diff --git a/CVE-2020/CVE-2020-225xx/CVE-2020-22539.json b/CVE-2020/CVE-2020-225xx/CVE-2020-22539.json index 759c257d927..45509d44a18 100644 --- a/CVE-2020/CVE-2020-225xx/CVE-2020-22539.json +++ b/CVE-2020/CVE-2020-225xx/CVE-2020-22539.json @@ -2,12 +2,16 @@ "id": "CVE-2020-22539", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T22:15:07.620", - "lastModified": "2024-04-15T22:15:07.620", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via uploading a crafted file." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de carga de archivos arbitrarios en la funci\u00f3n Agregar Categor\u00eda de Codoforum v4.9 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo manipulado." } ], "metrics": {}, diff --git a/CVE-2020/CVE-2020-225xx/CVE-2020-22540.json b/CVE-2020/CVE-2020-225xx/CVE-2020-22540.json index b2867d1345c..ec8b4448b96 100644 --- a/CVE-2020/CVE-2020-225xx/CVE-2020-22540.json +++ b/CVE-2020/CVE-2020-225xx/CVE-2020-22540.json @@ -2,12 +2,16 @@ "id": "CVE-2020-22540", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T23:15:06.730", - "lastModified": "2024-04-15T23:15:06.730", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive information via crafted payload to Category name component." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado en Codoforum v4.9 permite a los atacantes ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado en el componente de nombre de categor\u00eda." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-338xx/CVE-2023-33806.json b/CVE-2023/CVE-2023-338xx/CVE-2023-33806.json index 034e59c946a..c34d2aa6763 100644 --- a/CVE-2023/CVE-2023-338xx/CVE-2023-33806.json +++ b/CVE-2023/CVE-2023-338xx/CVE-2023-33806.json @@ -2,12 +2,16 @@ "id": "CVE-2023-33806", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T23:15:06.837", - "lastModified": "2024-04-15T23:15:06.837", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Insecure default configurations in Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119, allows attackers to execute arbitrary commands." + }, + { + "lang": "es", + "value": "Las configuraciones predeterminadas inseguras en Hikvision Interactive Tablet DS-D5B86RB/B V2.3.0 build220119 permiten a los atacantes ejecutar comandos arbitrarios." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-455xx/CVE-2023-45503.json b/CVE-2023/CVE-2023-455xx/CVE-2023-45503.json index 65b89d6d05c..1cb99ef59dd 100644 --- a/CVE-2023/CVE-2023-455xx/CVE-2023-45503.json +++ b/CVE-2023/CVE-2023-455xx/CVE-2023-45503.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45503", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T20:15:10.777", - "lastModified": "2024-04-15T20:15:10.777", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in Macrob7 Macs CMS 1.1.4f, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via crafted payload to resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Macrob7 Macs CMS 1.1.4f, permite a atacantes remotos ejecutar c\u00f3digo arbitrario, provocar una denegaci\u00f3n de servicio (DoS), escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado para resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole, deleteComment, deleteUser, allowComment, saveRole, forgotPasswordProcess, resetPassword, saveUser, addComment, saveRole, and saveUser endpoints." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6038.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6038.json index 0e6bba0b0c0..2fe6cde4987 100644 --- a/CVE-2023/CVE-2023-60xx/CVE-2023-6038.json +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6038.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6038", "sourceIdentifier": "security@huntr.dev", "published": "2023-11-16T17:15:09.373", - "lastModified": "2024-02-08T10:15:10.703", + "lastModified": "2024-04-16T12:15:08.780", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "An attacker is able to read any file on the server hosting the H2O dashboard without any authentication." + "value": "A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. This issue affects the default installation and does not require user interaction. The vulnerability can be exploited by making specific GET or POST requests to the ImportFiles and ParseSetup endpoints, respectively. This issue was identified in version 3.40.0.4 of h2o-3." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-65xx/CVE-2023-6568.json b/CVE-2023/CVE-2023-65xx/CVE-2023-6568.json index 1425e1dc15b..cf3f174f699 100644 --- a/CVE-2023/CVE-2023-65xx/CVE-2023-6568.json +++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6568.json @@ -2,12 +2,12 @@ "id": "CVE-2023-6568", "sourceIdentifier": "security@huntr.dev", "published": "2023-12-07T05:15:09.347", - "lastModified": "2023-12-09T04:51:50.623", - "vulnStatus": "Analyzed", + "lastModified": "2024-04-16T12:15:08.957", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Cross-site Scripting (XSS) - Reflected in GitHub repository mlflow/mlflow prior to 2.9.0." + "value": "A reflected Cross-Site Scripting (XSS) vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the Content-Type header in POST requests. An attacker can inject malicious JavaScript code into the Content-Type header, which is then improperly reflected back to the user without adequate sanitization or escaping, leading to arbitrary JavaScript execution in the context of the victim's browser. The vulnerability is present in the mlflow/server/auth/__init__.py file, where the user-supplied Content-Type header is directly injected into a Python formatted string and returned to the user, facilitating the XSS attack." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-04xx/CVE-2024-0404.json b/CVE-2024/CVE-2024-04xx/CVE-2024-0404.json index 3aa621d30fc..3ad1f24b9ff 100644 --- a/CVE-2024/CVE-2024-04xx/CVE-2024-0404.json +++ b/CVE-2024/CVE-2024-04xx/CVE-2024-0404.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0404", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:07.387", - "lastModified": "2024-04-16T00:15:07.387", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A mass assignment vulnerability exists in the `/api/invite/:code` endpoint of the mintplex-labs/anything-llm repository, allowing unauthorized creation of high-privileged accounts. By intercepting and modifying the HTTP request during the account creation process via an invitation link, an attacker can add a `role` property with `admin` value, thereby gaining administrative access. This issue arises due to the lack of property allowlisting and blocklisting, enabling the attacker to exploit the system and perform actions as an administrator." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de asignaci\u00f3n masiva en el endpoint `/api/invite/:code` del repositorio mintplex-labs/anything-llm, lo que permite la creaci\u00f3n no autorizada de cuentas con altos privilegios. Al interceptar y modificar la solicitud HTTP durante el proceso de creaci\u00f3n de la cuenta a trav\u00e9s de un enlace de invitaci\u00f3n, un atacante puede agregar una propiedad \"rol\" con valor \"admin\", obteniendo as\u00ed acceso administrativo. Este problema surge debido a la falta de listas de propiedades permitidas y bloqueadas, lo que permite al atacante explotar el sistema y realizar acciones como administrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0549.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0549.json index baec69015b2..cc8741770f8 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0549.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0549.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0549", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:07.603", - "lastModified": "2024-04-16T00:15:07.603", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "mintplex-labs/anything-llm is vulnerable to a relative path traversal attack, allowing unauthorized attackers with a default role account to delete files and folders within the filesystem, including critical database files such as 'anythingllm.db'. The vulnerability stems from insufficient input validation and normalization in the handling of file and folder deletion requests. Successful exploitation results in the compromise of data integrity and availability." + }, + { + "lang": "es", + "value": "mintplex-labs/anything-llm es vulnerable a un ataque de relative path traversal, lo que permite a atacantes no autorizados con una cuenta de rol predeterminada eliminar archivos y carpetas dentro del sistema de archivos, incluidos archivos de bases de datos cr\u00edticos como 'anythingllm.db'. La vulnerabilidad se debe a una validaci\u00f3n y normalizaci\u00f3n de entrada insuficientes en el manejo de solicitudes de eliminaci\u00f3n de archivos y carpetas. La explotaci\u00f3n exitosa resulta en el compromiso de la integridad y disponibilidad de los datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-07xx/CVE-2024-0798.json b/CVE-2024/CVE-2024-07xx/CVE-2024-0798.json index 666b0f90278..cf22bf01559 100644 --- a/CVE-2024/CVE-2024-07xx/CVE-2024-0798.json +++ b/CVE-2024/CVE-2024-07xx/CVE-2024-0798.json @@ -2,12 +2,12 @@ "id": "CVE-2024-0798", "sourceIdentifier": "security@huntr.dev", "published": "2024-02-26T16:27:51.563", - "lastModified": "2024-02-26T16:32:25.577", + "lastModified": "2024-04-16T12:15:09.113", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "A user with a `default` role given to them by the admin can sent `DELETE` HTTP requests to `remove-folder` and `remove-document` to delete folders and source files from the instance even when their role should explicitly not allow this action on the system." + "value": "A privilege escalation vulnerability exists in mintplex-labs/anything-llm, allowing users with 'default' role to delete documents uploaded by 'admin'. Despite the intended restriction that prevents 'default' role users from deleting admin-uploaded documents, an attacker can exploit this vulnerability by sending a crafted DELETE request to the /api/system/remove-document endpoint. This vulnerability is due to improper access control checks, enabling unauthorized document deletion and potentially leading to loss of data integrity." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1135.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1135.json index ec04c94bce8..4fcf9da0aab 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1135.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1135.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1135", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:07.797", - "lastModified": "2024-04-16T00:15:07.797", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1183.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1183.json index 39bfd10bb58..fbe20d38568 100644 --- a/CVE-2024/CVE-2024-11xx/CVE-2024-1183.json +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1183.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1183", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:07.990", - "lastModified": "2024-04-16T00:15:07.990", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attackers to scan and identify open ports within an internal network. By manipulating the 'file' parameter in a GET request, an attacker can discern the status of internal ports based on the presence of a 'Location' header or a 'File not allowed' error in the response." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad SSRF (Server-Side Request Forgery) en el repositorio gradio-app/gradio, que permite a los atacantes escanear e identificar puertos abiertos dentro de una red interna. Al manipular el par\u00e1metro \"archivo\" en una solicitud GET, un atacante puede discernir el estado de los puertos internos en funci\u00f3n de la presencia de un encabezado \"Ubicaci\u00f3n\" o un error \"Archivo no permitido\" en la respuesta." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1357.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1357.json index 317db2f5455..dc5753a6f64 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1357.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1357.json @@ -2,8 +2,8 @@ "id": "CVE-2024-1357", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-16T10:15:07.273", - "lastModified": "2024-04-16T10:15:07.273", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1394.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1394.json index 1ba5622fedc..9fcd06f9fb3 100644 --- a/CVE-2024/CVE-2024-13xx/CVE-2024-1394.json +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1394.json @@ -2,7 +2,7 @@ "id": "CVE-2024-1394", "sourceIdentifier": "secalert@redhat.com", "published": "2024-03-21T13:00:08.037", - "lastModified": "2024-04-03T18:15:07.140", + "lastModified": "2024-04-16T13:15:11.050", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -111,9 +111,25 @@ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2262921", "source": "secalert@redhat.com" }, + { + "url": "https://github.com/golang-fips/openssl/commit/85d31d0d257ce842c8a1e63c4d230ae850348136", + "source": "secalert@redhat.com" + }, { "url": "https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6", "source": "secalert@redhat.com" + }, + { + "url": "https://github.com/microsoft/go-crypto-openssl/commit/104fe7f6912788d2ad44602f77a0a0a62f1f259f", + "source": "secalert@redhat.com" + }, + { + "url": "https://pkg.go.dev/vuln/GO-2024-2660", + "source": "secalert@redhat.com" + }, + { + "url": "https://vuln.go.dev/ID/GO-2024-2660.json", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1455.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1455.json index e46a3ec1703..bce70adc11f 100644 --- a/CVE-2024/CVE-2024-14xx/CVE-2024-1455.json +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1455.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1455", "sourceIdentifier": "security@huntr.dev", "published": "2024-03-26T14:15:08.450", - "lastModified": "2024-03-26T17:09:53.043", + "lastModified": "2024-04-16T12:15:09.230", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html\n\nThis primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. \n\nThis would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service.\n\nA successful attack is predicated on:\n\n1. Usage of XMLOutputParser\n2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf\n3. Exposing the component via a web-service" + "value": "A vulnerability in the langchain-ai/langchain repository allows for a Billion Laughs Attack, a type of XML External Entity (XXE) exploitation. By nesting multiple layers of entities within an XML document, an attacker can cause the XML parser to consume excessive CPU and memory resources, leading to a denial of service (DoS). " }, { "lang": "es", @@ -51,6 +51,10 @@ } ], "references": [ + { + "url": "https://github.com/langchain-ai/langchain/commit/727d5023ce88e18e3074ef620a98137d26ff92a3", + "source": "security@huntr.dev" + }, { "url": "https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6", "source": "security@huntr.dev" diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1456.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1456.json index bee11beda28..b58a6170250 100644 --- a/CVE-2024/CVE-2024-14xx/CVE-2024-1456.json +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1456.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1456", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:08.170", - "lastModified": "2024-04-16T00:15:08.170", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An S3 bucket takeover vulnerability was identified in the h2oai/h2o-3 repository. The issue involves the S3 bucket 'http://s3.amazonaws.com/h2o-training', which was found to be vulnerable to unauthorized takeover." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de toma de control del dep\u00f3sito S3 en el repositorio h2oai/h2o-3. El problema involucra al dep\u00f3sito S3 'http://s3.amazonaws.com/h2o-training', que result\u00f3 ser vulnerable a adquisiciones no autorizadas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1483.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1483.json index 2bbb3cc52d6..d8427356e33 100644 --- a/CVE-2024/CVE-2024-14xx/CVE-2024-1483.json +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1483.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1483", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:08.353", - "lastModified": "2024-04-16T00:15:08.353", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in mlflow/mlflow version 2.9.2, allowing attackers to access arbitrary files on the server. By crafting a series of HTTP POST requests with specially crafted 'artifact_location' and 'source' parameters, using a local URI with '#' instead of '?', an attacker can traverse the server's directory structure. The issue occurs due to insufficient validation of user-supplied input in the server's handlers." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en mlflow/mlflow versi\u00f3n 2.9.2, que permite a los atacantes acceder a archivos arbitrarios en el servidor. Al crear una serie de solicitudes HTTP POST con par\u00e1metros 'artifact_location' y 'source' especialmente manipulados, utilizando un URI local con '#' en lugar de '?', un atacante puede atravesar la estructura de directorios del servidor. El problema se produce debido a una validaci\u00f3n insuficiente de la entrada proporcionada por el usuario en los controladores del servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json index c5eaeefa423..1e5d28e01f7 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1522.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1522", "sourceIdentifier": "security@huntr.dev", "published": "2024-03-30T18:15:45.930", - "lastModified": "2024-04-02T19:15:46.807", + "lastModified": "2024-04-16T12:15:09.357", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "The parisneo/lollms-webui does not have CSRF protections. As a result, an attacker is able to execute arbitrary OS commands via the `/execute_code` API endpoint by tricking a user into visiting a specially crafted webpage." + "value": "A Cross-Site Request Forgery (CSRF) vulnerability in the parisneo/lollms-webui project allows remote attackers to execute arbitrary code on a victim's system. The vulnerability stems from the `/execute_code` API endpoint, which does not properly validate requests, enabling an attacker to craft a malicious webpage that, when visited by a victim, submits a form to the victim's local lollms-webui instance to execute arbitrary OS commands. This issue allows attackers to take full control of the victim's system without requiring direct network access to the vulnerable application." }, { "lang": "es", @@ -15,13 +15,13 @@ } ], "metrics": { - "cvssMetricV31": [ + "cvssMetricV30": [ { "source": "security@huntr.dev", "type": "Secondary", "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1540.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1540.json index 35e7f1bfc33..9e4f19a97a5 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1540.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1540.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1540", "sourceIdentifier": "security@huntr.dev", "published": "2024-03-27T16:15:09.963", - "lastModified": "2024-03-27T17:48:21.140", + "lastModified": "2024-04-16T12:15:09.617", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Previously, it was possible to exfiltrate secrets in Gradio's CI, but this is now fixed." + "value": "A command injection vulnerability exists in the deploy+test-visual.yml workflow of the gradio-app/gradio repository, due to improper neutralization of special elements used in a command. This vulnerability allows attackers to execute unauthorized commands, potentially leading to unauthorized modification of the base repository or secrets exfiltration. The issue arises from the unsafe handling of GitHub context information within a `run` operation, where expressions inside `${{ }}` are evaluated and substituted before script execution. Remediation involves setting untrusted input values to intermediate environment variables to prevent direct influence on script generation." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1558.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1558.json index 537a75853a6..e8e314f65c4 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1558.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1558.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1558", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:08.533", - "lastModified": "2024-04-16T00:15:08.533", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the `_create_model_version()` function within `server/handlers.py` of the mlflow/mlflow repository, due to improper validation of the `source` parameter. Attackers can exploit this vulnerability by crafting a `source` parameter that bypasses the `_validate_non_local_source_contains_relative_paths(source)` function's checks, allowing for arbitrary file read access on the server. The issue arises from the handling of unquoted URL characters and the subsequent misuse of the original `source` value for model version creation, leading to the exposure of sensitive files when interacting with the `/model-versions/get-artifact` handler." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en la funci\u00f3n `_create_model_version()` dentro de `server/handlers.py` del repositorio mlflow/mlflow, debido a una validaci\u00f3n incorrecta del par\u00e1metro `source`. Los atacantes pueden explotar esta vulnerabilidad creando un par\u00e1metro `source` que pasa por alto las comprobaciones de la funci\u00f3n `_validate_non_local_source_contains_relative_paths(source)`, permitiendo acceso de lectura arbitrario a archivos en el servidor. El problema surge del manejo de caracteres URL sin comillas y el posterior uso indebido del valor \"fuente\" original para la creaci\u00f3n de la versi\u00f3n del modelo, lo que lleva a la exposici\u00f3n de archivos confidenciales al interactuar con el controlador \"/model-versions/get-artifact\"." