Auto-Update: 2024-06-12T02:00:19.037419+00:00

CVE-2024/CVE-2024-217xx/CVE-2024-21798.json

@@ -2,12 +2,12 @@
   "id": "CVE-2024-21798",
   "sourceIdentifier": "vultures@jpcert.or.jp",
   "published": "2024-02-28T23:15:09.453",
-  "lastModified": "2024-04-04T01:15:49.953",
+  "lastModified": "2024-06-12T01:15:48.833",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
-      "value": "ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier."
+      "value": "ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-239xx/CVE-2024-23910.json

@@ -2,12 +2,12 @@
   "id": "CVE-2024-23910",
   "sourceIdentifier": "vultures@jpcert.or.jp",
   "published": "2024-02-28T23:15:09.557",
-  "lastModified": "2024-04-04T01:15:50.027",
+  "lastModified": "2024-06-12T01:15:48.943",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
-      "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier."
+      "value": "Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B are also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-255xx/CVE-2024-25568.json

@@ -2,12 +2,12 @@
   "id": "CVE-2024-25568",
   "sourceIdentifier": "vultures@jpcert.or.jp",
   "published": "2024-04-04T00:15:06.990",
-  "lastModified": "2024-04-04T12:48:41.700",
+  "lastModified": "2024-06-12T01:15:49.033",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
-      "value": "OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product."
+      "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W v1.24 and earlier, and WMC-X1800GST-B v1.41 and earlier. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-255xx/CVE-2024-25579.json

@@ -2,12 +2,12 @@
   "id": "CVE-2024-25579",
   "sourceIdentifier": "vultures@jpcert.or.jp",
   "published": "2024-02-28T23:15:09.660",
-  "lastModified": "2024-04-04T01:15:50.083",
+  "lastModified": "2024-06-12T01:15:49.137",
   "vulnStatus": "Awaiting Analysis",
   "descriptions": [
     {
       "lang": "en",
-      "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, WRC-2533GS2V-B v1.62 and earlier, WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier."
+      "value": "OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit \"WMC-2LX-B\"."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-361xx/CVE-2024-36103.json

@@ -0,0 +1,24 @@
+{
+  "id": "CVE-2024-36103",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-06-12T01:15:49.220",
+  "lastModified": "2024-06-12T01:15:49.220",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://jvn.jp/en/vu/JVNVU97214223/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://www.elecom.co.jp/news/security/20240528-01/",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2024/CVE-2024-43xx/CVE-2024-4315.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-4315",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2024-06-12T01:15:49.490",
+  "lastModified": "2024-06-12T01:15:49.490",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function fails to properly sanitize Windows-style paths (backward slash `\\`), allowing attackers to perform directory traversal attacks on Windows systems. This vulnerability can be exploited through various routes, including `personalities` and `/del_preset`, to read or delete any file on the Windows filesystem, compromising the system's availability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV30": [
+      {
+        "source": "security@huntr.dev",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.0",
+          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.2
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@huntr.dev",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-98"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/parisneo/lollms/commit/95ad36eeffc6a6be3e3f35ed35a384d768f0ecf6",
+      "source": "security@huntr.dev"
+    },
+    {
+      "url": "https://huntr.com/bounties/8a1b0197-2c36-4276-b92b-630a2a9bb09c",
+      "source": "security@huntr.dev"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-06-11T23:55:18.783057+00:00
+2024-06-12T02:00:19.037419+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-06-11T22:15:09.520000+00:00
+2024-06-12T01:15:49.490000+00:00
 ```
 
 ### Last Data Feed Release
@@ -27,26 +27,31 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
 
 ```plain
-2024-06-11T00:00:08.666946+00:00
+2024-06-12T00:00:08.652208+00:00
 ```
 
 ### Total Number of included CVEs
 
 ```plain
-253582
+253584
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `2`
 
