From 5b88b22b073a23448ced99973b81e8e4422d400a Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 23 May 2024 23:58:21 +0000 Subject: [PATCH] Auto-Update: 2024-05-23T23:55:30.455594+00:00 --- CVE-2023/CVE-2023-202xx/CVE-2023-20239.json | 50 ++---------- CVE-2024/CVE-2024-52xx/CVE-2024-5227.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5228.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5242.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5243.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5244.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5245.json | 59 ++++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5246.json | 47 +++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5247.json | 59 ++++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5279.json | 88 ++++++++++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5291.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5292.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5293.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5294.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5295.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5296.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5297.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5298.json | 55 +++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5299.json | 55 +++++++++++++ README.md | 56 ++++++------- _state.csv | 90 ++++++++++++--------- 21 files changed, 1106 insertions(+), 113 deletions(-) create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5227.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5228.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5242.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5243.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5244.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5245.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5246.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5247.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5279.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5291.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5292.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5293.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5294.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5295.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5296.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5297.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5298.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5299.json diff --git a/CVE-2023/CVE-2023-202xx/CVE-2023-20239.json b/CVE-2023/CVE-2023-202xx/CVE-2023-20239.json index 019169db887..ab7f97e62ab 100644 --- a/CVE-2023/CVE-2023-202xx/CVE-2023-20239.json +++ b/CVE-2023/CVE-2023-202xx/CVE-2023-20239.json @@ -2,54 +2,14 @@ "id": "CVE-2023-20239", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-05-22T17:16:02.760", - "lastModified": "2024-05-22T18:59:20.240", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-05-23T22:15:11.543", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "ykramarz@cisco.com", - "type": "Secondary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "LOW", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 8.8, - "baseSeverity": "HIGH" - }, - "exploitabilityScore": 2.8, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "ykramarz@cisco.com", - "type": "Secondary", - "description": [ - { - "lang": "en", - "value": "CWE-89" - } - ] - } - ], - "references": [ - { - "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-sqli-WFFDnNOs", - "source": "ykramarz@cisco.com" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5227.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5227.json new file mode 100644 index 00000000000..a4d0d656cc9 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5227.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5227", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:12.727", + "lastModified": "2024-05-23T22:15:12.727", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TP-Link Omada ER605 PPTP VPN username Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are only vulnerable if configured to use a PPTP VPN with LDAP authentication.\n\nThe specific flaw exists within the handling of the username parameter provided to the /usr/bin/pppd endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22446." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-499/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5228.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5228.json new file mode 100644 index 00000000000..e73508339fa --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5228.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5228", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:13.047", + "lastModified": "2024-05-23T22:15:13.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TP-Link Omada ER605 Comexe DDNS Response Handling Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the handling of DNS responses. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22383." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-500/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5242.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5242.json new file mode 100644 index 00000000000..4b3a30b8d5f --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5242.