From 55681bdf9aee70a3ac55b4df65895eebb532803c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 15 Apr 2024 06:03:28 +0000 Subject: [PATCH] Auto-Update: 2024-04-15T06:00:37.865799+00:00 --- CVE-2023/CVE-2023-60xx/CVE-2023-6067.json | 20 +++++ CVE-2023/CVE-2023-72xx/CVE-2023-7201.json | 20 +++++ CVE-2024/CVE-2024-03xx/CVE-2024-0399.json | 20 +++++ CVE-2024/CVE-2024-09xx/CVE-2024-0902.json | 20 +++++ CVE-2024/CVE-2024-12xx/CVE-2024-1204.json | 20 +++++ CVE-2024/CVE-2024-13xx/CVE-2024-1306.json | 20 +++++ CVE-2024/CVE-2024-13xx/CVE-2024-1307.json | 20 +++++ CVE-2024/CVE-2024-13xx/CVE-2024-1310.json | 20 +++++ CVE-2024/CVE-2024-14xx/CVE-2024-1488.json | 14 +++- CVE-2024/CVE-2024-16xx/CVE-2024-1655.json | 55 ++++++++++++++ CVE-2024/CVE-2024-16xx/CVE-2024-1660.json | 20 +++++ CVE-2024/CVE-2024-17xx/CVE-2024-1712.json | 20 +++++ CVE-2024/CVE-2024-17xx/CVE-2024-1746.json | 20 +++++ CVE-2024/CVE-2024-17xx/CVE-2024-1754.json | 20 +++++ CVE-2024/CVE-2024-17xx/CVE-2024-1755.json | 20 +++++ CVE-2024/CVE-2024-18xx/CVE-2024-1846.json | 20 +++++ CVE-2024/CVE-2024-18xx/CVE-2024-1849.json | 20 +++++ CVE-2024/CVE-2024-27xx/CVE-2024-2739.json | 20 +++++ CVE-2024/CVE-2024-28xx/CVE-2024-2836.json | 20 +++++ CVE-2024/CVE-2024-28xx/CVE-2024-2857.json | 20 +++++ CVE-2024/CVE-2024-28xx/CVE-2024-2858.json | 20 +++++ CVE-2024/CVE-2024-34xx/CVE-2024-3400.json | 12 ++- CVE-2024/CVE-2024-37xx/CVE-2024-3764.json | 20 ++--- CVE-2024/CVE-2024-37xx/CVE-2024-3767.json | 92 +++++++++++++++++++++++ CVE-2024/CVE-2024-37xx/CVE-2024-3768.json | 92 +++++++++++++++++++++++ CVE-2024/CVE-2024-37xx/CVE-2024-3769.json | 92 +++++++++++++++++++++++ CVE-2024/CVE-2024-37xx/CVE-2024-3770.json | 92 +++++++++++++++++++++++ CVE-2024/CVE-2024-37xx/CVE-2024-3775.json | 55 ++++++++++++++ CVE-2024/CVE-2024-37xx/CVE-2024-3776.json | 55 ++++++++++++++ CVE-2024/CVE-2024-37xx/CVE-2024-3777.json | 55 ++++++++++++++ CVE-2024/CVE-2024-37xx/CVE-2024-3778.json | 55 ++++++++++++++ README.md | 44 ++++++++--- _state.csv | 46 +++++++++--- 33 files changed, 1126 insertions(+), 33 deletions(-) create mode 100644 CVE-2023/CVE-2023-60xx/CVE-2023-6067.json create mode 100644 CVE-2023/CVE-2023-72xx/CVE-2023-7201.json create mode 100644 CVE-2024/CVE-2024-03xx/CVE-2024-0399.json create mode 100644 CVE-2024/CVE-2024-09xx/CVE-2024-0902.json create mode 100644 CVE-2024/CVE-2024-12xx/CVE-2024-1204.json create mode 100644 CVE-2024/CVE-2024-13xx/CVE-2024-1306.json create mode 100644 CVE-2024/CVE-2024-13xx/CVE-2024-1307.json create mode 100644 CVE-2024/CVE-2024-13xx/CVE-2024-1310.json create mode 100644 CVE-2024/CVE-2024-16xx/CVE-2024-1655.json create mode 100644 CVE-2024/CVE-2024-16xx/CVE-2024-1660.json create mode 100644 CVE-2024/CVE-2024-17xx/CVE-2024-1712.json create mode 100644 CVE-2024/CVE-2024-17xx/CVE-2024-1746.json create mode 100644 CVE-2024/CVE-2024-17xx/CVE-2024-1754.json create mode 100644 CVE-2024/CVE-2024-17xx/CVE-2024-1755.json create mode 100644 CVE-2024/CVE-2024-18xx/CVE-2024-1846.json create mode 100644 CVE-2024/CVE-2024-18xx/CVE-2024-1849.json create mode 100644 CVE-2024/CVE-2024-27xx/CVE-2024-2739.json create mode 100644 CVE-2024/CVE-2024-28xx/CVE-2024-2836.json create mode 100644 CVE-2024/CVE-2024-28xx/CVE-2024-2857.json create mode 100644 CVE-2024/CVE-2024-28xx/CVE-2024-2858.json create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3767.json create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3768.json create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3769.json create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3770.json create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3775.json create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3776.json create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3777.json create mode 100644 CVE-2024/CVE-2024-37xx/CVE-2024-3778.json diff --git a/CVE-2023/CVE-2023-60xx/CVE-2023-6067.json b/CVE-2023/CVE-2023-60xx/CVE-2023-6067.json new file mode 100644 index 00000000000..b86dbd3223d --- /dev/null +++ b/CVE-2023/CVE-2023-60xx/CVE-2023-6067.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-6067", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:13.813", + "lastModified": "2024-04-15T05:15:13.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP User Profile Avatar WordPress plugin through 1.0.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/ae8e225a-5273-4db1-9c72-060304cca658/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-72xx/CVE-2023-7201.json b/CVE-2023/CVE-2023-72xx/CVE-2023-7201.json new file mode 100644 index 00000000000..fc3f2636a1e --- /dev/null +++ b/CVE-2023/CVE-2023-72xx/CVE-2023-7201.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2023-7201", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:14.583", + "lastModified": "2024-04-15T05:15:14.583", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Everest Backup WordPress plugin before 2.2.5 does not properly validate backup files to be uploaded, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/64ba4461-bbba-45eb-981f-bb5f2e5e56e1/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-03xx/CVE-2024-0399.json b/CVE-2024/CVE-2024-03xx/CVE-2024-0399.json new file mode 100644 index 00000000000..0ecf976b108 --- /dev/null +++ b/CVE-2024/CVE-2024-03xx/CVE-2024-0399.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-0399", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:14.627", + "lastModified": "2024-04-15T05:15:14.627", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce Customers Manager WordPress plugin before 29.7 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to an SQL injection exploitable by Subscriber+ role." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0902.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0902.json new file mode 100644 index 00000000000..146b8453092 --- /dev/null +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0902.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-0902", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:14.680", + "lastModified": "2024-04-15T05:15:14.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Fancy Product Designer WordPress plugin before 6.1.81 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/fd53e40a-516b-47b9-b495-321774432367/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-12xx/CVE-2024-1204.json b/CVE-2024/CVE-2024-12xx/CVE-2024-1204.json new file mode 100644 index 00000000000..9e0540aedd1 --- /dev/null +++ b/CVE-2024/CVE-2024-12xx/CVE-2024-1204.