-- [CVE-2024-35225](CVE-2024/CVE-2024-352xx/CVE-2024-35225.json) (`2024-06-11T22:15:09.520`)
+- [CVE-2024-36103](CVE-2024/CVE-2024-361xx/CVE-2024-36103.json) (`2024-06-12T01:15:49.220`)
+- [CVE-2024-4315](CVE-2024/CVE-2024-43xx/CVE-2024-4315.json) (`2024-06-12T01:15:49.490`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `4`
 
+- [CVE-2024-21798](CVE-2024/CVE-2024-217xx/CVE-2024-21798.json) (`2024-06-12T01:15:48.833`)
+- [CVE-2024-23910](CVE-2024/CVE-2024-239xx/CVE-2024-23910.json) (`2024-06-12T01:15:48.943`)
+- [CVE-2024-25568](CVE-2024/CVE-2024-255xx/CVE-2024-25568.json) (`2024-06-12T01:15:49.033`)
+- [CVE-2024-25579](CVE-2024/CVE-2024-255xx/CVE-2024-25579.json) (`2024-06-12T01:15:49.137`)
 
 
 ## Download and Usage

_state.csv

@@ -243090,7 +243090,7 @@ CVE-2024-21793,0,0,b55902d470d37a2479e376b66a185ed8b4afdd3b18a61089b937f4c3059f5
 CVE-2024-21794,0,0,5140601c591fc7e01c922f6b4426d49907b4278c42a623419c59c4c96fa7afa6,2024-02-07T17:15:44.653000
 CVE-2024-21795,0,0,3f97d15b4fad76f44a86834312294b67e000044b0ba6ac0faa07d011642d4d38,2024-04-02T15:15:52.517000
 CVE-2024-21796,0,0,ad6ea83e4ba68ed8909637d1ef7b65d12f04c56232c1b05d9173891b89591836,2024-01-30T22:14:16.247000
-CVE-2024-21798,0,0,227cee2b08d95673cdf00007b2e5f0a1a8d34bbf3b115cc9a3e417f90fdb9db1,2024-04-04T01:15:49.953000
+CVE-2024-21798,0,1,d96dbf818c33762c5de4fc10b2a52cd1ac953b64f6639407aef733a019aff018,2024-06-12T01:15:48.833000
 CVE-2024-2180,0,0,2305055222e043302fd0a35766f1bca6beeccec40b2b0bc17ac70e6f8c4d2018,2024-03-15T12:53:06.423000
 CVE-2024-21802,0,0,c2f755a99401908f2373688013136a016a34cd02c10ca7074ad31e9e4c194461,2024-02-26T18:15:07.290000
 CVE-2024-21803,0,0,412e1fe487e1aa8e1b208c7f0baf850a3bb5b2cd1ac7cabb6ce669e7a4281bbb,2024-02-08T01:57:53.770000
@@ -244396,7 +244396,7 @@ CVE-2024-23903,0,0,ecb97aacb6f19585aea8671a201e2d7c3813e0b8271429153f27911a6bbb0
 CVE-2024-23904,0,0,678d9b9e94528dc2befb7afc9e4f3790d1499e848c388388aaa93c118b2a19d3,2024-01-29T19:26:29.770000
 CVE-2024-23905,0,0,2d8ebad5c05b335845d8a0c6b27832798a9c27087f41f1dd4daf5a7e2afef75a,2024-01-29T19:26:11.517000
 CVE-2024-2391,0,0,de3d6024524cfd3118d436640b62b0ac7f3b4f8e5171fa580bac06e37eaf60b0,2024-05-17T02:38:12.397000
-CVE-2024-23910,0,0,e6adc416dd7b19484faa305c4e8491b3ff3f8809d94d53eb510d517290865995,2024-04-04T01:15:50.027000
+CVE-2024-23910,0,1,aba61cd3a2ae29c18e33a58335fcd90731a0761c8ff2e34ecb287fa079b2c2ef,2024-06-12T01:15:48.943000
 CVE-2024-23911,0,0,f05e17f474751d92c0d0b7dd0326335d7f22fd7de41e1b09eac2c91ab043885f,2024-04-15T13:15:31.997000
