From 518b04cae35ac7cffc808cc2ef54e9d472d608af Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 8 Aug 2024 12:03:12 +0000 Subject: [PATCH] Auto-Update: 2024-08-08T12:00:16.726716+00:00 --- CVE-2024/CVE-2024-213xx/CVE-2024-21302.json | 4 +- CVE-2024/CVE-2024-28xx/CVE-2024-2800.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-30xx/CVE-2024-3035.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-31xx/CVE-2024-3114.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-381xx/CVE-2024-38166.json | 2 +- CVE-2024/CVE-2024-382xx/CVE-2024-38202.json | 4 +- CVE-2024/CVE-2024-382xx/CVE-2024-38206.json | 2 +- CVE-2024/CVE-2024-39xx/CVE-2024-3958.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-420xx/CVE-2024-42033.json | 56 +++++++++++++++ CVE-2024/CVE-2024-420xx/CVE-2024-42034.json | 56 +++++++++++++++ CVE-2024/CVE-2024-420xx/CVE-2024-42035.json | 56 +++++++++++++++ CVE-2024/CVE-2024-420xx/CVE-2024-42036.json | 56 +++++++++++++++ CVE-2024/CVE-2024-420xx/CVE-2024-42037.json | 56 +++++++++++++++ CVE-2024/CVE-2024-420xx/CVE-2024-42038.json | 56 +++++++++++++++ CVE-2024/CVE-2024-42xx/CVE-2024-4207.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-42xx/CVE-2024-4210.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-47xx/CVE-2024-4784.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-54xx/CVE-2024-5423.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-63xx/CVE-2024-6329.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-71xx/CVE-2024-7160.json | 75 +++++++++++++++++++-- CVE-2024/CVE-2024-75xx/CVE-2024-7554.json | 56 +++++++++++++++ CVE-2024/CVE-2024-76xx/CVE-2024-7610.json | 56 +++++++++++++++ README.md | 44 +++++++----- _state.csv | 51 +++++++++----- 24 files changed, 1124 insertions(+), 46 deletions(-) create mode 100644 CVE-2024/CVE-2024-28xx/CVE-2024-2800.json create mode 100644 CVE-2024/CVE-2024-30xx/CVE-2024-3035.json create mode 100644 CVE-2024/CVE-2024-31xx/CVE-2024-3114.json create mode 100644 CVE-2024/CVE-2024-39xx/CVE-2024-3958.json create mode 100644 CVE-2024/CVE-2024-420xx/CVE-2024-42033.json create mode 100644 CVE-2024/CVE-2024-420xx/CVE-2024-42034.json create mode 100644 CVE-2024/CVE-2024-420xx/CVE-2024-42035.json create mode 100644 CVE-2024/CVE-2024-420xx/CVE-2024-42036.json create mode 100644 CVE-2024/CVE-2024-420xx/CVE-2024-42037.json create mode 100644 CVE-2024/CVE-2024-420xx/CVE-2024-42038.json create mode 100644 CVE-2024/CVE-2024-42xx/CVE-2024-4207.json create mode 100644 CVE-2024/CVE-2024-42xx/CVE-2024-4210.json create mode 100644 CVE-2024/CVE-2024-47xx/CVE-2024-4784.json create mode 100644 CVE-2024/CVE-2024-54xx/CVE-2024-5423.json create mode 100644 CVE-2024/CVE-2024-63xx/CVE-2024-6329.json create mode 100644 CVE-2024/CVE-2024-75xx/CVE-2024-7554.json create mode 100644 CVE-2024/CVE-2024-76xx/CVE-2024-7610.json diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21302.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21302.json index db65aa474fa..012c11fded0 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21302.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21302.json @@ -2,13 +2,13 @@ "id": "CVE-2024-21302", "sourceIdentifier": "secure@microsoft.com", "published": "2024-08-08T02:15:37.827", - "lastModified": "2024-08-08T02:15:37.827", + "lastModified": "2024-08-08T10:15:06.203", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Summary:\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS; enabling an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS.\nMicrosoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.\nThis CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs." + "value": "Summary:\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security (VBS) including a subset of Azure Virtual Machine SKUS; enabling an attacker with administrator privileges to replace current versions of Windows system files with outdated versions. By exploiting this vulnerability, an attacker could reintroduce previously mitigated vulnerabilities, circumvent some features of VBS, and exfiltrate data protected by VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn..\nMicrosoft is developing a security update to mitigate this vulnerability, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.\nThis CVE will be updated when the mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.\nDetails:\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, Windows Server 2022 , and a subset of Azure Virtual Machines (VM) SKUs with a Windows based guestOS supporting VBS. For more information on Windows versions and VM SKUs supporting VBS, reference: Virtualization-based Security (VBS) | Microsoft Learn.\nThe vulnerability enables an attacker with administrator privileges on the target system to replace current Windows system files with outdated versions. Successful exploitation provides an attacker with the ability to reintroduce previously mitigated vulnerabilities, circumvent VBS security features, and exfiltrate data protected by VBS.\nMicrosoft is developing a security update that will revoke outdated, unpatched VBS system files to mitigate this vulnerability, but it is not yet available. Due to the complexity of blocking such a large quantity of files, rigorous testing is required to avoid integration failures or regressions. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now \u2013 Microsoft Security Response Center.\nMicrosoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 07th, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section of this CVE to protect their systems.\nRecommended Actions:\nThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.\n\nConfigure \u201cAudit Object Access\u201d settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.\n\nAudit File System - Windows 10 | Microsoft Learn\nApply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn\n\n\nAuditing sensitive privileges used to identify access, modification, or replacement of VBS related files could help indicacte attempts to exploit this vulnerability.\n\nAudit Sensitive Privilege Use - Windows 10 | Microsoft Learn\n\n\nProtect your Azure tenant by investigating administrators and users flagged for risky sign-ins and rotating their credentials.