From 4a9a8d703bb7654f70631c7d246fdc861c959689 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 26 Apr 2024 22:03:22 +0000 Subject: [PATCH] Auto-Update: 2024-04-26T22:00:30.793385+00:00 --- CVE-2022/CVE-2022-486xx/CVE-2022-48611.json | 20 +++++ CVE-2023/CVE-2023-266xx/CVE-2023-26603.json | 24 ++++++ CVE-2024/CVE-2024-17xx/CVE-2024-1725.json | 6 +- CVE-2024/CVE-2024-253xx/CVE-2024-25343.json | 24 ++++++ CVE-2024/CVE-2024-283xx/CVE-2024-28326.json | 24 ++++++ CVE-2024/CVE-2024-315xx/CVE-2024-31502.json | 20 +++++ CVE-2024/CVE-2024-316xx/CVE-2024-31601.json | 20 +++++ CVE-2024/CVE-2024-328xx/CVE-2024-32878.json | 59 +++++++++++++ CVE-2024/CVE-2024-328xx/CVE-2024-32881.json | 63 ++++++++++++++ CVE-2024/CVE-2024-328xx/CVE-2024-32883.json | 55 ++++++++++++ CVE-2024/CVE-2024-328xx/CVE-2024-32887.json | 63 ++++++++++++++ CVE-2024/CVE-2024-42xx/CVE-2024-4238.json | 92 +++++++++++++++++++++ CVE-2024/CVE-2024-42xx/CVE-2024-4239.json | 92 +++++++++++++++++++++ CVE-2024/CVE-2024-42xx/CVE-2024-4240.json | 92 +++++++++++++++++++++ CVE-2024/CVE-2024-42xx/CVE-2024-4241.json | 92 +++++++++++++++++++++ CVE-2024/CVE-2024-42xx/CVE-2024-4242.json | 92 +++++++++++++++++++++ README.md | 36 ++++---- _state.csv | 37 ++++++--- 18 files changed, 884 insertions(+), 27 deletions(-) create mode 100644 CVE-2022/CVE-2022-486xx/CVE-2022-48611.json create mode 100644 CVE-2023/CVE-2023-266xx/CVE-2023-26603.json create mode 100644 CVE-2024/CVE-2024-253xx/CVE-2024-25343.json create mode 100644 CVE-2024/CVE-2024-283xx/CVE-2024-28326.json create mode 100644 CVE-2024/CVE-2024-315xx/CVE-2024-31502.json create mode 100644 CVE-2024/CVE-2024-316xx/CVE-2024-31601.json create mode 100644 CVE-2024/CVE-2024-328xx/CVE-2024-32878.json create mode 100644 CVE-2024/CVE-2024-328xx/CVE-2024-32881.json create mode 100644 CVE-2024/CVE-2024-328xx/CVE-2024-32883.json create mode 100644 CVE-2024/CVE-2024-328xx/CVE-2024-32887.json create mode 100644 CVE-2024/CVE-2024-42xx/CVE-2024-4238.json create mode 100644 CVE-2024/CVE-2024-42xx/CVE-2024-4239.json create mode 100644 CVE-2024/CVE-2024-42xx/CVE-2024-4240.json create mode 100644 CVE-2024/CVE-2024-42xx/CVE-2024-4241.json create mode 100644 CVE-2024/CVE-2024-42xx/CVE-2024-4242.json diff --git a/CVE-2022/CVE-2022-486xx/CVE-2022-48611.json b/CVE-2022/CVE-2022-486xx/CVE-2022-48611.json new file mode 100644 index 00000000000..c9b0f61c098 --- /dev/null +++ b/CVE-2022/CVE-2022-486xx/CVE-2022-48611.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2022-48611", + "sourceIdentifier": "product-security@apple.com", + "published": "2024-04-26T20:15:07.150", + "lastModified": "2024-04-26T20:15:07.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A logic issue was addressed with improved checks. This issue is fixed in iTunes 12.12.4 for Windows. A local attacker may be able to elevate their privileges." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://support.claris.com/s/answerview?anum=000041674&language=en_US", + "source": "product-security@apple.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-266xx/CVE-2023-26603.json b/CVE-2023/CVE-2023-266xx/CVE-2023-26603.json new file mode 100644 index 00000000000..98cd0f4c1c7 --- /dev/null +++ b/CVE-2023/CVE-2023-266xx/CVE-2023-26603.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2023-26603", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-26T20:15:07.230", + "lastModified": "2024-04-26T20:15:07.230", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "JumpCloud Agent before 1.178.0 Creates a Temporary File in a Directory with Insecure Permissions. This allows privilege escalation to SYSTEM via a repair action in the installer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://community.jumpcloud.com/t5/jumpcloud-product-news/bd-p/releases", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2024/MNDT-2024-0003.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1725.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1725.json index 16ec857b92b..9ff317b6b4d 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1725.