 CVE-2024-23912,0,0,080156a618404e0ca3baa4f7599f1e29c42bf3d6269477605580cfd701bc162f,2024-05-03T12:48:41.067000
 CVE-2024-23913,0,0,d5d1f634deeb38dd714043e74c8802abcbf968bda94cd6401f14fcd205b89888,2024-05-03T12:48:41.067000
@@ -245282,14 +245282,14 @@ CVE-2024-25559,0,0,b710ef2f87d2510e81b25ebbc4243b848284fc64bfa4b8a44d47d25b0e965
 CVE-2024-2556,0,0,8b0da4ab755fe794ee2b9a294626dc5c2bbb5972da87bf03108917da0dfd3cae,2024-05-17T02:38:18.760000
 CVE-2024-25560,0,0,7bc19ca27e50bea94cf845c62b29be6871ebb8e72d71247e1b8819b0eaad6f30,2024-05-08T17:05:24.083000
 CVE-2024-25567,0,0,bbb8c64eb3dcee3e8e89951734f837d0c3bea66c11459a30529f4c9133593805,2024-03-22T12:45:36.130000
-CVE-2024-25568,0,0,64eb53482937f270c14cf377745a1f7d8d5cbc3555eb58e76e7de7c26a9505c7,2024-04-04T12:48:41.700000
+CVE-2024-25568,0,1,c3930e2ab541535f4ac48d47d06821e2cee1eed8bbcbd00dd0856e41d7aafc24,2024-06-12T01:15:49.033000
 CVE-2024-25569,0,0,4638448a8546825fa9e00c3ff94a077ca9cbdaa5d8882a201d353ede23041668,2024-05-05T03:15:07.033000
 CVE-2024-2557,0,0,7033022bd95c620bc17bec08414220fdfdd18b2ab9f776b8e336562f8180ee53,2024-05-17T02:38:18.850000
 CVE-2024-25572,0,0,6916ce68d4646365d0578802b2b08ffd76a62b8c07df1314570c90fc1d876f93,2024-04-11T12:47:44.137000
 CVE-2024-25574,0,0,4bc8d3cd97ad31d3dfd232c462a09dc1924d30756dc7bfcb27690950ff1edfb2,2024-04-02T12:50:42.233000
 CVE-2024-25575,0,0,5af0aa3097d78d1504ce01f6ae14ec7e5926b1b9756fc2644e591f5a22c7fdfb,2024-04-30T17:52:35.057000
 CVE-2024-25578,0,0,ff68f9ee0e3394b3fa83fe8766f2e044325a5fd043b437de063c0cd80654c610,2024-03-01T14:04:26.010000
-CVE-2024-25579,0,0,838cd17118b030eacfba49a0ada30a1ba4831f0bedbfd768ff2707f55789078e,2024-04-04T01:15:50.083000
+CVE-2024-25579,0,1,6f2fe316ae3f3762fa16317f50ff5a77b3a8c14784bf85d8cfcfff7aa17188cb,2024-06-12T01:15:49.137000
 CVE-2024-2558,0,0,baf5a7057cc3eb2684690fe1b80d63fda3ec2a7151e8d40271295d827a081975,2024-05-17T02:38:18.947000
 CVE-2024-25580,0,0,aa78600da8abcfd02ed93a87510a3e3684060f93f36da496d331a2464d925d23,2024-03-27T12:29:30.307000
 CVE-2024-25581,0,0,61cc259f8e9114281af0711ac3d4133c9d8bf82e1541368a70fe70223b1b4393,2024-06-10T18:15:27.650000
@@ -251270,7 +251270,7 @@ CVE-2024-35221,0,0,bfc710e18100e9afc422e67798c6c85b47f420014671b62f5a654232b2fd2
 CVE-2024-35222,0,0,36ca1f5942bc600830d0964eca33e6ff4693f5db1dbd469f3a881c8582b83106,2024-05-24T01:15:30.977000
 CVE-2024-35223,0,0,cd2c4ce1a9fe8bfa6f0dfcc5ad8f4ae4bc0ae888e5916f53189fc333ee33e0be,2024-05-24T01:15:30.977000
