From 3f89cad0b9bfabdb3ae6e3acb5b0b1d9df51bcab Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 21 May 2024 04:03:28 +0000 Subject: [PATCH] Auto-Update: 2024-05-21T04:00:37.544780+00:00 --- CVE-2023/CVE-2023-379xx/CVE-2023-37929.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-08xx/CVE-2024-0816.json | 55 +++++++++++++++++++++ CVE-2024/CVE-2024-31xx/CVE-2024-3155.json | 47 ++++++++++++++++++ CVE-2024/CVE-2024-49xx/CVE-2024-4943.json | 47 ++++++++++++++++++ README.md | 17 ++++--- _state.csv | 10 ++-- 6 files changed, 220 insertions(+), 11 deletions(-) create mode 100644 CVE-2023/CVE-2023-379xx/CVE-2023-37929.json create mode 100644 CVE-2024/CVE-2024-08xx/CVE-2024-0816.json create mode 100644 CVE-2024/CVE-2024-31xx/CVE-2024-3155.json create mode 100644 CVE-2024/CVE-2024-49xx/CVE-2024-4943.json diff --git a/CVE-2023/CVE-2023-379xx/CVE-2023-37929.json b/CVE-2023/CVE-2023-379xx/CVE-2023-37929.json new file mode 100644 index 00000000000..18d24e3a3b8 --- /dev/null +++ b/CVE-2023/CVE-2023-379xx/CVE-2023-37929.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-37929", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2024-05-21T02:15:08.470", + "lastModified": "2024-05-21T02:15:08.470", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The buffer overflow vulnerability in the CGI program of the VMG3625-T50B firmware version V5.50(ABPM.8)C0 could allow an authenticated remote attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024", + "source": "security@zyxel.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0816.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0816.json new file mode 100644 index 00000000000..4dce218e86d --- /dev/null +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0816.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-0816", + "sourceIdentifier": "security@zyxel.com.tw", + "published": "2024-05-21T02:15:08.743", + "lastModified": "2024-05-21T02:15:08.743", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The buffer overflow vulnerability in the DX3300-T1 firmware version V5.50(ABVY.4)C0 could allow an authenticated local attacker to cause denial of service (DoS) conditions by executing the CLI command with crafted strings on an affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@zyxel.com.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-some-5g-nr-4g-lte-cpe-dsl-ethernet-cpe-fiber-ont-wifi-extender-and-home-router-devices-05-21-2024", + "source": "security@zyxel.com.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3155.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3155.json new file mode 100644 index 00000000000..58c9be2dc81 --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3155.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3155", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-21T03:15:08.323", + "lastModified": "2024-05-21T03:15:08.323", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3084503%40post-grid%2Ftrunk&old=3078364%40post-grid%2Ftrunk&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/84bc611c-c38a-4282-9a9b-5bb9157fb1de?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4943.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4943.json new file mode 100644 index 00000000000..ea021b7ac25 --- /dev/null +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4943.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-4943", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-21T03:15:08.540", + "lastModified": "2024-05-21T03:15:08.540", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018has_field_link_rel\u2019 parameter in all versions up to, and including, 2.0.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=227333%40blocksy%2F2.0.47&old=227242%40blocksy%2F2.0.46", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dc7099d7-94fd-42be-a921-bfcad43ae252?