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1204", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:14.723", + "lastModified": "2024-04-15T05:15:14.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Meta Box WordPress plugin before 5.9.4 does not prevent users with at least the contributor role from access arbitrary custom fields assigned to other user's posts." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/03191b00-0b05-42db-9ce2-fc525981b6c9/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1306.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1306.json new file mode 100644 index 00000000000..95de791d46c --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1306.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1306", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:14.767", + "lastModified": "2024-04-15T05:15:14.767", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Smart Forms WordPress plugin before 2.6.94 does not have CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as editing entries, and we consider it a medium risk." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/c7ce2649-b2b0-43f4-994d-07b1023405e9/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1307.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1307.json new file mode 100644 index 00000000000..e6417957fc1 --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1307.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1307", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:14.813", + "lastModified": "2024-04-15T05:15:14.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Smart Forms WordPress plugin before 2.6.94 does not have proper authorization in some actions, which could allow users with a role as low as a subscriber to call them and perform unauthorized actions" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/bbc6cebd-e9bf-4b08-a474-f9312b3c0947/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-13xx/CVE-2024-1310.json b/CVE-2024/CVE-2024-13xx/CVE-2024-1310.json new file mode 100644 index 00000000000..0209c49c49d --- /dev/null +++ b/CVE-2024/CVE-2024-13xx/CVE-2024-1310.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1310", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:14.857", + "lastModified": "2024-04-15T05:15:14.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WooCommerce WordPress plugin before 8.6 does not prevent users with at least the contributor role from leaking products they shouldn't have access to. (e.g. private, draft and trashed products)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/a7735feb-876e-461c-9a56-ea6067faf277/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-14xx/CVE-2024-1488.json b/CVE-2024/CVE-2024-14xx/CVE-2024-1488.json index 3fff4e73198..4199955339f 100644 --- a/CVE-2024/CVE-2024-14xx/CVE-2024-1488.json +++ b/CVE-2024/CVE-2024-14xx/CVE-2024-1488.json @@ -2,7 +2,7 @@ "id": "CVE-2024-1488", "sourceIdentifier": "secalert@redhat.com", "published": "2024-02-15T05:15:10.257", - "lastModified": "2024-04-11T12:15:07.933", + "lastModified": "2024-04-15T04:15:14.577", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -63,6 +63,18 @@ "url": "https://access.redhat.com/errata/RHSA-2024:1780", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1801", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1802", + "source": "secalert@redhat.com" + }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1804", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-1488", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1655.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1655.json new file mode 100644 index 00000000000..c6fa4ec0b03 --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1655.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-1655", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-04-15T04:15:14.723", + "lastModified": "2024-04-15T04:15:14.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Certain ASUS WiFi routers models has an OS Command Injection vulnerability, allowing an authenticated remote attacker to execute arbitrary system commands by sending a specially crafted request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7737-1acd0-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1660.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1660.json new file mode 100644 index 00000000000..a1842f3d43d --- /dev/null +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1660.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1660", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:14.900", + "lastModified": "2024-04-15T05:15:14.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Top Bar WordPress plugin before 3.0.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/5bd16f84-22bf-4170-b65c-08caf67d0005/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1712.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1712.json new file mode 100644 index 00000000000..df1fb3dfb9d --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1712.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1712", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:14.950", + "lastModified": "2024-04-15T05:15:14.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Carousel Slider WordPress plugin before 2.2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/23805a61-9fcd-4744-a60d-05c8cb43ee01/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1746.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1746.json new file mode 100644 index 00000000000..0763fafb33f --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1746.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1746", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:14.997", + "lastModified": "2024-04-15T05:15:14.997", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/5f35572a-4129-4fe0-a465-d25f4c3b4419/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1754.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1754.json new file mode 100644 index 00000000000..320494867db --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1754.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1754", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:15.040", + "lastModified": "2024-04-15T05:15:15.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The NPS computy WordPress plugin through 2.7.