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1725.json @@ -2,7 +2,7 @@ "id": "CVE-2024-1725", "sourceIdentifier": "secalert@redhat.com", "published": "2024-03-07T20:15:50.690", - "lastModified": "2024-04-03T00:15:08.563", + "lastModified": "2024-04-26T20:15:07.310", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -55,6 +55,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:1559", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1891", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-1725", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-253xx/CVE-2024-25343.json b/CVE-2024/CVE-2024-253xx/CVE-2024-25343.json new file mode 100644 index 00000000000..c8535d924ac --- /dev/null +++ b/CVE-2024/CVE-2024-253xx/CVE-2024-25343.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-25343", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-26T20:15:07.427", + "lastModified": "2024-04-26T20:15:07.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Tenda N300 F3 router vulnerability allows users to bypass intended security policy and create weak passwords." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://tenda.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ShravanSinghRathore/Tenda-N300-F3-Router/wiki/Password-Policy-Bypass-Vulnerability-CVE%E2%80%902024%E2%80%9025343", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-283xx/CVE-2024-28326.json b/CVE-2024/CVE-2024-283xx/CVE-2024-28326.json new file mode 100644 index 00000000000..c7540b4da0c --- /dev/null +++ b/CVE-2024/CVE-2024-283xx/CVE-2024-28326.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-28326", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-26T20:15:07.480", + "lastModified": "2024-04-26T20:15:07.480", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Incorrect Access Control in Asus RT-N12+ B1 routers allows local attackers to obtain root terminal access via the the UART interface." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://asus.com", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ShravanSinghRathore/ASUS-RT-N300-B1/wiki/Privilege-Escalation-CVE%E2%80%902024%E2%80%9028326", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-315xx/CVE-2024-31502.json b/CVE-2024/CVE-2024-315xx/CVE-2024-31502.json new file mode 100644 index 00000000000..667e8b1640d --- /dev/null +++ b/CVE-2024/CVE-2024-315xx/CVE-2024-31502.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-31502", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-26T21:15:49.140", + "lastModified": "2024-04-26T21:15:49.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/sahildari/cve/blob/master/CVE-2024-31502.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-316xx/CVE-2024-31601.json b/CVE-2024/CVE-2024-316xx/CVE-2024-31601.json new file mode 100644 index 00000000000..b48995cd336 --- /dev/null +++ b/CVE-2024/CVE-2024-316xx/CVE-2024-31601.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-31601", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-26T21:15:49.207", + "lastModified": "2024-04-26T21:15:49.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Beijing Panabit Network Software Co., Ltd Panalog big data analysis platform v. 20240323 and before allows attackers to execute arbitrary code via the exportpdf.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/tianqing191/book.io", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32878.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32878.json new file mode 100644 index 00000000000..cbacf1ad51f --- /dev/null +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32878.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-32878", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-04-26T21:15:49.260", + "lastModified": "2024-04-26T21:15:49.