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1560.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1560.json index 98631be8630..d936ce9dbbe 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1560.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1560.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1560", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:08.713", - "lastModified": "2024-04-16T00:15:08.713", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the artifact deletion functionality. Attackers can bypass path validation by exploiting the double decoding process in the `_delete_artifact_mlflow_artifacts` handler and `local_file_uri_to_path` function, allowing for the deletion of arbitrary directories on the server's filesystem. This vulnerability is due to an extra unquote operation in the `delete_artifacts` function of `local_artifact_repo.py`, which fails to properly sanitize user-supplied paths. The issue is present up to version 2.9.2, despite attempts to fix a similar issue in CVE-2023-6831." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en el repositorio mlflow/mlflow, espec\u00edficamente dentro de la funcionalidad de eliminaci\u00f3n de artefactos. Los atacantes pueden eludir la validaci\u00f3n de rutas explotando el proceso de doble decodificaci\u00f3n en el controlador `_delete_artifact_mlflow_artifacts` y la funci\u00f3n `local_file_uri_to_path`, lo que permite la eliminaci\u00f3n de directorios arbitrarios en el sistema de archivos del servidor. Esta vulnerabilidad se debe a una operaci\u00f3n adicional entre comillas en la funci\u00f3n `delete_artifacts` de `local_artifact_repo.py`, que no sanitiza adecuadamente las rutas proporcionadas por el usuario. El problema est\u00e1 presente hasta la versi\u00f3n 2.9.2, a pesar de los intentos de solucionar un problema similar en CVE-2023-6831." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1561.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1561.json index 39828f54c60..5e13609264a 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1561.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1561.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1561", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:08.887", - "lastModified": "2024-04-16T00:15:08.887", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in gradio-app/gradio, where the `/component_server` endpoint improperly allows the invocation of any method on a `Component` class with attacker-controlled arguments. Specifically, by exploiting the `move_resource_to_block_cache()` method of the `Block` class, an attacker can copy any file on the filesystem to a temporary directory and subsequently retrieve it. This vulnerability enables unauthorized local file read access, posing a significant risk especially when the application is exposed to the internet via `launch(share=True)`, thereby allowing remote attackers to read files on the host machine. Furthermore, gradio apps hosted on `huggingface.co` are also affected, potentially leading to the exposure of sensitive information such as API keys and credentials stored in environment variables." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en gradio-app/gradio, donde el endpoint `/component_server` permite incorrectamente la invocaci\u00f3n de cualquier m\u00e9todo en una clase `Component` con argumentos controlados por el atacante. Espec\u00edficamente, al explotar el m\u00e9todo `move_resource_to_block_cache()` de la clase `Block`, un atacante puede copiar cualquier archivo en el sistema de archivos a un directorio temporal y posteriormente recuperarlo. Esta vulnerabilidad permite el acceso de lectura de archivos locales no autorizados, lo que representa un riesgo significativo, especialmente cuando la aplicaci\u00f3n est\u00e1 expuesta a Internet a trav\u00e9s de \"launch(share=True)\", lo que permite a atacantes remotos leer archivos en la m\u00e1quina host. Adem\u00e1s, las aplicaciones de gradio alojadas en `huggingface.co` tambi\u00e9n se ven afectadas, lo que podr\u00eda provocar la exposici\u00f3n de informaci\u00f3n confidencial, como claves API y credenciales almacenadas en variables de entorno." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1569.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1569.json index 0461c525260..44b92751813 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1569.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1569.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1569", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:09.060", - "lastModified": "2024-04-16T00:15:09.060", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontrolled resource consumption. Attackers can exploit the `/open_code_in_vs_code` and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the default folder opener (e.g., File Explorer, xdg-open) multiple times. This can render the host machine unusable by exhausting system resources. The vulnerability is present in the latest version of the software." + }, + { + "lang": "es", + "value": "parisneo/lollms-webui es vulnerable a un ataque de denegaci\u00f3n de servicio (DoS) debido al consumo incontrolado de recursos. Los atacantes pueden explotar `/open_code_in_vs_code` y endpoints similares sin autenticaci\u00f3n enviando solicitudes HTTP POST repetidas, lo que lleva a la apertura de Visual Studio Code o del abridor de carpeta predeterminado (por ejemplo, Explorador de archivos, xdg-open) varias veces. Esto puede inutilizar la m\u00e1quina host al agotar los recursos del sistema. La vulnerabilidad est\u00e1 presente en la \u00faltima versi\u00f3n del software." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1593.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1593.json index 759f1184410..8d614ddc322 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1593.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1593.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1593", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:09.247", - "lastModified": "2024-04-16T00:15:09.247", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the mlflow/mlflow repository due to improper handling of URL parameters. By smuggling path traversal sequences using the ';' character in URLs, attackers can manipulate the 'params' portion of the URL to gain unauthorized access to files or directories. This vulnerability allows for arbitrary data smuggling into the 'params' part of the URL, enabling attacks similar to those described in previous reports but utilizing the ';' character for parameter smuggling. Successful exploitation could lead to unauthorized information disclosure or server compromise." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en el repositorio mlflow/mlflow debido a un manejo inadecuado de los par\u00e1metros de URL. Al contrabandear secuencias de path traversal utilizando el ';' car\u00e1cter en las URL, los atacantes pueden manipular la parte 'par\u00e1metros' de la URL para obtener acceso no autorizado a archivos o directorios. Esta vulnerabilidad permite el contrabando de datos arbitrarios en la parte 'params' de la URL, lo que permite ataques similares a los descritos en informes anteriores pero utilizando el ';' personaje para el contrabando de par\u00e1metros. La explotaci\u00f3n exitosa podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n no autorizada o al compromiso del servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1594.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1594.json index 931fe4580c8..7cf288781f3 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1594.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1594.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1594", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:09.417", - "lastModified": "2024-04-16T00:15:09.417", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the mlflow/mlflow repository, specifically within the handling of the `artifact_location` parameter when creating an experiment. Attackers can exploit this vulnerability by using a fragment component `#` in the artifact location URI to read arbitrary files on the server in the context of the server's process. This issue is similar to CVE-2023-6909 but utilizes a different component of the URI to achieve the same effect. " + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en el repositorio mlflow/mlflow, espec\u00edficamente en el manejo del par\u00e1metro `artifact_location` al crear un experimento. Los atacantes pueden aprovechar esta vulnerabilidad utilizando un componente de fragmento `#` en el URI de ubicaci\u00f3n del artefacto para leer archivos arbitrarios en el servidor en el contexto del proceso del servidor. Este problema es similar a CVE-2023-6909 pero utiliza un componente diferente del URI para lograr el mismo efecto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1601.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1601.json index 3a9105caf94..97838a3fe6b 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1601.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1601.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1601", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:09.597", - "lastModified": "2024-04-16T00:15:09.597", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An SQL injection vulnerability exists in the `delete_discussion()` function of the parisneo/lollms-webui application, allowing an attacker to delete all discussions and message data. The vulnerability is exploitable via a crafted HTTP POST request to the `/delete_discussion` endpoint, which internally calls the vulnerable `delete_discussion()` function. By sending a specially crafted payload in the 'id' parameter, an attacker can manipulate SQL queries to delete all records from the 'discussion' and 'message' tables. This issue is due to improper neutralization of special elements used in an SQL command." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n `delete_discussion()` de la aplicaci\u00f3n parisneo/lollms-webui, lo que permite a un atacante eliminar todas las discusiones y datos de mensajes. La vulnerabilidad se puede explotar a trav\u00e9s de una solicitud POST HTTP manipulada al endpoint `/delete_discussion`, que llama internamente a la funci\u00f3n vulnerable `delete_discussion()`. Al enviar un payload especialmente manipulado en el par\u00e1metro 'id', un atacante puede manipular consultas SQL para eliminar todos los registros de las tablas 'discusi\u00f3n' y 'mensaje'. Este problema se debe a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando SQL." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1626.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1626.json index 3e8f01ecd36..27d2610c763 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1626.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1626.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1626", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:09.777", - "lastModified": "2024-04-16T00:15:09.777", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. The vulnerability allows authenticated users to modify the name of any project within the system without proper authorization checks, by directly referencing the project's ID in the PATCH request to the '/v1/projects/:projectId' endpoint. This issue arises because the endpoint does not verify if the provided project ID belongs to the currently authenticated user, enabling unauthorized modifications across different organizational projects." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de referencia directa a objetos inseguros (IDOR) en el repositorio lunary-ai/lunary, versi\u00f3n 0.3.0, dentro del endpoint de actualizaci\u00f3n del proyecto. La vulnerabilidad permite a los usuarios autenticados modificar el nombre de cualquier proyecto dentro del sistema sin las comprobaciones de autorizaci\u00f3n adecuadas, haciendo referencia directamente al ID del proyecto en la solicitud PATCH al endpoint '/v1/projects/:projectId'. Este problema surge porque el endpoint no verifica si el ID del proyecto proporcionado pertenece al usuario actualmente autenticado, lo que permite modificaciones no autorizadas en diferentes proyectos organizacionales." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1646.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1646.json index 56b689d4e34..5eafad1133e 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1646.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1646.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1646", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:09.967", - "lastModified": "2024-04-16T00:15:09.967", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "parisneo/lollms-webui is vulnerable to authentication bypass due to insufficient protection over sensitive endpoints. The application checks if the host parameter is not '0.0.0.0' to restrict access, which is inadequate when the application is bound to a specific interface, allowing unauthorized access to endpoints such as '/restart_program', '/update_software', '/check_update', '/start_recording', and '/stop_recording'. This vulnerability can lead to denial of service, unauthorized disabling or overriding of recordings, and potentially other impacts if certain features are enabled in the configuration." + }, + { + "lang": "es", + "value": "parisneo/lollms-webui es vulnerable a la omisi\u00f3n de autenticaci\u00f3n debido a una protecci\u00f3n insuficiente en los endpoints sensibles. La aplicaci\u00f3n verifica si el par\u00e1metro del host no es '0.0.0.0' para restringir el acceso, lo cual es inadecuado cuando la aplicaci\u00f3n est\u00e1 vinculada a una interfaz espec\u00edfica, lo que permite el acceso no autorizado a endpoints como '/restart_program', '/update_software', '/ check_update', '/start_recording' y '/stop_recording'. Esta vulnerabilidad puede provocar denegaci\u00f3n de servicio, desactivaci\u00f3n o anulaci\u00f3n no autorizada de grabaciones y potencialmente otros impactos si ciertas funciones est\u00e1n habilitadas en la configuraci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1665.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1665.json index 3c02ed998fe..a8440f2bad3 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1665.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1665.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1665", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:10.150", - "lastModified": "2024-04-16T00:15:10.150", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing server-side checks for user account status during evaluation creation. While the web UI restricts evaluation creation to paid accounts, the server-side API endpoint '/v1/evaluations' does not verify if the user has a paid account, allowing users with free or self-hosted accounts to create unlimited evaluations without upgrading their account. This vulnerability is due to the lack of account status validation in the evaluation creation process." + }, + { + "lang": "es", + "value": "lunary-ai/lunary versi\u00f3n 1.0.0 es vulnerable a la creaci\u00f3n de evaluaciones no autorizadas debido a que faltan verificaciones del lado del servidor para el estado de la cuenta de usuario durante la creaci\u00f3n de la evaluaci\u00f3n. Si bien la interfaz de usuario web restringe la creaci\u00f3n de evaluaciones a cuentas pagas, el endpoint API del lado del servidor '/v1/evaluations' no verifica si el usuario tiene una cuenta paga, lo que permite a los usuarios con cuentas gratuitas o autohospedadas crear evaluaciones ilimitadas sin actualizar su cuenta. Esta vulnerabilidad se debe a la falta de validaci\u00f3n del estado de la cuenta en el proceso de creaci\u00f3n de la evaluaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1666.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1666.json index 100e11ff0b4..ea489e444c2 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1666.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1666.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1666", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:10.330", - "lastModified": "2024-04-16T00:15:10.330", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In lunary-ai/lunary version 1.0.0, an authorization flaw exists that allows unauthorized radar creation. The vulnerability stems from the lack of server-side checks to verify if a user is on a free account during the radar creation process, which is only enforced in the web UI. As a result, attackers can bypass the intended account upgrade requirement by directly sending crafted requests to the server, enabling the creation of an unlimited number of radars without payment." + }, + { + "lang": "es", + "value": "En lunary-ai/lunary versi\u00f3n 1.0.0, existe una falla de autorizaci\u00f3n que permite la creaci\u00f3n de radares no autorizados. La vulnerabilidad surge de la falta de comprobaciones del lado del servidor para verificar si un usuario tiene una cuenta gratuita durante el proceso de creaci\u00f3n del radar, que s\u00f3lo se aplica en la interfaz de usuario web. Como resultado, los atacantes pueden eludir el requisito de actualizaci\u00f3n de cuenta previsto enviando directamente solicitudes manipuladas al servidor, lo que permite la creaci\u00f3n de una cantidad ilimitada de radares sin pago." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1727.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1727.json index 34ea817aa6e..4ce3524efa7 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1727.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1727.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1727", "sourceIdentifier": "security@huntr.dev", "published": "2024-03-21T20:15:07.620", - "lastModified": "2024-03-22T12:45:36.130", + "lastModified": "2024-04-16T12:15:09.843", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "To prevent malicious 3rd party websites from making requests to Gradio applications running locally, this PR tightens the CORS rules around Gradio applications. In particular, it checks to see if the host header is localhost (or one of its aliases) and if so, it requires the origin header (if present) to be localhost (or one of its aliases) as well.\n\n" + "value": "A Cross-Site Request Forgery (CSRF) vulnerability in gradio-app/gradio allows attackers to upload multiple large files to a victim's system if they are running Gradio locally. By crafting a malicious HTML page that triggers an unauthorized file upload to the victim's server, an attacker can deplete the system's disk space, potentially leading to a denial of service. This issue affects the file upload functionality as implemented in gradio/routes.py." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1729.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1729.json index a730a99809b..52c7069718e 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1729.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1729.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1729", "sourceIdentifier": "security@huntr.dev", "published": "2024-03-29T05:15:45.477", - "lastModified": "2024-03-29T12:45:02.937", + "lastModified": "2024-04-16T12:15:09.930", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Th password check condition is vulnerable to timing attack to guess the password\n\n" + "value": "A timing attack vulnerability exists in the gradio-app/gradio repository, specifically within the login function in routes.py. The vulnerability arises from the use of a direct comparison operation (`app.auth[username] == password`) to validate user credentials, which can be exploited to guess passwords based on response times. Successful exploitation of this vulnerability could allow an attacker to bypass authentication mechanisms and gain unauthorized access." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1738.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1738.json index d1ffce97a45..d3592c2fcb7 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1738.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1738.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1738", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:10.510", - "lastModified": "2024-04-16T00:15:10.510", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An incorrect authorization vulnerability exists in the lunary-ai/lunary repository, specifically within the evaluations.get route in the evaluations API endpoint. This vulnerability allows unauthorized users to retrieve the results of any organization's evaluation by simply knowing the evaluation ID, due to the lack of project ID verification in the SQL query. As a result, attackers can gain access to potentially private data contained within the evaluation results." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de autorizaci\u00f3n incorrecta en el repositorio lunary-ai/lunary, espec\u00edficamente dentro de la ruta evaluations.get en el endpoint de la API de evaluaciones. Esta vulnerabilidad permite a usuarios no autorizados recuperar los resultados de la evaluaci\u00f3n de cualquier organizaci\u00f3n simplemente conociendo el ID de la evaluaci\u00f3n, debido a la falta de verificaci\u00f3n del ID del proyecto en la consulta SQL. Como resultado, los atacantes pueden obtener acceso a datos potencialmente privados contenidos en los resultados de la evaluaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1739.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1739.json index 006acbfe182..4b890ccb9fa 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1739.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1739.