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5242", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:13.310", + "lastModified": "2024-05-23T22:15:13.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TP-Link Omada ER605 Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the handling of DDNS error codes. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22522." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-501/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5243.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5243.json new file mode 100644 index 00000000000..d0780341ec8 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5243.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5243", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:13.503", + "lastModified": "2024-05-23T22:15:13.503", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TP-Link Omada ER605 Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the handling of DNS names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22523." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-502/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5244.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5244.json new file mode 100644 index 00000000000..5e44bbbc11d --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5244.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5244", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:13.777", + "lastModified": "2024-05-23T22:15:13.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "TP-Link Omada ER605 Reliance on Security Through Obscurity Vulnerability. This vulnerability allows network-adjacent attackers to access or spoof DDNS messages on affected installations of TP-Link Omada ER605 routers. Authentication is not required to exploit this vulnerability. However, devices are vulnerable only if configured to use the Comexe DDNS service.\n\nThe specific flaw exists within the cmxddnsd executable. The issue results from reliance on obscurity to secure network data. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22439." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-656" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-503/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5245.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5245.json new file mode 100644 index 00000000000..a6e67cffa8c --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5245.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-5245", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:13.980", + "lastModified": "2024-05-23T22:15:13.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NETGEAR ProSAFE Network Management System Default Credentials Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NETGEAR ProSAFE Network Management System. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The issue results from the use of default MySQL credentials. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22755." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1392" + } + ] + } + ], + "references": [ + { + "url": "https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-496/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5246.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5246.json new file mode 100644 index 00000000000..4e260c247bb --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5246.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-5246", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:14.200", + "lastModified": "2024-05-23T22:15:14.200", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Apache Tomcat. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22868." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://kb.netgear.com/000066164/Security-Advisory-for-Multiple-Vulnerabilities-on-the-NMS300-PSV-2024-0003-PSV-2024-0004", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-497/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5247.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5247.json new file mode 100644 index 00000000000..89358b1c4b2 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5247.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-5247", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:14.387", + "lastModified": "2024-05-23T22:15:14.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "NETGEAR ProSAFE Network Management System UpLoadServlet Unrestricted File Upload Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of user-supplied data, which can allow the upload of arbitrary files. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22923." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://kb.netgear.com/000066165/Security-Advisory-for-Missing-Function-Level-Access-Control-on-the-NMS300-PSV-2024-0005", + "source": "zdi-disclosures@trendmicro.com" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-498/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5279.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5279.json new file mode 100644 index 00000000000..4d1520dae03 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5279.json @@ -0,0 +1,88 @@ +{ + "id": "CVE-2024-5279", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-23T23:15:14.633", + "lastModified": "2024-05-23T23:15:14.633", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Qiwen Netdisk up to 1.4.