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Llama.cpp is LLM inference in C/C++. There is a use of uninitialized heap variable vulnerability in gguf_init_from_file, the code will free this uninitialized variable later. In a simple POC, it will directly cause a crash. If the file is carefully constructed, it may be possible to control this uninitialized value and cause arbitrary address free problems. This may further lead to be exploited. Causes llama.cpp to crash (DoS) and may even lead to arbitrary code execution (RCE). This vulnerability has been patched in commit b2740.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-456" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/ggerganov/llama.cpp/releases/tag/b2749", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ggerganov/llama.cpp/security/advisories/GHSA-p5mv-gjc5-mwqv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32881.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32881.json new file mode 100644 index 00000000000..e18ca1fd931 --- /dev/null +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32881.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-32881", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-04-26T21:15:49.450", + "lastModified": "2024-04-26T21:15:49.450", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Danswer is the AI Assistant connected to company's docs, apps, and people. Danswer is vulnerable to unauthorized access to GET/SET of Slack Bot Tokens. Anyone with network access can steal slack bot tokens and set them. This implies full compromise of the customer's slack bot, leading to internal Slack access. This issue was patched in version 3.63." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/danswer-ai/danswer/commit/89ff07a96b41be9e05256bd252105be233f4d28a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/danswer-ai/danswer/commit/bd7e21a6388775e850d6f716675a893c72881e56", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/danswer-ai/danswer/security/advisories/GHSA-xr9w-3ggr-hr6j", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32883.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32883.json new file mode 100644 index 00000000000..e3bf2785b7d --- /dev/null +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32883.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-32883", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-04-26T21:15:49.630", + "lastModified": "2024-04-26T21:15:49.630", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "MCUboot is a secure bootloader for 32-bits microcontrollers. MCUboot uses a TLV (tag-length-value) structure to represent the meta data associated with an image. The TLVs themselves are divided into two sections, a protected and an unprotected section. The protected TLV entries are included as part of the image signature to avoid tampering. However, the code does not distinguish which TLV entries should be protected or not, so it is possible for an attacker to add unprotected TLV entries that should be protected. Currently, the primary protected TLV entries should be the dependency indication, and the boot record. An injected dependency value would primarily result in an otherwise acceptable image being rejected. A boot record injection could allow fields in a later attestation record to include data not intended, which could cause an image to appear to have properties that it should not have. As a workaround, disable the boot record functionality. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-354" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mcu-tools/mcuboot/security/advisories/GHSA-m59c-q9gq-rh2j", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32887.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32887.json new file mode 100644 index 00000000000..edc803702d2 --- /dev/null +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32887.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-32887", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-04-26T21:15:49.820", + "lastModified": "2024-04-26T21:15:49.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Sidekiq is simple, efficient background processing for Ruby. Sidekiq is reflected XSS vulnerability. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the application. An attacker could exploit it to target users of the Sidekiq Web UI. Moreover, if other applications are deployed on the same domain or website as Sidekiq, users of those applications could also be affected, leading to a broader scope of compromise. Potentially compromising their accounts, forcing the users to perform sensitive actions, stealing sensitive data, performing CORS attacks, defacement of the web application, etc. This issue has been patched in version 7.2.4.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/sidekiq/sidekiq/commit/30786e082c70349ab27ffa9eccc42fb0c696164d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/sidekiq/sidekiq/releases/tag/v7.2.4", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/sidekiq/sidekiq/security/advisories/GHSA-q655-3pj8-9fxq", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4238.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4238.json new file mode 100644 index 00000000000..3e78b1777b9 --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4238.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-4238", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-26T20:15:07.537", + "lastModified": "2024-04-26T20:15:07.537", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this vulnerability is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetDeviceName_devName.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.262129", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.262129", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.319232", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4239.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4239.json new file mode 100644 index 00000000000..5d8a80057f3 --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4239.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-4239", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-26T21:15:50.003", + "lastModified": "2024-04-26T21:15:50.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda AX1806 1.0.0.1 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-262130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AX/AX1806/formSetRebootTimer.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.262130", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.262130", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.319235", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4240.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4240.json new file mode 100644 index 00000000000..c2fbf46710e --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4240.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-4240", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-26T21:15:50.280", + "lastModified": "2024-04-26T21:15:50.280", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. This affects the function formQosManageDouble_user. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-262131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formQosManageDouble_auto.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.262131", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.262131", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.319822", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4241.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4241.json new file mode 100644 index 00000000000..0c1ea149d1c --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4241.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-4241", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-26T21:15:50.507", + "lastModified": "2024-04-26T21:15:50.507", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. This vulnerability affects the function formQosManageDouble_auto. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The identifier of this vulnerability is VDB-262132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formQosManageDouble_user.