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/c061e792-e37a-4cf6-b46b-ff111c5a5c84/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1755.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1755.json new file mode 100644 index 00000000000..8dcaf970249 --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1755.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1755", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:15.083", + "lastModified": "2024-04-15T05:15:15.083", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The NPS computy WordPress plugin through 2.7.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/481a376b-55be-4afa-94f5-c3cf8a88b8d1/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1846.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1846.json new file mode 100644 index 00000000000..4fcbc726f6f --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1846.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1846", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:15.127", + "lastModified": "2024-04-15T05:15:15.127", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Responsive Tabs WordPress plugin before 4.0.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/ea2a8420-4b0e-4efb-a0c6-ceea996dae5a/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1849.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1849.json new file mode 100644 index 00000000000..41ad858c0a1 --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1849.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-1849", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:15.170", + "lastModified": "2024-04-15T05:15:15.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP Customer Reviews WordPress plugin before 3.7.1 does not validate a parameter allowing contributor and above users to redirect a page to a malicious URL" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/e6d9fe28-def6-4f25-9967-a77f91899bfe/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-27xx/CVE-2024-2739.json b/CVE-2024/CVE-2024-27xx/CVE-2024-2739.json new file mode 100644 index 00000000000..50e4ce40393 --- /dev/null +++ b/CVE-2024/CVE-2024-27xx/CVE-2024-2739.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-2739", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:15.220", + "lastModified": "2024-04-15T05:15:15.220", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/5b84145b-f94e-4ea7-84d5-56cf776817a2/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-28xx/CVE-2024-2836.json b/CVE-2024/CVE-2024-28xx/CVE-2024-2836.json new file mode 100644 index 00000000000..83e625c772d --- /dev/null +++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2836.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-2836", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:15.267", + "lastModified": "2024-04-15T05:15:15.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.64 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/36f95b19-af74-4c56-9848-8ff270af4723/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-28xx/CVE-2024-2857.json b/CVE-2024/CVE-2024-28xx/CVE-2024-2857.json new file mode 100644 index 00000000000..d32b6ae69dc --- /dev/null +++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2857.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-2857", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:15.310", + "lastModified": "2024-04-15T05:15:15.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Simple Buttons Creator WordPress plugin through 1.04 does not have any authorisation as well as CSRF in its add button function, allowing unauthenticated users to call them either directly or via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping, it could also allow them to perform Stored Cross-Site Scripting attacks against logged in admins." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/b7a35c5b-474a-444a-85ee-c50782c7a6c2/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-28xx/CVE-2024-2858.json b/CVE-2024/CVE-2024-28xx/CVE-2024-2858.json new file mode 100644 index 00000000000..68a400e7c40 --- /dev/null +++ b/CVE-2024/CVE-2024-28xx/CVE-2024-2858.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-2858", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-04-15T05:15:15.350", + "lastModified": "2024-04-15T05:15:15.350", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Simple Buttons Creator WordPress plugin through 1.04 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/43297210-17a6-4b51-b8ca-32ceef9fc09a/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-34xx/CVE-2024-3400.json b/CVE-2024/CVE-2024-34xx/CVE-2024-3400.json index 44d262ecbd2..7d7079a3eaf 100644 --- a/CVE-2024/CVE-2024-34xx/CVE-2024-3400.json +++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3400.json @@ -2,7 +2,7 @@ "id": "CVE-2024-3400", "sourceIdentifier": "psirt@paloaltonetworks.com", "published": "2024-04-12T08:15:06.230", - "lastModified": "2024-04-13T01:00:01.407", + "lastModified": "2024-04-15T04:15:14.973", "vulnStatus": "Awaiting Analysis", "cisaExploitAdd": "2024-04-12", "cisaActionDue": "2024-04-19", @@ -11,7 +11,7 @@ "descriptions": [ { "lang": "en", - "value": "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nFixes for PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1 are in development and are expected to be released by April 14, 2024. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability. All other versions of PAN-OS are also not impacted." + "value": "A command injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.\n\nCloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability." } ], "metrics": { @@ -54,6 +54,14 @@ { "url": "https://security.paloaltonetworks.com/CVE-2024-3400", "source": "psirt@paloaltonetworks.com" + }, + { + "url": "https://unit42.paloaltonetworks.com/cve-2024-3400/", + "source": "psirt@paloaltonetworks.com" + }, + { + "url": "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/", + "source": "psirt@paloaltonetworks.com" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3764.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3764.json index 5d7d2f7e497..60412994d25 100644 --- a/CVE-2024/CVE-2024-37xx/CVE-2024-3764.json +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3764.json @@ -2,12 +2,12 @@ "id": "CVE-2024-3764", "sourceIdentifier": "cna@vuldb.com", "published": "2024-04-14T23:15:46.373", - "lastModified": "2024-04-14T23:15:46.373", + "lastModified": "2024-04-15T04:15:15.097", "vulnStatus": "Received", "descriptions": [ { "lang": "en", - "value": "A vulnerability classified as problematic has been found in Tuya Camera 3.2.9. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260604. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + "value": "A vulnerability classified as problematic has been found in Tuya Camera 3.2.9. Affected is an unknown function of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260604." } ], "metrics": { @@ -17,19 +17,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "LOW", - "baseScore": 5.3, + "baseScore": 4.3, "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.8, "impactScore": 1.4 } ], @@ -39,17 +39,17 @@ "type": "Secondary", "cvssData": { "version": "2.0", - "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", - "authentication": "NONE", + "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", - "baseScore": 5.0 + "baseScore": 4.0 }, "baseSeverity": "MEDIUM", - "exploitabilityScore": 10.0, + "exploitabilityScore": 8.0, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3767.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3767.json new file mode 100644 index 00000000000..bbc1cc28da0 --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3767.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3767", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-15T04:15:15.340", + "lastModified": "2024-04-15T04:15:15.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260614 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%203.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.260614", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.260614", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.316290", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3768.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3768.json new file mode 100644 index 00000000000..0fb1fb0b1af --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3768.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3768", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-15T04:15:15.673", + "lastModified": "2024-04-15T04:15:15.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%204.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.260615", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.260615", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.316291", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3769.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3769.json new file mode 100644 index 00000000000..d825d641725 --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3769.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3769", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-15T04:15:15.897", + "lastModified": "2024-04-15T04:15:15.897", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, was found in PHPGurukul Student Record System 3.20. Affected is an unknown function of the file /login.php. The manipulation of the argument id/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260616." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 7.5 + }, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20Authentication%20Bypass.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.260616", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.260616", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.316302", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3770.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3770.json new file mode 100644 index 00000000000..4f2bade9f4d --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3770.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-3770", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-04-15T05:15:15.390", + "lastModified": "2024-04-15T05:15:15.390", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in PHPGurukul Student Record System 3.20 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage-courses.php?del=1. The manipulation of the argument del leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260617 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/BurakSevben/CVEs/blob/main/Student%20Record%20System%203.20/Student%20Record%20System%20-%20SQL%20Injection%20-%203.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.260617", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.260617", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.316305", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3775.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3775.json new file mode 100644 index 00000000000..066880ef43e --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3775.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-3775", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-04-15T04:15:16.137", + "lastModified": "2024-04-15T04:15:16.137", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7726-e5f70-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3776.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3776.json new file mode 100644 index 00000000000..61e3542616c --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3776.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-3776", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-04-15T04:15:16.340", + "lastModified": "2024-04-15T04:15:16.340", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The parameter used in the login page of Netvision airPASS is not properly filtered for user input. An unauthenticated remote attacker can insert JavaScript code to the parameter for Reflected Cross-site scripting attacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7730-584e3-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3777.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3777.json new file mode 100644 index 00000000000..dedaa554afb --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3777.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-3777", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-04-15T04:15:16.553", + "lastModified": "2024-04-15T04:15:16.553", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "\nThe password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7732-9a54e-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-37xx/CVE-2024-3778.json b/CVE-2024/CVE-2024-37xx/CVE-2024-3778.json new file mode 100644 index 00000000000..020ae2f0a5a --- /dev/null +++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3778.