\n\nInvestigate risk Microsoft Entra ID Protection - Microsoft Entra ID Protection | Microsoft Learn\n\n\nEnabling Multi-Factor Authentication can also help alleviate concerns about compromised accounts or exposure.\n\nEnforce multifactor..." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-28xx/CVE-2024-2800.json b/CVE-2024/CVE-2024-28xx/CVE-2024-2800.json new file mode 100644 index 00000000000..45713636cf2 --- /dev/null +++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2800.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-2800", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T11:15:12.210", + "lastModified": "2024-08-08T11:15:12.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451293", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2416332", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3035.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3035.json new file mode 100644 index 00000000000..0e862ef051b --- /dev/null +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3035.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-3035", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T11:15:12.503", + "lastModified": "2024-08-08T11:15:12.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/452297", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2424715", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3114.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3114.json new file mode 100644 index 00000000000..04951f46942 --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3114.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-3114", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T11:15:12.733", + "lastModified": "2024-08-08T11:15:12.733", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 11.10 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2, with the processing logic for parsing invalid commits can lead to a regular expression DoS attack on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/452547", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2416630", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-381xx/CVE-2024-38166.json b/CVE-2024/CVE-2024-381xx/CVE-2024-38166.json index 2b641e7e7f0..a0f09914fd6 100644 --- a/CVE-2024/CVE-2024-381xx/CVE-2024-38166.json +++ b/CVE-2024/CVE-2024-381xx/CVE-2024-38166.json @@ -2,7 +2,7 @@ "id": "CVE-2024-38166", "sourceIdentifier": "secure@microsoft.com", "published": "2024-08-06T22:15:54.163", - "lastModified": "2024-08-08T02:15:38.090", + "lastModified": "2024-08-08T10:15:06.427", "vulnStatus": "Awaiting Analysis", "cveTags": [ { diff --git a/CVE-2024/CVE-2024-382xx/CVE-2024-38202.json b/CVE-2024/CVE-2024-382xx/CVE-2024-38202.json index 0fffaa5df9c..5b45099a741 100644 --- a/CVE-2024/CVE-2024-382xx/CVE-2024-38202.json +++ b/CVE-2024/CVE-2024-382xx/CVE-2024-38202.json @@ -2,13 +2,13 @@ "id": "CVE-2024-38202", "sourceIdentifier": "secure@microsoft.com", "published": "2024-08-08T02:15:38.180", - "lastModified": "2024-08-08T02:15:38.180", + "lastModified": "2024-08-08T10:15:06.550", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Summary\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.\nMicrosoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.\nThis CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.\nDetails\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.\nMicrosoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now \u2013 Microsoft Security Response Center.\nMicrosoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.\nRecommended Actions\nThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.\n\nAudit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations.\n\nAudit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn\n\n\nImplement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only.\n\nAccess Control overview | Microsoft Learn\nDiscretionary Access Control Lists (DACL)\n\n\nAuditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability.\n\nAudit Sensitive Privilege Use - Windows 10 | Microsoft Learn" + "value": "Summary\nMicrosoft was notified that an elevation of privilege vulnerability exists in Windows Backup, potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of Virtualization Based Security (VBS). However, an attacker attempting to exploit this vulnerability requires additional interaction by a privileged user to be successful.\nMicrosoft is developing a security update to mitigate this threat, but it is not yet available. Guidance to help customers reduce the risks associated with this vulnerability and to protect their systems until the mitigation is available in a Windows security update is provided in the Recommended Actions section of this CVE.\nThis CVE will be updated, and customers will be notified when the official mitigation is available in a Windows security update. We highly encourage customers to subscribe to Security Update Guide notifications to receive an alert when this update occurs.\nDetails\nA security researcher informed Microsoft of an elevation of privilege vulnerability in Windows Backup potentially enabling an attacker with basic user privileges to reintroduce previously mitigated vulnerabilities or circumvent some features of VBS. For exploitation to succeed, an attacker must trick or convince an Administrator or a user with delegated permissions into performing a system restore which inadvertently triggers the vulnerability.\nMicrosoft is developing a security update that will mitigate this vulnerability, but it is not yet available. This CVE will be updated with new information and links to the security updates once available. We highly encourage customers subscribe to Security Update Guide notifications to be alerted of updates. See Microsoft Technical Security Notifications and Security Update Guide Notification System News: Create your profile now \u2013 Microsoft Security Response Center.