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component File Rename Handler. The manipulation with the input leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-266083." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/qiwen-cloud/qiwen-file/issues/I8W3H2", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.266083", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.266083", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5291.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5291.json new file mode 100644 index 00000000000..66f5ceae449 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5291.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5291", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:14.580", + "lastModified": "2024-05-23T22:15:14.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link DIR-2150 GetDeviceSettings Target Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the SOAP API interface, which listens on TCP port 80 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21235." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-442/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5292.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5292.json new file mode 100644 index 00000000000..29ca72807b0 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5292.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5292", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:14.780", + "lastModified": "2024-05-23T22:15:14.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link Network Assistant Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of D-Link Network Assistant. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the DNACore service. The service loads a file from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21426." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-443/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5293.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5293.json new file mode 100644 index 00000000000..f38e8ce0aca --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5293.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5293", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:15.000", + "lastModified": "2024-05-23T22:15:15.000", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link DIR-2640 HTTP Referer Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640-US routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within prog.cgi, which handles HNAP requests made to the lighttpd webserver listening on TCP ports 80 and 443. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21853." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-444/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5294.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5294.json new file mode 100644 index 00000000000..893a9f97b18 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5294.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5294", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:15.213", + "lastModified": "2024-05-23T22:15:15.213", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link DIR-3040 prog.cgi websSecurityHandler Memory Leak Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of D-Link DIR-3040 routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the prog.cgi program, which handles HNAP requests made to the lighttpd webserver listening on ports 80 and 443. The issue results from the lack of proper memory management when processing HTTP cookie values. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.\n. Was ZDI-CAN-21668." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-445/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5295.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5295.json new file mode 100644 index 00000000000..8319b6546b2 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5295.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5295", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:15.420", + "lastModified": "2024-05-23T22:15:15.420", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link G416 flupl self Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link G416 wireless routers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the HTTP service listening on TCP port 80. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21294." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-446/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5296.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5296.json new file mode 100644 index 00000000000..9af4cbe5e03 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5296.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5296", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:15.617", + "lastModified": "2024-05-23T22:15:15.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the TokenUtils class. The issue results from a hard-coded cryptographic key. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-21991." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-321" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-447/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5297.