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e609cb6f9f3..34c57e4c685 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-20T23:55:29.980201+00:00 +2024-05-21T04:00:37.544780+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-20T23:15:08.533000+00:00 +2024-05-21T03:15:08.540000+00:00 ``` ### Last Data Feed Release @@ -27,22 +27,23 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-05-20T00:00:20.242681+00:00 +2024-05-21T00:00:20.245344+00:00 ``` ### Total Number of included CVEs ```plain -250879 +250883 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `4` -- [CVE-2024-34710](CVE-2024/CVE-2024-347xx/CVE-2024-34710.json) (`2024-05-20T22:15:08.500`) -- [CVE-2024-4985](CVE-2024/CVE-2024-49xx/CVE-2024-4985.json) (`2024-05-20T22:15:08.727`) -- [CVE-2024-5145](CVE-2024/CVE-2024-51xx/CVE-2024-5145.json) (`2024-05-20T23:15:08.533`) +- [CVE-2023-37929](CVE-2023/CVE-2023-379xx/CVE-2023-37929.json) (`2024-05-21T02:15:08.470`) +- [CVE-2024-0816](CVE-2024/CVE-2024-08xx/CVE-2024-0816.json) (`2024-05-21T02:15:08.743`) +- [CVE-2024-3155](CVE-2024/CVE-2024-31xx/CVE-2024-3155.json) (`2024-05-21T03:15:08.323`) +- [CVE-2024-4943](CVE-2024/CVE-2024-49xx/CVE-2024-4943.json) (`2024-05-21T03:15:08.540`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 6d8505de8c5..2fe2fb01024 100644 --- a/_state.csv +++ b/_state.csv @@ -227492,6 +227492,7 @@ CVE-2023-37925,0,0,200d650db13d551e87bfa02d1b502f5caad1fec8d2e6ea527dff57395ef98 CVE-2023-37926,0,0,03e9be5ade63289589cf931055e78c1fa667180d6705edeed072fad2939cf38c,2023-12-04T18:08:43.703000 CVE-2023-37927,0,0,adfd736e1f6c17886905e2fcbdab3a3ad88801a80f86af06dc4f801a1e997eb5,2023-12-06T01:15:07.307000 CVE-2023-37928,0,0,95916c9bee84c621137bc612712b794829ceaaeb6e958e24a0086f902b946bc4,2023-12-06T01:15:07.407000 +CVE-2023-37929,1,1,e701810c52a5485a37d55a8e61078b5edad10d663633672049ef1349155aead2,2024-05-21T02:15:08.470000 CVE-2023-3793,0,0,d7085be3c24cd95569636ee9b3d6f852390ed8002f2634473840f0a03954af2c,2024-05-17T02:27:48.343000 CVE-2023-37932,0,0,79302a88dca68dd966f1924366d31482cef34e608e94d45d3aa06823d9d680e1,2024-01-18T15:50:39.943000 CVE-2023-37934,0,0,32af11366948034cbf47f7841a1aee8ba97feee3165e0cae43464d239e32e49f,2024-01-18T13:55:37.760000 @@ -240240,6 +240241,7 @@ CVE-2024-0812,0,0,f8f2679c7a449217ea1a0615c8b26393fc9cdcba4dd50a0d0ca8badd40b841 CVE-2024-0813,0,0,ff30ac3dc79b0550523d06b2455ee17a966f55c90b0406d419b89863b89f1aa1,2024-01-29T14:28:14.090000 CVE-2024-0814,0,0,1d0403c9ecdba18257e6f96087bde1c50ad1c1389cfe686e29580d08cead7d2b,2024-01-29T14:27:48.647000 CVE-2024-0815,0,0,77c96ead7fcca6d89b95c94bd459ce7967c881e384f701fc6d90d138889d1f3e,2024-03-07T13:52:27.110000 +CVE-2024-0816,1,1,71a6c9a599f41973107210177334061e3e3c60bf6d125549f8a3235bca5f397d,2024-05-21T02:15:08.743000 CVE-2024-0817,0,0,506b65e4708b5aa7ca6c679536e8e161a478d4b724766c5c2525c0d00ece87a5,2024-03-07T13:52:27.110000 CVE-2024-0818,0,0,1ec0f0bd201ff820d252208a439107cec9fa1841e11b35c5b7cef255c08c7250,2024-03-07T15:15:08.147000 CVE-2024-0819,0,0,66c4e86f28491756673c13529eb9c5ac4dc147e021161237e6cec3881493c6c4,2024-02-27T14:19:41.650000 @@ -248045,6 +248047,7 @@ CVE-2024-31544,0,0,bc835e0f71240df22cec22617fbfab2cab4d97b1f555eabe4ef7c23231d63 CVE-2024-31545,0,0,58f9284e649db693b69f38b498c09bbce1aa6659c4895ca2c4510e9e4f359bf5,2024-04-22T19:24:06.727000 CVE-2024-31546,0,0,0f1c1c4c4e70b739ec88067856aa47df01b438e565763cea3e5ee7b15b2692f7,2024-04-19T18:29:53.040000 CVE-2024-31547,0,0,620bf9372c1d180ac6e0a9d88039f2ec9f52d38e3a3d36a46bcc433dcbf30faf,2024-04-19T18:29:53.040000 +CVE-2024-3155,1,1,6764da2fe4a760a3d2c9be8303edde2cc71808488066997c787e251e367f4f21,2024-05-21T03:15:08.323000 CVE-2024-31551,0,0,1e496baf26fc7c379802e32efa65ebe29e89fcd33af39e4b33cab5b68ae631aa,2024-04-29T12:42:03.667000 