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1739", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:10.697", - "lastModified": "2024-04-16T00:15:10.697", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "lunary-ai/lunary is vulnerable to an authentication issue due to improper validation of email addresses during the signup process. Specifically, the server fails to treat email addresses as case insensitive, allowing the creation of multiple accounts with the same email address by varying the case of the email characters. For example, accounts for 'abc@gmail.com' and 'Abc@gmail.com' can both be created, leading to potential impersonation and confusion among users." + }, + { + "lang": "es", + "value": "lunary-ai/lunary es vulnerable a un problema de autenticaci\u00f3n debido a una validaci\u00f3n incorrecta de las direcciones de correo electr\u00f3nico durante el proceso de registro. Espec\u00edficamente, el servidor no trata las direcciones de correo electr\u00f3nico sin distinguir entre may\u00fasculas y min\u00fasculas, lo que permite la creaci\u00f3n de varias cuentas con la misma direcci\u00f3n de correo electr\u00f3nico variando las may\u00fasculas y min\u00fasculas de los caracteres del correo electr\u00f3nico. Por ejemplo, se pueden crear cuentas para 'abc@gmail.com' y 'Abc@gmail.com', lo que genera una posible suplantaci\u00f3n de identidad y confusi\u00f3n entre los usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1892.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1892.json index 9a25b1d40d8..2f43c3ce80f 100644 --- a/CVE-2024/CVE-2024-18xx/CVE-2024-1892.json +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1892.json @@ -2,12 +2,12 @@ "id": "CVE-2024-1892", "sourceIdentifier": "security@huntr.dev", "published": "2024-02-28T00:15:53.897", - "lastModified": "2024-02-28T14:06:45.783", + "lastModified": "2024-04-16T12:15:10.050", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing." + "value": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the XMLFeedSpider class of the scrapy/scrapy project, specifically in the parsing of XML content. By crafting malicious XML content that exploits inefficient regular expression complexity used in the parsing process, an attacker can cause a denial-of-service (DoS) condition. This vulnerability allows for the system to hang and consume significant resources, potentially rendering services that utilize Scrapy for XML processing unresponsive." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1961.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1961.json index 180f5d405ac..5d153992b58 100644 --- a/CVE-2024/CVE-2024-19xx/CVE-2024-1961.json +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1961.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1961", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:10.867", - "lastModified": "2024-04-16T00:15:10.867", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "vertaai/modeldb is vulnerable to a path traversal attack due to improper sanitization of user-supplied file paths in its file upload functionality. Attackers can exploit this vulnerability to write arbitrary files anywhere in the file system by manipulating the 'artifact_path' parameter. This flaw can lead to Remote Code Execution (RCE) by overwriting critical files, such as the application's configuration file, especially when the application is run outside of Docker. The vulnerability is present in the NFSController.java and NFSService.java components of the application." + }, + { + "lang": "es", + "value": "vertaai/modeldb es vulnerable a un ataque de path traversal debido a una sanitizaci\u00f3n inadecuada de las rutas de archivos proporcionadas por el usuario en su funcionalidad de carga de archivos. Los atacantes pueden aprovechar esta vulnerabilidad para escribir archivos arbitrarios en cualquier parte del sistema de archivos manipulando el par\u00e1metro 'artifact_path'. Esta falla puede provocar la ejecuci\u00f3n remota de c\u00f3digo (RCE) al sobrescribir archivos cr\u00edticos, como el archivo de configuraci\u00f3n de la aplicaci\u00f3n, especialmente cuando la aplicaci\u00f3n se ejecuta fuera de Docker. La vulnerabilidad est\u00e1 presente en los componentes NFSController.java y NFSService.java de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2083.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2083.json index 28d283f95ef..b290633e23f 100644 --- a/CVE-2024/CVE-2024-20xx/CVE-2024-2083.json +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2083.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2083", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:11.057", - "lastModified": "2024-04-16T00:15:11.057", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A directory traversal vulnerability exists in the zenml-io/zenml repository, specifically within the /api/v1/steps endpoint. Attackers can exploit this vulnerability by manipulating the 'logs' URI path in the request to fetch arbitrary file content, bypassing intended access restrictions. The vulnerability arises due to the lack of validation for directory traversal patterns, allowing attackers to access files outside of the restricted directory." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de directory traversal en el repositorio zenml-io/zenml, espec\u00edficamente dentro del endpoint /api/v1/steps. Los atacantes pueden aprovechar esta vulnerabilidad manipulando la ruta URI de los 'registros' en la solicitud para recuperar contenido de archivo arbitrario, evitando las restricciones de acceso previstas. La vulnerabilidad surge debido a la falta de validaci\u00f3n de los patrones de directory traversal, lo que permite a los atacantes acceder a archivos fuera del directorio restringido." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-222xx/CVE-2024-22262.json b/CVE-2024/CVE-2024-222xx/CVE-2024-22262.json index 05ef29f85f3..cbfe08c2abc 100644 --- a/CVE-2024/CVE-2024-222xx/CVE-2024-22262.json +++ b/CVE-2024/CVE-2024-222xx/CVE-2024-22262.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22262", "sourceIdentifier": "security@vmware.com", "published": "2024-04-16T06:15:46.270", - "lastModified": "2024-04-16T06:15:46.270", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Applications that use UriComponentsBuilder\u00a0to parse an externally provided URL (e.g. through a query parameter) AND\u00a0perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html \u00a0attack or to a SSRF attack if the URL is used after passing validation checks.\n\nThis is the same as CVE-2024-22259 https://spring.io/security/cve-2024-22259 \u00a0and CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input.\n\n" + }, + { + "lang": "es", + "value": "Las aplicaciones que utilizan UriComponentsBuilder para analizar una URL proporcionada externamente (por ejemplo, a trav\u00e9s de un par\u00e1metro de consulta) Y realizan comprobaciones de validaci\u00f3n en el host de la URL analizada pueden ser vulnerables a una redirecci\u00f3n abierta https://cwe.mitre.org/data/definitions/601 .html o a un ataque SSRF si la URL se utiliza despu\u00e9s de pasar las comprobaciones de validaci\u00f3n. Esto es lo mismo que CVE-2024-22259 https://spring.io/security/cve-2024-22259 y CVE-2024-22243 https://spring.io/security/cve-2024-22243, pero con diferentes aporte." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2206.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2206.json index 7cad778ff1a..9c246e9bff2 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2206.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2206.json @@ -2,12 +2,12 @@ "id": "CVE-2024-2206", "sourceIdentifier": "security@huntr.dev", "published": "2024-03-27T01:15:46.613", - "lastModified": "2024-03-27T12:29:30.307", + "lastModified": "2024-04-16T12:15:10.187", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "The /proxy route allows a user to proxy arbitrary urls including potential internal endpoints." + "value": "An SSRF vulnerability exists in the gradio-app/gradio due to insufficient validation of user-supplied URLs in the `/proxy` route. Attackers can exploit this vulnerability by manipulating the `self.replica_urls` set through the `X-Direct-Url` header in requests to the `/` and `/config` routes, allowing the addition of arbitrary URLs for proxying. This flaw enables unauthorized proxying of requests and potential access to internal endpoints within the Hugging Face space. The issue arises from the application's inadequate checking of safe URLs in the `build_proxy_request` function." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2260.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2260.json index f0c9aa22bea..6162702bbf4 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2260.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2260.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2260", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:11.237", - "lastModified": "2024-04-16T00:15:11.237", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A session fixation vulnerability exists in the zenml-io/zenml application, where JWT tokens used for user authentication are not invalidated upon logout. This flaw allows an attacker to bypass authentication mechanisms by reusing a victim's JWT token." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de reparaci\u00f3n de sesi\u00f3n en la aplicaci\u00f3n zenml-io/zenml, donde los tokens JWT utilizados para la autenticaci\u00f3n del usuario no se invalidan al cerrar sesi\u00f3n. Esta falla permite a un atacante eludir los mecanismos de autenticaci\u00f3n reutilizando el token JWT de la v\u00edctima." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23558.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23558.json index 51a5df2cb9f..fe06370a12f 100644 --- a/CVE-2024/CVE-2024-235xx/CVE-2024-23558.json +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23558.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23558", "sourceIdentifier": "psirt@hcl.com", "published": "2024-04-15T21:15:07.080", - "lastModified": "2024-04-15T21:15:07.080", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.\n" + }, + { + "lang": "es", + "value": "HCL DevOps Deploy/HCL Launch no invalida la sesi\u00f3n despu\u00e9s del cierre de sesi\u00f3n, lo que podr\u00eda permitir que un usuario autenticado se haga pasar por otro usuario en el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23560.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23560.json index acf3e841376..1e157145f91 100644 --- a/CVE-2024/CVE-2024-235xx/CVE-2024-23560.json +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23560.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23560", "sourceIdentifier": "psirt@hcl.com", "published": "2024-04-15T20:15:10.873", - "lastModified": "2024-04-15T20:15:10.873", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "HCL DevOps Deploy / HCL Launch could be vulnerable to incomplete revocation of permissions when deleting a custom security resource type. \n" + }, + { + "lang": "es", + "value": "HCL DevOps Deploy/HCL Launch podr\u00eda ser vulnerable a una revocaci\u00f3n incompleta de permisos al eliminar un tipo de recurso de seguridad personalizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-235xx/CVE-2024-23561.json b/CVE-2024/CVE-2024-235xx/CVE-2024-23561.json index 15b065a13a9..5034ea74d16 100644 --- a/CVE-2024/CVE-2024-235xx/CVE-2024-23561.json +++ b/CVE-2024/CVE-2024-235xx/CVE-2024-23561.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23561", "sourceIdentifier": "psirt@hcl.com", "published": "2024-04-15T21:15:07.243", - "lastModified": "2024-04-15T21:15:07.243", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values. \n" + }, + { + "lang": "es", + "value": "HCL DevOps Deploy/HCL Launch es afectado por una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n confidencial debido a una ofuscaci\u00f3n insuficiente de los valores confidenciales." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24485.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24485.json index 02bf94ce8e7..73b470c67cd 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24485.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24485.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24485", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T19:15:09.740", - "lastModified": "2024-04-15T19:15:09.740", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to obtain sensitive information via the GET EEP_DATA command." + }, + { + "lang": "es", + "value": "Un problema descubierto en silex technology DS-600 Firmware v.1.4.1, permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del comando GET EEP_DATA." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24486.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24486.json index bddf5335fc6..03e2b638828 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24486.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24486.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24486", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T19:15:09.787", - "lastModified": "2024-04-15T19:15:09.787", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to edit device settings via the SAVE EEP_DATA command." + }, + { + "lang": "es", + "value": "Un problema descubierto en silex technology DS-600 Firmware v.1.4.1, permite a un atacante remoto editar la configuraci\u00f3n del dispositivo mediante el comando SAVE EEP_DATA." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-244xx/CVE-2024-24487.json b/CVE-2024/CVE-2024-244xx/CVE-2024-24487.json index b64ad301ac9..fc869e94ba5 100644 --- a/CVE-2024/CVE-2024-244xx/CVE-2024-24487.json +++ b/CVE-2024/CVE-2024-244xx/CVE-2024-24487.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24487", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T19:15:09.830", - "lastModified": "2024-04-15T19:15:09.830", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue discovered in silex technology DS-600 Firmware v.1.4.1 allows a remote attacker to cause a denial of service via crafted UDP packets using the EXEC REBOOT SYSTEM command." + }, + { + "lang": "es", + "value": "Un problema descubierto en silex technology DS-600 Firmware v.1.4.1, permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s de paquetes UDP manipulados utilizando el comando EXEC REBOOT SYSTEM." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-24xx/CVE-2024-2424.json b/CVE-2024/CVE-2024-24xx/CVE-2024-2424.json index c0b8ef9de57..814d5a784a3 100644 --- a/CVE-2024/CVE-2024-24xx/CVE-2024-2424.json +++ b/CVE-2024/CVE-2024-24xx/CVE-2024-2424.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2424", "sourceIdentifier": "PSIRT@rockwellautomation.com", "published": "2024-04-15T22:15:08.657", - "lastModified": "2024-04-15T22:15:08.657", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nAn input validation vulnerability exists in the Rockwell Automation\u00a05015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability. \n\n" + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de validaci\u00f3n de entrada en Rockwell Automation 5015-AENFTXT que hace que el adaptador secundario genere una falla mayor no recuperable (MNRF) cuando se ingresa una entrada maliciosa. Si se explota, la disponibilidad del dispositivo se ver\u00e1 afectada y ser\u00e1 necesario reiniciarlo manualmente. Adem\u00e1s, se necesita un paquete PTP con formato incorrecto para aprovechar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-277xx/CVE-2024-27794.json b/CVE-2024/CVE-2024-277xx/CVE-2024-27794.json index 9b06c888bf9..25d90fe5ec4 100644 --- a/CVE-2024/CVE-2024-277xx/CVE-2024-27794.json +++ b/CVE-2024/CVE-2024-277xx/CVE-2024-27794.json @@ -2,12 +2,16 @@ "id": "CVE-2024-27794", "sourceIdentifier": "product-security@apple.com", "published": "2024-04-15T23:15:06.890", - "lastModified": "2024-04-15T23:15:06.890", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Claris FileMaker Server before version 20.3.2 was susceptible to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. The vulnerability was resolved in FileMaker Server 20.3.2 by escaping the HTML contents of the login error message on the login page." + }, + { + "lang": "es", + "value": "Claris FileMaker Server anterior a la versi\u00f3n 20.3.2 era susceptible a una vulnerabilidad de Cross-Site Scripting reflejada debido a un par\u00e1metro manejado incorrectamente en el endpoint de inicio de sesi\u00f3n de FileMaker WebDirect. La vulnerabilidad se resolvi\u00f3 en FileMaker Server 20.3.2 escapando del contenido HTML del mensaje de error de inicio de sesi\u00f3n en la p\u00e1gina de inicio de sesi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-285xx/CVE-2024-28556.json b/CVE-2024/CVE-2024-285xx/CVE-2024-28556.json index 620d6f084f3..41e2d088954 100644 --- a/CVE-2024/CVE-2024-285xx/CVE-2024-28556.json +++ b/CVE-2024/CVE-2024-285xx/CVE-2024-28556.json @@ -2,12 +2,16 @@ "id": "CVE-2024-28556", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T19:15:09.870", - "lastModified": "2024-04-15T19:15:09.870", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin-manage-user.php." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Sourcecodester php task management system v1.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario, escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado en admin-manage-user.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-285xx/CVE-2024-28557.json b/CVE-2024/CVE-2024-285xx/CVE-2024-28557.json index 5d5bcfb6119..befca0629ae 100644 --- a/CVE-2024/CVE-2024-285xx/CVE-2024-28557.json +++ b/CVE-2024/CVE-2024-285xx/CVE-2024-28557.json @@ -2,12 +2,16 @@ "id": "CVE-2024-28557", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T19:15:09.913", - "lastModified": "2024-04-15T19:15:09.913", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in Sourcecodester php task management system v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to update-admin.php." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Sourcecodester php task management system v1.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario, escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado en update-admin.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-285xx/CVE-2024-28558.json b/CVE-2024/CVE-2024-285xx/CVE-2024-28558.json index 29c8178dacc..bfad50aca79 100644 --- a/CVE-2024/CVE-2024-285xx/CVE-2024-28558.json +++ b/CVE-2024/CVE-2024-285xx/CVE-2024-28558.json @@ -2,12 +2,16 @@ "id": "CVE-2024-28558", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T19:15:09.957", - "lastModified": "2024-04-15T19:15:09.957", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL Injection vulnerability in sourcecodester Petrol pump management software v1.0, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via crafted payload to admin/app/web_crud.php." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en sourcecodester Petrol pump management software v1.0, permite a atacantes remotos ejecutar c\u00f3digo arbitrario, escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado en admin/app/web_crud.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-29xx/CVE-2024-2912.json b/CVE-2024/CVE-2024-29xx/CVE-2024-2912.json index 83c3d528a64..a1ea842f69b 100644 --- a/CVE-2024/CVE-2024-29xx/CVE-2024-2912.json +++ b/CVE-2024/CVE-2024-29xx/CVE-2024-2912.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2912", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:11.427", - "lastModified": "2024-04-16T00:15:11.427", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted POST request. By exploiting this vulnerability, attackers can execute arbitrary commands on the server hosting the BentoML application. The vulnerability is triggered when a serialized object, crafted to execute OS commands upon deserialization, is sent to any valid BentoML endpoint. This issue poses a significant security risk, enabling attackers to compromise the server and potentially gain unauthorized access or control." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de deserializaci\u00f3n insegura en el framework BentoML, que permite la ejecuci\u00f3n remota de c\u00f3digo (RCE) mediante el env\u00edo de una solicitud POST especialmente manipulada. Al explotar esta vulnerabilidad, los atacantes pueden ejecutar comandos arbitrarios en el servidor que aloja la aplicaci\u00f3n BentoML. La vulnerabilidad se activa cuando un objeto serializado, manipulado para ejecutar comandos del sistema operativo tras la deserializaci\u00f3n, se env\u00eda a cualquier endpoint v\u00e1lido de BentoML. Este problema plantea un riesgo de seguridad importante, ya que permite a los atacantes comprometer el servidor y potencialmente obtener acceso o control no autorizados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-305xx/CVE-2024-30567.json b/CVE-2024/CVE-2024-305xx/CVE-2024-30567.json index aaff5ced287..88575ec0542 100644 --- a/CVE-2024/CVE-2024-305xx/CVE-2024-30567.json +++ b/CVE-2024/CVE-2024-305xx/CVE-2024-30567.json @@ -2,12 +2,16 @@ "id": "CVE-2024-30567", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-16T00:15:11.620", - "lastModified": "2024-04-16T00:15:11.620", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality." + }, + { + "lang": "es", + "value": "Un problema en JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funcionalidad de soluci\u00f3n de problemas de red." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-306xx/CVE-2024-30656.json b/CVE-2024/CVE-2024-306xx/CVE-2024-30656.json index 14ffde0dbca..aade6dc2d8d 100644 --- a/CVE-2024/CVE-2024-306xx/CVE-2024-30656.json +++ b/CVE-2024/CVE-2024-306xx/CVE-2024-30656.json @@ -2,12 +2,16 @@ "id": "CVE-2024-30656", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T22:15:08.870", - "lastModified": "2024-04-15T22:15:08.870", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 allows attackers to cause a Denial of Service (DoS) via a crafted deauth frame." + }, + { + "lang": "es", + "value": "Un problema en Fireboltt Dream Wristphone BSW202_FB_AAC_v2.0_20240110-20240110-1956 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un frame de autenticaci\u00f3n manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-308xx/CVE-2024-30840.json b/CVE-2024/CVE-2024-308xx/CVE-2024-30840.json index 18c03df66aa..8fde1ba640e 100644 --- a/CVE-2024/CVE-2024-308xx/CVE-2024-30840.json +++ b/CVE-2024/CVE-2024-308xx/CVE-2024-30840.json @@ -2,12 +2,16 @@ "id": "CVE-2024-30840", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T20:15:11.030", - "lastModified": "2024-04-15T20:15:11.030", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Stack Overflow vulnerability in Tenda AC15 v15.03.05.18 allows attackers to cause a denial of service via the LISTEN parameter in the fromDhcpListClient function." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de pila en Tenda AC15 v15.03.05.18 permite a atacantes provocar una denegaci\u00f3n de servicio a trav\u00e9s del par\u00e1metro LISTEN en la funci\u00f3n fromDhcpListClient." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3028.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3028.json index c90e1b88bf5..669e44c1883 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3028.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3028.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3028", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:11.667", - "lastModified": "2024-04-16T00:15:11.667", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "mintplex-labs/anything-llm is vulnerable to improper input validation, allowing attackers to read and delete arbitrary files on the server. By manipulating the 'logo_filename' parameter in the 'system-preferences' API endpoint, an attacker can construct requests to read sensitive files or the application's '.env' file, and even delete files by setting the 'logo_filename' to the path of the target file and invoking the 'remove-logo' API endpoint. This vulnerability is due to the lack of proper sanitization of user-supplied input." + }, + { + "lang": "es", + "value": "mintplex-labs/anything-llm es vulnerable a una validaci\u00f3n de entrada incorrecta, lo que permite a los atacantes leer y eliminar archivos arbitrarios en el servidor. Al manipular el par\u00e1metro 'logo_filename' en el endpoint API 'system-preferences', un atacante puede crear solicitudes para leer archivos confidenciales o el archivo '.env' de la aplicaci\u00f3n, e incluso eliminar archivos configurando 'logo_filename' en la ruta del archivo de destino e invocando el endpoint API 'remove-logo'. Esta vulnerabilidad se debe a la falta de una sanitizaci\u00f3n adecuada de los datos proporcionados por el usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3029.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3029.json index a6f07497151..e217f3f3707 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3029.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3029.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3029", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:11.850", - "lastModified": "2024-04-16T00:15:11.850", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multi_user_mode'. The vulnerability allows an attacker to remove all existing users and potentially create a new admin user without requiring a password, leading to unauthorized access and control over the application." + }, + { + "lang": "es", + "value": "En mintplex-labs/anything-llm, un atacante puede aprovechar la validaci\u00f3n de entrada incorrecta enviando un payload JSON con formato incorrecto al endpoint '/system/enable-multi-user'. Esto desencadena un error que es detectado por un bloque catch, que a su vez elimina a todos los usuarios y desactiva el 'multi_user_mode'. La vulnerabilidad permite a un atacante eliminar a todos los usuarios existentes y potencialmente crear un nuevo usuario administrador sin requerir una contrase\u00f1a, lo que genera acceso y control no autorizados sobre la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3067.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3067.json new file mode 100644 index 00000000000..ae747cc4852 --- /dev/null +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3067.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-3067", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-16T13:15:11.230", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can also be used by unauthenticated attackers to inject malicious web scripts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wp-product-feed-manager/trunk/includes/user-interface/class-wppfm-feed-editor-page.php#L34", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3070663%40wp-product-feed-manager&new=3070663%40wp-product-feed-manager&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/37bfb60d-8e2d-4c77-880c-3d17a6a434b8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31497.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31497.json index bc02999905d..aecfdfdc380 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31497.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31497.json @@ -2,12 +2,16 @@ "id": "CVE-2024-31497", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T20:15:11.077", - "lastModified": "2024-04-15T23:15:06.950", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In PuTTY 0.68 through 0.80 before 0.81, biased ECDSA nonce generation allows an attacker to recover a user's NIST P-521 secret key via a quick attack in approximately 60 signatures. This is especially important in a scenario where an adversary is able to read messages signed by PuTTY or Pageant. The required set of signed messages may be publicly readable because they are stored in a public Git service that supports use of SSH for commit signing, and the signatures were made by Pageant through an agent-forwarding mechanism. In other words, an adversary may already have enough signature information to compromise a victim's private key, even if there is no further use of vulnerable PuTTY versions. After a key compromise, an adversary may be able to conduct supply-chain attacks on software maintained in Git. A second, independent scenario is that the adversary is an operator of an SSH server to which the victim authenticates (for remote login or file copy), even though this server is not fully trusted by the victim, and the victim uses the same private key for SSH connections to other services operated by other entities. Here, the rogue server operator (who would otherwise have no way to determine the victim's private key) can derive the victim's private key, and then use it for unauthorized access to those other services. If the other services include Git services, then again it may be possible to conduct supply-chain attacks on software maintained in Git. This also affects, for example, FileZilla before 3.67.0, WinSCP before 6.3.3, TortoiseGit before 2.15.0.1, and TortoiseSVN through 1.14.6." + }, + { + "lang": "es", + "value": "En PuTTY 0.68 a 0.80 antes de 0.81, la generaci\u00f3n nonce ECDSA sesgada permite a un atacante recuperar la clave secreta NIST P-521 de un usuario mediante un ataque r\u00e1pido en aproximadamente 60 firmas. Esto es especialmente importante en un escenario en el que un adversario puede leer mensajes firmados por PuTTY o Pageant. El conjunto requerido de mensajes firmados puede ser legible p\u00fablicamente porque est\u00e1n almacenados en un servicio p\u00fablico Git que admite el uso de SSH para la firma de confirmaci\u00f3n, y Pageant realiz\u00f3 las firmas a trav\u00e9s de un mecanismo de reenv\u00edo de agentes. En otras palabras, es posible que un adversario ya tenga suficiente informaci\u00f3n de firma para comprometer la clave privada de una v\u00edctima, incluso si no se utilizan m\u00e1s versiones vulnerables de PuTTY. Despu\u00e9s de un compromiso clave, un adversario puede realizar ataques a la cadena de suministro del software mantenido en Git. Un segundo escenario independiente es que el adversario sea un operador de un servidor SSH en el que la v\u00edctima se autentica (para inicio de sesi\u00f3n remoto o copia de archivos), aunque la v\u00edctima no conf\u00ede plenamente en este servidor y la v\u00edctima utilice la misma clave privada. para conexiones SSH a otros servicios operados por otras entidades. Aqu\u00ed, el operador del servidor fraudulento (que de otro modo no tendr\u00eda forma de determinar la clave privada de la v\u00edctima) puede obtener la clave privada de la v\u00edctima y luego usarla para acceder no autorizado a esos otros servicios. Si los otros servicios incluyen servicios Git, nuevamente es posible realizar ataques a la cadena de suministro del software mantenido en Git. Esto tambi\u00e9n afecta, por ejemplo, a FileZilla anterior a 3.67.0, WinSCP anterior a 6.3.3, TortoiseGit anterior a 2.15.0.1 y TortoiseSVN hasta 1.14.6." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-316xx/CVE-2024-31634.json b/CVE-2024/CVE-2024-316xx/CVE-2024-31634.json index 1caeb43939c..7b0fe610265 100644 --- a/CVE-2024/CVE-2024-316xx/CVE-2024-31634.json +++ b/CVE-2024/CVE-2024-316xx/CVE-2024-31634.json @@ -2,12 +2,16 @@ "id": "CVE-2024-31634", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-16T04:15:08.463", - "lastModified": "2024-04-16T04:15:08.463", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in Xunruicms versions 4.6.3 and before, allows remote attacker to execute arbitrary code via the Security.php file in the catalog \\XunRuiCMS\\dayrui\\Fcms\\Library." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) en Xunruicms versiones 4.6.3 y anteriores, permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del archivo Security.php en el cat\u00e1logo \\XunRuiCMS\\dayrui\\Fcms\\Library." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-316xx/CVE-2024-31648.json b/CVE-2024/CVE-2024-316xx/CVE-2024-31648.json index 9a9cc5eed9a..0d4a5623577 100644 --- a/CVE-2024/CVE-2024-316xx/CVE-2024-31648.json +++ b/CVE-2024/CVE-2024-316xx/CVE-2024-31648.json @@ -2,12 +2,16 @@ "id": "CVE-2024-31648", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T21:15:07.503", - "lastModified": "2024-04-15T21:15:07.503", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2." + }, + { + "lang": "es", + "value": "Cross Site Scripting (XSS) en Insurance Management System v1.0, permite a atacantes remotos ejecutar scripts web o HTML arbitrario a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Nombre de categor\u00eda en /core/new_category2." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-316xx/CVE-2024-31649.json b/CVE-2024/CVE-2024-316xx/CVE-2024-31649.json index fbbb2cdcb11..256c2a99d0a 100644 --- a/CVE-2024/CVE-2024-316xx/CVE-2024-31649.json +++ b/CVE-2024/CVE-2024-316xx/CVE-2024-31649.json @@ -2,12 +2,16 @@ "id": "CVE-2024-31649", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T21:15:07.547", - "lastModified": "2024-04-15T21:15:07.547", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter." + }, + { + "lang": "es", + "value": "Cross-site scripting (XSS) en Cosmetics and Beauty Product Online Store v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrario a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Nombre del producto." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-316xx/CVE-2024-31650.json b/CVE-2024/CVE-2024-316xx/CVE-2024-31650.json index 56f90f6e95c..7e331aa3d03 100644 --- a/CVE-2024/CVE-2024-316xx/CVE-2024-31650.json +++ b/CVE-2024/CVE-2024-316xx/CVE-2024-31650.json @@ -2,12 +2,16 @@ "id": "CVE-2024-31650", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T21:15:07.593", - "lastModified": "2024-04-15T21:15:07.593", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter." + }, + { + "lang": "es", + "value": "Cross-site scripting (XSS) en Cosmetics and Beauty Product Online Store v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrario a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Apellido." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-316xx/CVE-2024-31651.json b/CVE-2024/CVE-2024-316xx/CVE-2024-31651.json index 9464da1d1bb..90b1474c7c2 100644 --- a/CVE-2024/CVE-2024-316xx/CVE-2024-31651.json +++ b/CVE-2024/CVE-2024-316xx/CVE-2024-31651.json @@ -2,12 +2,16 @@ "id": "CVE-2024-31651", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T22:15:09.023", - "lastModified": "2024-04-15T22:15:09.023", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter." + }, + { + "lang": "es", + "value": "Cross-site scripting (XSS) en Cosmetics and Beauty Product Online Store v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Nombre." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-316xx/CVE-2024-31652.json b/CVE-2024/CVE-2024-316xx/CVE-2024-31652.json index 11acbd65eaf..0657b36d7db 100644 --- a/CVE-2024/CVE-2024-316xx/CVE-2024-31652.json +++ b/CVE-2024/CVE-2024-316xx/CVE-2024-31652.json @@ -2,12 +2,16 @@ "id": "CVE-2024-31652", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T21:15:07.637", - "lastModified": "2024-04-15T21:15:07.637", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter." + }, + { + "lang": "es", + "value": "Cross-site scripting (XSS) en Cosmetics and Beauty Product Online Store v1.0 permite a los atacantes ejecutar scripts web o HTML arbitrario a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro de b\u00fasqueda." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-317xx/CVE-2024-31783.json b/CVE-2024/CVE-2024-317xx/CVE-2024-31783.json index 790541365cb..360c34fc850 100644 --- a/CVE-2024/CVE-2024-317xx/CVE-2024-31783.json +++ b/CVE-2024/CVE-2024-317xx/CVE-2024-31783.json @@ -2,12 +2,16 @@ "id": "CVE-2024-31783", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-16T04:15:09.140", - "lastModified": "2024-04-16T04:15:09.140", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross Site Scripting (XSS) vulnerability in Typora v.1.6.7 and before, allows a local attacker to obtain sensitive information via a crafted script during markdown file creation." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Scripting (XSS) en Typora v.1.6.7 y anteriores permite a un atacante local obtener informaci\u00f3n confidencial a trav\u00e9s de una secuencia de comandos manipulada durante la creaci\u00f3n del archivo de rebajas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-317xx/CVE-2024-31784.json b/CVE-2024/CVE-2024-317xx/CVE-2024-31784.json index ae9247affb0..a29b1eceaee 100644 --- a/CVE-2024/CVE-2024-317xx/CVE-2024-31784.json +++ b/CVE-2024/CVE-2024-317xx/CVE-2024-31784.json @@ -2,12 +2,16 @@ "id": "CVE-2024-31784", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-16T04:15:09.200", - "lastModified": "2024-04-16T04:15:09.200", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information and execute arbitrary code via a crafted payload to the src component." + }, + { + "lang": "es", + "value": "Un problema en Typora v.1.8.10 y anteriores permite a un atacante local obtener informaci\u00f3n confidencial y ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado para el componente src." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-319xx/CVE-2024-31990.json b/CVE-2024/CVE-2024-319xx/CVE-2024-31990.json index 6c50ab0c28a..3d3bf7852fe 100644 --- a/CVE-2024/CVE-2024-319xx/CVE-2024-31990.json +++ b/CVE-2024/CVE-2024-319xx/CVE-2024-31990.json @@ -2,12 +2,16 @@ "id": "CVE-2024-31990", "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-15T20:15:11.127", - "lastModified": "2024-04-15T20:15:11.127", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.\n" + }, + { + "lang": "es", + "value": "Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. El servidor API no aplica los espacios de nombres de origen del proyecto, lo que permite a los atacantes usar la interfaz de usuario para editar recursos que solo deber\u00edan poder modificarse a trav\u00e9s de gitops. Esta vulnerabilidad se corrigi\u00f3 en 2.10.7, 2.9.12 y 2.8.16." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json index 1ebbe0d3337..9fdaf03394d 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json @@ -2,12 +2,12 @@ "id": "CVE-2024-3135", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-01T19:15:46.257", - "lastModified": "2024-04-02T12:50:42.233", + "lastModified": "2024-04-16T12:15:10.367", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "The web server lacked CSRF tokens allowing an attacker to host malicious JavaScript on a host that when visited by a LocalAI user, could allow the attacker to fill disk space to deny service or abuse credits." + "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the mudler/localai application, allowing attackers to craft malicious webpages that, when visited by a victim, perform unauthorized actions on the victim's local LocalAI instance without their consent. This vulnerability enables attackers to exhaust system resources, consume credits, and fill disk space by making numerous resource-intensive API calls, such as generating images or uploading files. The vulnerability stems from the application's acceptance of simple request content-types without requiring CSRF tokens or implementing other CSRF mitigation measures. Successful exploitation does not require network access to the vulnerable LocalAI environment." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-320xx/CVE-2024-32035.json b/CVE-2024/CVE-2024-320xx/CVE-2024-32035.json index 121db773e96..2a6165c4d6a 100644 --- a/CVE-2024/CVE-2024-320xx/CVE-2024-32035.json +++ b/CVE-2024/CVE-2024-320xx/CVE-2024-32035.json @@ -2,12 +2,16 @@ "id": "CVE-2024-32035", "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-15T20:15:11.323", - "lastModified": "2024-04-15T20:15:11.323", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8." + }, + { + "lang": "es", + "value": "ImageSharp es una API de gr\u00e1ficos 2D. Una vulnerabilidad descubierta en la librer\u00eda ImageSharp, donde el procesamiento de archivos especialmente manipulados puede provocar un uso excesivo de memoria en los decodificadores de im\u00e1genes. La vulnerabilidad se activa cuando ImageSharp intenta procesar archivos de imagen manipulados para explotar esta falla. Esta falla puede explotarse para provocar una denegaci\u00f3n de servicio (DoS) al agotar la memoria del proceso, afectando as\u00ed a las aplicaciones y servicios que dependen de ImageSharp para las tareas de procesamiento de im\u00e1genes. Se recomienda a los usuarios y administradores que actualicen a la \u00faltima versi\u00f3n de ImageSharp que solucione esta vulnerabilidad para mitigar el riesgo de explotaci\u00f3n. El problema se solucion\u00f3 en v3.1.4 y v2.1.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-320xx/CVE-2024-32036.json b/CVE-2024/CVE-2024-320xx/CVE-2024-32036.json index a71e7e60836..99765eb3531 100644 --- a/CVE-2024/CVE-2024-320xx/CVE-2024-32036.json +++ b/CVE-2024/CVE-2024-320xx/CVE-2024-32036.json @@ -2,12 +2,16 @@ "id": "CVE-2024-32036", "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-15T20:15:11.543", - "lastModified": "2024-04-15T20:15:11.543", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to ImageSharp for conversion, potentially leading to information disclosure. The problem has been patched in v3.1.4 and v2.1.8." + }, + { + "lang": "es", + "value": "ImageSharp es una API de gr\u00e1ficos 2D. Se encontr\u00f3 una falla de heap-use-after-free en los decodificadores JPEG y TGA de ImageSharp. Esta vulnerabilidad se activa cuando un atacante pasa un archivo de imagen JPEG o TGA especialmente manipulado a ImageSharp para su conversi\u00f3n, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n. El problema se solucion\u00f3 en v3.1.4 y v2.1.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-325xx/CVE-2024-32557.json b/CVE-2024/CVE-2024-325xx/CVE-2024-32557.json index 18c9dae0da8..acc856d5a8c 100644 --- a/CVE-2024/CVE-2024-325xx/CVE-2024-32557.json +++ b/CVE-2024/CVE-2024-325xx/CVE-2024-32557.json @@ -2,12 +2,16 @@ "id": "CVE-2024-32557", "sourceIdentifier": "audit@patchstack.com", "published": "2024-04-16T07:15:12.030", - "lastModified": "2024-04-16T07:15:12.030", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9.2.\n\n" + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en Exclusive Addons Exclusive Addons Elementor permite almacenar XSS. Este problema afecta a Elementor de complementos exclusivos: desde n/a hasta 2.6.9.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32625.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32625.json index 261b635a807..914b8cdf60b 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32625.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32625.json @@ -2,12 +2,16 @@ "id": "CVE-2024-32625", "sourceIdentifier": "68630edc-a58c-4cbd-9b01-0e130455c8ae", "published": "2024-04-16T09:15:07.167", - "lastModified": "2024-04-16T09:15:07.167", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In OffloadAMRWriter, a scalar field is not initialized so will contain an arbitrary value left over from earlier computations" + }, + { + "lang": "es", + "value": "En OffloadAMRWriter, un campo escalar no se inicializa, por lo que contendr\u00e1 un valor arbitrario sobrante de c\u00e1lculos anteriores." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32631.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32631.json index d80f251d1e1..b3b0768a9fb 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32631.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32631.json @@ -2,12 +2,16 @@ "id": "CVE-2024-32631", "sourceIdentifier": "68630edc-a58c-4cbd-9b01-0e130455c8ae", "published": "2024-04-16T09:15:07.900", - "lastModified": "2024-04-16T09:15:07.900", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Out-of-Bounds read in ciCCIOTOPT in ASR180X will cause incorrect computations." + }, + { + "lang": "es", + "value": "Los l\u00edmites le\u00eddos en ciCCIOTOPT en ASR180X provocar\u00e1n c\u00e1lculos incorrectos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32632.