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5297.json new file mode 100644 index 00000000000..4f077261779 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5297.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5297", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:15.890", + "lastModified": "2024-05-23T22:15:15.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link D-View executeWmicCmd Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the executeWmicCmd method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21821." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-448/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5298.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5298.json new file mode 100644 index 00000000000..4059ebe9648 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5298.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5298", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:16.107", + "lastModified": "2024-05-23T22:15:16.107", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link D-View queryDeviceCustomMonitorResult Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the queryDeviceCustomMonitorResult method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21842." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-749" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-449/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5299.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5299.json new file mode 100644 index 00000000000..f4246d30630 --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5299.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5299", + "sourceIdentifier": "zdi-disclosures@trendmicro.com", + "published": "2024-05-23T22:15:16.320", + "lastModified": "2024-05-23T22:15:16.320", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "D-Link D-View execMonitorScript Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of D-Link D-View. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed.\n\nThe specific flaw exists within the execMonitorScript method. The issue results from an exposed dangerous method. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-21828." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "zdi-disclosures@trendmicro.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-749" + } + ] + } + ], + "references": [ + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-450/", + "source": "zdi-disclosures@trendmicro.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e0f64779ed5..9e419e40fc0 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-23T22:00:38.534222+00:00 +2024-05-23T23:55:30.455594+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-23T21:05:01.570000+00:00 +2024-05-23T23:15:14.633000+00:00 ``` ### Last Data Feed Release @@ -33,46 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -251617 +251635 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `18` -- [CVE-2024-5201](CVE-2024/CVE-2024-52xx/CVE-2024-5201.json) (`2024-05-23T20:15:09.283`) -- [CVE-2024-5202](CVE-2024/CVE-2024-52xx/CVE-2024-5202.json) (`2024-05-23T20:15:09.543`) +- [CVE-2024-5227](CVE-2024/CVE-2024-52xx/CVE-2024-5227.json) (`2024-05-23T22:15:12.727`) +- [CVE-2024-5228](CVE-2024/CVE-2024-52xx/CVE-2024-5228.json) (`2024-05-23T22:15:13.047`) +- [CVE-2024-5242](CVE-2024/CVE-2024-52xx/CVE-2024-5242.json) (`2024-05-23T22:15:13.310`) +- [CVE-2024-5243](CVE-2024/CVE-2024-52xx/CVE-2024-5243.json) (`2024-05-23T22:15:13.503`) +- [CVE-2024-5244](CVE-2024/CVE-2024-52xx/CVE-2024-5244.json) (`2024-05-23T22:15:13.777`) +- [CVE-2024-5245](CVE-2024/CVE-2024-52xx/CVE-2024-5245.json) (`2024-05-23T22:15:13.980`) +- [CVE-2024-5246](CVE-2024/CVE-2024-52xx/CVE-2024-5246.json) (`2024-05-23T22:15:14.200`) +- [CVE-2024-5247](CVE-2024/CVE-2024-52xx/CVE-2024-5247.json) (`2024-05-23T22:15:14.387`) +- [CVE-2024-5279](CVE-2024/CVE-2024-52xx/CVE-2024-5279.json) (`2024-05-23T23:15:14.633`) +- [CVE-2024-5291](CVE-2024/CVE-2024-52xx/CVE-2024-5291.json) (`2024-05-23T22:15:14.580`) +- [CVE-2024-5292](CVE-2024/CVE-2024-52xx/CVE-2024-5292.json) (`2024-05-23T22:15:14.780`) +- [CVE-2024-5293](CVE-2024/CVE-2024-52xx/CVE-2024-5293.json) (`2024-05-23T22:15:15.000`) +- [CVE-2024-5294](CVE-2024/CVE-2024-52xx/CVE-2024-5294.json) (`2024-05-23T22:15:15.213`) +- [CVE-2024-5295](CVE-2024/CVE-2024-52xx/CVE-2024-5295.json) (`2024-05-23T22:15:15.420`) +- [CVE-2024-5296](CVE-2024/CVE-2024-52xx/CVE-2024-5296.json) (`2024-05-23T22:15:15.617`) +- [CVE-2024-5297](CVE-2024/CVE-2024-52xx/CVE-2024-5297.json) (`2024-05-23T22:15:15.890`) +- [CVE-2024-5298](CVE-2024/CVE-2024-52xx/CVE-2024-5298.json) (`2024-05-23T22:15:16.107`) +- [CVE-2024-5299](CVE-2024/CVE-2024-52xx/CVE-2024-5299.json) (`2024-05-23T22:15:16.320`) ### CVEs modified in the last Commit -Recently modified CVEs: `33` +Recently modified CVEs: `1` -- [CVE-2022-48689](CVE-2022/CVE-2022-486xx/CVE-2022-48689.json) (`2024-05-23T20:33:57.590`) -- [CVE-2022-48691](CVE-2022/CVE-2022-486xx/CVE-2022-48691.json) (`2024-05-23T20:34:05.590`) -- [CVE-2022-48692](CVE-2022/CVE-2022-486xx/CVE-2022-48692.json) (`2024-05-23T20:34:02.510`) -- [CVE-2022-48693](CVE-2022/CVE-2022-486xx/CVE-2022-48693.json) (`2024-05-23T20:34:08.557`) -- [CVE-2022-48694](CVE-2022/CVE-2022-486xx/CVE-2022-48694.json) (`2024-05-23T20:34:12.060`) -- [CVE-2023-42089](CVE-2023/CVE-2023-420xx/CVE-2023-42089.json) (`2024-05-23T20:03:33.647`) -- [CVE-2023-42090](CVE-2023/CVE-2023-420xx/CVE-2023-42090.json) (`2024-05-23T20:11:59.477`) -- [CVE-2023-42091](CVE-2023/CVE-2023-420xx/CVE-2023-42091.json) (`2024-05-23T20:20:52.897`) -- [CVE-2023-42092](CVE-2023/CVE-2023-420xx/CVE-2023-42092.json) (`2024-05-23T20:21:55.943`) -- [CVE-2023-42093](CVE-2023/CVE-2023-420xx/CVE-2023-42093.json) (`2024-05-23T20:22:37.423`) -- [CVE-2023-42094](CVE-2023/CVE-2023-420xx/CVE-2023-42094.json) (`2024-05-23T20:25:14.140`) -- [CVE-2023-42095](CVE-2023/CVE-2023-420xx/CVE-2023-42095.json) (`2024-05-23T20:25:47.147`) -- [CVE-2023-42096](CVE-2023/CVE-2023-420xx/CVE-2023-42096.json) (`2024-05-23T20:26:03.157`) -- [CVE-2023-42097](CVE-2023/CVE-2023-420xx/CVE-2023-42097.json) (`2024-05-23T20:26:16.510`) -- [CVE-2024-32002](CVE-2024/CVE-2024-320xx/CVE-2024-32002.json) (`2024-05-23T20:40:28.707`) -- [CVE-2024-34905](CVE-2024/CVE-2024-349xx/CVE-2024-34905.json) (`2024-05-23T21:03:49.143`) -- [CVE-2024-34906](CVE-2024/CVE-2024-349xx/CVE-2024-34906.json) (`2024-05-23T20:42:22.080`) -- [CVE-2024-34909](CVE-2024/CVE-2024-349xx/CVE-2024-34909.json) (`2024-05-23T20:56:30.393`) -- [CVE-2024-34913](CVE-2024/CVE-2024-349xx/CVE-2024-34913.json) (`2024-05-23T20:59:34.540`) -- [CVE-2024-35972](CVE-2024/CVE-2024-359xx/CVE-2024-35972.json) (`2024-05-23T21:04:02.433`) -- [CVE-2024-35978](CVE-2024/CVE-2024-359xx/CVE-2024-35978.json) (`2024-05-23T21:04:07.447`) -- [CVE-2024-35982](CVE-2024/CVE-2024-359xx/CVE-2024-35982.json) (`2024-05-23T21:04:12.530`) -- [CVE-2024-35984](CVE-2024/CVE-2024-359xx/CVE-2024-35984.json) (`2024-05-23T21:04:17.397`) -- [CVE-2024-35990](CVE-2024/CVE-2024-359xx/CVE-2024-35990.json) (`2024-05-23T21:05:01.570`) -- [CVE-2024-35992](CVE-2024/CVE-2024-359xx/CVE-2024-35992.json) (`2024-05-23T20:33:31.133`) +- [CVE-2023-20239](CVE-2023/CVE-2023-202xx/CVE-2023-20239.json) (`2024-05-23T22:15:11.543`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 826cf550511..43e615083f6 100644 --- a/_state.csv +++ b/_state.csv @@ -211900,26 +211900,26 @@ CVE-2022-48667,0,0,fea320fc30b8e20d03bd29c66176a5d330022cbe5a7c1c17bc4a9da6e49c8 CVE-2022-48668,0,0,228d489d1f34a9e09a2e0db1a8ecaeed153a7dbdd673765ef8b5cfd95f8e0655,2024-04-29T12:42:03.667000 CVE-2022-48669,0,0,924a5a271b2b1f1e2b644fe7e0386ec6c2bc9af4df977f70bde60730dd6a3160,2024-05-01T19:50:25.633000 CVE-2022-4867,0,0,df30bf033a8b71c87ccc147259fbbc1d4b447580323b889a3d7676505e257148,2023-01-06T21:26:37.597000 -CVE-2022-48670,0,1,2f00d002688b586b078e34d3bbf056acf45ed73c426d1eb153fd3d7885546faf,2024-05-23T20:26:26.033000 -CVE-2022-48671,0,1,345b087fdf7a29c2a22f9407913d44a46a6dcb9e2d8bc831170752c9ec2199f8,2024-05-23T20:26:32.357000 -CVE-2022-48672,0,1,608a9f4bbdbfeaa5c234d43ea7d6267c5cfed6a3f49f2f595d741d22e8bb0e69,2024-05-23T20:26:40.327000 -CVE-2022-48673,0,1,9605618fa7597ed94995f84a27fb057932599afff122e438d60e99636f587007,2024-05-23T20:26:54.160000 +CVE-2022-48670,0,0,2f00d002688b586b078e34d3bbf056acf45ed73c426d1eb153fd3d7885546faf,2024-05-23T20:26:26.033000 +CVE-2022-48671,0,0,345b087fdf7a29c2a22f9407913d44a46a6dcb9e2d8bc831170752c9ec2199f8,2024-05-23T20:26:32.357000 +CVE-2022-48672,0,0,608a9f4bbdbfeaa5c234d43ea7d6267c5cfed6a3f49f2f595d741d22e8bb0e69,2024-05-23T20:26:40.327000 +CVE-2022-48673,0,0,9605618fa7597ed94995f84a27fb057932599afff122e438d60e99636f587007,2024-05-23T20:26:54.160000 CVE-2022-48674,0,0,fa42813fe90b0585e3ad673a0800f86f62acc80eb213e88f44bacff6d05e9fd4,2024-05-23T19:36:25.633000 -CVE-2022-48675,0,1,ffdc7ff07043ff8d904f74a8a1b71fad7bff2a559dea9c5bb178531131fc30c0,2024-05-23T20:33:42.183000 +CVE-2022-48675,0,0,ffdc7ff07043ff8d904f74a8a1b71fad7bff2a559dea9c5bb178531131fc30c0,2024-05-23T20:33:42.183000 CVE-2022-4868,0,0,49bc3762269009af54870f2860cabd5c2f0372571503d002526079fe993a74bc,2023-01-06T21:20:41.477000 CVE-2022-48682,0,0,a9e8566df4d423615eab0842eba8f88c67d4de5de15c1876586d34ed294d4bbf,2024-04-26T12:58:17.720000 CVE-2022-48684,0,0,183793e4ba2f09101fce115e434fee8cb8ff9c6a4ec46d5771edf2b59c69d11d,2024-04-29T12:42:03.667000 CVE-2022-48685,0,0,ffa3e1d85b1e2d4bd3c19f046cb04890a395016777f2401ecc051ad5f33c92b4,2024-04-29T12:42:03.667000 -CVE-2022-48686,0,1,ee162749a361db1a0b6a353b0eb61f9a34a852517c7d84ecd41264480ae7864b,2024-05-23T20:33:45.640000 -CVE-2022-48687,0,1,154cc9d9f32ec8b0f10de1628955ee37a741d3f226440d234da62eb278afefe6,2024-05-23T20:33:49.117000 -CVE-2022-48688,0,1,2b696539b728bee97e44de8c598ffc8f476d756e332df2a283fc8a9074238df0,2024-05-23T20:33:54.213000 -CVE-2022-48689,0,1,8c5e17be7f3d5892523929694e6776d9a497e15f529c60dbb701d2fc4f469e2f,2024-05-23T20:33:57.590000 +CVE-2022-48686,0,0,ee162749a361db1a0b6a353b0eb61f9a34a852517c7d84ecd41264480ae7864b,2024-05-23T20:33:45.640000 +CVE-2022-48687,0,0,154cc9d9f32ec8b0f10de1628955ee37a741d3f226440d234da62eb278afefe6,2024-05-23T20:33:49.117000 +CVE-2022-48688,0,0,2b696539b728bee97e44de8c598ffc8f476d756e332df2a283fc8a9074238df0,2024-05-23T20:33:54.213000 +CVE-2022-48689,0,0,8c5e17be7f3d5892523929694e6776d9a497e15f529c60dbb701d2fc4f469e2f,2024-05-23T20:33:57.590000 CVE-2022-4869,0,0,5b7b2ea9a47dff3b53da6eb2b79f229dd760425d82069982970d64b162546221,2024-05-17T02:17:00.030000 