Auto-Update: 2024-05-21T04:00:37.544780+00:00

2025-07-09 16:05:11 +00:00 · 2024-05-21 04:03:28 +00:00 · 2024-05-21 04:03:28 +00:00 · 3f89cad0b9
commit 3f89cad0b9
parent b9dcc5c182
6 changed files with 220 additions and 11 deletions
--- a/CVE-2023/CVE-2023-379xx/CVE-2023-37929.json
+++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37929.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2023-37929",
+  "sourceIdentifier": "security@zyxel.com.tw",
+  "published": "2024-05-21T02:15:08.470",
+  "lastModified": "2024-05-21T02:15:08.470",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@zyxel.com.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@zyxel.com.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024",
+      "source": "security@zyxel.com.tw"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-08xx/CVE-2024-0816.json
+++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0816.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-0816",
+  "sourceIdentifier": "security@zyxel.com.tw",
+  "published": "2024-05-21T02:15:08.743",
+  "lastModified": "2024-05-21T02:15:08.743",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@zyxel.com.tw",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@zyxel.com.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024",
+      "source": "security@zyxel.com.tw"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-31xx/CVE-2024-3155.json
+++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3155.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-3155",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-21T03:15:08.323",
+  "lastModified": "2024-05-21T03:15:08.323",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3084503%40post-grid%2Ftrunk&old=3078364%40post-grid%2Ftrunk&sfp_email=&sfph_mail=",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84bc611c-c38a-4282-9a9b-5bb9157fb1de?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-49xx/CVE-2024-4943.json
+++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4943.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-4943",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-21T03:15:08.540",
+  "lastModified": "2024-05-21T03:15:08.540",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018has_field_link_rel\u2019 parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.4,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=227333%40blocksy%2F2.0.47&old=227242%40blocksy%2F2.0.46",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc7099d7-94fd-42be-a921-bfcad43ae252?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-05-20T23:55:29.980201+00:00
+2024-05-21T04:00:37.544780+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-05-20T23:15:08.533000+00:00
+2024-05-21T03:15:08.540000+00:00
 ```

 ### Last Data Feed Release
@ -27,22 +27,23 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-05-20T00:00:20.242681+00:00
+2024-05-21T00:00:20.245344+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-250879
+250883
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `4`

- [CVE-2024-34710](CVE-2024/CVE-2024-347xx/CVE-2024-34710.json) (`2024-05-20T22:15:08.500`)
- [CVE-2024-4985](CVE-2024/CVE-2024-49xx/CVE-2024-4985.json) (`2024-05-20T22:15:08.727`)
- [CVE-2024-5145](CVE-2024/CVE-2024-51xx/CVE-2024-5145.json) (`2024-05-20T23:15:08.533`)