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-3778", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-04-15T04:15:16.747", + "lastModified": "2024-04-15T04:15:16.747", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The file upload functionality of Ai3 QbiBot does not properly restrict types of uploaded files, allowing remote attackers with administrator privilege to upload files with dangerous type containing malicious code." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/tw/cp-132-7732-9a54e-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a920e1f009c..a3acf654e58 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-15T04:00:46.204014+00:00 +2024-04-15T06:00:37.865799+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-15T03:16:08.197000+00:00 +2024-04-15T05:15:15.390000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -245435 +245463 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `28` -- [CVE-2024-3772](CVE-2024/CVE-2024-37xx/CVE-2024-3772.json) (`2024-04-15T03:16:07.987`) -- [CVE-2024-3774](CVE-2024/CVE-2024-37xx/CVE-2024-3774.json) (`2024-04-15T03:16:08.197`) +- [CVE-2024-0902](CVE-2024/CVE-2024-09xx/CVE-2024-0902.json) (`2024-04-15T05:15:14.680`) +- [CVE-2024-1204](CVE-2024/CVE-2024-12xx/CVE-2024-1204.json) (`2024-04-15T05:15:14.723`) +- [CVE-2024-1306](CVE-2024/CVE-2024-13xx/CVE-2024-1306.json) (`2024-04-15T05:15:14.767`) +- [CVE-2024-1307](CVE-2024/CVE-2024-13xx/CVE-2024-1307.json) (`2024-04-15T05:15:14.813`) +- [CVE-2024-1310](CVE-2024/CVE-2024-13xx/CVE-2024-1310.json) (`2024-04-15T05:15:14.857`) +- [CVE-2024-1655](CVE-2024/CVE-2024-16xx/CVE-2024-1655.json) (`2024-04-15T04:15:14.723`) +- [CVE-2024-1660](CVE-2024/CVE-2024-16xx/CVE-2024-1660.json) (`2024-04-15T05:15:14.900`) +- [CVE-2024-1712](CVE-2024/CVE-2024-17xx/CVE-2024-1712.json) (`2024-04-15T05:15:14.950`) +- [CVE-2024-1746](CVE-2024/CVE-2024-17xx/CVE-2024-1746.json) (`2024-04-15T05:15:14.997`) +- [CVE-2024-1754](CVE-2024/CVE-2024-17xx/CVE-2024-1754.json) (`2024-04-15T05:15:15.040`) +- [CVE-2024-1755](CVE-2024/CVE-2024-17xx/CVE-2024-1755.json) (`2024-04-15T05:15:15.083`) +- [CVE-2024-1846](CVE-2024/CVE-2024-18xx/CVE-2024-1846.json) (`2024-04-15T05:15:15.127`) +- [CVE-2024-1849](CVE-2024/CVE-2024-18xx/CVE-2024-1849.json) (`2024-04-15T05:15:15.170`) +- [CVE-2024-2739](CVE-2024/CVE-2024-27xx/CVE-2024-2739.json) (`2024-04-15T05:15:15.220`) +- [CVE-2024-2836](CVE-2024/CVE-2024-28xx/CVE-2024-2836.json) (`2024-04-15T05:15:15.267`) +- [CVE-2024-2857](CVE-2024/CVE-2024-28xx/CVE-2024-2857.json) (`2024-04-15T05:15:15.310`) +- [CVE-2024-2858](CVE-2024/CVE-2024-28xx/CVE-2024-2858.json) (`2024-04-15T05:15:15.350`) +- [CVE-2024-3767](CVE-2024/CVE-2024-37xx/CVE-2024-3767.json) (`2024-04-15T04:15:15.340`) +- [CVE-2024-3768](CVE-2024/CVE-2024-37xx/CVE-2024-3768.json) (`2024-04-15T04:15:15.673`) +- [CVE-2024-3769](CVE-2024/CVE-2024-37xx/CVE-2024-3769.json) (`2024-04-15T04:15:15.897`) +- [CVE-2024-3770](CVE-2024/CVE-2024-37xx/CVE-2024-3770.json) (`2024-04-15T05:15:15.390`) +- [CVE-2024-3775](CVE-2024/CVE-2024-37xx/CVE-2024-3775.json) (`2024-04-15T04:15:16.137`) +- [CVE-2024-3776](CVE-2024/CVE-2024-37xx/CVE-2024-3776.json) (`2024-04-15T04:15:16.340`) +- [CVE-2024-3777](CVE-2024/CVE-2024-37xx/CVE-2024-3777.json) (`2024-04-15T04:15:16.553`) +- [CVE-2024-3778](CVE-2024/CVE-2024-37xx/CVE-2024-3778.json) (`2024-04-15T04:15:16.747`) ### CVEs modified in the last Commit -Recently modified CVEs: `4` +Recently modified CVEs: `3` -- [CVE-2024-29844](CVE-2024/CVE-2024-298xx/CVE-2024-29844.json) (`2024-04-15T03:16:06.320`) -- [CVE-2024-3157](CVE-2024/CVE-2024-31xx/CVE-2024-3157.json) (`2024-04-15T03:16:07.840`) -- [CVE-2024-3515](CVE-2024/CVE-2024-35xx/CVE-2024-3515.json) (`2024-04-15T03:16:07.907`) -- [CVE-2024-3516](CVE-2024/CVE-2024-35xx/CVE-2024-3516.json) (`2024-04-15T03:16:07.943`) +- [CVE-2024-1488](CVE-2024/CVE-2024-14xx/CVE-2024-1488.json) (`2024-04-15T04:15:14.577`) +- [CVE-2024-3400](CVE-2024/CVE-2024-34xx/CVE-2024-3400.json) (`2024-04-15T04:15:14.973`) +- [CVE-2024-3764](CVE-2024/CVE-2024-37xx/CVE-2024-3764.json) (`2024-04-15T04:15:15.097`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 1f9abe37e13..fb10d4d988b 100644 --- a/_state.csv +++ b/_state.csv @@ -237243,6 +237243,7 @@ CVE-2023-6063,0,0,15581e98b18ab85b12275da0240ab619509065c3c44664b6e58f0058e67944 CVE-2023-6064,0,0,5ea6383dd4770779fdab2fb0dc98ba9de584fff73fb9b7cc5ee75f02706c555d,2024-01-08T17:25:22.350000 CVE-2023-6065,0,0,9ae4ffa5d9331211e39f0275d80662a05c1f3cbfe78ad586c118c7ea571894d4,2023-12-21T19:51:08.273000 CVE-2023-6066,0,0,39a21ed1e00526fa30f29be13bd27389a213253c4e32b039117b81a244d25bb9,2024-01-19T18:27:55.880000 +CVE-2023-6067,1,1,3dc0d89e0e72b1fee6c635b19396a9459d7df911b514ba6f6530364fc72e0176,2024-04-15T05:15:13.813000 CVE-2023-6068,0,0,9456359cb9ddb36dbfcd3c6e9623336a47323528e648d62169c654017238df9e,2024-03-05T13:41:01.900000 CVE-2023-6069,0,0,3e40c44b1e4620635f5424abc23a3e9240e96c4ab96175a1562fa0cfef90e832,2024-01-21T03:06:57.293000 CVE-2023-6070,0,0,c68bad6a13e4187125924d21aa4b7cd03d2fcd780d81e2c8d794aea0a6aa6853,2023-12-05T15:11:13.197000 @@ -238166,6 +238167,7 @@ CVE-2023-7194,0,0,c12012004827cd0bc34ce11f51f4d80b4388d10ba3ae2687522e188646b70a CVE-2023-7198,0,0,5606627204fd1346b6fe26c836439a1783648ce0b7fc4e92446c427eb2e96f6a,2024-02-27T14:20:06.637000 CVE-2023-7199,0,0,8f2c7a083c06aa02bb323a1eb173c13dcc087c5e703e17edecd055c8db647957,2024-02-03T00:24:17.240000 CVE-2023-7200,0,0,258904564da8c5ddb34d9372915351305b6778ddeed4598230d4293bfc0d6642,2024-02-05T17:53:25.507000 +CVE-2023-7201,1,1,84a3b6e3ea08aba3e83869fad0bd883cdc94f3563f069bd89cc1bbefc2e90dce,2024-04-15T05:15:14.583000 CVE-2023-7202,0,0,ad93e0659951008117432805edb7a655c55366316a2336ef7eb5851816da2939,2024-02-27T14:20:06.637000 CVE-2023-7203,0,0,8de8118470c0d400dc793d52ee90e83eeb9e3779d1750edfd3a42eb514664cf0,2024-02-27T14:20:06.637000 CVE-2023-7204,0,0,9b986779e3f3f7431b17fe2ca3dc93b176faf66b7f0e113d3c43c5222a3d581b,2024-02-05T16:45:16.630000 @@ -238471,6 +238473,7 @@ CVE-2024-0393,0,0,8881de5088bee2f43467b73941f684354c9bcdccfa7386a7827d4a78a7e8f3 CVE-2024-0394,0,0,132997f5a0f39575e52ab364803d29384d542a557e73a32dea0a249b2357dfb2,2024-04-03T17:24:18.150000 CVE-2024-0395,0,0,9697a8ac3bbf759d0c2ea19b7ab0aa903676619b1d5a607c85b8d090a4e44ee7,2024-01-10T14:15:44.970000 CVE-2024-0396,0,0,106628bcb832aae2e274e4e91fdb5add809827efe4c459066d3102ffe0249334,2024-01-29T15:22:40.317000 +CVE-2024-0399,1,1,8e4be7102c926b297d0f12982fbccc6a55d8da8c2883cce0403878b549ada6ba,2024-04-15T05:15:14.627000 CVE-2024-0400,0,0,18035b4484267a537c15645ebee53285fc55ae5559f980b5f9795ec2795f24dd,2024-03-27T12:29:30.307000 CVE-2024-0402,0,0,2fe1b596353be20e61cfde75d3fd6588203ea2d19b7c21e2ce1c5a9ecc57cc90,2024-01-31T18:34:47.867000 CVE-2024-0403,0,0,ba0983060e2034b216b25cd26ed2bb024a7850bc1fcd95abc9a090d5040f7805,2024-03-01T14:04:26.010000 @@ -238900,6 +238903,7 @@ CVE-2024-0897,0,0,54d1bf8163931c80ebde85ab8390c0fecedb390a8355fe15103e3a67a3a29c CVE-2024-0898,0,0,8e1a15f2adb6e1251c3b5c487bb49c70d962e45988b99a32b53b9adb0687df3d,2024-03-13T18:16:18.563000 CVE-2024-0899,0,0,7d5a1ea0e11c81ea4fdf5cc7256f52b0decb0abb96aea80029ec1a81b2559961,2024-04-10T13:24:00.070000 CVE-2024-0901,0,0,8395d055c39a2ded7a6676d9f91e364a6c601b11f066a458c7ff4909044d580a,2024-03-26T12:55:05.010000 +CVE-2024-0902,1,1,0bc0813bd9f18b0d79559a427963bc79e1b808f31709dd2acb4b206f101669ff,2024-04-15T05:15:14.680000 CVE-2024-0903,0,0,4e5a944405938a6def0adf008001af709d311e38e0572265081d65abf85ff9fb,2024-02-22T19:07:27.197000 CVE-2024-0906,0,0,2cb73c39a2e6fe8ef5222442ed25db55924374576f26540dbc47cb2f830bdc5d,2024-03-12T12:40:13.500000 CVE-2024-0907,0,0,736d9a373e93547114922fac343df53c487c280e59648bef9a3cecc6379f908e,2024-02-29T13:49:29.390000 @@ -239152,6 +239156,7 @@ CVE-2024-1200,0,0,6151a26d8476d7d5d511b2a9f09087b6ae5c42ac1b5c6a692765c7b0c7bb34 CVE-2024-1201,0,0,ff74f12e6106529eaffb9117e70c6f3a10b2b8f55039a19edec6d706d4090510,2024-02-09T19:27:29.517000 CVE-2024-1202,0,0,66d36517ad42eefa391eae28d4999ff329e791097adba9ee3fa584620c5a7e3a,2024-04-11T01:24:23.090000 CVE-2024-1203,0,0,fb24c2a27e75750ae607c5c83e02745495de5eedde1bafe986263083a797f7c6,2024-03-13T18:16:18.563000 +CVE-2024-1204,1,1,384dc08fceab39ec678466eaada79b8b723d88d6462f46bfc05e1ab3f808a0d9,2024-04-15T05:15:14.723000 CVE-2024-1205,0,0,6377c19ab3caf8be6436fa7835c35a6e44c7097e9389c96aef4f0a1e0a912393,2024-03-20T13:00:16.367000 CVE-2024-1206,0,0,2864c05d1536152b20c092c120d96a23f5fd73e20c310a663111eae7ef674b23,2024-02-29T13:49:29.390000 CVE-2024-1207,0,0,f1e39aa9f4fae080615ceb22c991bb5ab1be6b272e49830e77e13729606230d5,2024-02-15T02:05:42.313000 @@ -239231,8 +239236,11 @@ CVE-2024-1301,0,0,68d5e322fab21220735382791ea9287e8104e954fa5bc7b1f8f02021f25e28 CVE-2024-1302,0,0,e42b35f7a02693024fada8fec8e812444e0bb721c54c537bf6c1b8db8c60ce66,2024-03-12T17:46:17.273000 CVE-2024-1303,0,0,d6386ac67e1b3bd9c657849a1747229ab86034b9c989d20fb5cde0be8bba0359,2024-03-12T17:46:17.273000 CVE-2024-1304,0,0,279cd487b9476fd1f6c48e9b147ffdce9f2fbae718f78edd3d048c2b1852071a,2024-03-12T17:46:17.273000 +CVE-2024-1306,1,1,1a38e9c1c39b842f6edfc85a732c221683474002c35775bd4209014f9c7c234f,2024-04-15T05:15:14.767000 +CVE-2024-1307,1,1,fc1a5538e1ec3bc5db7fcd624a1f48844f6361e6af6ab98608e69a02392e93d5,2024-04-15T05:15:14.813000 CVE-2024-1308,0,0,779e92eb8f86f1576242d727b2f521b27075ae2e12c38fe16d52227bf6d49040,2024-04-10T13:24:00.070000 CVE-2024-1309,0,0,37b1e0c9fe9df0fc7a03a06970b38a07b0edfe094c103b528d7941f417bdf8c0,2024-03-19T21:15:07.570000 +CVE-2024-1310,1,1,e05f46b186e4bf5a0b98f06a7ff6e3a7c3196410ed2a124f3e25552bcbb39a1a,2024-04-15T05:15:14.857000 CVE-2024-1311,0,0,20a61f35b7a8de98663666fd1f61d0df3e6b038130c47bc649450e0122352cca,2024-03-13T18:16:18.563000 CVE-2024-1312,0,0,663659c34940a4e82708fc60c7161257042c7f9bd582badd425cca624f8b6adc,2024-02-15T05:03:16.077000 CVE-2024-1313,0,0,562c47fdec7fbd9a287ee9674f4979954fc2879accd4243718cbbaae423f1211,2024-03-27T12:29:41.530000 @@ -239377,7 +239385,7 @@ CVE-2024-1482,0,0,61f1933d97f430ea5062371f54d100c6fb03c771024804bcdad5092bc2efbf CVE-2024-1484,0,0,2816ffb064ebf87ebca44e6afd6928df4e130e61997f3bc50802157887bafe8f,2024-03-13T18:15:58.530000 CVE-2024-1485,0,0,b9f4145834ee9d538c2d6e8caecb301f8f2dde5a282a13e80f59671c5263bb0b,2024-02-22T01:15:07.980000 CVE-2024-1487,0,0,4babefa588849ee1245b3617562779aff5a83c140fe8b2bbb7875eaeb547f015,2024-03-12T12:40:13.500000 -CVE-2024-1488,0,0,39e9112eb484ebae73d8837ba9df851390f24c27616d80fbfcdad098e9258ee9,2024-04-11T12:15:07.933000 +CVE-2024-1488,0,1,28d9f1862f69d00fd35bd059e952a4c2758e4700e86db9169e6d94527e5fdcb0,2024-04-15T04:15:14.577000 CVE-2024-1489,0,0,601abc5a034fbcf389e475f712bdb62e609e01342eb7a5cc6cdf4f20f6ce0143,2024-03-13T18:15:58.530000 CVE-2024-1492,0,0,ac491e1ac05085ffca5a01bc169673ef656902c869bec5c48f97ccc7785388e6,2024-02-29T13:49:29.390000 CVE-2024-1496,0,0,cb4e1e2b66486c1532bf5fd9642c761fbe286057f303a98e25c71b95ed8fd1ee,2024-02-29T13:49:29.390000 @@ -239486,7 +239494,9 @@ CVE-2024-1651,0,0,b5a1bc561b4d7ae4d1ca2ccf7f79068fb2afa7b09c9ad49805a75edae57e04 CVE-2024-1652,0,0,713b08425ff0d91e3a1f6c5fcc742628e562c3c90970b08c1ec718d504f2db3c,2024-02-27T14:19:41.650000 CVE-2024-1653,0,0,875a0ad46333e774de4f895ea6a9ead74cdbdb6ae6c4ddb02a960bfb85513ae4,2024-02-27T14:19:41.650000 CVE-2024-1654,0,0,ac0509f6deb6f3ed4a3e95d25ed4dd3bdd67f0f87914e461aded05c6f6644ae7,2024-03-14T12:52:09.877000 +CVE-2024-1655,1,1,a62f1af8f7add07ae5de336d9bfcae247984cb5140287ec5ccfc1a5d48c0ee0a,2024-04-15T04:15:14.723000 CVE-2024-1658,0,0,bd2757c2314dc2f8bd52ce15b18a6ca41069d2e3f9ff401d7a725ad82b1db09d,2024-03-18T19:40:00.173000 +CVE-2024-1660,1,1,d42c5357216118cd4530103f283070bb4776958c741094f5e1ceef545b601017,2024-04-15T05:15:14.900000 CVE-2024-1661,0,0,f312eb090520ffb66607a66e9775fcc14e047ccc64e730a5fbedaf4d2a07048e,2024-04-11T01:24:28.913000 CVE-2024-1664,0,0,c240cf09d136b8ae3766d60b95066ae5935a6052d7cd59ed400a537e65636ac2,2024-04-09T12:48:04.090000 CVE-2024-1668,0,0,5ab0efbb5f521102a265a18c62e4efdda2d28d47a9245ca5f6f130ff2a6275be,2024-03-13T18:15:58.530000 @@ -239522,6 +239532,7 @@ CVE-2024-1708,0,0,146e7b2e6e4cd14d7a500c32b14e4d15b261c88faf38d2dba04ed7811ca583 CVE-2024-1709,0,0,2a24ee712d1d811f95e92e49cc0cd5598b50a33a0581a3e0bdba9d2a43db38c2,2024-02-23T02:00:01.867000 CVE-2024-1710,0,0,f00c682eb1092ede55b941ef3bd5736a1a9bdea4fdce7b46c651b95460914040,2024-02-26T16:32:25.577000 CVE-2024-1711,0,0,39b61e8ff0bb2bf4b27092bb989b0bd8ca5ab57eb3f3b2433b3ed1ea21dde3bb,2024-03-20T13:00:16.367000 +CVE-2024-1712,1,1,8e12761bf6fd7e736d710308185f38b2d13612ffaf47b6f3e68b2d8c67a54852,2024-04-15T05:15:14.950000 CVE-2024-1713,0,0,8a03b45f44dad04c9639518acb933e815ce8e4a9a592434fb82c65e1bd2372ea,2024-03-15T12:53:06.423000 CVE-2024-1714,0,0,cde41c6a2aa18a8bfa33b8db52b27ce3242324a84d0d679aff15a20c8a8d0968,2024-03-07T13:52:27.110000 CVE-2024-1719,0,0,bd92ffe7c3f4bf124004e532d326d3643bc62f549595f2a7817efea0dc7c188f,2024-02-28T14:06:45.783000 @@ -239540,12 +239551,15 @@ CVE-2024-1740,0,0,a4727f762c1d1efaf400e2db679e98eaa1364e84183339aff737ffb5d021d5 CVE-2024-1741,0,0,eb28c217a8b258f85b5d4178ee95d4d9308abc69d2f892dcc12da9564ad8b573,2024-04-10T19:49:51.183000 CVE-2024-1742,0,0,4fbf4a0c921fc3a958c91053411502e81c61e37a288f49d83ab6feab91ed6e07,2024-03-22T12:45:36.130000 CVE-2024-1745,0,0,0c0bf770eedd9092e313b5152244a64d67966fb6a4aa7d030150554ac7159289,2024-03-26T12:55:05.010000 +CVE-2024-1746,1,1,3f4b3d14c756d33ee8c236212b8fa2cd029475527f3f73d2b08c69edd30f88ec,2024-04-15T05:15:14.997000 CVE-2024-1748,0,0,9d3b54b2decbfe7c23facbbcaf1942d1c455e223251b8a54240cd9c56302cc2f,2024-04-11T01:24:30 CVE-2024-1749,0,0,333be4b88192e2e4c430588986a6c08bc8d18a961724558cd63d34341f9df2cb,2024-04-11T01:24:30.083000 CVE-2024-1750,0,0,e3bbc65ee5131d172a658128bbf945392e55621bf205fc2f71228c3e1b5f20b2,2024-04-11T01:24:30.157000 CVE-2024-1751,0,0,7aa616bef5e27ed13b371ce9dacd4080fc5ffa6154b1e45a0ce11f0de1f1df9e,2024-03-13T18:15:58.530000 CVE-2024-1752,0,0,3b691eb63c202be2eb926d4c3601a8229a1e699fd5812dcaec474adfd9c6bd05,2024-04-08T18:48:40.217000 CVE-2024-1753,0,0,aa30df1cb172801f871eb1fa3df691669f8009710c533f5936be4b1cb4f55960,2024-04-03T02:15:07.693000 +CVE-2024-1754,1,1,b1314ee4742f3cd67e2f74252ebc587fafc521fab525a1dd87812d395b3ab4e4,2024-04-15T05:15:15.040000 +CVE-2024-1755,1,1,c61b924c10d01e94df47c80cf255533529b1b5cf4f348d3b9be872ed3bf84b40,2024-04-15T05:15:15.083000 CVE-2024-1758,0,0,ec8762d154074e4ab58ddeb13f4d095ad000df3cc9355e1ac29cd6bfbf89fabc,2024-02-26T16:32:25.577000 CVE-2024-1760,0,0,0a20f47041faa81845898be9ba0faa3a27a19a140e382ff1058d2f999acd0fd1,2024-03-06T15:18:08.093000 CVE-2024-1761,0,0,ed54af0c546ad57830f02571ef4d196f576f9099e16463bee666990d3b899d14,2024-03-07T13:52:27.110000 @@ -239611,8 +239625,10 @@ CVE-2024-1833,0,0,b5e840f990d36a2223c931953c99a6eb24a821878aa3c086cc4377ac92d9a4 CVE-2024-1834,0,0,1da868d412af0c7eb82ac57236415d4237325e1c5f230955e20f6c7140a6b138,2024-04-11T01:24:32.370000 CVE-2024-1843,0,0,381f1dba7504e2dd4844c9284f47a0574c276b6a0dafd5dcab8a395be3a46549,2024-03-13T18:15:58.530000 CVE-2024-1844,0,0,2054eb4498d263a5b76e50b83840fddade66cc253e40e49eba0a175cbd7b5116,2024-03-20T13:00:16.367000 +CVE-2024-1846,1,1,0b82b5201a0654ebdff1b67d688b05d60b52a2a083a893440bd21e8d5cfb678c,2024-04-15T05:15:15.127000 CVE-2024-1847,0,0,ddf021c560c9a355a4027f45ca2e43bbcfa55803fd85d605289c4213c23658d7,2024-04-04T15:15:37.850000 CVE-2024-1848,0,0,8e701b6e1325c7234b61586f907ad90369eb320c9306dd5c4c2226a189893dd1,2024-03-22T12:45:36.130000 +CVE-2024-1849,1,1,9ab7a2af2a36d595c868a63f98989ec842bf205244e8d2f40e03da136ca7ba2e,2024-04-15T05:15:15.170000 CVE-2024-1850,0,0,619cf2eb46834aecbb5c680ea41679eadc7e54936ecf9bc9140e736a3bd02f40,2024-04-10T13:23:38.787000 CVE-2024-1851,0,0,ac07ab34f3e596527407cf2fcb93e785fa1a213045982c8aadd05f9e543a11a5,2024-03-08T14:02:57.420000 CVE-2024-1852,0,0,9f92825b65e6bb9369c1037dcd50c43b1f7e5526ff6359d4256ca25ce4ba1079,2024-04-10T13:23:38.787000 @@ -243363,6 +243379,7 @@ CVE-2024-27356,0,0,2464f4bdc7cd759969915038df7055199f0bd02c6d9b1a8ceb85c7588507e CVE-2024-27359,0,0,d9efe9852d793e4ebe4144d07c8562893d90ae6614ba783353ad624a692629dc,2024-02-26T16:32:25.577000 CVE-2024-2736,0,0,96df463215442710ad6542ed46ad6ce78bf41dcfbe1139413a93d5accfaff739,2024-04-10T13:23:38.787000 CVE-2024-2738,0,0,6819e123d1b9c89828d0cda96e445b3a2cfd159134a3eaf302a0f1f8d1cb625a,2024-04-10T13:23:38.787000 +CVE-2024-2739,1,1,17f4b1e4fee113f87390712e1d04b3931d3c875e76f81172f4abf7d240e6419a,2024-04-15T05:15:15.220000 CVE-2024-2740,0,0,d811151885dcf4f2b77a4d174a11ca3affaa40577de972dcb33bdeeea321a401,2024-04-11T12:47:44.137000 CVE-2024-2741,0,0,72a13180f65eaa34946651eb5c88084bf0e961149a90b72b29d8dddde47c3326,2024-04-11T12:47:44.137000 CVE-2024-2742,0,0,0e25f52f0731b3f58f04025755ec9a85b24de4601bb22e58141a1505898ffdb7,2024-04-11T12:47:44.137000 @@ -243767,6 +243784,7 @@ CVE-2024-28344,0,0,2b2ac48b2e688421c19c48d164ca5213d2597b1ed8640d5c5cbbafb9e6b2d CVE-2024-28345,0,0,9f53096e64fde0bd9e67c2ba1058971494111a4dba7285ed04f98db5747f24bf,2024-04-10T19:49:51.183000 CVE-2024-28353,0,0,f5d0b12a1e8a931f5519e51563d18b142745d332ff192847a7afb495f17e2dd3,2024-03-15T12:53:06.423000 CVE-2024-28354,0,0,b6680336ce24c3665bbea7456a49c23f2010021d3a256de9fa063452e0cf7d3a,2024-03-15T12:53:06.423000 +CVE-2024-2836,1,1,e3a5bcbc3e8e95703250612ccee048db2ab7fcda91c642fa5da8123d19cf569e,2024-04-15T05:15:15.267000 CVE-2024-28383,0,0,4ebb5b688ac785b11132be45898bb9d7934c49dcd0ae78bf745a27cbe4cf3c09,2024-03-14T14:21:20.217000 CVE-2024-28386,0,0,babe8ca097e0c09213bc5c6af798d9ab75b1906fe65d8568532f7dfbcdf59f5c,2024-03-25T16:43:06.137000 CVE-2024-28387,0,0,50317bd50b8bed7df4714df1431ccc5e21589c7d6b48de3eead147adffba9438,2024-03-25T16:43:06.137000 @@ -243837,6 +243855,7 @@ CVE-2024-28566,0,0,c9f24212256cb9a88e3dae765064f6da32d332c93b211d045c3cbdffec253 CVE-2024-28567,0,0,7526a897057fbae2955626d9e7738a52e2325ac2064611e64829da1fe872a435,2024-03-20T13:00:16.367000 CVE-2024-28568,0,0,21e7c2ac80c2d230d7a9b35298f12f11c166e6014a8608deade9b72fd1df8ff7,2024-03-20T13:00:16.367000 CVE-2024-28569,0,0,527d7500cd4a055262c23a2162ff57bf534bb235652033ef0f1ca98839306e03,2024-03-20T13:00:16.367000 +CVE-2024-2857,1,1,73d0ab52a4d5d5119f0ed1de834eea0dc837a03e08c317a2837598d6698486fe,2024-04-15T05:15:15.310000 CVE-2024-28570,0,0,c44d96a92a23ec5af1b7b35a4f28cee3851aa74504131239a07e6ee51b1ca4d9,2024-03-20T13:00:16.367000 CVE-2024-28571,0,0,7ff87299a92c0c599b41804d27e65d2e753a1e4e6d0b70b2ab574e3fe1bbfea7,2024-03-20T13:00:16.367000 CVE-2024-28572,0,0,f660d21402b0a20ddad67fc846b97b112ef6395e0d9b99e4475960e68ce42c57,2024-03-20T13:00:16.367000 @@ -243847,6 +243866,7 @@ CVE-2024-28576,0,0,62eee59ceac731247a7c88655e3d2ac007ae3b74a711ed322a252e0423801 CVE-2024-28577,0,0,34cfaee275e8af85500d6c1e580ff281140f958db86713d2abf9b4e3d2f8d815,2024-03-20T13:00:16.367000 CVE-2024-28578,0,0,aff1e9995c920aaaad54290879d063aad5e72049e07815ca4f3b691fd0645e08,2024-03-20T13:00:16.367000 CVE-2024-28579,0,0,6e42ee309e110339eeb91ba8a64cc42f171ee321f73fb32236d88e2453d2ab53,2024-03-20T13:00:16.367000 +CVE-2024-2858,1,1,aa6f5427cb86b38c5ca98a839a4ca8e6f8a596b800239391883fbfe96a71be60,2024-04-15T05:15:15.350000 CVE-2024-28580,0,0,8fbcfb740b2e8be0bed751f27ca44452f5f092e8d43b2f6c55a23e9cf10964a6,2024-03-20T13:00:16.367000 CVE-2024-28581,0,0,41a8f000291f41e824fff4139be59da3ce3129e46d92b8fe0d3ca8582a6ed016,2024-03-20T13:00:16.367000 CVE-2024-28582,0,0,a8d301ccd0dad16aea2974823f92b257c48d20794dbe2fa246519ebd4b428091,2024-03-20T13:00:16.367000 @@ -244365,7 +244385,7 @@ CVE-2024-29840,0,0,e0bf1336a8777f05d9ddff6cf61dfcb3c4a78e2ee7e7598df2b7d8f55e88a CVE-2024-29841,0,0,bf6d11f8ff0404b2beb5351f96a9cc308cffb274608eb7f51e441183d4b2ea09,2024-04-15T00:15:13.963000 CVE-2024-29842,0,0,9fcd654a2b9c876cb5d73b31ac2983bb0f5f46f7812ffeaa12170dee8d6b58fd,2024-04-15T00:15:14.167000 CVE-2024-29843,0,0,fe546397c94a00575ea363edd74f297119a8af5489577f632f47948f6fe7f2f2,2024-04-15T00:15:14.373000 -CVE-2024-29844,0,1,5e036faaa6a2022e503d1a8a5ef581a949907b7db40a8996ddc3c78d8deea42a,2024-04-15T03:16:06.320000 +CVE-2024-29844,0,0,5e036faaa6a2022e503d1a8a5ef581a949907b7db40a8996ddc3c78d8deea42a,2024-04-15T03:16:06.320000 CVE-2024-2985,0,0,eae3273dd06632fb9083734fb3ca3d6279482f4638135d81e5659988419ffe7f,2024-04-11T01:25:43.773000 CVE-2024-29858,0,0,ec21ad079a83cd076ada45f6eaa6cdca3318bb07ab260d892702dff1f9c09fde,2024-03-21T12:58:51.093000 CVE-2024-29859,0,0,1a3bc8759fdc8c10e013f96dddd14f2ff64d6c749aade8e9054f9e130df1726e,2024-03-21T12:58:51.093000 @@ -245134,7 +245154,7 @@ CVE-2024-31507,0,0,8a4d05957463fb55563022c4622a2463374ff774a0631f4c63214875a7c78 CVE-2024-3151,0,0,2dd1cf236cf7e4dbb7d9720cf950d856f9b652cd7c08d701ecc784bea1322bb1,2024-04-11T01:25:55.410000 CVE-2024-31544,0,0,bc835e0f71240df22cec22617fbfab2cab4d97b1f555eabe4ef7c23231d6357c,2024-04-10T13:24:22.187000 CVE-2024-3156,0,0,672d7786ba8482c7e78ab9597c9f5a6e717f264787edb700157c849ff3c9f687,2024-04-08T18:48:40.217000 -CVE-2024-3157,0,1,5a423f43ed9e43d0f3e67864a2f920e32c6b616d23d4a97009e6a50d35454586,2024-04-15T03:16:07.840000 +CVE-2024-3157,0,0,5a423f43ed9e43d0f3e67864a2f920e32c6b616d23d4a97009e6a50d35454586,2024-04-15T03:16:07.840000 CVE-2024-3158,0,0,d2414412e299d1c6c6fd5c25934ca9d016ec38ac6210ea884f5d6eabc2220b22,2024-04-08T18:48:40.217000 CVE-2024-3159,0,0,ab3d3fc3f58ff99c2f10e23574a75e665f3343c344ecfe71138e927973febb6e,2024-04-08T18:48:40.217000 CVE-2024-3160,0,0,f58561faca7869291dbd40f98b5207b12f048bddf4323b50e2fa0b0605fe77f4,2024-04-11T01:25:55.513000 @@ -245318,7 +245338,7 @@ CVE-2024-3385,0,0,dafd55987e5738b5d6ec37d523526a7e0269d60d96cd780933abafbc800645 CVE-2024-3386,0,0,d08d523d066834a85bfe06023f05a033d8631a6197479f66bfb86438af143c6d,2024-04-10T19:49:51.183000 CVE-2024-3387,0,0,59a783d7f5a632f1312dc02ccd745e7c758f93e478c4554a0dbc9aba27d256c0,2024-04-10T19:49:51.183000 CVE-2024-3388,0,0,9a13547aa29d2171bfe252870fb3dde44261a463a11a31d9062dc130e0f3c4f3,2024-04-10T19:49:51.183000 -CVE-2024-3400,0,0,f05f675d530dcecc2483b3a39974a75127b0e65a5a071e269c21f968cf7cc0dc,2024-04-13T01:00:01.407000 +CVE-2024-3400,0,1,a9a75be54eeb1ea90b3d8a429c3b5d29455b629a23070617289cb42a4cef4f0e,2024-04-15T04:15:14.973000 CVE-2024-3413,0,0,7c0263f5aa26015f580f259b17ac76e3fb232807ce6eb6b3e0fa4a42d34def58,2024-04-11T01:26:00.727000 CVE-2024-3414,0,0,fcf8b2012e3dcab7048965e9d40e8c26f25a86217cc70e6c24a2ae712b119943,2024-04-11T01:26:00.803000 CVE-2024-3415,0,0,80d83d8ba89e3620cb20eb7a8b2b10e1c5fbd8b76c068e7c00b4af6deadd81dd,2024-04-11T01:26:00.900000 @@ -245362,8 +245382,8 @@ CVE-2024-3465,0,0,a42aecf57f43969ec60c90b90013ebe0e449783aa33103b39be184486d2b2c CVE-2024-3466,0,0,06b3d0b5c629cfcd72994ab03bcc3d914522a60f9b439b6d13775db50704418a,2024-04-11T01:26:03.777000 CVE-2024-3512,0,0,0bde0dc5c2508608f7df2e92075f3b315e69961d5bc617a9cf046c486aab6ef4,2024-04-10T13:23:38.787000 CVE-2024-3514,0,0,6b760aa2049aa25a8d1a8a27afd68abe75f99cb1cc8192949aefe4b5db8f51ce,2024-04-10T13:23:38.787000 -CVE-2024-3515,0,1,7c2080a97360e37202e0b326d4ec64e60af0e0d13acfca93ee3ef27890144e60,2024-04-15T03:16:07.907000 -CVE-2024-3516,0,1,81c13df32a1714de507a8aeec8fb3d7db93df5fba8ae524ffd7483155d3c1893,2024-04-15T03:16:07.943000 +CVE-2024-3515,0,0,7c2080a97360e37202e0b326d4ec64e60af0e0d13acfca93ee3ef27890144e60,2024-04-15T03:16:07.907000 +CVE-2024-3516,0,0,81c13df32a1714de507a8aeec8fb3d7db93df5fba8ae524ffd7483155d3c1893,2024-04-15T03:16:07.943000 CVE-2024-3521,0,0,e61d852c00114c6bd3f4a1b5eeb2ffc212b4c353a3c03a3453182d437a66b289,2024-04-11T01:26:03.900000 CVE-2024-3522,0,0,2dd2aff8352737c957083bbb548feca94c6bc4d24050574d0269bbbcc566f409,2024-04-11T01:26:03.977000 CVE-2024-3523,0,0,4bcdc0c2641557edee953608e7aa9e663000e70c847d90476983bd4354ae7983,2024-04-11T01:26:04.057000 @@ -245429,8 +245449,16 @@ CVE-2024-3739,0,0,7ec4f828f90436048bb80fdf887bc8a60adc89dbf654d1396a79394bec55d2 CVE-2024-3740,0,0,cad4660a05c482b6800e402dcb0a2b908ba4751bb8506078e808ef0aee3e4761,2024-04-13T21:15:48.353000 CVE-2024-3762,0,0,b191d101f4a9d645c7e9f95afa47f2c207df5b4c70ecd3749179a783e15e08f0,2024-04-14T22:15:58.687000 CVE-2024-3763,0,0,262909d0950c7a3228e8fed8ae6373f18cbf0c3e21f14cf96c53b24e96840fc4,2024-04-14T23:15:46.110000 -CVE-2024-3764,0,0,4d189903af3cfe6d7249ff59c89b78dd404f54d55b4d90a0597a6d48e963acf9,2024-04-14T23:15:46.373000 +CVE-2024-3764,0,1,70d1a097d80ba6a7417901e86cac520039f1d31360562ec4f4b871246034fad2,2024-04-15T04:15:15.097000 CVE-2024-3765,0,0,b3d1b16d269cee243522ba0b3be107f044389782884d6822e375f86a69fc36c5,2024-04-14T23:15:46.650000 CVE-2024-3766,0,0,28f42c457ae28605580e5cf8d3ddbf5c4178184dcd9c90284dd7756c20e9f53b,2024-04-15T00:15:14.773000 -CVE-2024-3772,1,1,e4ccd472bd870e0b47fe1cad763e454d866943170fcbf1220c4ccf6b594b25ed,2024-04-15T03:16:07.987000 -CVE-2024-3774,1,1,dd4053ce443100bd83b9ea82a8bbca2ed0af020758e7494ffa2a017457f90394,2024-04-15T03:16:08.197000 +CVE-2024-3767,1,1,6a32db80d4ffc373d854a79dc00323c6ab9a456924e69bde49b1160de8e76e09,2024-04-15T04:15:15.340000 +CVE-2024-3768,1,1,62bdeb35bdd1af55412e128a8fdbce3528711000827188e69950a39650c5808c,2024-04-15T04:15:15.673000 +CVE-2024-3769,1,1,b573b33315ed0476b9146128444d602c7e78853d136c8b8a7a2569c4ded6c7e9,2024-04-15T04:15:15.897000 +CVE-2024-3770,1,1,01f6dac7e3a9ac8f5e54a9d90c536f1ed70ec11ee4d04c14f3ee897456b16b8e,2024-04-15T05:15:15.390000 +CVE-2024-3772,0,0,e4ccd472bd870e0b47fe1cad763e454d866943170fcbf1220c4ccf6b594b25ed,2024-04-15T03:16:07.987000 +CVE-2024-3774,0,0,dd4053ce443100bd83b9ea82a8bbca2ed0af020758e7494ffa2a017457f90394,2024-04-15T03:16:08.197000 +CVE-2024-3775,1,1,52779b1005d4db5b6bc44864df1194b5a0f191f1146c3602566f65957b629b7f,2024-04-15T04:15:16.137000 +CVE-2024-3776,1,1,142de1a8177c17eb5a75aa9810486f1e01596ab478c6e5a8bd9f3e1ff86d03e5,2024-04-15T04:15:16.340000 +CVE-2024-3777,1,1,8ae3095405a265caa4c39e353b257a50324c3d569bf6067317e73cf2d588135b,2024-04-15T04:15:16.553000 +CVE-2024-3778,1,1,78b4e3df723f2acdfa2ccdcb4cf1cb844e1fb494f086e62797e5caf7e9cb2b9f,2024-04-15T04:15:16.747000