CVE-2022-48690,0,0,3bf2b7383dedf1b2ce6c2ca7145377e77848973096f501b231a7b1919c6a2366,2024-05-06T12:44:56.377000 -CVE-2022-48691,0,1,78460f3d579f8d025d413b4e5084115051c9505854758717f2911c3e457a9330,2024-05-23T20:34:05.590000 -CVE-2022-48692,0,1,aff174e5de8240f7eeb215a974629e18c37c98651f8f655c24ed7766ce32a01d,2024-05-23T20:34:02.510000 -CVE-2022-48693,0,1,d6e7aa54f0c447d57b766a60c626b4ab3ddf1f43df6d2e702984b990e4adc451,2024-05-23T20:34:08.557000 -CVE-2022-48694,0,1,910a15b10a70e2085e592dc798e379210d71c50e824a0184076c2766c86fee88,2024-05-23T20:34:12.060000 +CVE-2022-48691,0,0,78460f3d579f8d025d413b4e5084115051c9505854758717f2911c3e457a9330,2024-05-23T20:34:05.590000 +CVE-2022-48692,0,0,aff174e5de8240f7eeb215a974629e18c37c98651f8f655c24ed7766ce32a01d,2024-05-23T20:34:02.510000 +CVE-2022-48693,0,0,d6e7aa54f0c447d57b766a60c626b4ab3ddf1f43df6d2e702984b990e4adc451,2024-05-23T20:34:08.557000 +CVE-2022-48694,0,0,910a15b10a70e2085e592dc798e379210d71c50e824a0184076c2766c86fee88,2024-05-23T20:34:12.060000 CVE-2022-48695,0,0,5597f7680e0947e146d1de0c8d0e40fdf3811110f06a260ab5a6dadef93e0451,2024-05-06T12:44:56.377000 CVE-2022-48696,0,0,bb3f4e94ce2427b3ca1fcaa726a4e20810cfed0e3cb97d8a7607647d16161033,2024-05-06T12:44:56.377000 CVE-2022-48697,0,0,0e9a749323cfd051bbdaaf987011b5f32efa3788b4f7ef451aa4e20d090082a3,2024-05-06T12:44:56.377000 @@ -214169,7 +214169,7 @@ CVE-2023-20235,0,0,5dba974f1c210cf2a03787c3d3e9c441feee75819526969b64e2f4a80cd00 CVE-2023-20236,0,0,c6a29bb276fa53045a1d5dbdcd5f535a774cb8c2b4a2da6d6d6378ae41d08dd7,2024-01-25T17:15:39.850000 CVE-2023-20237,0,0,f975d459d3015a3f408e596ac215a6d75cfb23fa7b1171a2fa054590faa43dfe,2024-01-25T17:15:39.970000 CVE-2023-20238,0,0,79a23b4efc590566cd58d4cbff45d13d4f3db09516083d401270e6b9d775efcf,2024-01-25T17:15:40.067000 -CVE-2023-20239,0,0,826e38211d328eeacf8b74ba34a8ec7e417b358bc8709bf7d61605481ebb92e6,2024-05-22T18:59:20.240000 +CVE-2023-20239,0,1,5dd8be818e18e1a04d7c98aee7cfcb486050d3e0a53ae7e4e7e015f455f8a455,2024-05-23T22:15:11.543000 CVE-2023-2024,0,0,a3df09772ebf731a0c1b5b6db5674d9bb51b9794a600088bf32d2d3c6a061d68,2023-05-25T18:10:24.590000 CVE-2023-20240,0,0,015a0e0281847d8e48d2582559aafcb4c3d1269bf49b1b0162dcef443724c650,2024-01-25T17:15:40.187000 CVE-2023-20241,0,0,96357ec1544a3578befd4c4e9e8f2d0182f6d55009c374e33215ccb07ff2801f,2024-01-25T17:15:40.280000 @@ -231059,16 +231059,16 @@ CVE-2023-42085,0,0,cf93f61909db37ccb952df99954d17c52886a5577ba198c6e8431075299ae CVE-2023-42086,0,0,5faade454dfaca84ed7f76ac90f0e62c45c41414ad327adff71535f973c4c1c7,2024-05-03T12:49:24.027000 CVE-2023-42087,0,0,ee670b3f09b1758041850601f55d23fe6541df0f228efdd8af3f03b86ee41b30,2024-05-03T12:49:24.027000 CVE-2023-42088,0,0,c60c8f0710b3f8907a770edb35aff0985f42f234d49f40bc81207964a8ea5c36,2024-05-03T12:49:24.027000 -CVE-2023-42089,0,1,0f0f43e1de035594b7a5d040a88bb6dc44d053c78339abea8c30d4839080e458,2024-05-23T20:03:33.647000 +CVE-2023-42089,0,0,0f0f43e1de035594b7a5d040a88bb6dc44d053c78339abea8c30d4839080e458,2024-05-23T20:03:33.647000 CVE-2023-4209,0,0,492b848ec95a38529284f183cefb82398c79fd370952b71b8dc65095053f77ba,2023-11-07T04:22:20.387000 -CVE-2023-42090,0,1,6b7e3a8fd94987365b1cb45944db97b941cf84f6565f6e96b66a6e42484818bb,2024-05-23T20:11:59.477000 -CVE-2023-42091,0,1,e00677eebf7bd4f68ec882d55f8bcb52c551c0f7a9e89271ba7f56dc8d15ec68,2024-05-23T20:20:52.897000 -CVE-2023-42092,0,1,e455456d0d00ff006fc5660ce755c70b1953e30a969fae2970de4e0253dae01b,2024-05-23T20:21:55.943000 -CVE-2023-42093,0,1,014bd8d52604fdd4aa74d1e4dfbd48ddebd2af65d93740262c35ef98f1e28f47,2024-05-23T20:22:37.423000 -CVE-2023-42094,0,1,4387da5325d781ac7ee92e6b509718673641ba11d388eea76084b9882d15058a,2024-05-23T20:25:14.140000 -CVE-2023-42095,0,1,136d9791b8309eed30123dcbd7abeb566ac2794053448f5ef6cced75dc460daa,2024-05-23T20:25:47.147000 -CVE-2023-42096,0,1,de90800eed4cbf71026bd6635a7ee5366f03358d43e4f25f4c9bfb82668e66ee,2024-05-23T20:26:03.157000 -CVE-2023-42097,0,1,967acb3f125ad6b7060ff6c566c00b25797743a7ea1df86a18e19500e899187f,2024-05-23T20:26:16.510000 +CVE-2023-42090,0,0,6b7e3a8fd94987365b1cb45944db97b941cf84f6565f6e96b66a6e42484818bb,2024-05-23T20:11:59.477000 +CVE-2023-42091,0,0,e00677eebf7bd4f68ec882d55f8bcb52c551c0f7a9e89271ba7f56dc8d15ec68,2024-05-23T20:20:52.897000 +CVE-2023-42092,0,0,e455456d0d00ff006fc5660ce755c70b1953e30a969fae2970de4e0253dae01b,2024-05-23T20:21:55.943000 +CVE-2023-42093,0,0,014bd8d52604fdd4aa74d1e4dfbd48ddebd2af65d93740262c35ef98f1e28f47,2024-05-23T20:22:37.423000 +CVE-2023-42094,0,0,4387da5325d781ac7ee92e6b509718673641ba11d388eea76084b9882d15058a,2024-05-23T20:25:14.140000 +CVE-2023-42095,0,0,136d9791b8309eed30123dcbd7abeb566ac2794053448f5ef6cced75dc460daa,2024-05-23T20:25:47.147000 +CVE-2023-42096,0,0,de90800eed4cbf71026bd6635a7ee5366f03358d43e4f25f4c9bfb82668e66ee,2024-05-23T20:26:03.157000 +CVE-2023-42097,0,0,967acb3f125ad6b7060ff6c566c00b25797743a7ea1df86a18e19500e899187f,2024-05-23T20:26:16.510000 CVE-2023-42098,0,0,8e4c84f368263878ec32a418628232f9aef570903e3aeab4d53a15e28f6988c8,2024-05-03T12:49:24.027000 CVE-2023-42099,0,0,6d2bd1d2af6074ca20b13addfc54270b89b7af594cac5c451e24e69f3bca3260,2024-05-03T12:49:24.027000 CVE-2023-42100,0,0,75cc696ab19e7fc6d667f97b8ac523e1bbae5b6e3d042063d90a46a6e4e81071,2024-05-03T12:49:24.027000 @@ -248767,7 +248767,7 @@ CVE-2024-31997,0,0,d95ca9b47538ea73a196934e9c1064ac6bfd03df35a75cfa6de5a54ba7f14 CVE-2024-31999,0,0,92063baa188f8d1eb46101bed0277138de32335b249687b065a40c476ebdada7,2024-04-11T12:47:44.137000 CVE-2024-32000,0,0,5a1773951b9e4056d222ee9010995a856338856d61b3ccc3a9db5455d3c02bfb,2024-04-15T13:15:31.997000 CVE-2024-32001,0,0,5f137f0e0d607eeec96c185575fc4489622e4c58e021858f7aee0551fd5f0547,2024-04-11T12:47:44.137000 -CVE-2024-32002,0,1,48be14afa98a3d0838703e3a18294dea9901ede648690c195f851d5768397209,2024-05-23T20:40:28.707000 +CVE-2024-32002,0,0,48be14afa98a3d0838703e3a18294dea9901ede648690c195f851d5768397209,2024-05-23T20:40:28.707000 CVE-2024-32003,0,0,8e8c8d945f0ee0a518068e981d0cc584a07044ae728a9a77ce2d918bc43c232f,2024-04-15T13:15:31.997000 CVE-2024-32004,0,0,36c53e6b23ae4855264d40aff92ae0ce3b5701c2e0b937ef9fe8ca91ba7755d7,2024-05-14T19:17:55.627000 CVE-2024-32005,0,0,67300e4989f99e2e013d8397bc4806c53fe7ab524173b29e08f1814aa041fd14,2024-04-15T13:15:31.997000 @@ -250212,11 +250212,11 @@ CVE-2024-3488,0,0,bf7c4b33b6e91489947313990def9ab3ebf80b81d3d9e53cfe72c6eb903d1d CVE-2024-3489,0,0,407fc99ac607d8b254895aa9dc68afca4c0fff929cb004325e3c06bd83280a91,2024-05-02T18:00:37.360000 CVE-2024-34899,0,0,9579694904378722f2b9da74dd16a33f2e9423032433b6d7a12c13c9e08feaa9,2024-05-14T16:12:23.490000 CVE-2024-3490,0,0,243d31a8a91d548ae7245abd7ab9112de0ee4857a2da5c2f334b7a81fefaf51e,2024-05-02T13:27:25.103000 -CVE-2024-34905,0,1,bdcf1575bdf737bf5b4544470c5680061fbc9eb772b09650c4ee060b5e223269,2024-05-23T21:03:49.143000 -CVE-2024-34906,0,1,2e87c19545a662b9bbb732affd4033eedf71c0d6ff41c50506bab921f34df110,2024-05-23T20:42:22.080000 -CVE-2024-34909,0,1,200d6e135c597cb2e777da35c986586f176b28b1430331d2d52fe002caa50f25,2024-05-23T20:56:30.393000 +CVE-2024-34905,0,0,bdcf1575bdf737bf5b4544470c5680061fbc9eb772b09650c4ee060b5e223269,2024-05-23T21:03:49.143000 +CVE-2024-34906,0,0,2e87c19545a662b9bbb732affd4033eedf71c0d6ff41c50506bab921f34df110,2024-05-23T20:42:22.080000 +CVE-2024-34909,0,0,200d6e135c597cb2e777da35c986586f176b28b1430331d2d52fe002caa50f25,2024-05-23T20:56:30.393000 CVE-2024-3491,0,0,155e981c246f1ab173bd75da38bee4b8800ff4b0566c01179dcadac412465c38,2024-04-23T12:52:09.397000 -CVE-2024-34913,0,1,482ab417b16d36cac885da18c13005f6c4dcc004509b2b573a33dd2947f7d3b7,2024-05-23T20:59:34.540000 +CVE-2024-34913,0,0,482ab417b16d36cac885da18c13005f6c4dcc004509b2b573a33dd2947f7d3b7,2024-05-23T20:59:34.540000 CVE-2024-34914,0,0,70a7c11501909b39ef53f8b81e0474e671bd02725d09e7751be6f86dc2b4f270,2024-05-14T19:17:55.627000 CVE-2024-34919,0,0,3b58bcaada9443a615b9da4a712e7a9b2cf49d93cbec4e97e3462cce15a1e03d,2024-05-17T18:35:35.070000 CVE-2024-34921,0,0,dbf53dbc9b81b9221c12f4c1ada0297cc361fc3675871ab0069ddf8fe9b53895,2024-05-14T16:12:23.490000 @@ -250601,29 +250601,29 @@ CVE-2024-35968,0,0,455842c0a4d55666496fa40a79a465ae6f1a76b6cda131514488328ea35c0 CVE-2024-35969,0,0,d9ff80f9e86dc6ec09d3d73a2c622fd8ab88d79413f238450526cf2d09ad3c05,2024-05-20T13:00:04.957000 CVE-2024-35970,0,0,96c10ee560020395797cdef9b864f6d3cdaba14b965e10eda86ce0385cd15848,2024-05-20T13:00:04.957000 CVE-2024-35971,0,0,effec5050df593cb0a5fcbfeeadb2f59554f22230700f7672813bbc9fe591940,2024-05-20T13:00:04.957000 -CVE-2024-35972,0,1,8fcf39d4ace4f1fcc0a244e6329df0b275111c4ac22e4ce79dcba8599cd853de,2024-05-23T21:04:02.433000 +CVE-2024-35972,0,0,8fcf39d4ace4f1fcc0a244e6329df0b275111c4ac22e4ce79dcba8599cd853de,2024-05-23T21:04:02.433000 CVE-2024-35973,0,0,41f3886c10db3750b388959132c4d4bd76a858dc2682bcea0347de3b3322c0fc,2024-05-20T13:00:04.957000 CVE-2024-35974,0,0,99aabf4606519b47da26b388b64955b6d9d56b1f34614cfa4dd1087fe54ff0a9,2024-05-20T13:00:04.957000 CVE-2024-35975,0,0,9ccca75aff95c5c07486f4ffd822fc6d64fc6a460bf3425f20890c15d921fd6d,2024-05-20T13:00:04.957000 CVE-2024-35976,0,0,91795b3537c076d70885e843bee8aac3e47a116196fc144491efe4fdcedf990a,2024-05-20T13:00:04.957000 CVE-2024-35977,0,0,2d804b886f49d95cae94751dee4a424dbc6e4b9c37e3a8a4837566ea12fb2e66,2024-05-20T13:00:04.957000 -CVE-2024-35978,0,1,afa9ef21c96ee0c6e9d19e5f919b427cc9cf6c4a69e553c8cb767295ba777f46,2024-05-23T21:04:07.447000 +CVE-2024-35978,0,0,afa9ef21c96ee0c6e9d19e5f919b427cc9cf6c4a69e553c8cb767295ba777f46,2024-05-23T21:04:07.447000 CVE-2024-35979,0,0,d4e16323071271d934aec8db56e2e5374b8e5b0a0154f42f629d21361e33f8db,2024-05-20T13:00:04.957000 CVE-2024-3598,0,0,885c48b686e5bb2258cc0c91f29020f7833d7484ea51a21d94da9f5d8904b730,2024-04-19T13:10:25.637000 CVE-2024-35980,0,0,058b0cecf53a78c7f6c74b546625ff7ae5e3f40bb9966fbec455937d5141e6d9,2024-05-20T13:00:04.957000 CVE-2024-35981,0,0,27e7e8b41f3b2aebe895d0b71a07a84c3d7ee00b6a6fee9ef12a978cee9e7b57,2024-05-20T13:00:04.957000 -CVE-2024-35982,0,1,906dc3d7b5c5d9be313af01e34960e48a3b6accfc782bb11a7745f3e14c3a02a,2024-05-23T21:04:12.530000 +CVE-2024-35982,0,0,906dc3d7b5c5d9be313af01e34960e48a3b6accfc782bb11a7745f3e14c3a02a,2024-05-23T21:04:12.530000 CVE-2024-35983,0,0,91efa68748fb762071812cab7e815ebbc2ed836cfe9f67c1f785c1a848a5528b,2024-05-20T13:00:04.957000 -CVE-2024-35984,0,1,5d36a758410a9b5e9899a4e8e4e25a348dd448ebca1c56dd71f5f66f015f02a1,2024-05-23T21:04:17.397000 +CVE-2024-35984,0,0,5d36a758410a9b5e9899a4e8e4e25a348dd448ebca1c56dd71f5f66f015f02a1,2024-05-23T21:04:17.397000 CVE-2024-35985,0,0,8cc1c917a7738d893ec0a9d1c44209bd1d7b3f8cef708316309cbf9a4215535a,2024-05-20T13:00:04.957000 