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32632.json index 86220c6f3d7..b740d7463a9 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32632.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32632.json @@ -2,12 +2,16 @@ "id": "CVE-2024-32632", "sourceIdentifier": "68630edc-a58c-4cbd-9b01-0e130455c8ae", "published": "2024-04-16T09:15:08.080", - "lastModified": "2024-04-16T09:15:08.080", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A value in ATCMD will be misinterpreted by printf, causing incorrect output and possibly out-of-bounds memory access" + }, + { + "lang": "es", + "value": "Printf malinterpretar\u00e1 un valor en ATCMD, lo que provocar\u00e1 una salida incorrecta y posiblemente un acceso a la memoria fuera de los l\u00edmites." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32633.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32633.json index bcddf3874c9..5107c49de65 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32633.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32633.json @@ -2,12 +2,16 @@ "id": "CVE-2024-32633", "sourceIdentifier": "68630edc-a58c-4cbd-9b01-0e130455c8ae", "published": "2024-04-16T09:15:08.260", - "lastModified": "2024-04-16T09:15:08.260", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An unsigned value can never be negative, so eMMC full disk test will always evaluate the same way." + }, + { + "lang": "es", + "value": "Un valor sin signo nunca puede ser negativo, por lo que la prueba de disco completo de eMMC siempre se evaluar\u00e1 de la misma manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-326xx/CVE-2024-32634.json b/CVE-2024/CVE-2024-326xx/CVE-2024-32634.json index 04f50cd53cb..2394c8efb79 100644 --- a/CVE-2024/CVE-2024-326xx/CVE-2024-32634.json +++ b/CVE-2024/CVE-2024-326xx/CVE-2024-32634.json @@ -2,12 +2,16 @@ "id": "CVE-2024-32634", "sourceIdentifier": "68630edc-a58c-4cbd-9b01-0e130455c8ae", "published": "2024-04-16T09:15:08.460", - "lastModified": "2024-04-16T09:15:08.460", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In huge memory get unmapped area check, code can never be reached because of a logical contradiction. " + }, + { + "lang": "es", + "value": "En una memoria enorme, se verifica el \u00e1rea no asignada, nunca se puede acceder al c\u00f3digo debido a una contradicci\u00f3n l\u00f3gica." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3243.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3243.json new file mode 100644 index 00000000000..429e0746d66 --- /dev/null +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3243.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-3243", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-16T13:15:11.400", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the send_test_email() function in all versions up to, and including, 5.46.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary test emails." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L506", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3069811/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e80e63-f4f7-44cc-ae29-72e7847d7448?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3271.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3271.json index 48497e9f717..9abda4f37aa 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3271.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3271.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3271", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:12.017", - "lastModified": "2024-04-16T00:15:12.017", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A command injection vulnerability exists in the run-llama/llama_index repository, specifically within the safe_eval function. Attackers can bypass the intended security mechanism, which checks for the presence of underscores in code generated by LLM, to execute arbitrary code. This is achieved by crafting input that does not contain an underscore but still results in the execution of OS commands. The vulnerability allows for remote code execution (RCE) on the server hosting the application." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos en el repositorio run-llama/llama_index, espec\u00edficamente dentro de la funci\u00f3n safe_eval. Los atacantes pueden eludir el mecanismo de seguridad previsto, que comprueba la presencia de guiones bajos en el c\u00f3digo generado por LLM, para ejecutar c\u00f3digo arbitrario. Esto se logra elaborando entradas que no contienen guiones bajos pero que aun as\u00ed dan como resultado la ejecuci\u00f3n de comandos del sistema operativo. La vulnerabilidad permite la ejecuci\u00f3n remota de c\u00f3digo (RCE) en el servidor que aloja la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json new file mode 100644 index 00000000000..ed70357bcf6 --- /dev/null +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3367.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-3367", + "sourceIdentifier": "security@checkmk.com", + "published": "2024-04-16T12:15:10.463", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Argument injection in websphere_mq agent plugin in Checkmk 2.0.0, 2.1.0, <2.2.0p25 and <2.3.0b5 allows local attacker to inject one argument to runmqsc" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@checkmk.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-349" + } + ] + } + ], + "references": [ + { + "url": "https://checkmk.com/werk/16615", + "source": "security@checkmk.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-34xx/CVE-2024-3493.json b/CVE-2024/CVE-2024-34xx/CVE-2024-3493.json index 55ed551d1d1..454b8b90df9 100644 --- a/CVE-2024/CVE-2024-34xx/CVE-2024-3493.json +++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3493.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3493", "sourceIdentifier": "PSIRT@rockwellautomation.com", "published": "2024-04-15T22:15:09.073", - "lastModified": "2024-04-15T22:15:09.073", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "\nA specific malformed fragmented packet type (fragmented packets may be generated automatically by devices that send large amounts of data) can cause a major nonrecoverable fault (MNRF) Rockwell Automation's ControlLogix 5580, Guard Logix\u00a05580,\u00a0CompactLogix 5380,\u00a0and 1756-EN4TR. If exploited, the affected product will become unavailable and require a manual restart to recover it. Additionally, an MNRF could result in a loss of view and/or control of connected devices. \n\n" + }, + { + "lang": "es", + "value": "Un tipo de paquete fragmentado con formato incorrecto espec\u00edfico (los dispositivos que env\u00edan grandes cantidades de datos pueden generar paquetes fragmentados autom\u00e1ticamente) puede causar una falla mayor no recuperable (MNRF) en ControlLogix 5580, Guard Logix 5580, CompactLogix 5380 y 1756-EN4TR de Rockwell Automation. Si se explota, el producto afectado dejar\u00e1 de estar disponible y requerir\u00e1 un reinicio manual para recuperarlo. Adem\u00e1s, un MNRF podr\u00eda provocar una p\u00e9rdida de visi\u00f3n y/o control de los dispositivos conectados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3571.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3571.json index 91161e2e2f0..619cc574329 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3571.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3571.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3571", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:12.203", - "lastModified": "2024-04-16T00:15:12.203", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "langchain-ai/langchain is vulnerable to path traversal due to improper limitation of a pathname to a restricted directory ('Path Traversal') in its LocalFileStore functionality. An attacker can leverage this vulnerability to read or write files anywhere on the filesystem, potentially leading to information disclosure or remote code execution. The issue lies in the handling of file paths in the mset and mget methods, where user-supplied input is not adequately sanitized, allowing directory traversal sequences to reach unintended directories." + }, + { + "lang": "es", + "value": "langchain-ai/langchain es vulnerable al path traversal debido a una limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido (\"Path Traversal\") en su funcionalidad LocalFileStore. Un atacante puede aprovechar esta vulnerabilidad para leer o escribir archivos en cualquier parte del sistema de archivos, lo que podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n o la ejecuci\u00f3n remota de c\u00f3digo. El problema radica en el manejo de las rutas de los archivos en los m\u00e9todos mset y mget, donde la entrada proporcionada por el usuario no se sanitiza adecuadamente, lo que permite que las secuencias de directory traversal lleguen a directorios no deseados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3572.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3572.json index ea2807ee4b1..4f82d6c7c4b 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3572.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3572.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3572", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:12.387", - "lastModified": "2024-04-16T00:15:12.387", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The scrapy/scrapy project is vulnerable to XML External Entity (XXE) attacks due to the use of lxml.etree.fromstring for parsing untrusted XML data without proper validation. This vulnerability allows attackers to perform denial of service attacks, access local files, generate network connections, or circumvent firewalls by submitting specially crafted XML data. " + }, + { + "lang": "es", + "value": "El proyecto scrapy/scrapy es vulnerable a ataques de entidades externas XML (XXE) debido al uso de lxml.etree.fromstring para analizar datos XML que no son de confianza sin la validaci\u00f3n adecuada. Esta vulnerabilidad permite a los atacantes realizar ataques de denegaci\u00f3n de servicio, acceder a archivos locales, generar conexiones de red o eludir firewalls enviando datos XML especialmente manipulados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3573.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3573.json index 82287edbb54..99223b33d47 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3573.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3573.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3573", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:12.570", - "lastModified": "2024-04-16T00:15:12.570", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowing attackers to bypass checks and read arbitrary files on the system. The issue arises from the 'is_local_uri' function's failure to properly handle URIs with empty or 'file' schemes, leading to the misclassification of URIs as non-local. Attackers can exploit this by crafting malicious model versions with specially crafted 'source' parameters, enabling the reading of sensitive files within at least two directory levels from the server's root." + }, + { + "lang": "es", + "value": "mlflow/mlflow es vulnerable a la inclusi\u00f3n de archivos locales (LFI) debido a un an\u00e1lisis inadecuado de los URI, lo que permite a los atacantes eludir las comprobaciones y leer archivos arbitrarios en el sistema. El problema surge de la falla de la funci\u00f3n 'is_local_uri' para manejar adecuadamente los URI con esquemas vac\u00edos o de 'archivo', lo que lleva a la clasificaci\u00f3n err\u00f3nea de los URI como no locales. Los atacantes pueden aprovechar esto creando versiones de modelos maliciosos con par\u00e1metros de \"fuente\" especialmente manipulados, lo que permite la lectura de archivos confidenciales dentro de al menos dos niveles de directorio desde la ra\u00edz del servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3574.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3574.json index a8a503c92e5..ee41e6c9dbd 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3574.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3574.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3574", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:12.750", - "lastModified": "2024-04-16T00:15:12.750", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In scrapy version 2.10.1, an issue was identified where the Authorization header, containing credentials for server authentication, is leaked to a third-party site during a cross-domain redirect. This vulnerability arises from the failure to remove the Authorization header when redirecting across domains. The exposure of the Authorization header to unauthorized actors could potentially allow for account hijacking." + }, + { + "lang": "es", + "value": "En la versi\u00f3n 2.10.1 de scrapy, se identific\u00f3 un problema por el cual el encabezado de Autorizaci\u00f3n, que contiene las credenciales para la autenticaci\u00f3n del servidor, se filtra a un sitio de terceros durante una redirecci\u00f3n entre dominios. Esta vulnerabilidad surge de no eliminar el encabezado de Autorizaci\u00f3n al redireccionar entre dominios. La exposici\u00f3n del encabezado de Autorizaci\u00f3n a actores no autorizados podr\u00eda permitir el secuestro de cuentas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3575.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3575.json index f6ea1642b15..b7fd75e983e 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3575.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3575.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3575", "sourceIdentifier": "security@huntr.dev", "published": "2024-04-16T00:15:12.930", - "lastModified": "2024-04-16T00:15:12.930", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Cross-site Scripting (XSS) - Stored in mindsdb/mindsdb" + }, + { + "lang": "es", + "value": "Cross-Site Scripting (XSS): almacenado en mindsdb/mindsdb" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3672.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3672.json new file mode 100644 index 00000000000..8757966e313 --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3672.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3672", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-16T13:15:11.573", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The BA Book Everything plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'all-items' shortcode in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping on user supplied attributes such as 'classes'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3070808%40ba-book-everything&new=3070808%40ba-book-everything&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b0ce06d3-491e-4565-8b26-f33937aee3e8?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-38xx/CVE-2024-3803.json b/CVE-2024/CVE-2024-38xx/CVE-2024-3803.json index a9f63573000..8dfaf200074 100644 --- a/CVE-2024/CVE-2024-38xx/CVE-2024-3803.json +++ b/CVE-2024/CVE-2024-38xx/CVE-2024-3803.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3803", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-15T19:15:10.000", - "lastModified": "2024-04-15T19:15:10.000", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Vesystem Cloud Desktop up to 20240408. This vulnerability affects unknown code of the file /Public/webuploader/0.1.5/server/fileupload.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad fue encontrada en Vesystem Cloud Desktop hasta 20240408 y clasificada como cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del archivo /Public/webuploader/0.1.5/server/fileupload.php. La manipulaci\u00f3n del archivo de argumentos conduce a una carga sin restricciones. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-260776. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-38xx/CVE-2024-3804.json b/CVE-2024/CVE-2024-38xx/CVE-2024-3804.json index 51ced257bf5..3aefb560376 100644 --- a/CVE-2024/CVE-2024-38xx/CVE-2024-3804.json +++ b/CVE-2024/CVE-2024-38xx/CVE-2024-3804.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3804", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-15T20:15:11.750", - "lastModified": "2024-04-15T20:15:11.750", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Una vulnerabilidad clasificada como cr\u00edtica ha sido encontrada en Vesystem Cloud Desktop hasta 20240408. Este problema afecta a un procesamiento desconocido del archivo /Public/webuploader/0.1.5/server/fileupload2.php. La manipulaci\u00f3n del archivo de argumentos conduce a una carga sin restricciones. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-260777. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-38xx/CVE-2024-3867.json b/CVE-2024/CVE-2024-38xx/CVE-2024-3867.json index dfe2db0f437..5422094ea3e 100644 --- a/CVE-2024/CVE-2024-38xx/CVE-2024-3867.json +++ b/CVE-2024/CVE-2024-38xx/CVE-2024-3867.json @@ -2,8 +2,8 @@ "id": "CVE-2024-3867", "sourceIdentifier": "security@wordfence.com", "published": "2024-04-16T10:15:08.163", - "lastModified": "2024-04-16T10:15:08.163", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-38xx/CVE-2024-3869.json b/CVE-2024/CVE-2024-38xx/CVE-2024-3869.json new file mode 100644 index 00000000000..67ac8882736 --- /dev/null +++ b/CVE-2024/CVE-2024-38xx/CVE-2024-3869.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-3869", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-16T13:15:11.737", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", + "descriptions": [ + { + "lang": "en", + "value": "The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommerce_json_search_coupons' function . This makes it possible for attackers with subscriber level access to view coupon codes." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php#L470", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3069811/customer-reviews-woocommerce/trunk/includes/settings/class-cr-settings-review-discount.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/881e8096-e75f-49a7-87ed-c230e93ea378?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-38xx/CVE-2024-3871.json b/CVE-2024/CVE-2024-38xx/CVE-2024-3871.json index 1749ae61505..7a64166bd49 100644 --- a/CVE-2024/CVE-2024-38xx/CVE-2024-3871.json +++ b/CVE-2024/CVE-2024-38xx/CVE-2024-3871.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3871", "sourceIdentifier": "research@onekey.com", "published": "2024-04-16T09:15:08.630", - "lastModified": "2024-04-16T09:15:08.630", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements two features\u00a0(access control lists management, WPS pin setup) that are affected by command injections and stack overflows vulnerabilities.\nSuccessful exploitation of these flaws would allow remote authenticated attackers to gain remote command execution with\u00a0elevated privileges on the affected devices.\n\nThis issue affects DVW-W02W2-E2 through version 2.5.2.\n\n" + }, + { + "lang": "es", + "value": "Los dispositivos Delta Electronics DVW-W02W2-E2 exponen una interfaz de administraci\u00f3n web a los usuarios. Esta interfaz implementa dos funciones (administraci\u00f3n de listas de control de acceso, configuraci\u00f3n de pines WPS) que se ven afectadas por inyecciones de comandos y vulnerabilidades de desbordamiento de pila. La explotaci\u00f3n exitosa de estas fallas permitir\u00eda a atacantes autenticados remotamente obtener la ejecuci\u00f3n remota de comandos con privilegios elevados en los dispositivos afectados. Este problema afecta a DVW-W02W2-E2 hasta la versi\u00f3n 2.5.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-38xx/CVE-2024-3872.json b/CVE-2024/CVE-2024-38xx/CVE-2024-3872.json index 2c48cb434cb..5cb77a6d883 100644 --- a/CVE-2024/CVE-2024-38xx/CVE-2024-3872.json +++ b/CVE-2024/CVE-2024-38xx/CVE-2024-3872.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3872", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-04-16T09:15:08.817", - "lastModified": "2024-04-16T09:15:08.817", - "vulnStatus": "Received", + "lastModified": "2024-04-16T13:24:07.103", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Mattermost Mobile app versions 2.13.0 and earlier use a regular expression with polynomial complexity to parse certain deeplinks, which allows an unauthenticated remote attacker to freeze or crash the app via a long maliciously crafted link.\n\n" + }, + { + "lang": "es", + "value": "Las versiones 2.13.0 y anteriores de la aplicaci\u00f3n Mattermost Mobile utilizan una expresi\u00f3n regular con complejidad polin\u00f3mica para analizar ciertos enlaces profundos, lo que permite a un atacante remoto no autenticado congelar o bloquear la aplicaci\u00f3n a trav\u00e9s de un enlace largo creado con fines malintencionados." } ], "metrics": { diff --git a/README.md b/README.md index 661d2200bd3..da5f79a71fc 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-16T12:00:37.616877+00:00 +2024-04-16T14:00:39.549011+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-16T10:15:08.163000+00:00 +2024-04-16T13:24:07.103000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -245689 +245694 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `5` -- [CVE-2024-1357](CVE-2024/CVE-2024-13xx/CVE-2024-1357.json) (`2024-04-16T10:15:07.273`) -- [CVE-2024-3867](CVE-2024/CVE-2024-38xx/CVE-2024-3867.json) (`2024-04-16T10:15:08.163`) +- [CVE-2024-3067](CVE-2024/CVE-2024-30xx/CVE-2024-3067.json) (`2024-04-16T13:15:11.230`) +- [CVE-2024-3243](CVE-2024/CVE-2024-32xx/CVE-2024-3243.json) (`2024-04-16T13:15:11.400`) +- [CVE-2024-3367](CVE-2024/CVE-2024-33xx/CVE-2024-3367.json) (`2024-04-16T12:15:10.463`) +- [CVE-2024-3672](CVE-2024/CVE-2024-36xx/CVE-2024-3672.json) (`2024-04-16T13:15:11.573`) +- [CVE-2024-3869](CVE-2024/CVE-2024-38xx/CVE-2024-3869.json) (`2024-04-16T13:15:11.737`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `87` -- [CVE-2024-28834](CVE-2024/CVE-2024-288xx/CVE-2024-28834.json) (`2024-04-16T10:15:08.023`) +- [CVE-2024-31651](CVE-2024/CVE-2024-316xx/CVE-2024-31651.