\nMicrosoft is not aware of any attempts to exploit this vulnerability. However, a public presentation regarding this vulnerability was hosted at BlackHat on August 7, 2024. The presentation was appropriately coordinated with Microsoft but may change the threat landscape. Customers concerned with these risks should reference the guidance provided in the Recommended Actions section to protect their systems.\nRecommended Actions\nThe following recommendations do not mitigate the vulnerability but can be used to reduce the risk of exploitation until the security update is available.\n\nConfigure \u201cAudit Object Access\u201d settings to monitor attempts to access files, such as handle creation, read / write operations, or modifications to security descriptors.\n\nAudit File System - Windows 10 | Microsoft Learn\nApply a basic audit policy on a file or folder - Windows 10 | Microsoft Learn\n\n\nAudit users with permission to perform Backup and Restore operations to ensure only the appropriate users can perform these operations.\n\nAudit: Audit the use of Backup and Restore privilege (Windows 10) - Windows 10 | Microsoft Learn\n\n\nImplement an Access Control List or Discretionary Access Control Lists to restrict the access or modification of Backup files and perform Restore operations to appropriate users, for example administrators only.\n\nAccess Control overview | Microsoft Learn\nDiscretionary Access Control Lists (DACL)\n\n\nAuditing sensitive privileges used to identify access, modification, or replacement of Backup related files could help indicate attempts to exploit this vulnerability.\n\nAudit Sensitive Privilege Use - Windows 10 | Microsoft Learn" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-382xx/CVE-2024-38206.json b/CVE-2024/CVE-2024-382xx/CVE-2024-38206.json index 80ea0dbe350..2ecbe14a209 100644 --- a/CVE-2024/CVE-2024-382xx/CVE-2024-38206.json +++ b/CVE-2024/CVE-2024-382xx/CVE-2024-38206.json @@ -2,7 +2,7 @@ "id": "CVE-2024-38206", "sourceIdentifier": "secure@microsoft.com", "published": "2024-08-06T22:15:54.430", - "lastModified": "2024-08-08T02:15:38.417", + "lastModified": "2024-08-08T10:15:06.697", "vulnStatus": "Awaiting Analysis", "cveTags": [ { diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3958.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3958.json new file mode 100644 index 00000000000..f9b6e4cd460 --- /dev/null +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3958.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-3958", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T11:15:12.967", + "lastModified": "2024-08-08T11:15:12.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/456988", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2437784", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42033.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42033.json new file mode 100644 index 00000000000..3e036c2b278 --- /dev/null +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42033.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42033", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-08-08T10:15:06.813", + "lastModified": "2024-08-08T10:15:06.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Access control vulnerability in the security verification module\nmpact: Successful exploitation of this vulnerability will affect integrity and confidentiality." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.1, + "impactScore": 5.3 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-840" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2024/8/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42034.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42034.json new file mode 100644 index 00000000000..f8471fa7ccc --- /dev/null +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42034.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42034", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-08-08T10:15:07.223", + "lastModified": "2024-08-08T10:15:07.223", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "LaunchAnywhere vulnerability in the account module.\nImpact: Successful exploitation of this vulnerability may affect service confidentiality." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-840" + } + ] + } + ], + "references": [ + { + "url": "https://https://consumer.huawei.com/en/support/bulletin/2024/8/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42035.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42035.json new file mode 100644 index 00000000000..fdd8305d9c4 --- /dev/null +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42035.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42035", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-08-08T10:15:07.637", + "lastModified": "2024-08-08T10:15:07.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Permission control vulnerability in the App Multiplier module\nImpact:Successful exploitation of this vulnerability may affect functionality and confidentiality." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-264" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2024/8/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42036.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42036.json new file mode 100644 index 00000000000..e6daedd0393 --- /dev/null +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42036.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42036", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-08-08T10:15:07.967", + "lastModified": "2024-08-08T10:15:07.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Access permission verification vulnerability in the Notepad module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.0, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2024/8/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42037.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42037.json new file mode 100644 index 00000000000..2d196cb5007 --- /dev/null +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42037.