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.262132", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.262132", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.319823", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4242.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4242.json new file mode 100644 index 00000000000..50822eebda5 --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4242.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-4242", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-26T21:15:50.727", + "lastModified": "2024-04-26T21:15:50.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. This issue affects the function formwrlSSIDget of the file /goform/wifiSSIDget. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-262133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "COMPLETE", + "integrityImpact": "COMPLETE", + "availabilityImpact": "COMPLETE", + "baseScore": 9.0 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 8.0, + "impactScore": 10.0, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/W9/formwrlSSIDget.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.262133", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.262133", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.319824", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 86661b1cf16..f784f7da8cd 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-26T20:00:37.842487+00:00 +2024-04-26T22:00:30.793385+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-26T19:59:19.793000+00:00 +2024-04-26T21:15:50.727000+00:00 ``` ### Last Data Feed Release @@ -33,29 +33,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -246920 +246935 ``` ### CVEs added in the last Commit -Recently added CVEs: `10` +Recently added CVEs: `15` -- [CVE-2024-28325](CVE-2024/CVE-2024-283xx/CVE-2024-28325.json) (`2024-04-26T19:15:47.597`) -- [CVE-2024-28327](CVE-2024/CVE-2024-283xx/CVE-2024-28327.json) (`2024-04-26T19:15:47.657`) -- [CVE-2024-32880](CVE-2024/CVE-2024-328xx/CVE-2024-32880.json) (`2024-04-26T18:15:45.970`) -- [CVE-2024-32884](CVE-2024/CVE-2024-328xx/CVE-2024-32884.json) (`2024-04-26T18:15:46.167`) -- [CVE-2024-33342](CVE-2024/CVE-2024-333xx/CVE-2024-33342.json) (`2024-04-26T18:15:46.350`) -- [CVE-2024-33343](CVE-2024/CVE-2024-333xx/CVE-2024-33343.json) (`2024-04-26T18:15:46.413`) -- [CVE-2024-33344](CVE-2024/CVE-2024-333xx/CVE-2024-33344.json) (`2024-04-26T18:15:46.467`) -- [CVE-2024-4235](CVE-2024/CVE-2024-42xx/CVE-2024-4235.json) (`2024-04-26T18:15:46.527`) -- [CVE-2024-4236](CVE-2024/CVE-2024-42xx/CVE-2024-4236.json) (`2024-04-26T18:15:46.803`) -- [CVE-2024-4237](CVE-2024/CVE-2024-42xx/CVE-2024-4237.json) (`2024-04-26T19:15:47.713`) +- [CVE-2022-48611](CVE-2022/CVE-2022-486xx/CVE-2022-48611.json) (`2024-04-26T20:15:07.150`) +- [CVE-2023-26603](CVE-2023/CVE-2023-266xx/CVE-2023-26603.json) (`2024-04-26T20:15:07.230`) +- [CVE-2024-25343](CVE-2024/CVE-2024-253xx/CVE-2024-25343.json) (`2024-04-26T20:15:07.427`) +- [CVE-2024-28326](CVE-2024/CVE-2024-283xx/CVE-2024-28326.json) (`2024-04-26T20:15:07.480`) +- [CVE-2024-31502](CVE-2024/CVE-2024-315xx/CVE-2024-31502.json) (`2024-04-26T21:15:49.140`) +- [CVE-2024-31601](CVE-2024/CVE-2024-316xx/CVE-2024-31601.json) (`2024-04-26T21:15:49.207`) +- [CVE-2024-32878](CVE-2024/CVE-2024-328xx/CVE-2024-32878.json) (`2024-04-26T21:15:49.260`) +- [CVE-2024-32881](CVE-2024/CVE-2024-328xx/CVE-2024-32881.json) (`2024-04-26T21:15:49.450`) +- [CVE-2024-32883](CVE-2024/CVE-2024-328xx/CVE-2024-32883.json) (`2024-04-26T21:15:49.630`) +- [CVE-2024-32887](CVE-2024/CVE-2024-328xx/CVE-2024-32887.json) (`2024-04-26T21:15:49.820`) +- [CVE-2024-4238](CVE-2024/CVE-2024-42xx/CVE-2024-4238.json) (`2024-04-26T20:15:07.537`) +- [CVE-2024-4239](CVE-2024/CVE-2024-42xx/CVE-2024-4239.json) (`2024-04-26T21:15:50.003`) +- [CVE-2024-4240](CVE-2024/CVE-2024-42xx/CVE-2024-4240.json) (`2024-04-26T21:15:50.280`) +- [CVE-2024-4241](CVE-2024/CVE-2024-42xx/CVE-2024-4241.json) (`2024-04-26T21:15:50.507`) +- [CVE-2024-4242](CVE-2024/CVE-2024-42xx/CVE-2024-4242.json) (`2024-04-26T21:15:50.727`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-1725](CVE-2024/CVE-2024-17xx/CVE-2024-1725.json) (`2024-04-26T20:15:07.310`) ## Download