 CVE-2024-35224,0,0,e1c7dcbe61be23c2f9747cf7531e309bc23c53e66c973486d5da13d1acf7f619,2024-05-24T01:15:30.977000
-CVE-2024-35225,1,1,9e644d09d90709ab069f4700d763f78e4aa5c6b9cceef3d6aae0ffd35e499a79,2024-06-11T22:15:09.520000
+CVE-2024-35225,0,0,9e644d09d90709ab069f4700d763f78e4aa5c6b9cceef3d6aae0ffd35e499a79,2024-06-11T22:15:09.520000
 CVE-2024-35226,0,0,a4f003db440ebbc86307a7b17129188d0f50859c9c9a1320d9f0f7fbe028cbb3,2024-05-29T13:02:09.280000
 CVE-2024-35228,0,0,e4e2e7406c9c774b8ecb6248f2670949add9d1c5eb0e04e89aa505e759ee221a,2024-05-31T13:01:46.727000
 CVE-2024-35229,0,0,5ee88facfa68247ca9de07dbd334e85c15f8a3e466794415d20f2550dc151eee,2024-05-28T12:39:28.377000
@@ -251859,6 +251859,7 @@ CVE-2024-36080,0,0,de5551202af1794b77e1032fd6ee35ba7df3ef2929b44077b5dc18aee0b88
 CVE-2024-36081,0,0,d4f0cf242ca757b4f303ae5368ae2b4579e3452ad04759648a40396f5d2c3712,2024-05-20T13:00:04.957000
 CVE-2024-36082,0,0,ec05e6fee429e8ce759a7c1458dcc4d6897daf721318becd9b0e86af84bd511f,2024-06-07T14:56:05.647000
 CVE-2024-3609,0,0,ed7edf68142e8387ad834c19a7338682e57310d52666dd6c703556dcd2e4f649,2024-05-17T18:36:05.263000
+CVE-2024-36103,1,1,ae615eea7ba0506551b476d4b1b618e5ece76986f3bc278b8fe038276288f745,2024-06-12T01:15:49.220000
 CVE-2024-36104,0,0,f94ea0cb7958e56dffdecb1b4837799b68ea7935ebeb2da813f05e84c54e031b,2024-06-10T18:15:35.497000
 CVE-2024-36105,0,0,4b0fed9ed2485549411fb1c0dd5b530df11ef2b63c1b154f3cb43f2c66dea72a,2024-05-28T12:39:28.377000
 CVE-2024-36106,0,0,c68c312ee2bc6ec7a30477c97b5c82d947d4a1b2653da093413e96421d465f20,2024-06-07T14:56:05.647000
@@ -252668,6 +252669,7 @@ CVE-2024-4309,0,0,f1f14d3d80b8943142865ddb6cb7e0bda2252fff5ef38ed63d563490a010ce
 CVE-2024-4310,0,0,6a8887d86a728fc0163c37e4f3726fb9d19866f95653c15dd5d393e7592aa1b6,2024-04-30T13:11:16.690000
 CVE-2024-4312,0,0,9e55bf62ae99c615e6428643ba23c177214afa107267a60fb24a14ad6d9006da,2024-05-14T16:11:39.510000
 CVE-2024-4314,0,0,917e44d69c76fb7381314145ce5012ff94d63258309b3ec3d14bdf6a76c85d11,2024-05-14T16:11:39.510000
+CVE-2024-4315,1,1,2223801046fe221c89e1cac31d0c68d67952bf52bf1aea4ab6cf912be67333eb,2024-06-12T01:15:49.490000
 CVE-2024-4316,0,0,5a945ac0a4e5139fc35505b0ad29ed6f4f78dc21cf82c5a713e2fc10353001af,2024-05-14T16:11:39.510000
 CVE-2024-4317,0,0,1cfa82abc1d175e3780dda1cd435053fb9f133c668ec60968879d020da51382a,2024-05-14T16:11:39.510000
 CVE-2024-4318,0,0,239860e6603bb5bfa00e4ee1537bbc84372d89871f96aaff86d4c34891350e3a,2024-05-16T13:03:05.353000