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42037", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-08-08T10:15:08.323", + "lastModified": "2024-08-08T10:15:08.323", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of uncaught exceptions in the Graphics module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-248" + } + ] + } + ], + "references": [ + { + "url": "https://https://consumer.huawei.com/en/support/bulletin/2024/8/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42038.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42038.json new file mode 100644 index 00000000000..82b55e381de --- /dev/null +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42038.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42038", + "sourceIdentifier": "psirt@huawei.com", + "published": "2024-08-08T10:15:08.700", + "lastModified": "2024-08-08T10:15:08.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability of PIN enhancement failures in the screen lock module\nImpact: Successful exploitation of this vulnerability may affect service confidentiality, integrity, and availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@huawei.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-310" + } + ] + } + ], + "references": [ + { + "url": "https://consumer.huawei.com/en/support/bulletin/2024/8/", + "source": "psirt@huawei.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4207.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4207.json new file mode 100644 index 00000000000..0c4066cac23 --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4207.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-4207", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T11:15:13.183", + "lastModified": "2024-08-08T11:15:13.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458236", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2473917", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4210.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4210.json new file mode 100644 index 00000000000..403b3a0ee43 --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4210.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-4210", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T10:15:09.040", + "lastModified": "2024-08-08T10:15:09.040", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 12.6 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause a denial of service using crafted adoc files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/458245", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2431562", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4784.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4784.json new file mode 100644 index 00000000000..1cefecc8c6a --- /dev/null +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4784.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-4784", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T10:15:09.390", + "lastModified": "2024-08-08T10:15:09.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in GitLab EE starting from version 16.7 before 17.0.6, version 17.1 before 17.1.4 and 17.2 before 17.2.2 that allowed bypassing the password re-entry requirement to approve a policy." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-305" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/461248", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2486223", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5423.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5423.json new file mode 100644 index 00000000000..d0ca3a0de77 --- /dev/null +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5423.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-5423", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T11:15:13.410", + "lastModified": "2024-08-08T11:15:13.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2 which allowed an attacker to cause resource exhaustion via banzai pipeline." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/463807", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2518563", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6329.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6329.json new file mode 100644 index 00000000000..01f404a03b4 --- /dev/null +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6329.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-6329", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T10:15:09.857", + "lastModified": "2024-08-08T10:15:09.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2, which causes the web interface to fail to render the diff correctly when the path is encoded." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/468937", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2542483", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-71xx/CVE-2024-7160.json b/CVE-2024/CVE-2024-71xx/CVE-2024-7160.json index 2d069db3b8f..a0cfa1f913a 100644 --- a/CVE-2024/CVE-2024-71xx/CVE-2024-7160.json +++ b/CVE-2024/CVE-2024-71xx/CVE-2024-7160.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7160", "sourceIdentifier": "cna@vuldb.com", "published": "2024-07-28T15:15:10.163", - "lastModified": "2024-07-29T14:12:08.783", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-08-08T11:59:02.483", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +140,65 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:totolink:a3700r_firmware:9.1.2u.5822_b20200513:*:*:*:*:*:*:*", + "matchCriteriaId": "C3F5D7B3-9362-4A1F-A53C-8B7DA8CAFAA0" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:totolink:a3700r:-:*:*:*:*:*:*:*", + "matchCriteriaId": "05777EB4-0963-4317-AB0B-287A2140915D" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/TOTOLINK/A3700R/setWanCfg.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit" + ] }, { "url": "https://vuldb.com/?ctiid.272574", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.272574", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.377080", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-75xx/CVE-2024-7554.json b/CVE-2024/CVE-2024-75xx/CVE-2024-7554.json new file mode 100644 index 00000000000..013676ea5d8 --- /dev/null +++ b/CVE-2024/CVE-2024-75xx/CVE-2024-7554.