0d72806d981cac257e26fcd8895c19c CVE-2024-28446,0,0,e3b0d814ee24ce9a2740eda808696f714c3071d6722fa7bd76f62923d12a194d,2024-03-19T13:26:46 CVE-2024-28447,0,0,729795bf39bd106c71b5b798b10fa8f526cc5d6a6eb2785b0edfa8459a535a4c,2024-03-19T13:26:46 CVE-2024-2849,0,0,e255554df31d5a2be5f1c68b740cace49b575f03af154cb1af4922f66122e90f,2024-03-23T18:15:07.770000 +CVE-2024-2850,1,1,4cd3be288e79bf59ffaa181573a0e5480a6cd00aa673c85dc83831b442015b08,2024-03-24T02:15:07.517000 CVE-2024-28521,0,0,8ab5b6bd1cc025dda03cab07eeddd7e1f81756c34e55025f1870bf6a0feb8a5b,2024-03-22T12:45:36.130000 CVE-2024-28535,0,0,174c70ce71a26af929a40c7b6a103a5242ac3321f34f35a982d598e918b67152,2024-03-21T20:58:46.217000 CVE-2024-28537,0,0,ff6bf2a37289dca28bccb57e311acb6479e1a577841d298af6b3b484403dfc2c,2024-03-18T19:40:00.173000 @@ -242493,3 +242496,5 @@ CVE-2024-29880,0,0,e4ba47a3336aba44b26bc2b767c682c9997cfe6f0e16a9457e7fe50a3abea CVE-2024-29916,0,0,dd300e18b662f862d3dd0881eace85d81be3f3aaeb79c908bcef100a80a89dd1,2024-03-21T19:47:03.943000 CVE-2024-29943,0,0,39d573a490fc5d2b219e8af270d3feeff9aa72e4341ddd52f10b0ddfa677f78e,2024-03-22T15:34:43.663000 CVE-2024-29944,0,0,ca73c86aa90858e489f00f7276bc4b89981cc800e753e2418a893b48aedeba4f,2024-03-22T17:15:09.043000 +CVE-2024-30156,1,1,b1db1d17d5a834d757151afcea884bc0d17dc70190c3b0de966596026bc0f17e,2024-03-24T01:15:45.530000 +CVE-2024-30161,1,1,8ff2db1f3739f763cd1394c79278ed5e5daaf7a12364b66279e91dbc28ce4964,2024-03-24T01:15:45.583000