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-31652](CVE-2024/CVE-2024-316xx/CVE-2024-31652.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-31783](CVE-2024/CVE-2024-317xx/CVE-2024-31783.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-31784](CVE-2024/CVE-2024-317xx/CVE-2024-31784.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-31990](CVE-2024/CVE-2024-319xx/CVE-2024-31990.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-32035](CVE-2024/CVE-2024-320xx/CVE-2024-32035.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-32036](CVE-2024/CVE-2024-320xx/CVE-2024-32036.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-32557](CVE-2024/CVE-2024-325xx/CVE-2024-32557.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-32625](CVE-2024/CVE-2024-326xx/CVE-2024-32625.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-32631](CVE-2024/CVE-2024-326xx/CVE-2024-32631.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-32632](CVE-2024/CVE-2024-326xx/CVE-2024-32632.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-32633](CVE-2024/CVE-2024-326xx/CVE-2024-32633.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-32634](CVE-2024/CVE-2024-326xx/CVE-2024-32634.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3271](CVE-2024/CVE-2024-32xx/CVE-2024-3271.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3493](CVE-2024/CVE-2024-34xx/CVE-2024-3493.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3571](CVE-2024/CVE-2024-35xx/CVE-2024-3571.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3572](CVE-2024/CVE-2024-35xx/CVE-2024-3572.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3573](CVE-2024/CVE-2024-35xx/CVE-2024-3573.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3574](CVE-2024/CVE-2024-35xx/CVE-2024-3574.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3575](CVE-2024/CVE-2024-35xx/CVE-2024-3575.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3803](CVE-2024/CVE-2024-38xx/CVE-2024-3803.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3804](CVE-2024/CVE-2024-38xx/CVE-2024-3804.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3867](CVE-2024/CVE-2024-38xx/CVE-2024-3867.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3871](CVE-2024/CVE-2024-38xx/CVE-2024-3871.json) (`2024-04-16T13:24:07.103`) +- [CVE-2024-3872](CVE-2024/CVE-2024-38xx/CVE-2024-3872.json) (`2024-04-16T13:24:07.103`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 1ce8e94286b..af9ec3460ce 100644 --- a/_state.csv +++ b/_state.csv @@ -153263,9 +153263,9 @@ CVE-2020-22524,0,0,d223c918a9e40f02c98fa96a7c1227e50448daabfb47b51bb99a61ba75d19 CVE-2020-2253,0,0,9e7a975dfb632d671244bc460a0f18fa733410dc7c7cc49ddd16ac3918e30941,2023-10-25T18:16:39.320000 CVE-2020-22533,0,0,c0df4453440eceb8364f05129759f1dd36960011b6db513ee7c8c3190e1ad9e5,2023-04-10T19:17:46.887000 CVE-2020-22535,0,0,b136010f4871055238df5e297192a1f29d418cc573899fc383cd46da663a725d,2021-07-13T18:58:42.140000 -CVE-2020-22539,0,0,be76647cc8c84a0fc0596b0e20318b9e59570cd3119736a319a9a59dc2267326,2024-04-15T22:15:07.620000 +CVE-2020-22539,0,1,2680998952c9f04298ab9361aee13d635719761435f659dd04e3f02eef1bf3f0,2024-04-16T13:24:07.103000 CVE-2020-2254,0,0,1050f9f4fea9d4094af3458e14b0d0bc3fe4101cc3ec4b0ccbf561c5b1735d35,2023-10-25T18:16:39.377000 -CVE-2020-22540,0,0,40392e183b4637d63850d14d35083cda3e7353dc519fbc81e49acbbb7b1be193,2024-04-15T23:15:06.730000 +CVE-2020-22540,0,1,1677dc8594ae96dd80073b3a3c3d044cb3685c170c7479cc3ab79a7bf8bfb3fe,2024-04-16T13:24:07.103000 CVE-2020-2255,0,0,b0f5d0b2c67f81d4bbaabca28feaecb4a54966dce1e91f650f211cd1611e877c,2023-10-25T18:16:39.430000 CVE-2020-22550,0,0,2f0dfdef9c3de0287094b7070c5b626bb5590a3c10a3adb7f67ddab2ea97e573,2021-01-06T20:18:38.987000 CVE-2020-22552,0,0,a9d02e01746f298f35c1914e9eab118a371e84f62ba213e194a41f96c8287369,2024-02-14T01:17:43.863000 @@ -224271,7 +224271,7 @@ CVE-2023-33799,0,0,305cd11e82407e2f1418594c912c51575ced497a8d726d0116c463448bcfd CVE-2023-3380,0,0,09eb100a7535a76c1c42c61f8811933306ce601f0a1f109a4d7524a88fe8d40a,2024-04-11T01:21:09.573000 CVE-2023-33800,0,0,a5ab1b33268aa3f3ad82ea9ce8a47dd6283c4edb8a31e8eec446c8d42c7259ed,2024-02-02T13:54:55.517000 CVE-2023-33802,0,0,d991e125c81c3c6955766a3a1ec05d945fde44c022637cfee43e882cf26c16bd,2023-08-01T20:51:21.320000 -CVE-2023-33806,0,0,8ce7a797661fed2636e67c035b9666a9950876e75c9e5d537c33b3bb03230b05,2024-04-15T23:15:06.837000 +CVE-2023-33806,0,1,e015196f1fdfc0af72f8382466acd711eec84d36bb1851487ccea34c87bae00a,2024-04-16T13:24:07.103000 CVE-2023-3381,0,0,2f7c206f10d9c2981f7574302382ea3929835c02c5df65d92de04adab1f9b54b,2024-04-11T01:21:09.670000 CVE-2023-33817,0,0,092d281565dcdaad14414ae45eebee5d28e27224f7701e924566c603397c3e01,2023-06-17T03:12:09.227000 CVE-2023-3382,0,0,529d2715bd649c1c308143b28b8144512df6fe3b7bab2e177bcde37bfb640e26,2024-04-11T01:21:09.760000 @@ -231940,7 +231940,7 @@ CVE-2023-4549,0,0,b164d449c6b81a3ba54bde28f0ec7071af2fdcf217bea524f7877136e980fc CVE-2023-45498,0,0,9fbea6578e0361be6c913fd33d87683bc8a582dc6b0a40c1eeaf22c1f0c54536,2023-12-21T15:15:08.843000 CVE-2023-45499,0,0,4c6e1c9276308156f5b73e70c61b8b53efa5eb1fb4dd49f0564fe499bfa4ecfa,2023-12-21T15:15:08.953000 CVE-2023-4550,0,0,2558ec86a68b1e966b280fd5689de5b0e0dec885828a33b7c99ef2b68fefebe4,2024-02-05T18:30:53.983000 -CVE-2023-45503,0,0,436702f218110a4ecce9a2951479ce70dc0157a4809da9f1716138be0192df26,2024-04-15T20:15:10.777000 +CVE-2023-45503,0,1,4df40562aee2aa65fceb2b00069d8a31cd7d2431617cb2e58cec300c608abac9,2024-04-16T13:24:07.103000 CVE-2023-4551,0,0,bc996734c23bb18ec96cde93f9df4175d62275280a68c371db2ca9a4582785c5,2024-02-05T22:02:02.550000 CVE-2023-45510,0,0,06fbbdc3ed25dd49181b4327c102ec5156dcee2f99d26874dac1fc542b46a9d9,2023-10-18T13:00:07.247000 CVE-2023-45511,0,0,40ff41c6d703d21f217daded71ce4617b7f20d1c3608cafd7b090832d8a74981,2023-10-18T12:59:41.747000 @@ -237238,7 +237238,7 @@ CVE-2023-6034,0,0,09c321c8120ec1a33e5dcc10b54ef8bb1787bc881466a10031781146c8b31f CVE-2023-6035,0,0,239e061af4707986f4101697bf3cb409215d9a36ae84324505bfb96e1d5fb1db,2023-12-13T17:26:18.047000 CVE-2023-6036,0,0,377d1951c712c44402e0fb4a4d3bf0b5dc6e021ccc04a9002babfefc0b3d43f9,2024-02-12T17:31:21.670000 CVE-2023-6037,0,0,9ad67aeb9ce80222dd0e1c0dda89b29a9b700cafc97e94472829da8bfe1775a6,2024-01-08T15:06:29.210000 -CVE-2023-6038,0,0,3c92b5b1816084b47a1d42042b52a4cbf2480e30b74b558fd1656e6b5e174dd8,2024-02-08T10:15:10.703000 +CVE-2023-6038,0,1,3b2e7c0ee82b5b76f2800397f8eafd4e505a4dff525a1418c91b64a879bf4775,2024-04-16T12:15:08.780000 CVE-2023-6039,0,0,b215edb2a36ba791315cad08416e505994ddd28bde33357245442ca89eb29a3c,2023-11-16T17:59:48.420000 CVE-2023-6040,0,0,58594f6bf20a9f3224d49065ab088edc1e703fab7ec15836e864cb0482668345,2024-02-08T16:15:46.600000 CVE-2023-6042,0,0,875c2be9809d61d15b7e95eaa15e65feced880e3c081ed58decdf5ccf4455443,2024-01-11T19:57:29.590000 @@ -237675,7 +237675,7 @@ CVE-2023-6564,0,0,c826562542a8a23a07bd1ef5a48ee0e001d214874c7d38cd57b8bb73919126 CVE-2023-6565,0,0,7b5b2b86351ad0fc8a6adc1c9eb2b8930d362aa41bb35a754ac3a501666ba9f9,2024-02-29T13:49:47.277000 CVE-2023-6566,0,0,12b1a3550020f6348cc6c6f999927af391bd2cf553bcd8f1029608dbe3f8afd4,2023-12-12T15:54:28.520000 CVE-2023-6567,0,0,c4ab1076a2bcd783e14522f9d2f7372b479fd870320c43a1887fbb3ce346e041,2024-01-17T18:46:59.213000 -CVE-2023-6568,0,0,35b32d9784792b646685563427df978818e6e6e67afb580e23295360349c30b1,2023-12-09T04:51:50.623000 +CVE-2023-6568,0,1,934ce8273d4133a0b446a41d3323bb11ce5ddd41f83ef69e898f2673eb3cdcbf,2024-04-16T12:15:08.957000 CVE-2023-6569,0,0,62450388d512c008ae936c8eff95e10efe40e7e5b03345b7c2897c9350cbcb20,2023-12-18T20:14:18.327000 CVE-2023-6570,0,0,b00a0a828373b329ff13c1081435ce9a784e88312c4836aaead8d62f13900266,2023-12-18T20:13:39.747000 CVE-2023-6571,0,0,2971c4d2df818f02c3c10c0bc2d28d16e444f4c8b2d97bf16dbde3b66f239008,2023-12-18T20:12:18.817000 @@ -238494,7 +238494,7 @@ CVE-2024-0399,0,0,f9efd00d0c28d2f5fd7844014ccf20e6de83c83ab3d0467105e159f94efa80 CVE-2024-0400,0,0,18035b4484267a537c15645ebee53285fc55ae5559f980b5f9795ec2795f24dd,2024-03-27T12:29:30.307000 CVE-2024-0402,0,0,2fe1b596353be20e61cfde75d3fd6588203ea2d19b7c21e2ce1c5a9ecc57cc90,2024-01-31T18:34:47.867000 CVE-2024-0403,0,0,ba0983060e2034b216b25cd26ed2bb024a7850bc1fcd95abc9a090d5040f7805,2024-03-01T14:04:26.010000 -CVE-2024-0404,0,0,439e6573cc8ef187b7ac5beef096226d13bb0014030952d16a024d248f13c71b,2024-04-16T00:15:07.387000 +CVE-2024-0404,0,1,f66e4aae55250898f4ea41fe8e33c7b9d8158214afcab6aefc212b1ddf85c6ae,2024-04-16T13:24:07.103000 CVE-2024-0405,0,0,efdadcc35fc4ed87224ff4e930a96f9ee86e8b4ccb1a79f084616e91b90070e3,2024-01-24T17:23:09.773000 CVE-2024-0406,0,0,4de5d4ab88b41346d6a48c20921cbb8ae5c4852e44406dfa1d2b986bdcdbe033,2024-04-08T18:48:40.217000 CVE-2024-0407,0,0,f3bc2895be8ea5b6951b82e45fc670b2af282e8da3ab8846004c7a5f8a8e92ad,2024-02-22T19:07:37.840000 @@ -238626,7 +238626,7 @@ CVE-2024-0545,0,0,33f9c06bf07e44e4b274747ed2f9c0a5862da94624965e6aedfe68f1264dd6 CVE-2024-0546,0,0,c0fce79f04249df091783752857079bce441eed36bda246ec025e0166b9f98fa,2024-04-11T01:24:02.513000 CVE-2024-0547,0,0,62b9962e2236cea9a69c6737ec876e1173f6c43092fdf3150278c5a410b519d5,2024-04-11T01:24:02.603000 CVE-2024-0548,0,0,89f142f7b0201ff3d0f6f67de9991d28a4332c556639fc5105a3d076d50a693e,2024-04-11T01:24:02.697000 -CVE-2024-0549,0,0,eb221ac1f40a885841c2b7d570084214a25f859c805069981ab353178d6cdbf3,2024-04-16T00:15:07.603000 +CVE-2024-0549,0,1,488f5582d963dac043702fa5017f9c33f84ef6603e836b233edcf553f66f0309,2024-04-16T13:24:07.103000 CVE-2024-0550,0,0,8d977de657073865c788c3a2c5f9e4e3f64456f8b73b63da114e244f4c4b442e,2024-02-28T14:06:45.783000 CVE-2024-0551,0,0,2b91cbbed6a2082f9e57a9fec5e442f0a040393a6b881ae515635ac2821da912,2024-02-27T14:19:41.650000 CVE-2024-0552,0,0,cb39895c5b0e747125001c9ad52f066ef8fb141fe496b45dac067f5c5920590c,2024-01-23T19:34:05.483000 @@ -238844,7 +238844,7 @@ CVE-2024-0794,0,0,36986248b7c9d8425e7fabba0d9325944fe0eea86bc965d5055adaa302764b CVE-2024-0795,0,0,f976ab88704d78f6d7f1dd53910b66051a926108f5a3a57a9054259d669d3e7f,2024-03-04T13:58:23.447000 CVE-2024-0796,0,0,117654d8458e901616b5dcc51586c0e623b4d624a6f0f01cf88de01da401d097,2024-02-13T19:40:50.223000 CVE-2024-0797,0,0,009aa845f9ae5bde1b4c5995aa015349e7f6ec6f8f0f63bfb450e718f9300e52,2024-02-13T19:40:35.397000 -CVE-2024-0798,0,0,ba23652ce73c9b8c244a7681efb184c4b56b5235b10f3fd8e342e4d0ca961b20,2024-02-26T16:32:25.577000 +CVE-2024-0798,0,1,3380dadd215e54305a2e2c3afbeebf75c115fdd510e021bcd2ef9ec04691ed7a,2024-04-16T12:15:09.113000 CVE-2024-0799,0,0,565bc32cefccc7b54c8a2a9ae87b575853af295d8bcf02c26770d29b4f9124c3,2024-03-14T12:52:21.763000 CVE-2024-0800,0,0,d01951efcbc246e656d94cfc618f67e25f655df800a6a24c24ab44bafa9ef9ed,2024-03-14T12:52:21.763000 CVE-2024-0801,0,0,a89dd8886cf81b019461340c433bdec2c4bcb02d2b385117b1316445faec54f0,2024-03-14T12:52:21.763000 @@ -239119,7 +239119,7 @@ CVE-2024-1128,0,0,a231b73c645395e365defb40ca5d41741520485dac9e62df464e6e1705f68d CVE-2024-1129,0,0,efcf801aad96aab23ddf4c5c1c7fe067759cd524a5f540fb4b3132cd808f2d93,2024-02-29T13:49:29.390000 CVE-2024-1130,0,0,19b9a2e3e227bc6e3d85f9dd98bd15cfd41c18a2ee1bc79c328385d5148fea32,2024-02-29T13:49:29.390000 CVE-2024-1133,0,0,85f4bf6d861639f9431d20ab28a51d2af9f3a3ecb32590788260710816d3a125,2024-02-29T13:49:29.390000 -CVE-2024-1135,0,0,73baee14d2364dcf13b5e638d837e4806053f270015f5601fa2de00fb4bab507,2024-04-16T00:15:07.797000 +CVE-2024-1135,0,1,c3a236c5c6957ecdd6613fef5a4b8da5800083256e79cbf6170c74e433eeb19d,2024-04-16T13:24:07.103000 CVE-2024-1136,0,0,609070256c4defa988e1113275bf8273fe15f50574e00ed3dcfde13143e471cc,2024-02-28T14:06:45.783000 CVE-2024-1137,0,0,9f8c1cf74ca4778ab709faeea998997368a7f042480977a7d6535f2dd892d7f7,2024-03-13T12:33:51.697000 CVE-2024-1138,0,0,0bb26866b03e9dd351d8284004467140fe2cfdfbd72af071fda864e5a2dc9e58,2024-03-13T12:33:51.697000 @@ -239156,7 +239156,7 @@ CVE-2024-1178,0,0,1d79d2baf0c52babf00a18f14ce6291cb7fba70afba005e5722ced55b2d8af CVE-2024-1179,0,0,021c629d3779737b7d82b050f297fa166d2dce17da45eec990d84ef3164da439,2024-04-02T12:50:42.233000 CVE-2024-1180,0,0,67cc918e7b225376383a234e7a182443eae07c7dc034d299d9771cc94c55c9b6,2024-04-03T17:24:18.150000 CVE-2024-1181,0,0,3878a855f0577e7ef140d59905a2ce6431a946183d23ae64dcb6feffc50f80bc,2024-03-20T13:00:16.367000 -CVE-2024-1183,0,0,73bb0a4075dc21e9373580e3baa50353b5bacace9ae7c3e40b48dfde4b4c87bf,2024-04-16T00:15:07.990000 +CVE-2024-1183,0,1,ad3d5dd53b834e77fe27d619baf926c439310129c1f2f0d669e6120516ae79a3,2024-04-16T13:24:07.103000 CVE-2024-1184,0,0,bbff1860a1cea45a3ec3908345b659da42115cd6d1e536731f804f61974d7041,2024-04-11T01:24:21.490000 CVE-2024-1185,0,0,551d47d9e7032d4f38d79a26340f74929b3ea08873a82e6bc73a68b1426c3039,2024-04-11T01:24:21.583000 CVE-2024-1186,0,0,1e79be3a06e02687b9a0270f7cd0412b0705cde36613d995bd562cb61d2c4c35,2024-04-11T01:24:21.673000 @@ -239301,7 +239301,7 @@ CVE-2024-1353,0,0,7dc4bcc56a6ab6ae775b6111486ce2b2e99fc200a3863d36a2e31e24dc0d9d CVE-2024-1354,0,0,7e9a958865e30c89765260c45d4ae133e4c586a23883dff6b33b804192a001d2,2024-03-05T20:22:24.573000 CVE-2024-1355,0,0,dd36a54ac939524c987827d5cb09797409e1063b770f9d9a2dc86b1a7287f5d9,2024-03-05T20:22:38.100000 CVE-2024-1356,0,0,006a2f6dfff4352ae3ba24ba5214951c5372a0a8f840d4bddd3e210bc6737588,2024-03-06T15:18:08.093000 -CVE-2024-1357,1,1,86f2546c172a1b4712de16d6bc09f84c806aac6ebb777c328d0bc0178aedd701,2024-04-16T10:15:07.273000 +CVE-2024-1357,0,1,3e719d1386b68f74bac78fded4c12eb6113d801d07a6b01c6c13cbf093a4f755,2024-04-16T13:24:07.103000 CVE-2024-1358,0,0,59bf1dc2789a9e992220be1d0127dfa83d08d3077a1ea92d6417d6450ac5f1b5,2024-03-13T18:16:18.563000 CVE-2024-1359,0,0,709fa5d5f426354abf236525051c41916ab3da3c1737b61ccd8944f2befceb44,2024-03-05T20:22:49.650000 CVE-2024-1360,0,0,c38d2c5ac11d100cefb5af1387d1e4e25b28335fbaa6d0c6e411837b2ffbcd64,2024-02-23T16:14:43.447000 @@ -239333,7 +239333,7 @@ CVE-2024-1390,0,0,71eb0c49e1915160a890c9df4d2040fa529dd6e699ca4bdcf3f6829a9c0e60 CVE-2024-1391,0,0,95159e2513e9127a66f6050cbc2679326245e87281e8aee9653919649cc97f74,2024-03-13T18:15:58.530000 CVE-2024-1392,0,0,0948736f211221c32ddb432668205bccae67223b950d877ef11c76bff68a1c8f,2024-03-13T18:15:58.530000 CVE-2024-1393,0,0,d7662d0cf4655f5dc37cac1727274e85c0d695350e85be99fa06d400366cbddc,2024-03-13T18:15:58.530000 -CVE-2024-1394,0,0,c68208d74597e19128044b736591fb2dc574b6dece99332bc5e66fbe3be1f584,2024-04-03T18:15:07.140000 +CVE-2024-1394,0,1,102fd054825a768b48f933ef2790bac150f3c02b22828aec0d8482aa6febfad5,2024-04-16T13:15:11.050000 CVE-2024-1397,0,0,e6d8c9c2beca75d3fdc5f918cb423cf21913a9c807f46126d5b49c29c7bd60f0,2024-03-13T12:33:51.697000 CVE-2024-1398,0,0,2b28153468f4d42956e25c3f4649f2a8573b6a6d707501b23def6a1cde88644b,2024-03-04T13:58:23.447000 CVE-2024-1400,0,0,295a10f36c3e13d694d09cafc6872c0c48f9e2b4c87da0889327ecdac7abe4ac,2024-03-12T12:40:13.500000 @@ -239381,8 +239381,8 @@ CVE-2024-1451,0,0,3f6435be1eda5f484a72686d969060594b556ef09b071072e8b2c55917874d CVE-2024-1452,0,0,51f181c1ce7f414dcbc42b69c76b53c13d660e1251c29566016e6272acef67be,2024-03-13T18:15:58.530000 CVE-2024-1453,0,0,f2c87bd71819898e18766c6a4daf73ab310fc7d532ef66c70b02c381b9ef54a2,2024-03-01T22:22:25.913000 CVE-2024-1454,0,0,cc63bfc078899c3bc2d22b3e00f458fc4bbbae1bbb587edc98f331b0cecc8681,2024-03-23T03:15:10.633000 -CVE-2024-1455,0,0,e991b0f975ced8cb78d5000d363daf3daaec18408e94acd68eacb2c7bf82f408,2024-03-26T17:09:53.043000 -CVE-2024-1456,0,0,7bddac365efd790a5b9fe476d06d2e9de8007be3eaa75a385594a14fe7f409e1,2024-04-16T00:15:08.170000 +CVE-2024-1455,0,1,0cc1f392b2a40d222ec254a15a7a8b6be4cc158e28f516e4971bbabc928a97d1,2024-04-16T12:15:09.230000 +CVE-2024-1456,0,1,ca8952b3ad6c75e50b669eb8146d70b62e9e386218c1d37b9382cb8c97a3ed29,2024-04-16T13:24:07.103000 CVE-2024-1458,0,0,66bdbc91195a55d9296ac1ceb5474c75aed0d73b189c6e7e68fdb9d572621be2,2024-04-10T13:24:00.070000 CVE-2024-1459,0,0,11d2cc6cb4f85209b5f6836b3ad08354090d0f8d1b51c2b33235c6338b29d8d2,2024-02-27T16:55:31.430000 CVE-2024-1460,0,0,72a696faff0084769a753b7a612492bd21b36a83db7299f8f95b0e781bb3b173,2024-03-07T13:52:27.110000 @@ -239405,7 +239405,7 @@ CVE-2024-1478,0,0,54fc4d2d1af2d772e45f440cc01a56a5078a7b4f242f25febd2c561b4b9b40 CVE-2024-1479,0,0,75eecf66dbf69c578ea2f09e6e564cdf3b04311a1ae51ea49bee3724800fe960,2024-03-13T18:15:58.530000 CVE-2024-1481,0,0,9be0fdcf57b38b07a109c4217cf66bb00129c047018ee84a1da402a4636338fe,2024-04-11T12:47:44.137000 CVE-2024-1482,0,0,61f1933d97f430ea5062371f54d100c6fb03c771024804bcdad5092bc2efbfc7,2024-02-15T06:23:39.303000 -CVE-2024-1483,0,0,44a751ab8a94a0653ee686651ca7a0f4453bf3bad2d8b09fbe0aacce0ee1401d,2024-04-16T00:15:08.353000 +CVE-2024-1483,0,1,1ba808cb1c0d1fdcf5723092c3904b20d4561fdb7083f3ee67b919f5196c5851,2024-04-16T13:24:07.103000 CVE-2024-1484,0,0,2816ffb064ebf87ebca44e6afd6928df4e130e61997f3bc50802157887bafe8f,2024-03-13T18:15:58.530000 CVE-2024-1485,0,0,b9f4145834ee9d538c2d6e8caecb301f8f2dde5a282a13e80f59671c5263bb0b,2024-02-22T01:15:07.980000 CVE-2024-1487,0,0,4babefa588849ee1245b3617562779aff5a83c140fe8b2bbb7875eaeb547f015,2024-03-12T12:40:13.500000 @@ -239434,7 +239434,7 @@ CVE-2024-1516,0,0,50bb822e8d066ea0a8046784c688ecc5177d77cc865bfce700f2cb9134b0d3 CVE-2024-1519,0,0,2349ac13c4eb6bd10a6dccd0fba3669f2785336517a8d1bbbacf8acdcdfa897c,2024-02-29T13:49:29.390000 CVE-2024-1520,0,0,55b303c658ed91ec92ac05246c838f410f74ac6f2e73a8130c99a143059d51f6,2024-04-10T19:49:51.183000 CVE-2024-1521,0,0,e31c834264512a69616436064a77ed46807a9b0fc5577151a1db5822b2ee5d08,2024-03-27T12:29:30.307000 -CVE-2024-1522,0,0,8bfca5f3c162d40561c1f9b92ce67330399ab9d09eefc219fd8bb388cf123792,2024-04-02T19:15:46.807000 +CVE-2024-1522,0,1,a27d665d9d54d9d12889d0cc8afc3193356026c444e99a0634c6b5d7b1e5fe98,2024-04-16T12:15:09.357000 CVE-2024-1523,0,0,f116f5c7229d6f0f04f439ad6a3d52c1533e55121c04642056dacb383b9d25ea,2024-02-15T06:23:39.303000 CVE-2024-1525,0,0,fff84c6c726ad730b73a3bd54bd21496a1cae79f6fe36efed68cabad049a1519,2024-03-04T20:14:59.457000 CVE-2024-1526,0,0,e7277f6a626a70309be39464e736abf323cd708de19be296a41d0d995c79568a,2024-04-01T12:49:00.877000 @@ -239449,7 +239449,7 @@ CVE-2024-1535,0,0,7255c6be1810dbc4afc4f45b728bb55298341e3ab85edaac0e9655847ba8a9 CVE-2024-1536,0,0,669060e163f370fedfd4948dc9fa8a5a7395533214e9effc17742d4b9f37486d,2024-03-13T18:15:58.530000 CVE-2024-1537,0,0,e42dd97dd13243b673b7a4811cb279b7a17feafe285181593a671121725592ac,2024-03-13T18:15:58.530000 CVE-2024-1538,0,0,cf3ce67e434b13978c8bf540e7bb85a1883a5fe5fc43fe6c0a1fc1bece799fbd,2024-03-21T12:58:51.093000 -CVE-2024-1540,0,0,8d119c057a437c8c6cf75b8e69a38137f19f3281d59b9e1008cf42936259433b,2024-03-27T17:48:21.140000 +CVE-2024-1540,0,1,a3aaa35027b9408ea06e252eab2b07dd71b4824232b3154240c966d9370a41c1,2024-04-16T12:15:09.617000 CVE-2024-1541,0,0,cbf61d6d2d603b9a5f919a51455f88dc204f81e18c4458b01b90633217c9f6ff,2024-03-13T18:15:58.530000 CVE-2024-1546,0,0,d87548555f4c8992ddc193a435b01cbf450a34c4725a832074955ddd5326558a,2024-03-04T09:15:37.650000 CVE-2024-1547,0,0,fc3de1ace81ccfdd8fbde9e6a6951be522c10c940115407bd01fd7d037e7d770,2024-03-04T09:15:37.740000 @@ -239463,16 +239463,16 @@ CVE-2024-1554,0,0,51bcfe751807d4d6410c368832472cf124bf37d471c5f88b9700c04d2ab988 CVE-2024-1555,0,0,f57fb9b43dcfd8583a3f6ef3f3a5a22a459a3b84d27b7a22ae41177b23a4786f,2024-02-20T19:50:53.960000 CVE-2024-1556,0,0,0c19373f62fcf273cb065e3fb8af3a2d083630b67d0fb722c29a886678bc0791,2024-02-20T19:50:53.960000 CVE-2024-1557,0,0,978ef608c552159752f59e69dd64676670cae08244ade28eed0956281b92bf42,2024-02-20T19:50:53.960000 -CVE-2024-1558,0,0,22655d4ebdc7452b6f4d74be9e3a39b435319fca9ec42811a8a3874908ccc237,2024-04-16T00:15:08.533000 +CVE-2024-1558,0,1,fb152d3b9db09dbbca2cd8328a3b02d84db95813593f18b1b26949f879e017cb,2024-04-16T13:24:07.103000 CVE-2024-1559,0,0,7267a9d4f0fdc8e6beebb6576542d2139b43547409ac8db00ae3f081eb5efbe3,2024-02-20T19:50:53.960000 -CVE-2024-1560,0,0,a66f695d48d85e5bf0b305dbfc7fdce078bbf9d0b2d67b2c924b8630eb9c78b7,2024-04-16T00:15:08.713000 -CVE-2024-1561,0,0,68db266d0d45d28d81ef8fdd233041f1085653ae003c691e13d9246f5f14770f,2024-04-16T00:15:08.887000 +CVE-2024-1560,0,1,271d2853e08df4f79fd1ff0202001d8d2c5f05b3c07f8a9720fa0c3ee07fd968,2024-04-16T13:24:07.103000 +CVE-2024-1561,0,1,2f50259b914307ebf5053f89eaeaccfd6164ff1f028fe1775ab6a050ce4dd020,2024-04-16T13:24:07.103000 CVE-2024-1562,0,0,19bad0af1c61f457a105e66f4eeb0fde8d2d444a29c6c496b32c177adc1d4546,2024-02-22T19:07:37.840000 CVE-2024-1563,0,0,ac871d8436144a6ee546ec0773b6ca1aaa07e76619d71421483fc96f836a0fc4,2024-02-22T19:07:27.197000 CVE-2024-1564,0,0,84875cf797fa64328b336ae33772e46886c72657e3c983b9d184a2a3d50ffd3e,2024-03-25T13:47:14.087000 CVE-2024-1566,0,0,bcb44d286e02234542f3c248bc98cc24bc3480b83f57b1e48ca76a36f687c2d5,2024-02-28T14:06:45.783000 CVE-2024-1568,0,0,7ab3f38998f0710d2dd36692efaa4d3f1b1bcb35035794e68e81071a3e18c01a,2024-02-28T14:06:45.783000 -CVE-2024-1569,0,0,93116bbd333a7bff2b3b16da608f656ed947be2366d8c1bcef2b3b203a0ec974,2024-04-16T00:15:09.060000 +CVE-2024-1569,0,1,4b71bedec4a1528fa42ec60009db4665ea96567ec249e5864edd831fa0bb983a,2024-04-16T13:24:07.103000 CVE-2024-1570,0,0,1629a1493afa93044df9f22af1e83d093e3e06db82a23b409138b92d94c2f5f4,2024-02-29T13:49:29.390000 CVE-2024-1571,0,0,b1806e0b2d46f5d2ef86ed95b11ec13eeefb63bf2736347df987f91692e6e418,2024-04-10T13:24:00.070000 CVE-2024-1580,0,0,4a10e63fa95d49470234e2661449f906487822e0aeb3a95c53a88e84627958f0,2024-03-27T18:15:09.063000 @@ -239485,13 +239485,13 @@ CVE-2024-1589,0,0,d7dcf36ad68703d9507d75fc584fbb1d9ba1bfd4c920be78263720d8b4274d CVE-2024-1590,0,0,8cf7a30592711c236a58c08f65bffca938f2cb5ec79513db7f6cedfa37d0bfed,2024-02-23T16:14:43.447000 CVE-2024-1591,0,0,5be9d5eb37b54abd94768ebbe67eba50cb17a1e413e20ea4b748010438d82a94,2024-02-16T19:26:55.393000 CVE-2024-1592,0,0,965346d0a7ca3e51ca977c4fd26f0e3560a08e1634c83ba1c6c4fb2880b00740,2024-03-04T13:58:23.447000 -CVE-2024-1593,0,0,b6f85eb6ba207a53fd0d5cd1aba0b3f642e8e0875553a8d8870bc83f9cc50036,2024-04-16T00:15:09.247000 -CVE-2024-1594,0,0,77082eaa04f7723cfa61f19feefd05a15c8d6c244f4203fcb3f0040b412cdd01,2024-04-16T00:15:09.417000 +CVE-2024-1593,0,1,5d762f901a5b7a13ebd19f4f0e91645438720f053707b63d3e7e21f508c31a71,2024-04-16T13:24:07.103000 +CVE-2024-1594,0,1,1d62f8d55fb3a974435872bb233738098cc7a319efe1e15acb72ee1c1daae795,2024-04-16T13:24:07.103000 CVE-2024-1595,0,0,0ac9aed2c4ed6b9e7bc181d6ab55412b8033a5bfcbc541a4a4b602392614e428,2024-03-01T14:04:26.010000 CVE-2024-1597,0,0,0f4f23ec46679606cdd437d4a5995239b95bc335fc96e4908f79b7360e8edf01,2024-03-25T16:42:20.787000 CVE-2024-1599,0,0,b311d4a0dc15f34db1bbc87ad8dd7c897ec570363d8bc742044c2c93d7c9f5bd,2024-04-10T19:49:51.183000 CVE-2024-1600,0,0,a1cf7c20c4c53ecd0ddc2601c3f6df39efaefde9047db784f0058d6905cd6130,2024-04-10T19:49:51.183000 -CVE-2024-1601,0,0,ef4b72e8b787b86ef58a53a2696c36de1655093cbc84f406751aeabd13f70023,2024-04-16T00:15:09.597000 +CVE-2024-1601,0,1,5de9e18b0c5a4daa146100818a9ac068a88d159e30320cca5c3c0caf368ddd5c,2024-04-16T13:24:07.103000 CVE-2024-1602,0,0,76aec42ffd2b96054ed086070f4eccb3306dfc781bb48ef20d91a6a2f0a7ff04,2024-04-10T19:49:51.183000 CVE-2024-1603,0,0,5d1338246e7eff570937017899def31d469c1473946b1d3e9d827eb4f9c8131e,2024-03-25T01:51:01.223000 CVE-2024-1604,0,0,5eb6bfa2b690cdc5042b3cd6683eec4697c9011ce1615c69d454ffb962b9e2b0,2024-03-18T12:38:25.490000 @@ -239504,7 +239504,7 @@ CVE-2024-1622,0,0,008d271b6bbf0be364def470530167dff53e33fd04b103e731aac594ad8fe3 CVE-2024-1623,0,0,74336518ba6901cae439374d392edb30e277a62b6b1e25aec45bf5853748bc8f,2024-03-14T14:21:20.217000 CVE-2024-1624,0,0,8ff2a979e4088239466c1acbb0cfaf042208e053724e13d43a230f06f51b582a,2024-03-01T22:22:25.913000 CVE-2024-1625,0,0,4ba907aa1a1dd27775e22d4cd9cce968dc8ac08df94b60ca185a9fb1ca383af5,2024-04-10T19:49:51.183000 -CVE-2024-1626,0,0,332dc4a088d957e5fb132716316a1014da4047080bdbac5240997e38a98b6fc5,2024-04-16T00:15:09.777000 +CVE-2024-1626,0,1,ac9b8b0903b9ae57f05771b26c6af5cbf4afe681a2d641916ada86a962fcf520,2024-04-16T13:24:07.103000 CVE-2024-1631,0,0,fc2893d5d84aff0551fae290d2fe3cfb3246f815cc3e85e7be8cb7a443e59ea9,2024-02-22T19:07:37.840000 CVE-2024-1632,0,0,6e1c47780d96ad6fcb59ec0ca790b51a445b7ba6bfe735fc687e801fa4e9fa24,2024-02-28T14:06:45.783000 CVE-2024-1633,0,0,38fdaaa081cb72684e8a3a7c24003a4981094738f4cb62580982692842e12368,2024-02-20T19:50:53.960000 @@ -239518,7 +239518,7 @@ CVE-2024-1642,0,0,b56fc714c74323ffc8268da7a782967b97e8e6de1f7a55688041114caad828 CVE-2024-1643,0,0,e3df219e8eb9506e92b2b6e4de208b2b263ce33723b442fcd24ff658bbde2969,2024-04-10T19:49:51.183000 CVE-2024-1644,0,0,258e0c2c60e2ead118c6bf409e3c4e6182303d86b8fb67135f0b03753d76fde4,2024-02-20T19:50:53.960000 CVE-2024-1645,0,0,2619adac1c0f0c116c53be4723992c1a8dff6295e94a2a44bd69bdc264974def,2024-03-12T12:40:13.500000 -CVE-2024-1646,0,0,fcf14df662a66bc201236e3213af61646c717ed445a81b90ad5b6f5c992ccdc2,2024-04-16T00:15:09.967000 +CVE-2024-1646,0,1,c8a39ee16645961a8adae7a71dc5d87620d08853f546af811210815ef8b164ad,2024-04-16T13:24:07.103000 CVE-2024-1647,0,0,54139a2a2a3a50db142faf8dcea4fe1dc96abdff85a01701062a380d090db1a3,2024-02-20T19:50:53.960000 CVE-2024-1648,0,0,df8581548207f098c521d901093d9d52c33a9f0520924af81b2273765446e0d5,2024-02-20T19:50:53.960000 CVE-2024-1649,0,0,cddd1d16a2fa649554e20977d58fb00396a226e17a846f01579d277dc429b938,2024-02-27T14:19:41.650000 @@ -239532,8 +239532,8 @@ CVE-2024-1658,0,0,bd2757c2314dc2f8bd52ce15b18a6ca41069d2e3f9ff401d7a725ad82b1db0 CVE-2024-1660,0,0,068c83f9afc694d855bcbb99610bd3ca5f918af7baf81b6ceb2a3be3520f6bf7,2024-04-15T13:15:31.997000 CVE-2024-1661,0,0,f312eb090520ffb66607a66e9775fcc14e047ccc64e730a5fbedaf4d2a07048e,2024-04-11T01:24:28.913000 CVE-2024-1664,0,0,c240cf09d136b8ae3766d60b95066ae5935a6052d7cd59ed400a537e65636ac2,2024-04-09T12:48:04.090000 -CVE-2024-1665,0,0,603b9e42ad1b0a632b020f1b56af88e5250fd5d01bea4bf02075c12a09c54181,2024-04-16T00:15:10.150000 -CVE-2024-1666,0,0,ba23db392ac56197d553a9ed1751e0dac79018485aab4c0214d1a3ad756b6cb7,2024-04-16T00:15:10.330000 +CVE-2024-1665,0,1,85850268afa8f45cb216640500e9f9bf4c397be3fcaf3ba3d1fb4051141bde34,2024-04-16T13:24:07.103000 +CVE-2024-1666,0,1,a40e8fc9293cfb1145d3e1e7f135accc0146030f08ee21589fc7baafb865977a,2024-04-16T13:24:07.103000 CVE-2024-1668,0,0,5ab0efbb5f521102a265a18c62e4efdda2d28d47a9245ca5f6f130ff2a6275be,2024-03-13T18:15:58.530000 CVE-2024-1669,0,0,3362eeabf5b6399fda046d3f728ab967509d79cc74a91c5ce260a94031135ec7,2024-02-26T16:27:52.577000 CVE-2024-1670,0,0,ae75c94f0b29c0a28e4a7c87bcbb408051ef24e0c713cce4805624b9b431840f,2024-02-26T16:27:52.643000 @@ -239575,15 +239575,15 @@ CVE-2024-1720,0,0,5a5ae92be6fac7e3fb5aac9fbad05927fd3add77d067fc4c0b5a11a75c8da7 CVE-2024-1722,0,0,44f76876458eb58496685e90ceedacd781a70fa58f68fffc91c47d3fb5ef0258,2024-02-29T13:49:29.390000 CVE-2024-1723,0,0,6ede5956ec1f8bc932d476f2c9a22da838daca98409da5821be1a9704022149c,2024-03-13T18:15:58.530000 CVE-2024-1725,0,0,d50733b72e0a7510fad89b9c9b7bf0d2638e14767cb02af892440874a7d9300e,2024-04-03T00:15:08.563000 -CVE-2024-1727,0,0,f4e653a98477d638f895ffe05e108bd41757e63f270b3b4944ff32c3013cd3b1,2024-03-22T12:45:36.130000 +CVE-2024-1727,0,1,a7ba950431c841d63e5eda97447121909cf0b94a0e0f2a68d97b3e6ce11f4afe,2024-04-16T12:15:09.843000 CVE-2024-1728,0,0,cc77f96c808327822a9f33d38543fe59887a1a70be257d5713ef1082e9fb55b5,2024-04-10T19:49:51.183000 -CVE-2024-1729,0,0,b3ca5508bfb083cdea896b92a09e828f2c1fd7bb0ef520936c76664f50b7ea2b,2024-03-29T12:45:02.937000 +CVE-2024-1729,0,1,e89faa43e2aac352951c59ebd22691fbb83ea1dce43d3c94d1423497ec4f419a,2024-04-16T12:15:09.930000 CVE-2024-1731,0,0,821cb90315cb9f4f7918b214fe3fccab28c34a154536cc83cdd6334afe7fa34e,2024-03-05T13:41:01.900000 CVE-2024-1732,0,0,8ef28be53d93676ca4adde749fa15f7be0c9b44418d87a27465d25f0d08763cf,2024-04-02T12:50:42.233000 CVE-2024-1733,0,0,0a3bd094d039e642acfbaf43d971fa4ffe129283e1d81d79ef06d054dffc1500,2024-03-17T22:38:29.433000 CVE-2024-1735,0,0,61e8c0e981cc6b9050dd9c2e339a7c68bcb1457c500d53fe6d2ab0fd7b1649e2,2024-02-26T16:32:25.577000 -CVE-2024-1738,0,0,f7d655e0f5cdeb0ef0277b5681963b7938f3a5275d7912fde242847e7671dc09,2024-04-16T00:15:10.510000 -CVE-2024-1739,0,0,ec4160f2ab3a1ac046b9865da4acd1148cb647b47c0532a99fd684a8d610863a,2024-04-16T00:15:10.697000 +CVE-2024-1738,0,1,97a7896d029e8acc1f9a8642f0ea5e5d8115e570437f011cdbbf9b3dceab6984,2024-04-16T13:24:07.103000 +CVE-2024-1739,0,1,398ce12115ac80cff2c91fe0aa06351d90b13a79f040c7b34d2ff3e71cc6590f,2024-04-16T13:24:07.103000 CVE-2024-1740,0,0,a4727f762c1d1efaf400e2db679e98eaa1364e84183339aff737ffb5d021d54f,2024-04-10T19:49:51.183000 CVE-2024-1741,0,0,8eb30dbe15b5283e03c33d39f75d76c5ac55db42f52c47f6ca39d280d36909ea,2024-04-15T18:15:09.937000 CVE-2024-1742,0,0,4fbf4a0c921fc3a958c91053411502e81c61e37a288f49d83ab6feab91ed6e07,2024-03-22T12:45:36.130000 @@ -239699,7 +239699,7 @@ CVE-2024-1887,0,0,c4ea1f30b4ee64401ec471c46007c0919b3d087c3cc77ec486ec75f252891a CVE-2024-1888,0,0,5c48c7ef8072bebc640799142c34dfeb37124cccb7d60f3f8c8d95bce0e2f85b,2024-02-29T13:49:29.390000 CVE-2024-1889,0,0,266d2715fa1a608706d6d5ec1f8a7bfcae214ce874200158676325862e799b25,2024-04-11T01:24:33.167000 CVE-2024-1890,0,0,d821e28303657343be278f464dff038e934f4ce7013e324636dd2062e1ff0b5d,2024-04-11T01:24:33.240000 -CVE-2024-1892,0,0,373f803d6e2c349da77bd96fbf4e63bc235b5171a737a3452c0ca1b5e8e1db5d,2024-02-28T14:06:45.783000 +CVE-2024-1892,0,1,496f86c779f360256e1e190fecff75b396ebefe831fecdca264ec166e984ab7e,2024-04-16T12:15:10.050000 CVE-2024-1893,0,0,678e936c89e4c4b6fa8874f1c864b24cc93a2715a395ba59ed61dfe9d57d4f11,2024-04-10T13:23:38.787000 CVE-2024-1894,0,0,9ac2447d78b1be48d8de07fcf9beac6b1c3a9f0af4ea5741b3b2d6e9b7f97eab,2024-03-13T18:15:58.530000 CVE-2024-1898,0,0,cd46da23aa9e689b946891d810a24293bd08f970fb7bfbbf6f19e3a7303f1ecd,2024-03-06T15:18:08.093000 @@ -239751,7 +239751,7 @@ CVE-2024-1956,0,0,5d6f6903c59c264faff18a7d730514ef8c8f257378e253aea7524c9395e9f8 CVE-2024-1957,0,0,237438b4967582c4482af65f46317da6bc0de85528f1bd158496cca267c3ca9b,2024-04-15T13:15:31.997000 CVE-2024-1958,0,0,37958071a5e3626b0202aace46631ba6fa86579be41bc6a7a46ba3505e19759c,2024-04-08T18:48:40.217000 CVE-2024-1960,0,0,dfd1b0f1ac48f633451a81968052e172becf7727c212216325a77c712783473a,2024-04-10T13:23:38.787000 -CVE-2024-1961,0,0,d8f2da219d7ed0cfa583ece9610099bb9622ef8de9c00dfba3304afac7a01852,2024-04-16T00:15:10.867000 +CVE-2024-1961,0,1,1ad40dbb280787cbf7aa20e2a91cddc248067e17c5f59d7460567ef9bed4a35c,2024-04-16T13:24:07.103000 CVE-2024-1962,0,0,8c71ccd644902c0f670c27728543c4472e05aeb359cd7fb7b0615991cb743fd6,2024-03-25T13:47:14.087000 CVE-2024-1965,0,0,53b8948dc1992d8ed8a6fb1de9b8b2c61bce73181655f1de36932a04b4a837af,2024-02-28T14:06:45.783000 CVE-2024-1970,0,0,d3aea28e144f49dbf23817ed920457508211fde47410f2dc8402d51fca340e23,2024-04-11T01:24:34.623000 @@ -240103,7 +240103,7 @@ CVE-2024-20826,0,0,1a2a4e934c8514887386e35aae6b0ccf0aedae18d6fe83cfc4689cc1b2309 CVE-2024-20827,0,0,51a6042d70228977abf6297970536e644bedff0837e589a194444fc3f28f32fc,2024-02-13T21:01:49.557000 CVE-2024-20828,0,0,57b5867a2d09c01b884e4a60a990a25a3f1326aa7e15d51e828ec54b12809061,2024-02-13T21:04:29.373000 CVE-2024-20829,0,0,2339bc414f649bfe93b6713d49182c6543186577fe6544ef83e6012dd4b71b18,2024-03-05T13:41:01.900000 -CVE-2024-2083,0,0,e83e88dd3f3450714e5e71efca1bb905280e2a9c983d45ef2b50e1c337a61766,2024-04-16T00:15:11.057000 +CVE-2024-2083,0,1,cab9e6d6d90124eca56a49614da3c7a402f647392fc29471d7a994ed6d4c1b97,2024-04-16T13:24:07.103000 CVE-2024-20830,0,0,67dbbe24099e38dedc23b760eb68f6946af4eaa38fecf7216e25cfdab695dceb,2024-03-05T13:41:01.900000 CVE-2024-20831,0,0,902da394009b57004c02060db6b4346f1490148871bbed67a8fde3d5ba96a26f,2024-04-02T01:15:51.563000 CVE-2024-20832,0,0,4f705a024417fbb0b5f23831b8792ff2a03c2652a3c7f09ba92d476d529957ab,2024-04-02T01:15:51.670000 @@ -240674,7 +240674,7 @@ CVE-2024-22051,0,0,351db93d6ca76e0dc0a7975efc553f9724406030c8337d111a27ec7033241 CVE-2024-22052,0,0,0227f99d44e89893938b4544ca95dcc1c41e798d05744c94fdce48542d951019,2024-04-08T22:52:44.573000 CVE-2024-22053,0,0,8caa4e40ec88ec96bdfc5af942e0f8feb54eb37f45d5fc1c8cea6c8e5bc74f38,2024-04-08T22:53:03.443000 CVE-2024-22054,0,0,ea7f90611fdd0de53fc019330b39d133a7eda202c929c51b6ca495fd39ad0bf5,2024-03-04T02:15:16.820000 -CVE-2024-2206,0,0,d5a4112d81b12c296cee2d4a4427b7935f710f4d11684daab2b2fb84c48f6bc9,2024-03-27T12:29:30.307000 +CVE-2024-2206,0,1,89bb78f285eca92521ddf90479f409077fb3db3aa39188b40e35723bcbb7e9a7,2024-04-16T12:15:10.187000 CVE-2024-22075,0,0,e134c94ca50cfff14da7c6327f518dbd409e37e86810fc1b2a583012e3bdb9ef,2024-01-10T15:06:42.563000 CVE-2024-22076,0,0,07315b2e9c67887db1f24ee7d086d2a66716d3e4f66007058ad41d66ed9f1af5,2024-02-22T02:15:49.207000 CVE-2024-22077,0,0,c010b475c096f83047fe91548c8adb99de7b2e98732b452c87e82aaa319a4fd8,2024-03-20T13:00:16.367000 @@ -240816,7 +240816,7 @@ CVE-2024-22257,0,0,f92aa8bf394d8fd611f53add1392a351f03e12bf743f9f4955afd6cb96ba5 CVE-2024-22258,0,0,73834c066fffbf1ceac081ac0d8fd511b8fd9e870301a54667895cd45741a179,2024-03-20T13:00:16.367000 CVE-2024-22259,0,0,547e720795826cec4771fb96783f58d3e37f083da9aea1ec36ad1e3651ab2c72,2024-03-17T22:38:29.433000 CVE-2024-2226,0,0,ee8f1ca60db458688b285f09c24138ba2af43e7eda48e7abf64d7861f3a6fd0e,2024-04-10T13:23:38.787000 -CVE-2024-22262,0,0,3d5cc6ce69ae729bda5d36681da88e1e28c34fcc45e8d7b0f09642207f8137d9,2024-04-16T06:15:46.270000 +CVE-2024-22262,0,1,9e557bc78734cb2cf073f865dcae26aa42c53d7117f48641d9186f5ec0f03587,2024-04-16T13:24:07.103000 CVE-2024-2227,0,0,a04566641cf07b0256d6370713fe01392f720fcac34bba4d9533a8931d87226f,2024-03-22T19:02:10.300000 CVE-2024-2228,0,0,9da409d4c88fb5c41c04e34c5096b8810f55668a8720e19e0dcad976dea69ce5,2024-03-22T19:02:10.300000 CVE-2024-22282,0,0,53d62e993d25bddde67f64a9b7b05dfd45a21e7eb7c9bf0be8fb90ec2911d888,2024-02-06T16:55:19.983000 @@ -240991,7 +240991,7 @@ CVE-2024-22570,0,0,c41ee5b58f7f6a9dd8b89c3af365a9d60dc2b413d2b344b295ffdf6e10d67 CVE-2024-22591,0,0,f5c348c7153b233a9d90322c9527755bd871e66df7cc43f695b58dbe543197c9,2024-01-20T18:49:47.907000 CVE-2024-22592,0,0,f50afa29eb1912ea2c3e321f184317ab81adfed74c362dc96640e9870bb57ed4,2024-01-20T18:49:41.750000 CVE-2024-22593,0,0,993941354f61719e720764f4475d3b2e7a78eded6442ffaa6fe56e23dc421b8f,2024-01-20T18:49:24.957000 -CVE-2024-2260,0,0,ac39d36a6dba2645f4331aae09dfceabfefe0e18cbef2b39cf69650d81e1d4e5,2024-04-16T00:15:11.237000 +CVE-2024-2260,0,1,780fed16e716c2c36d16250cc6f44d73a361e413c8e89433dc6f71d79122c5fa,2024-04-16T13:24:07.103000 CVE-2024-22601,0,0,92ecea299ccef3b7cd4d91b41e992ed614a8d9984f7a4392cc8890904d00c311,2024-01-23T14:23:11.057000 CVE-2024-22603,0,0,4919aa7e5a59d3ee5df33db7d0969165de88de1745941bbbf66bc33f0421270c,2024-01-23T14:23:38.480000 CVE-2024-2261,0,0,c292e061fc6a0764495ba9495b5ee23da62e67d2c3ec4353f74385ff07320fae,2024-04-10T13:23:38.787000 @@ -241409,10 +241409,10 @@ CVE-2024-23540,0,0,5f2fc628eb81e8c82d87211152b074fc9fa203c38db7086bfb5e6e1436b13 CVE-2024-2355,0,0,f6c721310f82df9519580d017e8bf61029f8844a70bedd8de94b8b84e67d5aa4,2024-04-11T01:25:22.953000 CVE-2024-23550,0,0,233aa541fdda788f0e4e95c8a9a0a8f5d7fa7689dcd559af0cf5e5843a531076,2024-02-13T00:57:33.613000 CVE-2024-23553,0,0,51ea2d50cc1ff4dbab518de2a29e9ef6a91bd6b91073c23eb1a7f0cb7c8f1090,2024-02-10T00:59:00.423000 -CVE-2024-23558,0,0,f869a7d292ab38468ce7932a5db811e781a15046d6170d588830e080a830dd4f,2024-04-15T21:15:07.080000 +CVE-2024-23558,0,1,0e030b3ddee305097ecf13a5fc93f84821f79454ea82e12098abf6fd591f4cb5,2024-04-16T13:24:07.103000 CVE-2024-23559,0,0,4683f3bb73772af2753e857717965c2e56da3622758b2f87d6442aaa0d7f2c20,2024-04-15T19:15:09.577000 -CVE-2024-23560,0,0,1c1a349b51d987b4067e0f1bc880905166050ed006fb29270319ac3fa536dfaf,2024-04-15T20:15:10.873000 -CVE-2024-23561,0,0,12ebf45cba2cc1524ef425ca27c42e0c926fe5d84a8e459468bcfa4df8001589,2024-04-15T21:15:07.243000 +CVE-2024-23560,0,1,39262a3d1a015486541c11a9acaae3509226c69e322cbf4650c4cfad43009fa6,2024-04-16T13:24:07.103000 +CVE-2024-23561,0,1,a22fcf5dfd91b5d6ac506750080d833a3983c3c231b1230f7c5930b307faa639,2024-04-16T13:24:07.103000 CVE-2024-2357,0,0,2af3f167a5f07c033333870e1f5044e9ac66d1548287fd20eff05541e2132cfb,2024-03-23T03:15:12.690000 CVE-2024-23584,0,0,0a74df816091d3b0eb89fda75cd2dbdfa4a27fc3d1fc7171d6cfed2608adfd53,2024-04-11T01:24:48.327000 CVE-2024-23591,0,0,f4c08614f6a162f49ecc99f020c088036b0b565e06b57796e1304b45ae78e59d,2024-02-20T22:15:08.353000 @@ -241762,7 +241762,7 @@ CVE-2024-24215,0,0,d3883dc710155bd950a18903f8aa5eb2eda59d1e9725a4303b203ea7778b7 CVE-2024-24216,0,0,3c3e699d8ba3256f67c55852e9ef2e3011cfbebba9e6c02139e656f08115b8a1,2024-02-08T13:44:21.670000 CVE-2024-2423,0,0,5bfc4e68c37a4c14acd324fb416e78f1034dda3465a5e8e8246ae1e28c5e4cf2,2024-04-10T13:23:38.787000 CVE-2024-24230,0,0,ed6d69d70561399663ef8e2e33150b56625833d6257f46ca8936cf12e494e1dd,2024-03-18T12:38:25.490000 -CVE-2024-2424,0,0,66d6d338936b412b833a09b76243621016ac9d913bdad0c9b7d84ad02feb4bdc,2024-04-15T22:15:08.657000 +CVE-2024-2424,0,1,f5787c2c1b36f2b8e79f62711be84eff2a29f668df2a057935f974cd2f67d6d1,2024-04-16T13:24:07.103000 CVE-2024-24245,0,0,02b2177d08ffae0fccf9c4d152b876d37df4c8a7f2a57421ad045d08738c06c9,2024-04-10T13:23:38.787000 CVE-2024-24246,0,0,a359f80a084921532494c4fa2ff8f2a634ef8a2b8a955c0780fc32be13916cdd,2024-04-01T15:32:10.190000 CVE-2024-2425,0,0,42108437c542a39ceb0f679642e1b0ec6cc1a657618629f319596aa4231ada63,2024-03-26T12:55:05.010000 @@ -241849,9 +241849,9 @@ CVE-2024-24478,0,0,53029a1866c8e51d808df9d589ba1404dde1cb0fc62d65580f995dabd4d21 CVE-2024-24479,0,0,52efdcf053804e26cfbce3de5246d2c841d597da16631c3f6ad2a341bcbf2762,2024-04-11T01:24:52.037000 CVE-2024-2448,0,0,9e30ccfd39b87812540a13d959f2aae1c5a415e25ce2c2852e72d5c6bc3b6d43,2024-03-22T15:34:43.663000 CVE-2024-24482,0,0,d0c5de64fed42524f00b63fd5c9fd6582210b6f756383f7c85fd22e6463f36a5,2024-02-12T17:46:35.760000 -CVE-2024-24485,0,0,74351a107f9330b8b72eb7a683496e2a8b110d11d9b0708539ac4d503c299725,2024-04-15T19:15:09.740000 -CVE-2024-24486,0,0,5e276a642ac56653b3a57d5aee2078c5f5ce1b485da4e40310ce1f921b03ae98,2024-04-15T19:15:09.787000 -CVE-2024-24487,0,0,d1d8eeb066a92ad7e41b4832726ed49bc1e64ad94dcc160407abdd71365bbf6e,2024-04-15T19:15:09.830000 +CVE-2024-24485,0,1,c7e8c403d6357c5922b5d47216b7ffdcf22e376618ae35637f5f2b9e30ec0927,2024-04-16T13:24:07.103000 +CVE-2024-24486,0,1,d7ed2c16e5601f75e195b3cac3961ea438d1470aa390add1505048749d707e17,2024-04-16T13:24:07.103000 +CVE-2024-24487,0,1,c593a5b965cc3533ddc557cf6b0813e8b6c5f77c215684915b40c63fb601343f,2024-04-16T13:24:07.103000 CVE-2024-24488,0,0,1834d834c06b744231a786a072c029583b1651fcc4f266317ba3be41edb13e03,2024-02-15T02:23:45.887000 CVE-2024-2449,0,0,81af4b04300933867744fde84b6165c2710bb3d8c358245e7272e559a8ae0dec,2024-03-22T15:34:43.663000 CVE-2024-24494,0,0,81f8461d94de9e292cd8ff42a2c2a5da1fbe2233d78d68b156c60eaf9ab5a816,2024-02-09T01:37:59.330000 @@ -243564,7 +243564,7 @@ CVE-2024-27774,0,0,6fe31e2c0003d4fab016c3154c886020f7c2bef625382f41f7a60dc74c0ef CVE-2024-27775,0,0,a887ec832dbcf6f0b1b703ebc438ac1eb2747b129f8cfe7b452debf6096772bf,2024-03-28T16:07:30.893000 CVE-2024-2778,0,0,61e3128d6b5b99fe23ee2707a129462f95cc39b72990559c52734572277346a0,2024-04-11T01:25:36.240000 CVE-2024-2779,0,0,87241bb56fd5ec51155c8a533081609be6976509d34f81a170150bf1607d61a0,2024-04-11T01:25:36.323000 -CVE-2024-27794,0,0,bc7b31981d87909de8c249d8df46953e6c6ac2faf9538a597f97673580693530,2024-04-15T23:15:06.890000 +CVE-2024-27794,0,1,f83311c8ff012592a70730809fe5cac1d0e670b37674538bd8092c8ae8d69027,2024-04-16T13:24:07.103000 CVE-2024-2780,0,0,55ab4cb1b7288a4ba9af22773d37fdeb181752a65ee0f51476504ba2b669d700,2024-04-11T01:25:36.413000 CVE-2024-2781,0,0,7440c381afc245ac61500f5670c7b774787526dc48ee470e168c2fa8882d9975,2024-03-27T12:29:30.307000 CVE-2024-2783,0,0,5e3d9294a74b759ac7450c1cf79e73d07c944f71ed4c195d3306f256a09a6879,2024-04-10T13:23:38.787000 @@ -243909,9 +243909,9 @@ CVE-2024-2855,0,0,8260d982dfd24cfb14a9db4fa1ee76a66e0614a0ec6c48d9a7ac98a8fa444a CVE-2024-28550,0,0,5d0ad6d2082f07d56cf9652440be9e3f8e89ff952367d33e244f401dd8cf5df1,2024-03-18T19:40:00.173000 CVE-2024-28551,0,0,40072188bc078513c98fe36eadc61408f0edcb42335d89d71c256bffca8b5040,2024-03-27T12:29:30.307000 CVE-2024-28553,0,0,f74a5d2edd657e610cfc2b884ed1530d128afd106cc0a285c1f4868830f65cd2,2024-03-21T20:58:52.357000 -CVE-2024-28556,0,0,78e33f56477f145774fb527f7cef8c37efdad78e418f453292b5cae07364531a,2024-04-15T19:15:09.870000 -CVE-2024-28557,0,0,66656fa58021832be3134de7d55129a9d727344168dfdf2eaa1f34d7736bbfc5,2024-04-15T19:15:09.913000 -CVE-2024-28558,0,0,7b83a6d234cd7d987adefe571acbaa06b525c474d1220894addcc2994f63a48a,2024-04-15T19:15:09.957000 +CVE-2024-28556,0,1,029da341ae14e92abfb4c485ffb138fbfc54e57700e0fcdf8ee83f0fd4fd46dc,2024-04-16T13:24:07.103000 +CVE-2024-28557,0,1,c99317056e88c11c2e22bbb1cd9d424821ae7d16f3a12f097c6433bace1fd1cd,2024-04-16T13:24:07.103000 +CVE-2024-28558,0,1,42fcc68e970ec7953900aa21345c948b519133d0fec39b6a390e75bbfed3bf69,2024-04-16T13:24:07.103000 CVE-2024-28559,0,0,6f7249af13d3d458dea5181e480abd5d70401028fb6553338823fba575746002,2024-03-22T12:45:36.130000 CVE-2024-2856,0,0,cd0104a7ef74a65bcc6d3665277e6342e96b29a8bec44526788309db6945bdf6,2024-04-11T01:25:39.460000 CVE-2024-28560,0,0,73cbd87a5bcb29476004a8f71bcb58ba805b830f22d73a89125c2feb4312f2b7,2024-03-22T12:45:36.130000 @@ -244001,7 +244001,7 @@ CVE-2024-28816,0,0,4b9f923b99f4095b32672af0003c81bae1f3b3136774827600fae7accfedc CVE-2024-28823,0,0,d5aa89b5cdac6c3847ac374cba2a65b191e57c43dc618aabb1da571ab5b5e9dc,2024-03-11T12:47:42.653000 CVE-2024-28824,0,0,5a9476ae0fdb0520e3a986c832f5f9e27a50da5cb3aa11e06910544296f0e530,2024-03-22T12:45:36.130000 CVE-2024-2883,0,0,e66be81816608580e2e81ffcb02cca4ae9a2aa5cbea60907cc2e1d80cffbaf4a,2024-03-29T04:15:08.743000 -CVE-2024-28834,0,1,617326121e7c54a3f8d3016598aad088c45cb90d6701018c5def233025840695,2024-04-16T10:15:08.023000 +CVE-2024-28834,0,0,617326121e7c54a3f8d3016598aad088c45cb90d6701018c5def233025840695,2024-04-16T10:15:08.023000 CVE-2024-28835,0,0,49bfbdf44145b6f468532fe63c5f22ee250837480948f586b7ece01b89ae82eb,2024-03-21T12:58:51.093000 CVE-2024-28836,0,0,ef9665bb9a0895616f82c07b3b8f93ecbb9dcd318a88906096e3fd29af01d6df,2024-04-03T12:38:04.840000 CVE-2024-28847,0,0,91e84a48bf06058e30212c2ac01ab493cb3959d3b6bfc21c8760687b856baf08,2024-03-17T22:38:29.433000 @@ -244178,7 +244178,7 @@ CVE-2024-29115,0,0,142414ad4545b27307ef892525e38d2bb8c83878ba7d3b929a558d2d8f461 CVE-2024-29116,0,0,22312ff0fec960bf6bd22c8e8f459c2262200779b53186c3b1d0f522ebc154df,2024-03-19T16:33:58.680000 CVE-2024-29117,0,0,4796a230809f99a49ee05655b5187418907ba301781386f31aa5927b23559ddb,2024-03-19T16:33:58.680000 CVE-2024-29118,0,0,6ac5e6cd6ee7b43d8431dc316e005ede5cf4637a65ec75ca3c6a90cc83910dc3,2024-03-19T16:33:58.680000 -CVE-2024-2912,0,0,ba46100947b965ee27a3617cd680e59d00d0472b37713c8bb9790f50036069f6,2024-04-16T00:15:11.427000 +CVE-2024-2912,0,1,7853e1850da1df1a9d27e654a4679904ce21be5712661c93d1293795d88290f3,2024-04-16T13:24:07.103000 CVE-2024-29121,0,0,93c4eed4f19d6c35e5794bebf3078da12779b20c5796aea61af6820f2f1f0547,2024-03-19T16:33:58.680000 CVE-2024-29122,0,0,354c54b8c87b5aa75aed35dae5dd6c47ba1694327d8aa600a98403368348e018,2024-03-19T16:33:58.680000 CVE-2024-29123,0,0,e3fdcac69f03cdf2056f95a7639e6d970705398d9baf4f730c7daff4391b483c,2024-03-19T16:33:58.680000 @@ -244666,8 +244666,8 @@ CVE-2024-30270,0,0,1d63c3afc5f402042a52c95204320e8698a660fcf024b4b1cd2dbe8241952 CVE-2024-30271,0,0,7934d49c76a773104fea3a055c8dca49939c18c3dc4eab227ecf5b491d16669d,2024-04-12T12:44:04.930000 CVE-2024-30272,0,0,fe18d25a398b5738660bb343d4a7fb499e0a8c129d952f35b1144eb8f7e44fa0,2024-04-12T12:44:04.930000 CVE-2024-30273,0,0,430d9deac2ea84fb25615ee056f7341da6ab62ae3551a67df5079d8156e28185,2024-04-12T12:44:04.930000 -CVE-2024-3028,0,0,40b35edabcfd86715ee007a31195cc01fb0fde0725bc4098209345965ab1efea,2024-04-16T00:15:11.667000 -CVE-2024-3029,0,0,be60c0bb26d2e91139cbf6e062c9a407e0bf907ea2b2a354e034bfdfb22bcfe3,2024-04-16T00:15:11.850000 +CVE-2024-3028,0,1,080bb069f1a2cade59952c14793e39c6c54825fa436573f5b60987254afab568,2024-04-16T13:24:07.103000 +CVE-2024-3029,0,1,54e489ae31021cd62a123b17a985eef09bd69f22c945608ba51d64fcde83450f,2024-04-16T13:24:07.103000 