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-7554", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T11:15:13.633", + "lastModified": "2024-08-08T11:15:13.633", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Under certain conditions, access tokens may have been logged when an API request was made in a specific manner." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/471555", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-76xx/CVE-2024-7610.json b/CVE-2024/CVE-2024-76xx/CVE-2024-7610.json new file mode 100644 index 00000000000..870c7362309 --- /dev/null +++ b/CVE-2024/CVE-2024-76xx/CVE-2024-7610.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-7610", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-08-08T11:15:13.857", + "lastModified": "2024-08-08T11:15:13.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/468917", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e9168373e26..ca12533dca0 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-08T10:00:17.045429+00:00 +2024-08-08T12:00:16.726716+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-08T09:15:08.623000+00:00 +2024-08-08T11:59:02.483000+00:00 ``` ### Last Data Feed Release @@ -33,31 +33,41 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -259334 +259351 ``` ### CVEs added in the last Commit -Recently added CVEs: `12` +Recently added CVEs: `17` -- [CVE-2023-7265](CVE-2023/CVE-2023-72xx/CVE-2023-7265.json) (`2024-08-08T08:15:04.740`) -- [CVE-2024-22069](CVE-2024/CVE-2024-220xx/CVE-2024-22069.json) (`2024-08-08T08:15:05.123`) -- [CVE-2024-42030](CVE-2024/CVE-2024-420xx/CVE-2024-42030.json) (`2024-08-08T09:15:07.290`) -- [CVE-2024-42031](CVE-2024/CVE-2024-420xx/CVE-2024-42031.json) (`2024-08-08T09:15:07.630`) -- [CVE-2024-42032](CVE-2024/CVE-2024-420xx/CVE-2024-42032.json) (`2024-08-08T09:15:07.740`) -- [CVE-2024-42251](CVE-2024/CVE-2024-422xx/CVE-2024-42251.json) (`2024-08-08T09:15:08.070`) -- [CVE-2024-42252](CVE-2024/CVE-2024-422xx/CVE-2024-42252.json) (`2024-08-08T09:15:08.150`) -- [CVE-2024-42253](CVE-2024/CVE-2024-422xx/CVE-2024-42253.json) (`2024-08-08T09:15:08.220`) -- [CVE-2024-42254](CVE-2024/CVE-2024-422xx/CVE-2024-42254.json) (`2024-08-08T09:15:08.290`) -- [CVE-2024-42255](CVE-2024/CVE-2024-422xx/CVE-2024-42255.json) (`2024-08-08T09:15:08.470`) -- [CVE-2024-42256](CVE-2024/CVE-2024-422xx/CVE-2024-42256.json) (`2024-08-08T09:15:08.553`) -- [CVE-2024-42257](CVE-2024/CVE-2024-422xx/CVE-2024-42257.json) (`2024-08-08T09:15:08.623`) +- [CVE-2024-2800](CVE-2024/CVE-2024-28xx/CVE-2024-2800.json) (`2024-08-08T11:15:12.210`) +- [CVE-2024-3035](CVE-2024/CVE-2024-30xx/CVE-2024-3035.json) (`2024-08-08T11:15:12.503`) +- [CVE-2024-3114](CVE-2024/CVE-2024-31xx/CVE-2024-3114.json) (`2024-08-08T11:15:12.733`) +- [CVE-2024-3958](CVE-2024/CVE-2024-39xx/CVE-2024-3958.json) (`2024-08-08T11:15:12.967`) +- [CVE-2024-42033](CVE-2024/CVE-2024-420xx/CVE-2024-42033.json) (`2024-08-08T10:15:06.813`) +- [CVE-2024-42034](CVE-2024/CVE-2024-420xx/CVE-2024-42034.json) (`2024-08-08T10:15:07.223`) +- [CVE-2024-42035](CVE-2024/CVE-2024-420xx/CVE-2024-42035.json) (`2024-08-08T10:15:07.637`) +- [CVE-2024-42036](CVE-2024/CVE-2024-420xx/CVE-2024-42036.json) (`2024-08-08T10:15:07.967`) +- [CVE-2024-42037](CVE-2024/CVE-2024-420xx/CVE-2024-42037.json) (`2024-08-08T10:15:08.323`) +- [CVE-2024-42038](CVE-2024/CVE-2024-420xx/CVE-2024-42038.json) (`2024-08-08T10:15:08.700`) +- [CVE-2024-4207](CVE-2024/CVE-2024-42xx/CVE-2024-4207.json) (`2024-08-08T11:15:13.183`) +- [CVE-2024-4210](CVE-2024/CVE-2024-42xx/CVE-2024-4210.json) (`2024-08-08T10:15:09.040`) +- [CVE-2024-4784](CVE-2024/CVE-2024-47xx/CVE-2024-4784.json) (`2024-08-08T10:15:09.390`) +- [CVE-2024-5423](CVE-2024/CVE-2024-54xx/CVE-2024-5423.json) (`2024-08-08T11:15:13.410`) +- [CVE-2024-6329](CVE-2024/CVE-2024-63xx/CVE-2024-6329.json) (`2024-08-08T10:15:09.857`) +- [CVE-2024-7554](CVE-2024/CVE-2024-75xx/CVE-2024-7554.json) (`2024-08-08T11:15:13.633`) +- [CVE-2024-7610](CVE-2024/CVE-2024-76xx/CVE-2024-7610.json) (`2024-08-08T11:15:13.857`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `5` +- [CVE-2024-21302](CVE-2024/CVE-2024-213xx/CVE-2024-21302.json) (`2024-08-08T10:15:06.203`) +- [CVE-2024-38166](CVE-2024/CVE-2024-381xx/CVE-2024-38166.json) (`2024-08-08T10:15:06.427`) +- [CVE-2024-38202](CVE-2024/CVE-2024-382xx/CVE-2024-38202.json) (`2024-08-08T10:15:06.550`) +- [CVE-2024-38206](CVE-2024/CVE-2024-382xx/CVE-2024-38206.json) (`2024-08-08T10:15:06.697`) +- [CVE-2024-7160](CVE-2024/CVE-2024-71xx/CVE-2024-7160.json) (`2024-08-08T11:59:02.483`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e586302dd69..1c6070778c4 100644 --- a/_state.csv +++ b/_state.csv @@ -240876,7 +240876,7 @@ CVE-2023-7258,0,0,743a17302c5d0deefce3c9c18515bc1a780c1d3e967dd943e69bc9c091c417 CVE-2023-7259,0,0,4927c73cd38943cc915f51b0766c09a76100affe33b1049612344f19331c1f96,2024-08-02T09:15:55.730000 CVE-2023-7261,0,0,44080cc2bc0d6a25d80bc7855327b03309b2d9def17d97f1c55e50122c67ac97,2024-07-03T01:44:30.563000 CVE-2023-7264,0,0,51dd8b83703649c91504628a1d95022ef41c77d28d8363a527e775cafaba1511,2024-06-11T13:54:12.057000 -CVE-2023-7265,1,1,890ec57e66f396f1f0bed86289111ee4178d84475c1ba3c564d24c4cac68b141,2024-08-08T08:15:04.740000 +CVE-2023-7265,0,0,890ec57e66f396f1f0bed86289111ee4178d84475c1ba3c564d24c4cac68b141,2024-08-08T08:15:04.740000 CVE-2023-7268,0,0,cddf00fb75fb363308068c92d4a58df3d516324074a1a2ced29fd3b08d0ccedc,2024-08-01T13:45:52.747000 CVE-2023-7269,0,0,110b6fee8b2eb3cb456f239293a3205ab38d8cdb9856a830f8977329472aa48f,2024-08-01T13:45:52.937000 CVE-2023-7270,0,0,c4a95bbd7a0e223852dd2f2d2c06a04667d14324aaf73c1dbbc09c6df6d4237c,2024-08-01T13:45:53.123000 @@ -243493,7 +243493,7 @@ CVE-2024-2127,0,0,fee555ba22c69f33931ace66815b77d0a5796e2ad55c5d25b843a412734e73 CVE-2024-2128,0,0,ad241575873847a0cb8491370112d4603dbee504ed1e31d448d346ee3b31a6d6,2024-03-08T14:02:57.420000 CVE-2024-2129,0,0,4e7afd99b608981f119f3e5da184ba51484f21aa33b32d2a6446850d6a9f1652,2024-03-20T13:00:16.367000 CVE-2024-2130,0,0,949f4490e30f20ac86b94271cd74ebfff8857dc5306a19f843591857ffe5e5d6,2024-03-13T12:33:51.697000 -CVE-2024-21302,0,0,6ab0d9f18c333c7ce877230e7c918b958b1977b8bbb6d9f55f7951b37d206426,2024-08-08T02:15:37.827000 +CVE-2024-21302,0,1,9052b1631dc308c3997a1797724332da21e9257136934a08d7b00079fdb14102,2024-08-08T10:15:06.203000 CVE-2024-21303,0,0,d58ef53ce2250cc88ff41c4958354d161d0e089fca6702a30570cf750b5a8215,2024-07-09T18:18:38.713000 CVE-2024-21304,0,0,aee35375e056bcda8357796076fddae312bf87811aac2cea1256e28fc4176e51,2024-06-11T15:15:58.253000 CVE-2024-21305,0,0,53ae725a4db9001e5894d4654d0d4d95d10acc8936d902ba245a4100e59e1d3e,2024-06-11T15:15:58.433000 @@ -244060,7 +244060,7 @@ CVE-2024-22060,0,0,c7ff273a679d964f52a0555cc6f7fed8e0bf8a1a9d58b589cfa2ca0ee90c6 CVE-2024-22061,0,0,a2f8b1edabd606da9b855ff3e3612ece1cc2a51d553a7dadaf2301f49cdc94da,2024-07-03T01:47:02.763000 CVE-2024-22062,0,0,cc06929fe5df33d033a09c6d5b184881dcbf0939fe62637d4555c345e1a11ac3,2024-07-09T18:19:14.047000 CVE-2024-22064,0,0,4ab6f1fd7aac8f5f705eb95fc6fb847518aebb95babd98d77adf15137fe26c27,2024-05-14T16:13:02.773000 -CVE-2024-22069,1,1,4f7edb7ea6d8912dcefd9b24095c287add73b63c843ed25146ac0c322f48366b,2024-08-08T08:15:05.123000 +CVE-2024-22069,0,0,4f7edb7ea6d8912dcefd9b24095c287add73b63c843ed25146ac0c322f48366b,2024-08-08T08:15:05.123000 CVE-2024-22074,0,0,a1a776748154594eabd5bedbe0254430e590ea44ffb88bfb446bfd71a59f69e3,2024-06-07T14:56:05.647000 CVE-2024-22075,0,0,a5af4a36684a159511579f89d3ce85206e57c3558ab3a4b37d02f2a846a5e5f1,2024-01-10T15:06:42.563000 CVE-2024-22076,0,0,ad579321d212e2fb374b8124959febe687d1d1197907430ed2ba5046da4cb421,2024-02-22T02:15:49.207000 @@ -248202,6 +248202,7 @@ CVE-2024-27996,0,0,5aaae661a6fb92b939550d770c3ab033edc85310e1d2be696c3be929f4996 CVE-2024-27997,0,0,38211b675f4409064c6233281099da5f5fa00ff059690325dad2c59b915c01fd,2024-03-20T13:00:16.367000 CVE-2024-27998,0,0,4b6f230fe964647fb680f6367b279bba522ac93005c2e8f6d523205374f3e144,2024-03-20T13:00:16.367000 CVE-2024-27999,0,0,eb71f5e78ce23e710caf587ffd7cde1246a6fc9b58a11c7b1c6cbe38842e0f52,2024-03-28T12:42:56.150000 +CVE-2024-2800,1,1,0acf6b56c9395a561dcf6a077e02644bc065648cc9996514087e41c77fbb718e,2024-08-08T11:15:12.210000 CVE-2024-28001,0,0,769e60058cb29be891e3bd26013be397b6ae5a2c1de4b96ae3237e85af5cdd26,2024-03-28T12:42:56.150000 CVE-2024-28002,0,0,979c468740a66c74eeb1c5784ee90077b381a78255d231d99fff807000c5cb6b,2024-03-28T12:42:56.150000 CVE-2024-28003,0,0,bcd81510a407f30bd1be1a23c4e2407dda3d4099189594d6f9ca0831debc8ffd,2024-03-28T12:42:56.150000 @@ -249761,6 +249762,7 @@ CVE-2024-30346,0,0,5b5a05e58b1d0147ecf944d685aa2cb684c437094256980b72baf598e0e39 CVE-2024-30347,0,0,3832109021fb5377af15708c62232a57c5d24e9d2ff3a0f47b969600fc56c7e2,2024-04-03T12:38:04.840000 CVE-2024-30348,0,0,b7419de89d8ae654b53594301d010d5fddf20c53591f31b58044cfc4d2546f37,2024-04-03T12:38:04.840000 CVE-2024-30349,0,0,25aa9323693beb08b7ab8bd5f7a119ec8b674d7e4855843e08ed1d40130ed8a9,2024-04-03T12:38:04.840000 +CVE-2024-3035,1,1,9f952d7a1eb9c5ddc56eb45b6b9cf43a4f7e39e00c5088af8aa50ab213f7e90f,2024-08-08T11:15:12.503000 CVE-2024-30350,0,0,8e1b9e28a9318580e1c2a60beb33a603136695646ec8eec64233a58463351c70,2024-04-03T12:38:04.840000 CVE-2024-30351,0,0,ecc0a626d0b84c1ea6187fb97e8580125e971055c09fe20b6f73f3ab539147d2,2024-04-03T12:38:04.840000 CVE-2024-30352,0,0,5f84adb833e26addccbf839c02a46013d238d5f13fa74ae57d6b24ed1b254339,2024-04-03T12:38:04.840000 @@ -250293,6 +250295,7 @@ CVE-2024-31136,0,0,fc3cbe768e48d4625e33825c87e8160fa75cbd797dbb2249521e321016035 CVE-2024-31137,0,0,24dca0985c04b079d91e4a71b8f459f589e7387b6e8baa6268bf1899b5ce24d9,2024-04-08T22:41:02.117000 CVE-2024-31138,0,0,e862c1086da58a416fbb8daccc103d417726a0d0d62aa3907b1f09b19f01be5e,2024-04-08T22:41:43.087000 CVE-2024-31139,0,0,1f981793bc0ffd1f30ec0eaae2f049959f8e2058241da40737858920eb14a44c,2024-03-28T16:07:30.893000 +CVE-2024-3114,1,1,fc62a3b70ff34887d133e1073ef72a41c208bac035cce96bc556ed442c446244,2024-08-08T11:15:12.733000 CVE-2024-31140,0,0,1880c35ac5ba5af45eb21413401eeeaab09be8abf223654f6041d65ff3324893,2024-03-28T16:07:30.893000 CVE-2024-31142,0,0,16502fe8420294098dded506476ced118645fadee97cfcf27213cce5ae7650bd,2024-05-16T15:44:44.683000 CVE-2024-31143,0,0,eabf4443a972046b843b5c51a5a64a52c1ff6d2355a7d22418dbd22e53cf86f5,2024-07-19T13:01:44.567000 @@ -254918,15 +254921,15 @@ CVE-2024-3815,0,0,55e2d42c0e61accee69ffa342efcde0fddef3a4ea430c0440620925be3cd14 CVE-2024-38156,0,0,b24436c85d01ced9aa10bffdcc3048064061e2106e9f06caaac14532dc6e9f6d,2024-07-19T13:01:44.567000 CVE-2024-3816,0,0,75ffa648a8fdfd5e75d27a5c1f7d2535fe4ef8b6da1bbd82db22ae48c443785a,2024-08-01T13:56:42.403000 CVE-2024-38164,0,0,61f090a580db18da87c17a5aaaecf0d4c74a1627bb07a737232d22421913c30c,2024-08-02T04:17:24.557000 -CVE-2024-38166,0,0,fcff7ded1512124db96de3102dcc2c693ec7188034bf14fc21698b8dc05d7afa,2024-08-08T02:15:38.090000 +CVE-2024-38166,0,1,586e4ce0bd2bea9e2f091122623e7474c7b6ecb28400edb449a9b39d548d353e,2024-08-08T10:15:06.427000 CVE-2024-3817,0,0,4cefb34eb15d4ef81a2470a00ac0f43601ef6263c0fd4425e7542c27d02dfa54,2024-04-18T13:04:28.900000 CVE-2024-38176,0,0,9b2b21b2ffaaf0c79ea2462db71750a351bbe8e9b4ac053f46219745b5043ccf,2024-08-02T04:17:24.717000 CVE-2024-3818,0,0,b4c982a18364880791124fa7ba25840b7eb37a53aa1551fa23324d948b6ddd3f,2024-04-19T13:10:25.637000 CVE-2024-38182,0,0,b4d26c4f4cbe1c2272cffdb42dee316497d9ebef820b6332d9e510a850c3591f,2024-08-02T04:17:24.853000 CVE-2024-3819,0,0,c25bdc543ba06fd05ac51b0b8912467c3fc6d8848be54d697bfdb5995b1a7e51,2024-05-02T18:00:37.360000 CVE-2024-3820,0,0,8985e7d1e7aecc5fe081b43705d723ec0ca067093ca4a65f30dd280cab84082f,2024-06-03T14:46:24.250000 -CVE-2024-38202,0,0,7e3e302c9863aad4c78d451a12cbf6c275311261e0973373f5b2f6b4889970b8,2024-08-08T02:15:38.180000 -CVE-2024-38206,0,0,2491ef38cfeb322b7604970e2f094b582aa3b4efc555819552f00c0d56c8060f,2024-08-08T02:15:38.417000 +CVE-2024-38202,0,1,496cc8bcfe99d8b2671ddc698861000b905c5cce56449cb45f4241246c68dbca,2024-08-08T10:15:06.550000 +CVE-2024-38206,0,1,dd175e037cab9dc4093e3378ea7bcc26247bba568e32cb7ce786ec2d3fcb8f36,2024-08-08T10:15:06.697000 CVE-2024-3821,0,0,3ffbadbdaf34f564e9c498f1baa8fe758531e73989a1bbb861692bcbfdfc262c,2024-06-03T14:46:24.250000 CVE-2024-3822,0,0,51b0f82a9028abb2f3a6ab312236a4c8392000a211092257ada320c541b18cc9,2024-05-15T16:40:19.330000 