CVE-2024-31552,0,0,0a44786ccab7bdadbfd444cc47befe91e7deebef75ff6d468cb452530ab14960,2024-04-19T18:29:53.040000 CVE-2024-31556,0,0,8d1523110265503c6601383345cf8ab7d71c03f8783e3e6b916697932c3b6340,2024-05-15T16:40:19.330000 @@ -249593,7 +249596,7 @@ CVE-2024-34707,0,0,4ed4d85a391d834d7fb079efda0834353a1979685e57868a3cb454f56a739 CVE-2024-34708,0,0,50ae7ddc2e75e3cdce67dd59d0961391cf6e2a4b57c62edc7a621111d8513880,2024-05-14T16:12:23.490000 CVE-2024-34709,0,0,06ef108f024a9984841f3f127183d5734c022052a25b089dea508889fcf5f5e7,2024-05-14T16:12:23.490000 CVE-2024-3471,0,0,54767cbf563c0be6df0476fd4d8642a65d7e71e0c7bed8d9d2a79519c6ab070f,2024-05-02T13:27:25.103000 -CVE-2024-34710,1,1,5dc4665d60f068782e169ed16e4b5aeed2aca25ab0ab03aa4614a987dea76645,2024-05-20T22:15:08.500000 +CVE-2024-34710,0,0,5dc4665d60f068782e169ed16e4b5aeed2aca25ab0ab03aa4614a987dea76645,2024-05-20T22:15:08.500000 CVE-2024-34712,0,0,40b56468c6b0e23be2aec8e055821c01815577c206a3bde1e73f06a6cae6bcb3,2024-05-14T19:17:55.627000 CVE-2024-34713,0,0,71c068cea1357926b6436f81cbdf6c8a79fd8b732c917dfd0c04a9555e362968,2024-05-14T19:17:55.627000 CVE-2024-34714,0,0,a16faa7f57b02979f0d9baa24210a39fe199236a17b9a6c8ee9e34ebead52447,2024-05-14T19:17:55.627000 @@ -250794,6 +250797,7 @@ CVE-2024-4930,0,0,c788e0d56ac9821afbddc6483e03a13bf7f80f00576d8b1223c03d6294c6fd CVE-2024-4931,0,0,2ab344000230faa9c561225875553219121b70a083bbf12f75caec6dd758530d,2024-05-17T02:40:43.250000 CVE-2024-4932,0,0,3b5275bd6f16ce8a63e34d2f3c31ecaa2774cb0b5959779a3c9231162a6d31de,2024-05-17T02:40:43.357000 CVE-2024-4933,0,0,7b2f7569ee693877ba391d27e3452d47316b559fbbc3e96bc86c11c7c9d32620,2024-05-17T02:40:43.463000 +CVE-2024-4943,1,1,62f3a8a5b0257e45a5e04aaa3d6f193aee9dd09ccba7e4cdbc185f16f33a6b7d,2024-05-21T03:15:08.540000 CVE-2024-4945,0,0,e0a5ba7966643efb73fd914f70b4524cd2866097ad449d2a2165f63e6d16c777,2024-05-17T02:40:43.560000 CVE-2024-4946,0,0,2baf4f00c5706f17b6e0e44a9760a1e19206d19f91f4169e19252f73fcb559cc,2024-05-17T02:40:43.650000 CVE-2024-4947,0,0,d99daa970efeabb8f4dd091c927b07b74399731d4a362b2b49e66334d24d2a77,2024-05-16T13:03:05.353000 @@ -250816,7 +250820,7 @@ CVE-2024-4974,0,0,30c18840d61a7da1f6d082016a110f1f3e155cb69a321c5f3011e04a781ace CVE-2024-4975,0,0,09924b0fbe93d87fd37542372e09ae669637640cc2222ca882fa05e7d37dfb27,2024-05-17T02:40:45.073000 CVE-2024-4976,0,0,cec1c528b9c81bb2353d630af7aeaeed80f8c396bb33272f9e3c075fa645e3ec,2024-05-16T13:03:05.353000 CVE-2024-4984,0,0,c181b2792419ab292757f17fa7ed54efe54e64b1f0d7a8e32f201040654607f4,2024-05-16T13:03:05.353000 -CVE-2024-4985,1,1,bc448e1bde699518577a6998209a5a0146da6fb11a5b9b2f9d4aabb1f818fd6f,2024-05-20T22:15:08.727000 +CVE-2024-4985,0,0,bc448e1bde699518577a6998209a5a0146da6fb11a5b9b2f9d4aabb1f818fd6f,2024-05-20T22:15:08.727000 CVE-2024-4991,0,0,180b9ed28c0cce46df550147eebf5773d3a2c46d3490c6ab8f019084050e5a01,2024-05-16T13:03:05.353000 CVE-2024-4992,0,0,504a91a45451c38d9b5beed8f2c88cac747dfe187af29754ed23c5e483929557,2024-05-16T13:03:05.353000 CVE-2024-4993,0,0,54558f9e3463a1500143cda3bf9ee67127625c6afa1872d34f1d786cf2569f73,2024-05-16T13:03:05.353000 @@ -250877,4 +250881,4 @@ CVE-2024-5134,0,0,44a789f42f5a3c13ba63d82e5081c6abc6a3d25c1481cb7c53cfc6c6e78700 CVE-2024-5135,0,0,68cf9bdf9dec0a96d7d353e92a3ea23735e4dfab71f12aba03f45faad350b446,2024-05-20T13:00:04.957000 CVE-2024-5136,0,0,7e1453b58a6b8cdb889318a17e467bc4887e911147f2bbd5898eefe5c0fc0fa9,2024-05-20T13:00:04.957000 CVE-2024-5137,0,0,9ef636c571a0277ac03884ccb19a37de0ac2ceab7c0195ff8a91e587e734c012,2024-05-20T13:00:04.957000 -CVE-2024-5145,1,1,c53440da82a6dd0eb446d498465c5990d294584701f1510d2f50eecfd1574c85,2024-05-20T23:15:08.533000 +CVE-2024-5145,0,0,c53440da82a6dd0eb446d498465c5990d294584701f1510d2f50eecfd1574c85,2024-05-20T23:15:08.533000