CVE-2024-35986,0,0,be7afb82513a1b370add045e8c1b2ac1955bfb3c3a30e92ae07ea1c246fcd26a,2024-05-20T13:00:04.957000 CVE-2024-35987,0,0,38fbeb762a26a248e4c552518d83a2ba642c404289b1a591d9ed8a636187a4b1,2024-05-20T13:00:04.957000 CVE-2024-35988,0,0,755a0019dfe8ec6eea7c008269fab2add53414d43021d5f586f0a5a780ddd270,2024-05-20T13:00:04.957000 CVE-2024-35989,0,0,74d32fb7723857587d8cded7b34ee0daeadad294e1321b16d4f13290ed1a3ffa,2024-05-20T13:00:04.957000 CVE-2024-3599,0,0,f91d9eb89bd43a7fdb8f84ac15f658b45bd8ceb29436b55e3e5788315fb781e2,2024-05-02T18:00:37.360000 -CVE-2024-35990,0,1,06cceae2bf943dd33610aa5921336bb9e4b51ab802f5aca7743daeb9e09e12ea,2024-05-23T21:05:01.570000 +CVE-2024-35990,0,0,06cceae2bf943dd33610aa5921336bb9e4b51ab802f5aca7743daeb9e09e12ea,2024-05-23T21:05:01.570000 CVE-2024-35991,0,0,2ec1879b27963a38a501cadf4dfbe3633d294feee31a8b14ec87c1ec5c0413e6,2024-05-20T13:00:04.957000 -CVE-2024-35992,0,1,c748b9e28b199fd28c92e210d134a908e9da81ab9434f465a91f612846c1269c,2024-05-23T20:33:31.133000 +CVE-2024-35992,0,0,c748b9e28b199fd28c92e210d134a908e9da81ab9434f465a91f612846c1269c,2024-05-23T20:33:31.133000 CVE-2024-35993,0,0,bad1b5b49ce7b76fa895299042043a78a83a2ec3c0153aeb29b5deeac017aaf3,2024-05-20T13:00:04.957000 CVE-2024-35994,0,0,b65f4c52916d4cf46be28de4b7b8d2043a3d41d53ca03b78ebc632d730387b3d,2024-05-20T13:00:04.957000 CVE-2024-35995,0,0,7170efe44af3e1ab57e075c5210892dd1f90918d41bfca64d16d522f3a4ce5cb,2024-05-20T13:00:04.957000 @@ -251600,8 +251600,10 @@ CVE-2024-5193,0,0,10c68e7444190b04603fe41121d5ca46f60a4a86754539b9aa3d12094e7245 CVE-2024-5194,0,0,449708a9669696a9d45dc12d62d0dd60618e438564c2c2163a0a40f19cb2695e,2024-05-22T12:46:53.887000 CVE-2024-5195,0,0,6f936c1a350f3aa4241c2485aebe122e7725b90fcb612ab0345f361f301112f3,2024-05-22T12:46:53.887000 CVE-2024-5196,0,0,5d3f231a43c31999680087469716ad4f3327a52b153d985ebb2cb490ce1591bb,2024-05-22T12:46:53.887000 -CVE-2024-5201,1,1,c022274fc30559e48cee770c6219a56ceb32ca923aab9904e95811ede9bb3649,2024-05-23T20:15:09.283000 -CVE-2024-5202,1,1,0158807f44e8299a8fc55ccca562c6b2d8d66c63988f86575c821e8e732d18b0,2024-05-23T20:15:09.543000 +CVE-2024-5201,0,0,c022274fc30559e48cee770c6219a56ceb32ca923aab9904e95811ede9bb3649,2024-05-23T20:15:09.283000 +CVE-2024-5202,0,0,0158807f44e8299a8fc55ccca562c6b2d8d66c63988f86575c821e8e732d18b0,2024-05-23T20:15:09.543000 +CVE-2024-5227,1,1,022a7b3b0252db3f02e5f77ec1c0b45feba41c13657e9d4764d868ef6c413a71,2024-05-23T22:15:12.727000 +CVE-2024-5228,1,1,791205a57cc2f393befe7c7c647a097afb3d7e710fb9e38052999f679cb9573b,2024-05-23T22:15:13.047000 CVE-2024-5230,0,0,cf2becfcaf10c991a6e891134ca15d918b17a419b24de9a99e4b60c016014c40,2024-05-23T02:15:09.503000 CVE-2024-5231,0,0,2fc06f277cf3b2ccd9f8bef63c31f29dbbc25b6622a63bce2a1973925c5571e0,2024-05-23T03:15:08.307000 CVE-2024-5232,0,0,ed53713218d3c3309d574d9b93cb7335aa67af33785bf9d72a3f19c8a0aa9151,2024-05-23T04:15:09.410000 @@ -251614,5 +251616,21 @@ CVE-2024-5238,0,0,54af8c72ea663ab58e18883a934ebe7b4f3d213d13d52462bb8f1383833c12 CVE-2024-5239,0,0,6e790ea9c157d6ca48103062e904e3e176a7312f4d801654e6a47203a462fdea,2024-05-23T06:15:13.557000 CVE-2024-5240,0,0,3494efb6705fdae8c11113fbb015528d382fe3d61e884fe5fa0e91c0a340e60f,2024-05-23T07:15:09.987000 CVE-2024-5241,0,0,2052da6845c087b37d3912fd46165ee199b25d2ea734d5794afc72a994cd7a50,2024-05-23T07:15:10.803000 +CVE-2024-5242,1,1,d026f6801d13ae97248c72031bd6e18b8dd706fd38317f4d80fcd0798e0d4878,2024-05-23T22:15:13.310000 +CVE-2024-5243,1,1,d9436981cded9c508f07d702d996ecc3e019346e1d8dc38841782dbefbe66642,2024-05-23T22:15:13.503000 +CVE-2024-5244,1,1,2666e35b1ebe5e714dc55caa5a7c8d77c485b993feaabdf62a2df1a1b51e398b,2024-05-23T22:15:13.777000 +CVE-2024-5245,1,1,a4bf8e634fb7b967231b40de4d0431e956cbe5b513e75240d48115a25b716fb0,2024-05-23T22:15:13.980000 +CVE-2024-5246,1,1,e51ed885e614d815c3c5e68b18784ef663c33ccf223adb79e5763591c4998274,2024-05-23T22:15:14.200000 +CVE-2024-5247,1,1,97831c1cfb627b04bf272f8465aa703f3871fab689e3a8225c28176756132b6c,2024-05-23T22:15:14.387000 CVE-2024-5258,0,0,612239f97aff7a3f1b6375ec653a87b4fa47054b6007332650f0500858bd751f,2024-05-23T11:15:24.640000 CVE-2024-5264,0,0,fb1838ba27f9c5882d711f864f2c2fd731d10e808866432d51827ab685b7373f,2024-05-23T09:15:10.170000 +CVE-2024-5279,1,1,9e2969775d17ec0d5b5572f7950ffafdd40aeefa695b8680cc16a034d5eee30a,2024-05-23T23:15:14.633000 +CVE-2024-5291,1,1,df22d5846a0d93a861b5f68ed9abb3324189f6b9f83d8bffd99dd26f015762ec,2024-05-23T22:15:14.580000 +CVE-2024-5292,1,1,55558d2c1998d35fbb040ff5aff58e22ec1a35cc2d7e4f74de51d44f90464b49,2024-05-23T22:15:14.780000 +CVE-2024-5293,1,1,4556f35dee29f84319302fba42935f847e22656946a5cbc7a117cd441adb6ff7,2024-05-23T22:15:15 +CVE-2024-5294,1,1,9c0b6ffc86c297a3b138baeb7692a9d1c060894778670522dffa1b8f2a5bef87,2024-05-23T22:15:15.213000 +CVE-2024-5295,1,1,da5937ff9af5190ae8518e2b7fcc2ba1330ba93e0e93db55f339f585f182c107,2024-05-23T22:15:15.420000 +CVE-2024-5296,1,1,8a06543e486c1b24a4a71d6d0ebe5390ca2a6e4bb6f9d5da93d0fecc717e546c,2024-05-23T22:15:15.617000 +CVE-2024-5297,1,1,65655899622134e98f4d05e0ca2e98ccca1f8bbb0f7a26d058dfea771ee9d298,2024-05-23T22:15:15.890000 +CVE-2024-5298,1,1,ede0967903480caa8215754a03fa2e5d1e856d282fd45cfdb137964c51b36b9a,2024-05-23T22:15:16.107000 +CVE-2024-5299,1,1,1f14fe120d2bba658f2ad78a695844fc61bfb586a4437d040e27e25526dd88ae,2024-05-23T22:15:16.320000