+- [CVE-2023-37929](CVE-2023/CVE-2023-379xx/CVE-2023-37929.json) (`2024-05-21T02:15:08.470`)
+- [CVE-2024-0816](CVE-2024/CVE-2024-08xx/CVE-2024-0816.json) (`2024-05-21T02:15:08.743`)
+- [CVE-2024-3155](CVE-2024/CVE-2024-31xx/CVE-2024-3155.json) (`2024-05-21T03:15:08.323`)
+- [CVE-2024-4943](CVE-2024/CVE-2024-49xx/CVE-2024-4943.json) (`2024-05-21T03:15:08.540`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -227492,6 +227492,7 @@ CVE-2023-37925,0,0,200d650db13d551e87bfa02d1b502f5caad1fec8d2e6ea527dff57395ef98
 CVE-2023-37926,0,0,03e9be5ade63289589cf931055e78c1fa667180d6705edeed072fad2939cf38c,2023-12-04T18:08:43.703000
 CVE-2023-37927,0,0,adfd736e1f6c17886905e2fcbdab3a3ad88801a80f86af06dc4f801a1e997eb5,2023-12-06T01:15:07.307000
 CVE-2023-37928,0,0,95916c9bee84c621137bc612712b794829ceaaeb6e958e24a0086f902b946bc4,2023-12-06T01:15:07.407000
+CVE-2023-37929,1,1,e701810c52a5485a37d55a8e61078b5edad10d663633672049ef1349155aead2,2024-05-21T02:15:08.470000
 CVE-2023-3793,0,0,d7085be3c24cd95569636ee9b3d6f852390ed8002f2634473840f0a03954af2c,2024-05-17T02:27:48.343000
 CVE-2023-37932,0,0,79302a88dca68dd966f1924366d31482cef34e608e94d45d3aa06823d9d680e1,2024-01-18T15:50:39.943000
 CVE-2023-37934,0,0,32af11366948034cbf47f7841a1aee8ba97feee3165e0cae43464d239e32e49f,2024-01-18T13:55:37.760000
@ -240240,6 +240241,7 @@ CVE-2024-0812,0,0,f8f2679c7a449217ea1a0615c8b26393fc9cdcba4dd50a0d0ca8badd40b841
 CVE-2024-0813,0,0,ff30ac3dc79b0550523d06b2455ee17a966f55c90b0406d419b89863b89f1aa1,2024-01-29T14:28:14.090000
 CVE-2024-0814,0,0,1d0403c9ecdba18257e6f96087bde1c50ad1c1389cfe686e29580d08cead7d2b,2024-01-29T14:27:48.647000
 CVE-2024-0815,0,0,77c96ead7fcca6d89b95c94bd459ce7967c881e384f701fc6d90d138889d1f3e,2024-03-07T13:52:27.110000
+CVE-2024-0816,1,1,71a6c9a599f41973107210177334061e3e3c60bf6d125549f8a3235bca5f397d,2024-05-21T02:15:08.743000
 CVE-2024-0817,0,0,506b65e4708b5aa7ca6c679536e8e161a478d4b724766c5c2525c0d00ece87a5,2024-03-07T13:52:27.110000
 CVE-2024-0818,0,0,1ec0f0bd201ff820d252208a439107cec9fa1841e11b35c5b7cef255c08c7250,2024-03-07T15:15:08.147000
 CVE-2024-0819,0,0,66c4e86f28491756673c13529eb9c5ac4dc147e021161237e6cec3881493c6c4,2024-02-27T14:19:41.650000
@ -248045,6 +248047,7 @@ CVE-2024-31544,0,0,bc835e0f71240df22cec22617fbfab2cab4d97b1f555eabe4ef7c23231d63
 CVE-2024-31545,0,0,58f9284e649db693b69f38b498c09bbce1aa6659c4895ca2c4510e9e4f359bf5,2024-04-22T19:24:06.727000
 CVE-2024-31546,0,0,0f1c1c4c4e70b739ec88067856aa47df01b438e565763cea3e5ee7b15b2692f7,2024-04-19T18:29:53.040000
 CVE-2024-31547,0,0,620bf9372c1d180ac6e0a9d88039f2ec9f52d38e3a3d36a46bcc433dcbf30faf,2024-04-19T18:29:53.040000
+CVE-2024-3155,1,1,6764da2fe4a760a3d2c9be8303edde2cc71808488066997c787e251e367f4f21,2024-05-21T03:15:08.323000
 CVE-2024-31551,0,0,1e496baf26fc7c379802e32efa65ebe29e89fcd33af39e4b33cab5b68ae631aa,2024-04-29T12:42:03.667000
 CVE-2024-31552,0,0,0a44786ccab7bdadbfd444cc47befe91e7deebef75ff6d468cb452530ab14960,2024-04-19T18:29:53.040000
 CVE-2024-31556,0,0,8d1523110265503c6601383345cf8ab7d71c03f8783e3e6b916697932c3b6340,2024-05-15T16:40:19.330000
@ -249593,7 +249596,7 @@ CVE-2024-34707,0,0,4ed4d85a391d834d7fb079efda0834353a1979685e57868a3cb454f56a739
 CVE-2024-34708,0,0,50ae7ddc2e75e3cdce67dd59d0961391cf6e2a4b57c62edc7a621111d8513880,2024-05-14T16:12:23.490000