CVE-2024-3030,0,0,88c29228ef56d61e184f00d5d8d99ea5dd9800435eeb42a07f389309c9f00688,2024-04-04T12:48:41.700000 CVE-2024-30322,0,0,82127178dd2c4390457a625b1b802dc21960ed844c23f33ac3f61e8d8c162a4f,2024-04-03T17:24:18.150000 CVE-2024-30323,0,0,4ba71c995b9c718766f72cb8f425ef56f31d70d4141fb317ff1b84d1d4bea62f,2024-04-03T17:24:18.150000 @@ -244856,7 +244856,7 @@ CVE-2024-30558,0,0,c487b7e520828364fad2b07b74e7c881d68876bac73b13b5c83e0dfd99fed CVE-2024-30559,0,0,30881b502a00e1f0b4af436d9e17ecd66ddff7c4f60889245892c374e2f0a5b2,2024-04-01T01:12:59.077000 CVE-2024-30561,0,0,03bc43de8aff9caae9f72d908884b596acdfb45cf5a607bf3a61d00b78d408af,2024-04-01T01:12:59.077000 CVE-2024-30565,0,0,3c10663ebaef8c263e29a3b4fcd5ce9f26a98e5c4788e4f23a40d6624f566f6b,2024-04-04T12:48:41.700000 -CVE-2024-30567,0,0,b726a5a24468e948427ba2da6967be6393edd8e67b08e1e27358a7c9883d7adc,2024-04-16T00:15:11.620000 +CVE-2024-30567,0,1,447b4353e8045b75e32e568c5da0f40429816963a76cd7c63967e8f0beeca893,2024-04-16T13:24:07.103000 CVE-2024-30568,0,0,31ce5d7ef83a345bc485099d3705d8788459cf828ab7d0b94885f7bc40a70cff,2024-04-03T17:24:18.150000 CVE-2024-30569,0,0,d548955a85cf80696d15b1d4c46cd6662c11d8d9f149868bdc5b584ae206e179,2024-04-03T17:24:18.150000 CVE-2024-30570,0,0,47165afd2a0337ae9b15921264ed392e129dcb0a5824d82a2839f88c9ccbe5b6,2024-04-03T17:24:18.150000 @@ -244912,7 +244912,7 @@ CVE-2024-30638,0,0,476165b7ba1121567d55c67d54d9d40e3e29ea068ff3cb9f8e442a4ce4566 CVE-2024-30639,0,0,46b7c5471e103449855c9fbd2240c66d12c0c2b4b2c2dd58c9da71634c442509,2024-04-01T01:12:59.077000 CVE-2024-3064,0,0,150d2695d7eeb315cec549f12d6c6ef3f6e02daaf223b84571983b190cdbdba2,2024-04-10T13:23:38.787000 CVE-2024-30645,0,0,00b9821a66dbca80d2d2c9c63858e19e8817ea8f49dc6578caf9fd20dddfbebc,2024-04-01T01:12:59.077000 -CVE-2024-30656,0,0,b49577263e37030431e1a8d5338b6743c7c2aef81a19bd5d0aa628f52e6fa8b2,2024-04-15T22:15:08.870000 +CVE-2024-30656,0,1,c800b352c15d86c6b7538edefbe50a56ea126bd7af414b5024084888358a8802,2024-04-16T13:24:07.103000 CVE-2024-30659,0,0,6b674dcc6172a28fd382455a39837aee02d1048828b479da4de736260a001915,2024-04-08T18:48:40.217000 CVE-2024-30661,0,0,ca3a009dda716fdf3c3b4141a47c3533be46c4c31a5c8c5b65ef3f7e55a4c4a0,2024-04-08T18:48:40.217000 CVE-2024-30662,0,0,71b80d6dafbe22437f2510bb021f4c17a7a897b19e7d2dd354177ad2cac3e4f3,2024-04-08T18:48:40.217000 @@ -244920,6 +244920,7 @@ CVE-2024-30663,0,0,6e08db3f744a4228125df40199a08b9ee2a90f00728b6fca5a3d973b18d4d CVE-2024-30665,0,0,b0872b924bec224f9269c5d12f3e3e09bd037687bdf2355c6dca31778a639300,2024-04-08T18:48:40.217000 CVE-2024-30666,0,0,c963b049325fad48121e774e7f87aeeb4db59eaee7ce9b24b135f03225a8605b,2024-04-08T18:48:40.217000 CVE-2024-30667,0,0,ff284e163d8506ead82a88e1e0195d7345f11e18d3b36d2dad51ac5fe6f1c4e9,2024-04-08T18:48:40.217000 +CVE-2024-3067,1,1,e9b1bebe389d4e514e7a9a61bf198949c5e392a49f5a0c35c052cf2a541b472e,2024-04-16T13:24:07.103000 CVE-2024-30672,0,0,5f03fe7211bd8d45b5928b91a5ac0350abcfb5c5194aa5b0296fc94c9e863bc2,2024-04-08T18:48:40.217000 CVE-2024-30674,0,0,6ed6c67e9f9314eaeb2be25e85ad7999c533cc1beb21c8cb467ab7a893f16710,2024-04-08T18:48:40.217000 CVE-2024-30675,0,0,8b91a2fb611ecb3c19dd6a14ce9d54a86e8a20f268f642c9f4e164c260b50edd,2024-04-08T18:48:40.217000 @@ -244977,7 +244978,7 @@ CVE-2024-30808,0,0,3edb296009dfb16a5061a2505986b3903e36250320b7a7a1ea6af0d775f58 CVE-2024-30809,0,0,40751d191f9ee13ea0defe4c96fc4834cb0c82544cd8de5e25d1d000018428a9,2024-04-02T20:31:58.463000 CVE-2024-3081,0,0,eaf9a3b1546f12509096efb03067d93183d42d698f454ab86e3fca514e07d309,2024-04-11T01:25:53.020000 CVE-2024-3084,0,0,62ac9245d10a841fd1840ac1e3c7dc9559936072e020c624e95405bbb39b1228,2024-04-11T01:25:53.100000 -CVE-2024-30840,0,0,b90a5449dac064403980b963994fdbe9f7c12fd00d6fced3d57321571501f1a8,2024-04-15T20:15:11.030000 +CVE-2024-30840,0,1,c9260fe2fddc3c219cf4dc026641c705bc7760addb3911af76dc59d03ab6b7ee,2024-04-16T13:24:07.103000 CVE-2024-30845,0,0,483cdc21df5fdf8d2481c4f15accc02fa69c26f2b2a1b756bf04bc232000a1b5,2024-04-15T13:15:51.577000 CVE-2024-30849,0,0,0e1a4138add90815a9b8d6a41668d72bf2ea04dc4bbeda2f4a50c70bff2a8e4c,2024-04-05T12:40:52.763000 CVE-2024-3085,0,0,5085f6259bd4d1908968638b16f14533956036f8bbee9b567c9970e9e940c577,2024-04-11T01:25:53.173000 @@ -245177,7 +245178,7 @@ CVE-2024-31345,0,0,c859189c3b3107b07d10bea32bcd00363efe87690798f404d3b6d54b355ed CVE-2024-31346,0,0,2d1e98ecfdeadb3523494e02b9eb42f9bcc66ecdd22c3cc2efc458ade5b5c930,2024-04-08T18:48:40.217000 CVE-2024-31348,0,0,cfc095c1fc0e4b141af08e05231276cb08ae09886eb38442cb07d948f68e6eab,2024-04-08T18:48:40.217000 CVE-2024-31349,0,0,8d1bd13d7c4f34f460e790c462e1e7791a20313dfd6a20b06dc021131d4e0db2,2024-04-08T18:48:40.217000 -CVE-2024-3135,0,0,91954ab6e8bf3cb2f93a640035369c46334c6e185515d1b835de2161b0fd8f69,2024-04-02T12:50:42.233000 +CVE-2024-3135,0,1,4a052858c93477b13b9d768cf5477bd490d84e3575939137539871d799ba9b77,2024-04-16T12:15:10.367000 CVE-2024-31353,0,0,aade8ea974e91d3ae50650294acb50b66beb284df0b61f73187afa65e397e66d,2024-04-10T19:49:51.183000 CVE-2024-31354,0,0,b5b94d42db07b1271ef9654eb9ffa890368f3a9210deb1f8fedc988973151d2e,2024-04-15T13:15:51.577000 CVE-2024-31355,0,0,a5dea31bb77e2304134bdb1d51afef23705a4ddfdf5cc895a42a4a0b3df4a7e3,2024-04-10T19:49:51.183000 @@ -245257,7 +245258,7 @@ CVE-2024-3147,0,0,f05061e9d718b866336ceef3f83885c168403f8d387cf11dbe00ac736df358 CVE-2024-3148,0,0,12b6e15e00d964ce79c059c99a6c4df70691a740ad2056657f2d4843c78fc654,2024-04-11T01:25:55.337000 CVE-2024-31487,0,0,ffef7fcdc05bb476a1f2c02c71de4a76075ea7f0301d6a8889db629ce9b194c6,2024-04-10T13:24:22.187000 CVE-2024-31492,0,0,a251126d380ad734bdcae40155276c0c8cd0f78c057d6c232814179759c90bf9,2024-04-10T19:49:51.183000 -CVE-2024-31497,0,0,7bd1aaa9fc54837a6fa1cadee84987763cd258305c407fe4f3a475f6016f799e,2024-04-15T23:15:06.950000 +CVE-2024-31497,0,1,f723a65d60b18cb9a8bfa9f8082ceebf517f5e4f5e59609b10007c1cf2e480eb,2024-04-16T13:24:07.103000 CVE-2024-31498,0,0,db3c4e2337e3fccc66e084ef6016d8532925f451bef4124b0c2782f0c54d90b6,2024-04-08T00:15:08 CVE-2024-31506,0,0,8be7ef5b3e9d65e4bba9dd63e2b7475f0658a4b183369094a98038d4eee40099,2024-04-10T13:24:00.070000 CVE-2024-31507,0,0,8a4d05957463fb55563022c4622a2463374ff774a0631f4c63214875a7c78bee,2024-04-10T13:24:00.070000 @@ -245270,19 +245271,19 @@ CVE-2024-3158,0,0,d2414412e299d1c6c6fd5c25934ca9d016ec38ac6210ea884f5d6eabc2220b CVE-2024-3159,0,0,ab3d3fc3f58ff99c2f10e23574a75e665f3343c344ecfe71138e927973febb6e,2024-04-08T18:48:40.217000 CVE-2024-3160,0,0,f58561faca7869291dbd40f98b5207b12f048bddf4323b50e2fa0b0605fe77f4,2024-04-11T01:25:55.513000 CVE-2024-3162,0,0,7209bf9b1b4a4f41543ae01bfd19e9aec1dd355164cd1434a8cb5548ea161c65,2024-04-03T12:38:04.840000 -CVE-2024-31634,0,0,19564b78dd2e8c6f1c4071d3437219d1546ac64123c723e301839d8b19971620,2024-04-16T04:15:08.463000 +CVE-2024-31634,0,1,4aa9be86cd809cace2c7d458fd82ce0e6e4c21e7757f642f911286874e9406fe,2024-04-16T13:24:07.103000 CVE-2024-3164,0,0,7f780c294c8831979bff32bef1a48b2e6fa61521035bd6f029f476ca7c0385b5,2024-04-11T01:25:55.603000 -CVE-2024-31648,0,0,a016bcd573857722aa31bc350635e46363d927042b391222b2d909ae932753ae,2024-04-15T21:15:07.503000 -CVE-2024-31649,0,0,07adaca885ecb1795870b6c469b09c65117f501d49932f9bf55d132fd09732de,2024-04-15T21:15:07.547000 +CVE-2024-31648,0,1,f70c933feb3072bcb2ead02f6b1a919b0f866e1a11c84c8f391e2e290925af4f,2024-04-16T13:24:07.103000 +CVE-2024-31649,0,1,639a5f64cbdf28db540c8732bf6df9d62d362e264fc5a0592fc2e34beb9bf811,2024-04-16T13:24:07.103000 CVE-2024-3165,0,0,de9c55d425cf1712b174cf5953c3fab2e18950a6202399f31519128938dc300f,2024-04-02T12:50:42.233000 -CVE-2024-31650,0,0,96920ba4e6f7e83a10eb6df26cb31edc8913274707859cca5053dda3fb820ed7,2024-04-15T21:15:07.593000 -CVE-2024-31651,0,0,ceda34d8c65ba3ec27b91b187d1a084d98ce6faebaad213ca8593cf4d5029fdb,2024-04-15T22:15:09.023000 -CVE-2024-31652,0,0,90276002c53daa175a8ae9f59f3d7cfe67a16d5f61ea7574390897425f025e64,2024-04-15T21:15:07.637000 +CVE-2024-31650,0,1,93c237f92a0565f29a186681c2be8c18bcc984e57115648f885447500f241b13,2024-04-16T13:24:07.103000 +CVE-2024-31651,0,1,449580f383ba06b10b890173ddf2d62af7a188eb69db82466ee9152e4b087212,2024-04-16T13:24:07.103000 +CVE-2024-31652,0,1,208b4f263a9a44614b423f2ea1b775ae64777df67f6e60b98c2159dddb5c4a0b,2024-04-16T13:24:07.103000 CVE-2024-3167,0,0,f4a160a1382e038713f603968880deb87a3b362a15bab9fc55aa42721dc9dd6e,2024-04-10T13:23:38.787000 CVE-2024-31678,0,0,6d17d4ce9eaa15ebb6367a838566d027b53ddba56e09f333fd8cadacfd1d2447,2024-04-12T12:44:04.930000 CVE-2024-3178,0,0,e1b2edc538f836ffb506a17d476e0f961db2588242ddd1b2358ad3487cd818bf,2024-04-04T12:48:41.700000 -CVE-2024-31783,0,0,446f2fc1a687465cf17bf49f6974f026e98dc501df8adec628749ef9b1165b86,2024-04-16T04:15:09.140000 -CVE-2024-31784,0,0,7ee83ce9dd5cadf2e1f87cf5fb5c146a067d8c0736ae25bda731f702e93214a8,2024-04-16T04:15:09.200000 +CVE-2024-31783,0,1,a7054e74fa1a557567cd0f4452494e62f528f37b2972c2343d20292f99336f13,2024-04-16T13:24:07.103000 +CVE-2024-31784,0,1,0055eda0e2e2e3cebbac3d895c086f3674073feab99e847bee4ca99f9495a801,2024-04-16T13:24:07.103000 CVE-2024-3179,0,0,5abb24f6a5051585dee8d043e9230e5c2a9202caf7e3c5044373b856d11a8a98,2024-04-04T12:48:41.700000 CVE-2024-3180,0,0,cb7e6ecd5dde884356237a2b2dbf7b6ac67d07b2baecdd8da937f602eadd96a4,2024-04-04T12:48:41.700000 CVE-2024-31805,0,0,191a14c2d5ae7968331c5203389f4ad20337fe28197ac48f135f3f3b37941d31,2024-04-08T18:48:40.217000 @@ -245357,7 +245358,7 @@ CVE-2024-31985,0,0,96eba814f8ffd38a0877505a36212af3b265e63db0ebdb3b6fe17b13401c0 CVE-2024-31986,0,0,43afc54623bebf262d37dd906c7efd37eb56ded00de01504423bee1057bdc8a1,2024-04-11T12:47:44.137000 CVE-2024-31987,0,0,60d0bda711bcaaea27f455d1e392e029e767cb7013c9064db5359f058621c0df,2024-04-11T12:47:44.137000 CVE-2024-31988,0,0,51c3ab0f42083010a6201d8c5e43ded78b92f566d0bca12748a99bba4a186fcd,2024-04-11T12:47:44.137000 -CVE-2024-31990,0,0,660cda04ab718f537b3c27af001acfdb6075906b9d5ccc5ae359a90f44acb0cd,2024-04-15T20:15:11.127000 +CVE-2024-31990,0,1,77ac4f6468312f14b2ffccf0214dd51bfa3f27166872b6029ecb265054e5d1ca,2024-04-16T13:24:07.103000 CVE-2024-31995,0,0,66dfe11a273e9e10d102f877b390a578235479d84ca6da17689c27557fdb1258,2024-04-11T12:47:44.137000 CVE-2024-31996,0,0,4bc228afb2f37b1ef8f323b1e059ab55f2f5ea66358ab4f20e2844a94396b7b8,2024-04-11T12:47:44.137000 CVE-2024-31997,0,0,d95ca9b47538ea73a196934e9c1064ac6bfd03df35a75cfa6de5a54ba7f14856,2024-04-11T12:47:44.137000 @@ -245370,8 +245371,8 @@ CVE-2024-32019,0,0,7d17b262f48d84e5d46deb667dc18694c73147c4bad7ea42fd1b388af87a6 CVE-2024-3202,0,0,3543d902eafc8c4c40bfe450a4b784b21d5eb2e30d7be93129e4c6731c6d0980,2024-04-11T01:25:55.733000 CVE-2024-32028,0,0,a16d36bcfaa5cccbb6282aecd03e18b80c66f8151e3c2f08a8edd43b521f9227,2024-04-15T13:15:31.997000 CVE-2024-3203,0,0,d460cfbc8661b4424cc0984f526a676bb0961256fc9d04a7d500e89187029830,2024-04-11T01:25:55.810000 -CVE-2024-32035,0,0,9bec368ed775ea2c2325e16c119aee861a74a3bdc44a94205bd7faf4ab51a339,2024-04-15T20:15:11.323000 -CVE-2024-32036,0,0,df5f08576bba4e182cd58915d2f2a50735513c2cc38a6d49e53de73f8c35dd97,2024-04-15T20:15:11.543000 +CVE-2024-32035,0,1,9f9419e7b7ca688ca6c807b99c4196d3fdd26d305c290e1d723cf412a79167b9,2024-04-16T13:24:07.103000 +CVE-2024-32036,0,1,4a28eed34131a66065884f39d47aa96bc9541fc1a77da7e49e948a27d72c97a5,2024-04-16T13:24:07.103000 CVE-2024-3204,0,0,2a2a133d829052d72380a6f7a45e32f6ecd96ec6da65fdbadcbe92a1f79d774f,2024-04-11T01:25:55.933000 CVE-2024-3205,0,0,befb48df2bb5e20af3b4383c1ef82865b9f9fb3145e096ffb7e0098ff096b4f8,2024-04-11T01:25:56.010000 CVE-2024-3207,0,0,a57734da301192d6a9381ac71eef9bc84e6acf70886d5628a9c0939255320fc2,2024-04-11T01:25:56.090000 @@ -245440,6 +245441,7 @@ CVE-2024-3227,0,0,0159675aa02206c3d84e4c8df37fb1381a8ad1f04bbe993fe609d30c45518b CVE-2024-3235,0,0,87b194ac57d76e3164f790cf262b7f15e5577bfab72d12fd067ebb5070eb75e0,2024-04-10T13:23:38.787000 CVE-2024-32428,0,0,87a3edde2c4b0ace5bed90e6337013a3436ae0c663c6eeed3dbaf59e4e702dff,2024-04-15T13:15:31.997000 CVE-2024-32429,0,0,eb5275541e0171326bf869e836661a3d04172e6e7d4adfaa9657297147332796,2024-04-15T13:15:31.997000 +CVE-2024-3243,1,1,8f01690254ba62906be5fee30c8fc3486093d8171fddd0c70c76e4ba1599665b,2024-04-16T13:24:07.103000 CVE-2024-32430,0,0,88606950387919732cc8111790acc49a4b4cd7f2749250708f365450599b1d96,2024-04-15T13:15:31.997000 CVE-2024-32431,0,0,b6e07f3c6860f7196adf7b013d7b424e7a703b915974277afd841cb14a5b76f7,2024-04-15T13:15:31.997000 CVE-2024-32433,0,0,118095d9326fab7b70b1b646ed4f60dbb4d560ae8eb3981c82b443bda7c2db21,2024-04-15T13:15:31.997000 @@ -245476,21 +245478,21 @@ CVE-2024-3252,0,0,7630116ae9073f2e5d7cd4b93bdf2c972c8300b99dc958745f8e88d8918900 CVE-2024-3253,0,0,a89395a86bc1f3d0502eefe9b40617582319cee720c39b4f0673a8e71a372db0,2024-04-11T01:25:57.123000 CVE-2024-3254,0,0,617ba79a83e46c73763bd8b8a758bd9d10779693c35077d31661917bc60e7dc6,2024-04-11T01:25:57.197000 CVE-2024-3255,0,0,904fbc57ab93b7669a1ad2e0d7bc935ea8e0a09d4be39b643e0cf95a488528d5,2024-04-11T01:25:57.280000 -CVE-2024-32557,0,0,99e90e35c2efbc94735e5cb7ee52f44cdf803807734a27e496f2acc44f494a96,2024-04-16T07:15:12.030000 +CVE-2024-32557,0,1,a0d48866dc85bb81bf860dbf507dd0114438e0c1a5f7430be94c87993736426b,2024-04-16T13:24:07.103000 CVE-2024-3256,0,0,16875209444216c7ddeeb37cb7b039ce17b63ab170d52bcb48aafa2d5e629841,2024-04-11T01:25:57.377000 CVE-2024-3257,0,0,3c0b711c0035bcf8d4b92bcec7dfdb1ab21cf5c848bdfe1dfc7f34628ee0f77e,2024-04-11T01:25:57.457000 CVE-2024-3258,0,0,00a0a017c084aafa026269300c69a9360444c24c6a4308e5e8f072ac33cf3451,2024-04-11T01:25:57.540000 CVE-2024-3259,0,0,3481f546c5fee878032df1d9aae401834d514bd5070dbdd69c5e7940d2e2efbe,2024-04-11T01:25:57.637000 CVE-2024-3262,0,0,758c253f08a1135a2d383be61db9b8d36970b2087c7788f9321bc534b0b4222c,2024-04-04T12:48:22.650000 -CVE-2024-32625,0,0,6ae31424e57ebf19df10ef9f0d397f95a21de03ae69a3936024e0ae0f3ef8656,2024-04-16T09:15:07.167000 -CVE-2024-32631,0,0,c592bdbcbfc2772933c5b9e21c42c92f25f1fc80d39535db3731c4467c78975f,2024-04-16T09:15:07.900000 -CVE-2024-32632,0,0,05372bd3bdb0ea0b51850790d21bd07a89a999837658551e32a4bf9ad63d10d2,2024-04-16T09:15:08.080000 -CVE-2024-32633,0,0,d134eed6306e82e5b46ac7a6b78b669c073a4cfad4fcbf1820c3b073efe56eaa,2024-04-16T09:15:08.260000 -CVE-2024-32634,0,0,db19ea124e4e28674d4665d36c4145a89847829847fa7a82241d8c0b86b56e3e,2024-04-16T09:15:08.460000 +CVE-2024-32625,0,1,83e118a0392b3bec4594db5d969d72238cd7025e3075e1bbd62c95f93a226798,2024-04-16T13:24:07.103000 +CVE-2024-32631,0,1,f6179c4a1916a92ef208430456218c10bd0600c556ab5afe50d23115ed2f9700,2024-04-16T13:24:07.103000 +CVE-2024-32632,0,1,363f256990a9e0bbc1d5ebda216d881268683761016a5132b054fbdb44080942,2024-04-16T13:24:07.103000 +CVE-2024-32633,0,1,8ac8ce6a1ac201ef8dc36e7fab192ecb8b1b583d781df940a83a5707e31555c1,2024-04-16T13:24:07.103000 +CVE-2024-32634,0,1,399e2bba8e548c1c98770d2f478e96e69a60afbc020788dd69a365e3ae504be6,2024-04-16T13:24:07.103000 CVE-2024-3266,0,0,254a5ba127b10ac48f062b62dbe4c90ef51eaba1ed741161e5a22416cbb32240,2024-04-10T13:23:38.787000 CVE-2024-3267,0,0,00a210ede7a73ca33b64d3b8a0e382509d5bafa34ae84022125b180763aee2bd,2024-04-10T13:23:38.787000 CVE-2024-3270,0,0,6f3801d6fa573f4a130c8a1ad393f7345008a6cf48547c2d9608d260a00cb3bb,2024-04-11T01:25:57.753000 -CVE-2024-3271,0,0,76438e2f8d3cc7e838cb6fb60d4bbfb9f64ca2c357ceb01131cf51195507cc3b,2024-04-16T00:15:12.017000 +CVE-2024-3271,0,1,427448d66ebe59002a93ad233a5fbd2b2253db3687d924fc6f5652a183f66ed0,2024-04-16T13:24:07.103000 CVE-2024-3272,0,0,ef44e7e2e0d0ab3ec436a6ccc174b0a90f543a9a2cfa65f7a6d262da6c5446ee,2024-04-15T20:14:55.570000 CVE-2024-3273,0,0,2c9bd6b2b67818472adec2002fc02ad46426a066a40e52d2a8dbeb776c880650,2024-04-15T20:13:57.290000 CVE-2024-3274,0,0,21270603d98a8b3e4eb735d32ed5791b575a3fe053daf1cd79027e90bad6bb12,2024-04-11T01:25:57.997000 @@ -245530,6 +245532,7 @@ CVE-2024-3363,0,0,f5bcc8af5a66d22a73abe7e86b636154362f284983c790b03385b20aa4737c CVE-2024-3364,0,0,2986dc00429f74e0e2572cb8153933c26e825f7eed092370bca7e4ac84ee4fdf,2024-04-11T01:26:00.090000 CVE-2024-3365,0,0,64a2e531185071bb7e6b7a9cf067546b0c6c5f700f703a6639ecd4e081a3dcb7,2024-04-11T01:26:00.170000 CVE-2024-3366,0,0,641beaaa3f9fd7d2de3006c0b03aadadafd130dcdab91419774c604b06cf9b30,2024-04-11T01:26:00.240000 +CVE-2024-3367,1,1,3ba4de06f1dcd38725d1a91da6fef7a40e2593564238016c31dbef705dc719fe,2024-04-16T13:24:07.103000 CVE-2024-3369,0,0,943fbc9826beb11428b980e60e48ec152ecf5fda97b5d1c26bb0e96c030079eb,2024-04-11T01:26:00.317000 CVE-2024-3376,0,0,f944ee3af49afac066405b13bcc14ad1a3aba304f57c015d653c31ce71a21bf1,2024-04-11T01:26:00.397000 CVE-2024-3377,0,0,4f5c5a9a0c925d4c25c7e7a8167aad399bf59289271bce69d10c801ec2848ece,2024-04-11T01:26:00.473000 @@ -245583,7 +245586,7 @@ CVE-2024-3463,0,0,f35096c01e521c580de90ee225d8b67562638ead2824e5fc7702bc6c9f4524 CVE-2024-3464,0,0,0c53100717f2f28c54c57fbaaef472d29e3cb0ff81ebf61eb104a899922afe93,2024-04-11T01:26:03.617000 CVE-2024-3465,0,0,a42aecf57f43969ec60c90b90013ebe0e449783aa33103b39be184486d2b2ca9,2024-04-11T01:26:03.697000 CVE-2024-3466,0,0,06b3d0b5c629cfcd72994ab03bcc3d914522a60f9b439b6d13775db50704418a,2024-04-11T01:26:03.777000 -CVE-2024-3493,0,0,cb3f15d7bf387c6ecf4c1a213ffbd02f3ce0629b64ab65397aecec58cab5e8fd,2024-04-15T22:15:09.073000 +CVE-2024-3493,0,1,63ead7e160b6b2cbd834dd6075f87d345af3361e8d55520f11e81a53e2086aaa,2024-04-16T13:24:07.103000 CVE-2024-3505,0,0,d46d6b7d35449c168e9ff66f3c93f973f2e1e579109b94b88c63ad7baac2b7b8,2024-04-15T13:15:31.997000 CVE-2024-3512,0,0,0bde0dc5c2508608f7df2e92075f3b315e69961d5bc617a9cf046c486aab6ef4,2024-04-10T13:23:38.787000 CVE-2024-3514,0,0,6b760aa2049aa25a8d1a8a27afd68abe75f99cb1cc8192949aefe4b5db8f51ce,2024-04-10T13:23:38.787000 @@ -245617,11 +245620,11 @@ CVE-2024-3567,0,0,95d4f85888c7c90830bdb6bbe6ab9e66d33c542ba2d85efb396aaa8b077bff CVE-2024-3568,0,0,573133d2a7191a46b0975280ef7162f7787321191e0ad33f2c4c70c7e8d9c3f5,2024-04-10T19:49:51.183000 CVE-2024-3569,0,0,1713859ca5226d02b2325e4195882c2c405d5fa4ce56952eae5e58bc3dad6bde,2024-04-10T19:49:51.183000 CVE-2024-3570,0,0,df44050a6262c2969e286478660750960763247b24187b06070fe7dd6b9e3002,2024-04-10T19:49:51.183000 -CVE-2024-3571,0,0,8ad904b667a08a34c3cc276fb47e0aa2a84854909d3ac50102363a55fcb62ffc,2024-04-16T00:15:12.203000 -CVE-2024-3572,0,0,2e31e79b59b80d8503d35d945c3ac4553242f3247db1c8ff95f6ae601102aafa,2024-04-16T00:15:12.387000 -CVE-2024-3573,0,0,8f352a0d6665a5c4421ae000ecc1bb2d502c553cc47176eaaf693bac084d7415,2024-04-16T00:15:12.570000 -CVE-2024-3574,0,0,d59a5bbdd7fabd574c816c3f0aa3b0b0f901212e7f4ae08d62e5e8b97b1437fa,2024-04-16T00:15:12.750000 -CVE-2024-3575,0,0,faaf4112382e43c12f83ed2e93f6678d4c9ad6a7c5594fc3bb5d909b71a8846e,2024-04-16T00:15:12.930000 +CVE-2024-3571,0,1,69cf6aaba9ed550ce2e1f492d0ecd149e8d5cd4d3ef343f36ac06a714698dced,2024-04-16T13:24:07.103000 +CVE-2024-3572,0,1,fac7085e464e1d98d017bfc9635e53b969d9f55d28ae04030a557f0ab1b04301,2024-04-16T13:24:07.103000 +CVE-2024-3573,0,1,f978306925f93ca64332932b6f5a09fb648fa8e8ad9d4b00bd427fd81ec82478,2024-04-16T13:24:07.103000 +CVE-2024-3574,0,1,a6cc99c8a389ea7db1c37fe05b40106752b73810cdac85caab18aeb26d6bc576,2024-04-16T13:24:07.103000 +CVE-2024-3575,0,1,59be73eca5c53cbbcf99414bd65c6b74b4dff22ff5983c2d091439c46f610b22,2024-04-16T13:24:07.103000 CVE-2024-3612,0,0,e0d19b8169faa543fe07df31c32af820c3a5ced7fa57ca7287705d9232ae4829,2024-04-11T12:47:44.137000 CVE-2024-3613,0,0,a614d408e2c081a95a02143aaf10401b031bc93c1ffc8d948d650496e0fce6ef,2024-04-11T12:47:44.137000 CVE-2024-3614,0,0,880d074aab9025081ce04d1528b9be7ca3f1ab52d453f94e3fadd54af8dcf90d,2024-04-11T12:47:44.137000 @@ -245633,6 +245636,7 @@ CVE-2024-3620,0,0,a7eeb1bc049879e174341aab349252fb94be8452f8b1f4ee171cd19f6ef0b1 CVE-2024-3621,0,0,84afe5bfc8ac11b311e81571bedd8fcb4ae60929cf687215eae135d692582687,2024-04-11T12:47:44.137000 CVE-2024-3652,0,0,a467de8b64f8147acdef48edc35752a89afb7d5856e17302ea9c57335ed0f61c,2024-04-11T12:47:44.137000 CVE-2024-3662,0,0,aac492e0cb08799a7f888c46af5bedb595fa2e9ad6dc15c21be50e9dae70066e,2024-04-15T13:15:31.997000 +CVE-2024-3672,1,1,fc59637194f03e01166014d3ffdbdd60026f81fcc60e1be7e1a44771d8c5fa2c,2024-04-16T13:24:07.103000 CVE-2024-3685,0,0,2d04d41485feb8a52bd1142022b18bc3f24805efb219d419e0508c4773991260,2024-04-15T13:15:51.577000 CVE-2024-3686,0,0,811bcae5db0f32a24e5b10c51fcb2c5c47ac8ca123d5e8befb2d943ee92f7589,2024-04-15T13:15:51.577000 CVE-2024-3687,0,0,1ba165d27b4f9420e3a17f611b0c9be5bd2e7e99fa19b9ae9000a76cef0ac680,2024-04-15T13:15:51.577000 @@ -245683,8 +245687,9 @@ CVE-2024-3785,0,0,fc93f2e321d044bf7a0ccc45f351722880d9f0bf94368b28b702ab59c5cb31 CVE-2024-3786,0,0,e7dff42d10ea5f51aefb5b7728f1b7d65e7bf6f944a436f82b5cbbe6bdc82c9e,2024-04-15T19:12:25.887000 CVE-2024-3797,0,0,a49e1c5a734d1a2c1373957f16247491a1198771bf616ee0ff20957d954e73a9,2024-04-15T19:12:25.887000 CVE-2024-3802,0,0,5395fe7b87f4e5ca6c4397aa1001686137daab009656e2126daa68d47ebdf7e9,2024-04-15T13:15:31.997000 -CVE-2024-3803,0,0,e342744bdc63b2a58af5ae5f41d9fba8f25773aaa2122f6f6004758c91257faa,2024-04-15T19:15:10 -CVE-2024-3804,0,0,6ace1efb8bc58a0cdfa38459a30729bdc6bb242e239104ec2cc37d4346ad9b8c,2024-04-15T20:15:11.750000 -CVE-2024-3867,1,1,9365023e7046cccde2d6f750559a305b9768185a579e3ff0755c60b213cb54a7,2024-04-16T10:15:08.163000 -CVE-2024-3871,0,0,18fc33d03a275f960d5f9bbc78c875c2a58019ec3cf90aaff1327d511a536180,2024-04-16T09:15:08.630000 -CVE-2024-3872,0,0,ee46564a57b49a4537f1de538de5bb50bf0a5bdc7548545714dfac0afa8938fc,2024-04-16T09:15:08.817000 +CVE-2024-3803,0,1,5839bf1f5fc97242d8c9adb88b40fa5013a07555baee205c3d9bec592a883085,2024-04-16T13:24:07.103000 +CVE-2024-3804,0,1,d2c04bcba3b9dcee33d8ad0e898646d48639f7e3e6aed11c413cf03cea6afbe3,2024-04-16T13:24:07.103000 +CVE-2024-3867,0,1,c3c6e74f2b7b798638e0e4aeec03b4d63f45b0c8e7f67f896543c325678e3e94,2024-04-16T13:24:07.103000 +CVE-2024-3869,1,1,d3f1a622954c88625e31670a65b24b2a780d4a1ef9c3ff8af4e909ec0bb991a2,2024-04-16T13:24:07.103000 +CVE-2024-3871,0,1,1a2cd663b55080229c1ab7b70d6215741fcbf60f8d0800edd920a4744c6da4d0,2024-04-16T13:24:07.103000 +CVE-2024-3872,0,1,1b0df76ddcb9ce5edde75b1c572a6253db6bd37bbe91d1899bdf2bd4ba86a63a,2024-04-16T13:24:07.103000