and Usage diff --git a/_state.csv b/_state.csv index d81aeba80b6..b1d1749d270 100644 --- a/_state.csv +++ b/_state.csv @@ -211471,6 +211471,7 @@ CVE-2022-48604,0,0,c234e7576786d55fbfc97efb5dea78adb8f87525c4117c439dc05aac6f4a7 CVE-2022-48605,0,0,edade8e24b7350903e180fa6d2d0f85cc0f0e9e7f86f0cde7204d0325848ec12,2023-09-26T18:53:26.107000 CVE-2022-48606,0,0,91696018ee1b6cf3d6d536659479fbc305fec14b8c9dcb14d4e0cb406a661ee2,2023-09-28T17:40:49.480000 CVE-2022-4861,0,0,ee598ad572b11ac5629816a68e6c59b0263127db350474e730bad7a72a6256a3,2023-01-06T18:58:17.253000 +CVE-2022-48611,1,1,64d8801396e0ef967077024684d6e858c35ff131a9b8b688fbfdad94bf9ff555,2024-04-26T20:15:07.150000 CVE-2022-48612,0,0,7514b5524ca8dc12858b37e461d556470c1304a5f7ce0502eff60e1cedff76ea,2023-10-19T16:22:05.877000 CVE-2022-48613,0,0,933d1b28adc9d144ccefdf3525b003f1aeb5987ce03546278c3e696c33dcbee5,2023-11-14T20:05:24.217000 CVE-2022-48614,0,0,75c1e3ea7eaa5931eb17de8ec4a37f67747321aa68e7ad765a36e74d4c0b196b,2023-12-13T15:59:51.227000 @@ -218970,6 +218971,7 @@ CVE-2023-2660,0,0,4aef7924c399745b3d84f28d5636b72a951cd4369c6e34293edf4643f06dfe CVE-2023-26600,0,0,082a5a40003457cdcb9bc982343b3a43f4debaf37f4262b90b97fef94c96e25d,2023-03-13T17:47:33.683000 CVE-2023-26601,0,0,7b674f2a8e2bec159e58ffb9e220bc037e134be1a5263b6a67b4cdd33b3e5bbf,2023-03-13T17:44:45.677000 CVE-2023-26602,0,0,6c6999eaefa6818056578b112ce02b6e82b18dba81dc757925a9d9664e372103,2023-03-07T19:07:11.717000 +CVE-2023-26603,1,1,4ff083684076234b86170d54f1e958c3be75d681c203f04617d000f8b8d41e8a,2024-04-26T20:15:07.230000 CVE-2023-26604,0,0,2d88cec2d1d9a7d4a604fb7583adb4176010b0268b5fda597e93dfff8baa2e94,2023-11-07T04:09:41.293000 CVE-2023-26605,0,0,f1d913142ac1d44bc49e2d7d4cb638ad0dbe7ae96775e3b7bd85f589841ca0ce,2024-03-25T01:15:53.723000 CVE-2023-26606,0,0,a1bb89d315dd684fae3bae228622f2bc2356ffe1fa611816e008ca9f62fab2a2,2024-03-25T01:15:53.793000 @@ -239753,7 +239755,7 @@ CVE-2024-1719,0,0,bd92ffe7c3f4bf124004e532d326d3643bc62f549595f2a7817efea0dc7c18 CVE-2024-1720,0,0,5a5ae92be6fac7e3fb5aac9fbad05927fd3add77d067fc4c0b5a11a75c8da7c7,2024-03-07T13:52:27.110000 CVE-2024-1722,0,0,44f76876458eb58496685e90ceedacd781a70fa58f68fffc91c47d3fb5ef0258,2024-02-29T13:49:29.390000 CVE-2024-1723,0,0,6ede5956ec1f8bc932d476f2c9a22da838daca98409da5821be1a9704022149c,2024-03-13T18:15:58.530000 -CVE-2024-1725,0,0,d50733b72e0a7510fad89b9c9b7bf0d2638e14767cb02af892440874a7d9300e,2024-04-03T00:15:08.563000 +CVE-2024-1725,0,1,2b831655c37805b5d11b8fccbdef32ca54003b5ea78039a012ddccaea3f2f5c4,2024-04-26T20:15:07.310000 CVE-2024-1726,0,0,89dad850dcc0e1a88340678c957b303bc297c72f3495f60c2d2a69bcbd7f390b,2024-04-25T17:24:59.967000 CVE-2024-1727,0,0,a7ba950431c841d63e5eda97447121909cf0b94a0e0f2a68d97b3e6ce11f4afe,2024-04-16T12:15:09.843000 CVE-2024-1728,0,0,cc77f96c808327822a9f33d38543fe59887a1a70be257d5713ef1082e9fb55b5,2024-04-10T19:49:51.183000 @@ -242721,6 +242723,7 @@ CVE-2024-25327,0,0,ed53fcf930246e366b75ca3dbc41603185b262291cf82ff3e550f2ed4e97b CVE-2024-2533,0,0,ae9342ba1479059b47493c7a685c849e75edc6d07d3006801469cf62cb6542e2,2024-04-11T01:25:27.040000 CVE-2024-25331,0,0,60a22b9e40d224a5f3b5e272a457dd70292f6aef15fb2558c273ff847702ea0c,2024-03-12T12:40:13.500000 CVE-2024-2534,0,0,7208594308b68fb6319c69a5ca4d316b95689a2de727bb79e1c50ee053eb0607,2024-04-11T01:25:27.120000 +CVE-2024-25343,1,1,9812c2138ed26a486c0f50f26db327586c2b0be33c627c7a652779aa05d0036f,2024-04-26T20:15:07.427000 CVE-2024-25344,0,0,af08989cf380f6e278fd692845297ea5605f46af513902cda38a18d17b6f3747,2024-02-26T16:32:25.577000 CVE-2024-2535,0,0,332571c5f565827ccf76a6bd5bc40568c1d0db043dbac561c7b64a0729db2bd3,2024-04-11T01:25:27.203000 CVE-2024-25350,0,0,4025b81199a224e7878ebb894cfce4cd4a7613ab77d81e491781294f349534f6,2024-02-29T13:49:47.277000 @@ -244381,8 +244384,9 @@ CVE-2024-28318,0,0,ede034690df957e6783d45bfb66a16f12d36f93dac03aab57e77aeedfffbb CVE-2024-28319,0,0,26fe071877c361c1420da78d668cd8bd73e607c2889fe07f596425c3f0efcaf7,2024-03-15T16:26:49.320000 CVE-2024-2832,0,0,c24a89a98158bb4e496d6c9324979be50b5d8206e1a887bc4c92d3f4efe6d296,2024-04-11T01:25:38.597000 CVE-2024-28323,0,0,16dacab4d536bc79350286123596ce0c92a8e24f546fb8e6e6ccdaf1dc4caa64,2024-04-24T02:15:45.820000 -CVE-2024-28325,1,1,f9d721e932f6d264bc137371c8b0906505973d152c3e0bd4b5e1aa389af73389,2024-04-26T19:59:19.793000 -CVE-2024-28327,1,1,55f0b6af593774ee591595f8fb41fe205ad2244e60ceea6d4eaa32e2cd88c42f,2024-04-26T19:59:19.793000 +CVE-2024-28325,0,0,f9d721e932f6d264bc137371c8b0906505973d152c3e0bd4b5e1aa389af73389,2024-04-26T19:59:19.793000 +CVE-2024-28326,1,1,dbde51442da791ef702d39de9102c355af1752a8791a1a24700bae6168ab23c8,2024-04-26T20:15:07.480000 +CVE-2024-28327,0,0,55f0b6af593774ee591595f8fb41fe205ad2244e60ceea6d4eaa32e2cd88c42f,2024-04-26T19:59:19.793000 CVE-2024-28328,0,0,13ef121020655e50ae4d25ba0161adfa41a8368139ae76b0ca53543e95ae92f4,2024-04-26T15:32:22.523000 CVE-2024-2833,0,0,9e113ce28ea85bd7fbbe01a048a1b11092324a333ff2f6e807d8733739209b19,2024-04-18T13:04:28.900000 CVE-2024-28335,0,0,a217e219718a353480ebe6dbe5087fa485efbd4ed754c44582430f96bbfa9ecc,2024-03-27T12:29:30.307000 @@ -245922,6 +245926,7 @@ CVE-2024-31487,0,0,ffef7fcdc05bb476a1f2c02c71de4a76075ea7f0301d6a8889db629ce9b19 CVE-2024-31492,0,0,a251126d380ad734bdcae40155276c0c8cd0f78c057d6c232814179759c90bf9,2024-04-10T19:49:51.183000 CVE-2024-31497,0,0,d90ff9b470753606034a89c278aa6cbdbffa031df39311cca8f7c7aaa4f69cec,2024-04-26T02:15:06.197000 CVE-2024-31498,0,0,db3c4e2337e3fccc66e084ef6016d8532925f451bef4124b0c2782f0c54d90b6,2024-04-08T00:15:08 +CVE-2024-31502,1,1,03896f05d8861b1f9b4ed5010e9d288b37f7173ac1019a68f73740cd343624ad,2024-04-26T21:15:49.140000 CVE-2024-31503,0,0,a2a7c8d9eaf4775895950c76302a02326a8d6e67bb7d5ec85d9e8a8516e17053,2024-04-17T12:48:07.510000 CVE-2024-31506,0,0,8be7ef5b3e9d65e4bba9dd63e2b7475f0658a4b183369094a98038d4eee40099,2024-04-10T13:24:00.070000 CVE-2024-31507,0,0,8a4d05957463fb55563022c4622a2463374ff774a0631f4c63214875a7c78bee,2024-04-10T13:24:00.070000 @@ -245947,6 +245952,7 @@ CVE-2024-31585,0,0,ca870b59b85ac9b6cfa4a8fee4976da074575d82dd3c02566198bbf835617 CVE-2024-31587,0,0,6aaa189139b27b06a683c1dac5c91d5124a2971d077e3d9157f284239b68e61a,2024-04-19T16:19:49.043000 CVE-2024-3159,0,0,90c5caca0cc5537160e74a2b26ddbcf22bba005cb0a42d8727caf893986c2f2f,2024-04-26T15:59:59.020000 CVE-2024-3160,0,0,f58561faca7869291dbd40f98b5207b12f048bddf4323b50e2fa0b0605fe77f4,2024-04-11T01:25:55.513000 +CVE-2024-31601,1,1,35104970989e767beee4d94e5225aad3a3eb393b1cbd7127247688979055f857,2024-04-26T21:15:49.207000 CVE-2024-31609,0,0,220c67e8d489cb3fe9b4bc543f7647ddfeb5c25b9b19ca8439b4928d10c6d5aa,2024-04-26T12:58:17.720000 CVE-2024-31610,0,0,bad125137564ff82d81c08c69745e1e9123b14f73eadb435f64d4af6d83d6827,2024-04-26T12:58:17.720000 CVE-2024-31615,0,0,d0e9cb7307b12540caa27ec15d72bbb39fd07c4f4f188a6a635af2cdd881915c,2024-04-26T12:58:17.720000 @@ -246499,9 +246505,13 @@ CVE-2024-32869,0,0,0e473f01ce255dcdc5f11b871766f1c1758b18f6cf26ba19adbc6c7e41a0e CVE-2024-32872,0,0,59ac24f6acf63d3b4ddeb437211a7661d520fb02f021fd6a951644796eb80a41,2024-04-24T17:16:50.397000 CVE-2024-32875,0,0,1d3ae071c5976cb38c56d9063a1b2dc7d3c3dd7317932ef76fe9cbd393a3f40f,2024-04-24T13:39:42.883000 CVE-2024-32876,0,0,56fabbd4be6ea210f5198e54b57dc9c995f989bdeb0f4e519fbeff871267be54,2024-04-24T19:58:40.710000 +CVE-2024-32878,1,1,4539a658b08348df7616e6f2cfd15e234a42ec98787f43793319e964705cddce,2024-04-26T21:15:49.260000 CVE-2024-32879,0,0,0b0046e51a12ad5b1f4492d6cff2d6482480cc94626283d2a6f79bd97479ab0a,2024-04-25T13:18:20.370000 -CVE-2024-32880,1,1,5c7d6aa44fda3ee69a48104785812fedaa6d3ea7fbc26c71102dbf3b2182bded,2024-04-26T19:59:19.793000 -CVE-2024-32884,1,1,feb09aaeaf00882860d9891266c7a76bef3350941384b117a7f5be081c117262,2024-04-26T19:59:19.793000 +CVE-2024-32880,0,0,5c7d6aa44fda3ee69a48104785812fedaa6d3ea7fbc26c71102dbf3b2182bded,2024-04-26T19:59:19.793000 +CVE-2024-32881,1,1,c1aa04cdf4c21001afb18cd817d4683610efbfbe5815d7594939b83ba1944d9a,2024-04-26T21:15:49.450000 +CVE-2024-32883,1,1,0e7b1a8483eff1f62788fd77dec858a469ab9c80a1e3c4b58f0f601259a7e9f0,2024-04-26T21:15:49.630000 +CVE-2024-32884,0,0,feb09aaeaf00882860d9891266c7a76bef3350941384b117a7f5be081c117262,2024-04-26T19:59:19.793000 +CVE-2024-32887,1,1,50d5ce55880759d1c934f694c22c7f3e332d7c773a13815daa202a325029dce8,2024-04-26T21:15:49.820000 CVE-2024-3293,0,0,3552485a27a6b6c8b2cadd17fbdb3e630238722099a3e2d8d97b0f239cd2dc1a,2024-04-23T12:52:26.253000 CVE-2024-32947,0,0,66b8169f5ed00566ee332733dff77f7ef577706d5c33e7a379a261befe2945f1,2024-04-24T17:16:50.397000 CVE-2024-32948,0,0,b7a98470b717d7f23ae7cba102d8685641e5b820f696ab6effba04fa32abb77f,2024-04-24T13:39:42.883000 @@ -246539,9 +246549,9 @@ CVE-2024-33258,0,0,9cba5ba4b2b25419975f62d52ca9fe6af0f0a8e9f9f0361b732bbec6fa910 CVE-2024-33259,0,0,7baedb8a8dc783fa88b887fd5c3c1eaf3e0afda0857f326c9372530e2281ba12,2024-04-26T15:32:22.523000 CVE-2024-33260,0,0,e8aa0d878f3a05d87e2a04d2b95090816ce2a8144679e05279a245ccba53bc96,2024-04-26T15:32:22.523000 CVE-2024-3333,0,0,8caee5b26018a8a7a4f06ec5d64d35dd731cf8d2f43a25885f4e67db044a1bff,2024-04-17T12:48:07.510000 -CVE-2024-33342,1,1,4ff11c7e369d836ce7a1244b0b48afc72b8090af879823bb663cc593e2824dbc,2024-04-26T19:59:19.793000 -CVE-2024-33343,1,1,17e1971be9c2ae8ba52a2cc25de4ae4286a5a8f05a2fb81a46885d3dfd33cb1b,2024-04-26T19:59:19.793000 -CVE-2024-33344,1,1,f74e33f11e6670462bc5b65f54260ae5e05e3409e05b053682376a20da3d6d34,2024-04-26T19:59:19.793000 +CVE-2024-33342,0,0,4ff11c7e369d836ce7a1244b0b48afc72b8090af879823bb663cc593e2824dbc,2024-04-26T19:59:19.793000 +CVE-2024-33343,0,0,17e1971be9c2ae8ba52a2cc25de4ae4286a5a8f05a2fb81a46885d3dfd33cb1b,2024-04-26T19:59:19.793000 +CVE-2024-33344,0,0,f74e33f11e6670462bc5b65f54260ae5e05e3409e05b053682376a20da3d6d34,2024-04-26T19:59:19.793000 CVE-2024-3343,0,0,c7ada54a8973c3f80fc415b1484b0c0d7aeb75e458012c05cd3c69dcc6f0e33f,2024-04-11T12:47:44.137000 CVE-2024-3344,0,0,9f0d30bf7471aa86a4cb4a703805df84e7338e4a65408c3f6ac2fd777c6250e1,2024-04-11T12:47:44.137000 CVE-2024-3346,0,0,e1501efbca46250b1b984725e11942bb9306686e2cffb2edd3d8dd5b4c4ccc5c,2024-04-11T01:25:58.637000 @@ -246916,6 +246926,11 @@ CVE-2024-4183,0,0,eb095bb2a7605255e8a8dc96da73a318d41383dcfc77f51141abcb99c5e238 CVE-2024-4195,0,0,9e1766e9cc7c084861e373f907f1af4c8e93d2e541b57b7a5442f1b9206736d6,2024-04-26T12:58:17.720000 CVE-2024-4198,0,0,860198fc45e50b7d397afb1a381e3699f22b1ade3ab4eae804ccb5eb04f2917f,2024-04-26T12:58:17.720000 CVE-2024-4234,0,0,0a64019690b8e660b74462a78d6464b10b7f38338c77c87e06c656a7f082155f,2024-04-26T15:32:22.523000 -CVE-2024-4235,1,1,99093520f9467f6bc9df1e67ba828ed8d5a52b47abe017780b1bbfac822d38bb,2024-04-26T19:59:19.793000 -CVE-2024-4236,1,1,0ea63c80ef5a1e0a1b7de7daa05065980f1ac12c4af4da3f2aa1c276e47c5740,2024-04-26T19:59:19.793000 -CVE-2024-4237,1,1,9f54c377f05529360f2b7be6375c6730ba5e0cecefd13112edd7d9b9b3c96447,2024-04-26T19:59:19.793000 +CVE-2024-4235,0,0,99093520f9467f6bc9df1e67ba828ed8d5a52b47abe017780b1bbfac822d38bb,2024-04-26T19:59:19.793000 +CVE-2024-4236,0,0,0ea63c80ef5a1e0a1b7de7daa05065980f1ac12c4af4da3f2aa1c276e47c5740,2024-04-26T19:59:19.793000 +CVE-2024-4237,0,0,9f54c377f05529360f2b7be6375c6730ba5e0cecefd13112edd7d9b9b3c96447,2024-04-26T19:59:19.793000 +CVE-2024-4238,1,1,db559af0179e5e361800f0a06c980d8109c8c965c0ec2fc6e58e7161ba58a8c3,2024-04-26T20:15:07.537000 +CVE-2024-4239,1,1,044e14e8102f28e3f3c48e3c7cdc0f05bc09da93422e58d89ce0ceb1c22daeff,2024-04-26T21:15:50.003000 +CVE-2024-4240,1,1,b6bd63709c0ba1f923b1df4e0d6c5efd649c0519ed6b8b0ea4aaf88658572963,2024-04-26T21:15:50.280000 +CVE-2024-4241,1,1,264f84de7f82f667ea602f912ab0c91f08c69cd3bac4488fa7a0558ca22ce9ae,2024-04-26T21:15:50.507000 +CVE-2024-4242,1,1,7c2c0351cc2274639c0aac327cc3b8d379b23f811f63689c6939401bba640a19,2024-04-26T21:15:50.727000