CVE-2024-3823,0,0,53ae63b27eb43a6740a92f1ff13f05ddd2a8941167fdfb2924cdfa6b561369e6,2024-05-15T16:40:19.330000 @@ -255680,6 +255683,7 @@ CVE-2024-3957,0,0,6be73190d0db646071e408d26fd6054938440e63fb695d16249857bd780649 CVE-2024-39570,0,0,477f2cc2b899254fd1996622a7d04056a7ae423def8bf935cbc64caf51d26e12,2024-07-09T18:19:14.047000 CVE-2024-39571,0,0,5f5a00a374a36754f81b606fe5b7617af673280667e3ded939b747c7e23ff34f,2024-07-09T18:19:14.047000 CVE-2024-39573,0,0,66fc7feceb0e35a8b2e536fb0fe145ff47c70fa679791c05a2dafe67c9ad9e6e,2024-07-12T14:15:16.400000 +CVE-2024-3958,1,1,b96b699b59e7932d6bd12a899daace96e5a433127b7ddbae4827d9eef989af8b,2024-08-08T11:15:12.967000 CVE-2024-3959,0,0,1ce1302f5c536ae0ba1596a30e53c3274b88d91eb780326b1103788329e8cf86,2024-06-28T13:21:52.223000 CVE-2024-39592,0,0,092a544949de7319ae89291bc739a96163c6c0d37a46e6cc9f12df6e56b452d2,2024-07-09T18:19:14.047000 CVE-2024-39593,0,0,51f4661ccbaba7452aac7223f24d0b1eb585ba800f6962a627249fa8658c86e6,2024-07-09T18:19:14.047000 @@ -256706,9 +256710,15 @@ CVE-2024-42010,0,0,473a8e996e0306946759862f1a62bb818641d9cba2a711ec27286414dbf29 CVE-2024-4202,0,0,614a40ef1052d861451b397b9533024f5e9aecccff7f20e945fab06926a9f188,2024-05-15T18:35:11.453000 CVE-2024-42029,0,0,b7c83a25bc8a9601f6f3c6ebb603ce94146556b10d1f548176b0b38619ce3b21,2024-08-01T13:59:17.407000 CVE-2024-4203,0,0,52cf8a9be62388459acdc9c8c655685172127a00eca72ac9344c4d8920cfc78f,2024-05-02T18:00:37.360000 -CVE-2024-42030,1,1,94561bb1e2517c067b66e210c682348f762e843f787852b7fea3b0f67eb53df6,2024-08-08T09:15:07.290000 -CVE-2024-42031,1,1,83ac20bdb3df5735abb4ce0f3bd6f26a076409b38c49e9880daeb73e705cbb3e,2024-08-08T09:15:07.630000 -CVE-2024-42032,1,1,1a707656fc40446e74fde41df0e411d232fbfc64b011b0c0dac0acba50e79fef,2024-08-08T09:15:07.740000 +CVE-2024-42030,0,0,94561bb1e2517c067b66e210c682348f762e843f787852b7fea3b0f67eb53df6,2024-08-08T09:15:07.290000 +CVE-2024-42031,0,0,83ac20bdb3df5735abb4ce0f3bd6f26a076409b38c49e9880daeb73e705cbb3e,2024-08-08T09:15:07.630000 +CVE-2024-42032,0,0,1a707656fc40446e74fde41df0e411d232fbfc64b011b0c0dac0acba50e79fef,2024-08-08T09:15:07.740000 +CVE-2024-42033,1,1,185921280880703f71cb46983bd7d83f51c11795a672d557b8718f0bad0e5b55,2024-08-08T10:15:06.813000 +CVE-2024-42034,1,1,973d8108490489454e0bf9ea085ec9fbd1eb59923cca4bb1821a03827d61fa9f,2024-08-08T10:15:07.223000 +CVE-2024-42035,1,1,ad2f03d2693ce1f1315e8156ac48e8107de4937d9ea1f42b12356f7033882064,2024-08-08T10:15:07.637000 +CVE-2024-42036,1,1,46b43b353e63f07e15ba7473a5649e68b7d14c15995c19d75c8aa919a2145003,2024-08-08T10:15:07.967000 +CVE-2024-42037,1,1,6845898e4d00b9a87a823329c695ccba8957518e014455bc1bb5719a6df90cb0,2024-08-08T10:15:08.323000 +CVE-2024-42038,1,1,28b28da814d0b8eaea3e8df15e6486f862415ceb74f6344d6232bae188c2ae4e,2024-08-08T10:15:08.700000 CVE-2024-4204,0,0,862cae0d91d079678d989fc30b77e9abff361be6cebd83fcf5dbeecd5c0be203,2024-05-17T18:36:05.263000 CVE-2024-42049,0,0,9abf5139ab1afe8d55de5e333c97afa73e09c57ae34abc37f55eb8e975c40df6,2024-08-01T13:59:18.253000 CVE-2024-4205,0,0,3bc679c8856618cb4acfda15e793a18c79adc1e7d27d459136a04f77802a5775,2024-05-31T13:01:46.727000 @@ -256727,6 +256737,7 @@ CVE-2024-42066,0,0,13367e8042c7deb50de62c4bc97d68b98aeec4d6d8b79660880bbd2b9f975 CVE-2024-42067,0,0,76b8a48a5c9c39c834303c1ab49427d9ea91f3b40b52494de61b4b6e2c5fda5d,2024-07-30T19:02:20.687000 CVE-2024-42068,0,0,1a160585aaee5b8057f9754dd933ab025ae98bb2f1265de1f07411334b3b7824,2024-07-30T19:02:12.100000 CVE-2024-42069,0,0,60fa9d91087c81456e7c5fb921427aaf3b5afe0a67efd57dd11a894c17fbb41c,2024-07-30T19:01:58.623000 +CVE-2024-4207,1,1,a3fd528aeb6936c82ad85e780b2940441bff6e9fa460564e4b8ba06ee6a559c3,2024-08-08T11:15:13.183000 CVE-2024-42070,0,0,e64f943ce3129e4d8ae036dffdbca01cf0dc26f8755575b087b493eb24d90087,2024-07-30T19:01:47.300000 CVE-2024-42071,0,0,ff080b79e51ffa2c8ca921ced41476b4268b9bbb102ab5b0e74f4466a89e1962,2024-07-30T19:01:26.950000 CVE-2024-42072,0,0,0b4090285289756aa6386870bfb03879aa1c74b07de9263b8ad88a48de945c2e,2024-07-30T19:01:12.833000 @@ -256759,6 +256770,7 @@ CVE-2024-42096,0,0,a51020378e9a53609e2b9850304f0387470e69965face3c10e6612960442f CVE-2024-42097,0,0,daadf967612be031bceee3a5cf360a6b7c8656301780004df63ba219cd6f1380,2024-07-30T13:33:30.653000 CVE-2024-42098,0,0,8a4ff599a1d3537153a17ab56baf7b7f5c48f0c9fee61b69ebcae9dd8a773bcb,2024-07-30T13:33:30.653000 CVE-2024-42099,0,0,3238974df1fe016605810e840ae3252de7cbfd02bda034d599f06c9b461b006a,2024-07-30T13:32:45.943000 +CVE-2024-4210,1,1,02d453700834387bc607882aeafe8f920690f681564ae65990b3eb3cf7539306,2024-08-08T10:15:09.040000 CVE-2024-42100,0,0,9f2359920901de15a72f82c74dd31f7cfd476c8a0553c2aa7b3605f8c3eb567f,2024-07-30T13:32:45.943000 CVE-2024-42101,0,0,6d069e38aa3f18a2a0a6e9be9f28470a6cc7ed22cac8ea0737ad55264e1063cf,2024-07-30T13:32:45.943000 CVE-2024-42102,0,0,b393750cc98fbc2e434d92ada85c648c1e90398cfa4c8b1d811e7cdf1188cc46,2024-07-30T13:32:45.943000 @@ -256866,13 +256878,13 @@ CVE-2024-42248,0,0,9daba88013a62f39f5836d2ca2738ebe99311dc207e5be6d1a23f2affcf30 CVE-2024-42249,0,0,bf365edc2c96a4876083f80ea351bf6e74bd1f39215b48e95af26a5324f39b9e,2024-08-07T19:09:46.290000 CVE-2024-4225,0,0,91f68c0336340065fb4af26f099ffa4f82ba2dd159bb3bc13f7cb1abcd1de276,2024-04-30T13:11:16.690000 CVE-2024-42250,0,0,dfd6a9d9259f9bcb46737f53714c27140f6ba7141f4054a83b1176fd288dd5ec,2024-08-07T19:09:46.290000 -CVE-2024-42251,1,1,7f7af6d431c08fbcc40bd3d68cd140d90d9fe2cb09665042e4ef59c79a8127d5,2024-08-08T09:15:08.070000 -CVE-2024-42252,1,1,529d646fabbb82236681e08658cd9b17e79fccf2c3021c0f9c9e9376eea0ab9b,2024-08-08T09:15:08.150000 -CVE-2024-42253,1,1,3814e17c32947bba23c733aaf3ed825eb5fc25c2c917d90019bfd98692998134,2024-08-08T09:15:08.220000 -CVE-2024-42254,1,1,4f38ff5b2aa4dd6a863e782eaf6c92509770d5616de4d628f3ca5287c16555b6,2024-08-08T09:15:08.290000 -CVE-2024-42255,1,1,02f1c51e544ecf0e0927dd4a3124a16bc6a23c978d646cfc52678c714b99519e,2024-08-08T09:15:08.470000 -CVE-2024-42256,1,1,6e47fcebc446699493597f465b2bc1e43627a651371449b196097e116eedf5c7,2024-08-08T09:15:08.553000 -CVE-2024-42257,1,1,fa7262574e2d2cad98271f0bba286834c39f233e6b3d62fbae7e1039c01d15f6,2024-08-08T09:15:08.623000 +CVE-2024-42251,0,0,7f7af6d431c08fbcc40bd3d68cd140d90d9fe2cb09665042e4ef59c79a8127d5,2024-08-08T09:15:08.070000 +CVE-2024-42252,0,0,529d646fabbb82236681e08658cd9b17e79fccf2c3021c0f9c9e9376eea0ab9b,2024-08-08T09:15:08.150000 +CVE-2024-42253,0,0,3814e17c32947bba23c733aaf3ed825eb5fc25c2c917d90019bfd98692998134,2024-08-08T09:15:08.220000 +CVE-2024-42254,0,0,4f38ff5b2aa4dd6a863e782eaf6c92509770d5616de4d628f3ca5287c16555b6,2024-08-08T09:15:08.290000 +CVE-2024-42255,0,0,02f1c51e544ecf0e0927dd4a3124a16bc6a23c978d646cfc52678c714b99519e,2024-08-08T09:15:08.470000 +CVE-2024-42256,0,0,6e47fcebc446699493597f465b2bc1e43627a651371449b196097e116eedf5c7,2024-08-08T09:15:08.553000 +CVE-2024-42257,0,0,fa7262574e2d2cad98271f0bba286834c39f233e6b3d62fbae7e1039c01d15f6,2024-08-08T09:15:08.623000 CVE-2024-4226,0,0,5a1ca6b12b6f72b0f4206f29fce66dc2868959ed888bfbcbc74131b5725a94eb,2024-04-30T13:11:16.690000 CVE-2024-4228,0,0,22331e972270e81a8a4d9238da77e1f1eab8644e20c13e517da1e3ed609f3be8,2024-06-27T12:47:19.847000 CVE-2024-4231,0,0,c87a42b4dfede9046d13b34e260c0c7ec4e51f68f0fbfb8755010b78e39f405d,2024-08-01T13:59:28.843000 @@ -257396,6 +257408,7 @@ CVE-2024-4778,0,0,e3020a287fa6ceae8ff9c78434f10af4d17cf4058dd5bf80208c921b6bc68b CVE-2024-4779,0,0,7a9d6158e8d260b03b3581dd37b23bd10d59ba6243714ad236ba79968e8d9b16,2024-05-24T01:15:30.977000 CVE-2024-4780,0,0,4aec24b958d50bff73d14c7bd2f67b2a9793d4893d5ddbdba18f0fb02ea18cc9,2024-07-16T13:43:58.773000 CVE-2024-4783,0,0,413c0436e6758a988a0c847533b21e34b17a9d936626eba8cda1a5d1f87e0181,2024-05-24T01:15:30.977000 +CVE-2024-4784,1,1,3884e014a45e7ad2daf855c26d0edc6a097ef647b76020b65a3f1333a50f8c54,2024-08-08T10:15:09.390000 CVE-2024-4786,0,0,bbc8c5b9b549878acd4ee1e5896d7add0ba995b55e84e619083dd37cca26f8f1,2024-07-29T14:12:08.783000 CVE-2024-4787,0,0,6e9b8652de9328ef9248746b2fe52f715cb97566c59048ae6277a1aaed304f45,2024-06-20T12:44:01.637000 CVE-2024-4788,0,0,036e4ce9e476328c73022572d41365684f416f1f77ea3a1f5e72bdd2454ce2ec,2024-08-05T20:23:52.467000 @@ -257950,6 +257963,7 @@ CVE-2024-5419,0,0,0d1c725f53c48278ea7823202c4adf24cf8a04c4aff5d8363f101c1d9f2798 CVE-2024-5420,0,0,3867de6c80eaebb04ae4def03e9baadba6a4785f9b7d05c922afac144ffa3470,2024-06-10T18:15:38.367000 CVE-2024-5421,0,0,687f3a5898a97c7e4a575e3431d3fe4a696cee8599b8881eabbed4fc7122e815,2024-06-10T18:15:38.447000 CVE-2024-5422,0,0,a7ac042f03539b57f700d43aa5929a4431fad7f2a64327cabdefb452ddb8c884,2024-06-10T18:15:38.520000 +CVE-2024-5423,1,1,9a01d19b4b7e07b6878a92a46c0afb6ae89730701eac721255acca49235f0207,2024-08-08T11:15:13.410000 CVE-2024-5424,0,0,dd542e2b4b449f200a4b1a82e6055968c0edff7c6325ff444ef99264bbf9b209,2024-06-28T10:27:00.920000 CVE-2024-5425,0,0,6a4e5f79f55def4d138c1c07874dfb0365b816ea97355d904460c326f384651d,2024-06-07T14:56:05.647000 CVE-2024-5426,0,0,34afa7194afb894f777aa3dfb9357e73895bc2898fe4d0744eeb7d3dbc6f96b2,2024-06-11T18:03:58.213000 @@ -258632,6 +258646,7 @@ CVE-2024-6325,0,0,3ea6578ebdd2a7633259d686c429ab9b3e7708f0e981d10184478f4442c008 CVE-2024-6326,0,0,e689387b2cb49e7365da7fd7c751e52e0ede20a7a6c6966f5f5b92a6b53089de,2024-07-16T18:00:02.110000 CVE-2024-6327,0,0,2921f8f8780ecccf64e99daaa57d4495895350cac37fbdf3fcfbbaadf3869269,2024-07-26T13:03:00.473000 CVE-2024-6328,0,0,1dc9c3c4a448080717651ebabfb2fc281b4a1c036cabba31a96124b6cb4e8cbc,2024-07-12T12:49:07.030000 +CVE-2024-6329,1,1,4fef9b54eea2874ea4f191a88492c92ea651530baef86bc6334869582db02482,2024-08-08T10:15:09.857000 CVE-2024-6331,0,0,4986de562cc692d17d21a95afc199859f7d03ef9d364d260decf275bef80e946,2024-08-05T12:41:45.957000 CVE-2024-6334,0,0,3daf0dfe09252e7765ca30c739cfcc033a43a657c17c0275e173ac670504522a,2024-07-09T18:19:14.047000 CVE-2024-6336,0,0,1df5fc72f07b093cfd11ea9b65ef147e8130715026fca7ff47fd924988f45532,2024-07-17T13:34:20.520000 @@ -259079,7 +259094,7 @@ CVE-2024-7156,0,0,6a53f69f84040ffce7173b21790e83616284ff242a58b9eb143d86d28bd080 CVE-2024-7157,0,0,836f9f624768493b472613aa13824be2823cb6224ccf39d26fbb2c9e52660f92,2024-07-29T14:12:08.783000 CVE-2024-7158,0,0,793ada3591847e31d76f8a9cb327d0114a8efecba6a45eabf7fe3415c2ce972c,2024-07-29T14:12:08.783000 CVE-2024-7159,0,0,126404475b52662f6be2a9b0fe73c669b02b4551a2de8ba0dfd0f5f735003c10,2024-07-29T14:12:08.783000 -CVE-2024-7160,0,0,02fabcc8687338e3f7df6d6a8cba4564c24822decf50f5b0cf2c414bde2b165f,2024-07-29T14:12:08.783000 +CVE-2024-7160,0,1,39a8904dc42c635e004cd5b1ab82a58f9270ee9d90f27eafd7b2f7a3d898d30e,2024-08-08T11:59:02.483000 CVE-2024-7161,0,0,3a84ea99e48e8a8d8048664ee759fce102c4899e7bf3a25b129131d6e118a2d3,2024-07-29T14:12:08.783000 CVE-2024-7162,0,0,89a4bb0daa62a108ba37ba1cd76131a6b4592ff5908e4382e3ba0ccae44d808b,2024-07-29T14:12:08.783000 CVE-2024-7163,0,0,81c756b3132cc48183d1a3c3acfd78fbea5503464491879bb3d1859dc5f53baf,2024-07-29T14:12:08.783000 @@ -259322,6 +259337,7 @@ CVE-2024-7550,0,0,5e19df9a1f8f540b00c55c515f79f184b598900dde8d5e8ce5b38708b29096 CVE-2024-7551,0,0,dbf9dc23563c066041d8414a99ca777ad2503e471da2fdcd73e493acc61d27d2,2024-08-06T16:30:24.547000 CVE-2024-7552,0,0,811aa90d2d18bb406f73befc3765a8f78539782307b57a4dcd481925c3ed1f73,2024-08-07T21:29:57.417000 CVE-2024-7553,0,0,8cae8dc852bea792d4c2710f2c690bc41b1ce3a8862535bcae9ff87aa3b3b09b,2024-08-07T15:17:46.717000 +CVE-2024-7554,1,1,6e5dd25771b29c06956ec863d136fc8d8e298f9a2f688fe94452db99739fa3c8,2024-08-08T11:15:13.633000 CVE-2024-7560,0,0,e571f6da4f32049855c1b8111c98aaef8eea1643cf2b512d998f681a56a9abb7,2024-08-08T02:15:38.797000 CVE-2024-7561,0,0,3a8313cf11cbdbf7ca13762654b4aa6c4a784b06b6c5fa2638cdcd51c7cec6d2,2024-08-08T02:15:39.017000 CVE-2024-7564,0,0,9647575e3fbd33f04dc9f7112e25f0abbbf3e6266c5fe28f9ec18868dfbd0106,2024-08-07T19:59:36.240000 @@ -259333,3 +259349,4 @@ CVE-2024-7582,0,0,b2d3b66c4626672326cfa5879fd1bb0c567c41ab2acaf7c209fbd5f365a390 CVE-2024-7583,0,0,bc6ffa2c62b37fdf56f2749a782cbb82d0821bb8b7c19b37f044ef4c72e8c76b,2024-08-07T19:09:46.290000 CVE-2024-7584,0,0,4fcdc2a13c9feca59db2e84c5a59d4157b22ea97693367754e992172fea915a0,2024-08-07T19:09:46.290000 CVE-2024-7585,0,0,f430436cbc2d07d02eb06f2560db059a8be4c4fc5fe45b044f21a316cfb5ecfc,2024-08-07T19:09:46.290000 +CVE-2024-7610,1,1,42d00e8652249cc45c9cfe5c108609f87705bb37ca86d0ed210177227c3f82b8,2024-08-08T11:15:13.857000