 CVE-2024-34709,0,0,06ef108f024a9984841f3f127183d5734c022052a25b089dea508889fcf5f5e7,2024-05-14T16:12:23.490000
 CVE-2024-3471,0,0,54767cbf563c0be6df0476fd4d8642a65d7e71e0c7bed8d9d2a79519c6ab070f,2024-05-02T13:27:25.103000
-CVE-2024-34710,1,1,5dc4665d60f068782e169ed16e4b5aeed2aca25ab0ab03aa4614a987dea76645,2024-05-20T22:15:08.500000
+CVE-2024-34710,0,0,5dc4665d60f068782e169ed16e4b5aeed2aca25ab0ab03aa4614a987dea76645,2024-05-20T22:15:08.500000
 CVE-2024-34712,0,0,40b56468c6b0e23be2aec8e055821c01815577c206a3bde1e73f06a6cae6bcb3,2024-05-14T19:17:55.627000
 CVE-2024-34713,0,0,71c068cea1357926b6436f81cbdf6c8a79fd8b732c917dfd0c04a9555e362968,2024-05-14T19:17:55.627000
 CVE-2024-34714,0,0,a16faa7f57b02979f0d9baa24210a39fe199236a17b9a6c8ee9e34ebead52447,2024-05-14T19:17:55.627000
@ -250794,6 +250797,7 @@ CVE-2024-4930,0,0,c788e0d56ac9821afbddc6483e03a13bf7f80f00576d8b1223c03d6294c6fd
 CVE-2024-4931,0,0,2ab344000230faa9c561225875553219121b70a083bbf12f75caec6dd758530d,2024-05-17T02:40:43.250000
 CVE-2024-4932,0,0,3b5275bd6f16ce8a63e34d2f3c31ecaa2774cb0b5959779a3c9231162a6d31de,2024-05-17T02:40:43.357000
 CVE-2024-4933,0,0,7b2f7569ee693877ba391d27e3452d47316b559fbbc3e96bc86c11c7c9d32620,2024-05-17T02:40:43.463000
+CVE-2024-4943,1,1,62f3a8a5b0257e45a5e04aaa3d6f193aee9dd09ccba7e4cdbc185f16f33a6b7d,2024-05-21T03:15:08.540000
 CVE-2024-4945,0,0,e0a5ba7966643efb73fd914f70b4524cd2866097ad449d2a2165f63e6d16c777,2024-05-17T02:40:43.560000
 CVE-2024-4946,0,0,2baf4f00c5706f17b6e0e44a9760a1e19206d19f91f4169e19252f73fcb559cc,2024-05-17T02:40:43.650000
 CVE-2024-4947,0,0,d99daa970efeabb8f4dd091c927b07b74399731d4a362b2b49e66334d24d2a77,2024-05-16T13:03:05.353000
@ -250816,7 +250820,7 @@ CVE-2024-4974,0,0,30c18840d61a7da1f6d082016a110f1f3e155cb69a321c5f3011e04a781ace
 CVE-2024-4975,0,0,09924b0fbe93d87fd37542372e09ae669637640cc2222ca882fa05e7d37dfb27,2024-05-17T02:40:45.073000
 CVE-2024-4976,0,0,cec1c528b9c81bb2353d630af7aeaeed80f8c396bb33272f9e3c075fa645e3ec,2024-05-16T13:03:05.353000
 CVE-2024-4984,0,0,c181b2792419ab292757f17fa7ed54efe54e64b1f0d7a8e32f201040654607f4,2024-05-16T13:03:05.353000
-CVE-2024-4985,1,1,bc448e1bde699518577a6998209a5a0146da6fb11a5b9b2f9d4aabb1f818fd6f,2024-05-20T22:15:08.727000
+CVE-2024-4985,0,0,bc448e1bde699518577a6998209a5a0146da6fb11a5b9b2f9d4aabb1f818fd6f,2024-05-20T22:15:08.727000
 CVE-2024-4991,0,0,180b9ed28c0cce46df550147eebf5773d3a2c46d3490c6ab8f019084050e5a01,2024-05-16T13:03:05.353000
 CVE-2024-4992,0,0,504a91a45451c38d9b5beed8f2c88cac747dfe187af29754ed23c5e483929557,2024-05-16T13:03:05.353000
 CVE-2024-4993,0,0,54558f9e3463a1500143cda3bf9ee67127625c6afa1872d34f1d786cf2569f73,2024-05-16T13:03:05.353000
@ -250877,4 +250881,4 @@ CVE-2024-5134,0,0,44a789f42f5a3c13ba63d82e5081c6abc6a3d25c1481cb7c53cfc6c6e78700
 CVE-2024-5135,0,0,68cf9bdf9dec0a96d7d353e92a3ea23735e4dfab71f12aba03f45faad350b446,2024-05-20T13:00:04.957000
 CVE-2024-5136,0,0,7e1453b58a6b8cdb889318a17e467bc4887e911147f2bbd5898eefe5c0fc0fa9,2024-05-20T13:00:04.957000
 CVE-2024-5137,0,0,9ef636c571a0277ac03884ccb19a37de0ac2ceab7c0195ff8a91e587e734c012,2024-05-20T13:00:04.957000
-CVE-2024-5145,1,1,c53440da82a6dd0eb446d498465c5990d294584701f1510d2f50eecfd1574c85,2024-05-20T23:15:08.533000
+CVE-2024-5145,0,0,c53440da82a6dd0eb446d498465c5990d294584701f1510d2f50eecfd1574c85,2024-05-20T23:15:08.533000