diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51452.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51452.json new file mode 100644 index 00000000000..a8d8418db1b --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51452.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51452", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-04-02T11:15:49.830", + "lastModified": "2024-04-02T11:15:49.830", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pull_file_v2_proc function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.0, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51452/", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51453.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51453.json new file mode 100644 index 00000000000..18c83e06341 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51453.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51453", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-04-02T11:15:50.080", + "lastModified": "2024-04-02T11:15:50.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the process_push_file function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.0, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51453/", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51454.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51454.json new file mode 100644 index 00000000000..54c43535e5c --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51454.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51454", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-04-02T11:15:50.273", + "lastModified": "2024-04-02T11:15:50.273", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Out-of-bounds Write issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to overwrite a pointer in the process memory through a crafted payload triggering an unsafe memory write operation in the my_tcp_receive function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51454/", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51455.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51455.json new file mode 100644 index 00000000000..cce26a6cc5c --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51455.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51455", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-04-02T11:15:50.520", + "lastModified": "2024-04-02T11:15:50.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Improper Validation of Array Index issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to corrupt a controlled memory location due to a missing input validation in the on_receive_session_packet_ack function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, potentially leading to a memory information leak or to an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51455/", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-514xx/CVE-2023-51456.json b/CVE-2023/CVE-2023-514xx/CVE-2023-51456.json new file mode 100644 index 00000000000..fbd6bd31ae8 --- /dev/null +++ b/CVE-2023/CVE-2023-514xx/CVE-2023-51456.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-51456", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-04-02T11:15:50.717", + "lastModified": "2024-04-02T11:15:50.717", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to trigger an out-of-bound read/write into the process memory through a crafted payload due to a missing input sanity check in the v2_pack_array_to_msg function implemented in the libv2_sdk.so library imported by the v2_sdk_service binary implementing the service, potentially leading to a memory information leak or an arbitrary code execution. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-51456/", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6948.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6948.json new file mode 100644 index 00000000000..40f06baf25b --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6948.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6948", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-04-02T11:15:50.890", + "lastModified": "2024-04-02T11:15:50.890", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.0, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6948/", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6949.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6949.json new file mode 100644 index 00000000000..cc2732b68f3 --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6949.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6949", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-04-02T11:15:51.070", + "lastModified": "2024-04-02T11:15:51.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** DISPUTED ** A Missing Authentication for Critical Function issue affecting the HTTP service running on the DJI Mavic Mini 3 Pro on the standard port 80 could allow an attacker to enumerate and download videos and pictures saved on the drone internal or external memory without requiring any kind of authentication." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6949/", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6950.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6950.json new file mode 100644 index 00000000000..c622a336650 --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6950.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6950", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-04-02T11:15:51.243", + "lastModified": "2024-04-02T11:15:51.243", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** DISPUTED ** An Improper Input Validation vulnerability affecting the FTP service running on the DJI Mavic Mini 3 Pro could allow an attacker to craft a malicious packet containing a malformed path provided to the FTP SIZE command that leads to a denial-of-service attack of the FTP service itself." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.0, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6950/", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-69xx/CVE-2023-6951.json b/CVE-2023/CVE-2023-69xx/CVE-2023-6951.json new file mode 100644 index 00000000000..0866bc13b01 --- /dev/null +++ b/CVE-2023/CVE-2023-69xx/CVE-2023-6951.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2023-6951", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-04-02T11:15:51.417", + "lastModified": "2024-04-02T11:15:51.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Use of Weak Credentials vulnerability affecting the Wi-Fi network generated by a set of DJI drones could allow a remote attacker to derive the WPA2 PSK key and authenticate without permission to the drone\u2019s Wi- Fi network. This, in turn, allows the attacker to perform unauthorized interaction with the network services exposed by the drone and to potentially decrypt the Wi-Fi traffic exchanged between the drone and the Android/IOS device of the legitimate user during QuickTransfer mode. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1391" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2023-6951/", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1732.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1732.json new file mode 100644 index 00000000000..f028e870a29 --- /dev/null +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1732.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1732", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-02T10:15:07.900", + "lastModified": "2024-04-02T10:15:07.900", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wads_removeProductFromShop() function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to delete arbitrary posts." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3059375%40wooshark-aliexpress-importer&new=3059375%40wooshark-aliexpress-importer&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4a2e636d-e602-4ab0-80f2-525a8a1f8388?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1807.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1807.json new file mode 100644 index 00000000000..c309134887f --- /dev/null +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1807.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-1807", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-02T10:15:09.257", + "lastModified": "2024-04-02T10:15:09.257", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Product Sort and Display for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the psad_update_product_cat_custom_meta_ajax function in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attackers to hide product categories." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woocommerce-product-sort-and-display/trunk/classes/class-wc-psad-admin-hook.php#L306", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055823%40woocommerce-product-sort-and-display&new=3055823%40woocommerce-product-sort-and-display&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c8bd778b-1d56-4544-b2c3-a77a7ec05aa4?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1946.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1946.json new file mode 100644 index 00000000000..36df264d40d --- /dev/null +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1946.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1946", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-04-02T10:15:09.573", + "lastModified": "2024-04-02T10:15:09.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Genesis Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block content in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3059862%40genesis-blocks&new=3059862%40genesis-blocks&sfp_email=&sfph_mail=", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ce116ee1-f0ea-469b-8c17-8c17c76fdc66?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-27xx/CVE-2024-2745.json b/CVE-2024/CVE-2024-27xx/CVE-2024-2745.json new file mode 100644 index 00000000000..7dd5c22c712 --- /dev/null +++ b/CVE-2024/CVE-2024-27xx/CVE-2024-2745.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-2745", + "sourceIdentifier": "cve@rapid7.com", + "published": "2024-04-02T10:15:09.950", + "lastModified": "2024-04-02T10:15:09.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Rapid7's InsightVM maintenance mode login page suffers from a sensitive information exposure vulnerability whereby, sensitive information is exposed through query strings in the URL when login is attempted before the page is fully loaded.\u00a0 This vulnerability allows attackers to acquire sensitive information such as passwords, auth tokens, usernames etc.\u00a0\u00a0\n\u00a0\nThe vulnerability is remediated in version 6.6.244.\u00a0\n\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@rapid7.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@rapid7.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-598" + } + ] + } + ], + "references": [ + { + "url": "https://docs.rapid7.com/release-notes/insightvm/20240327/", + "source": "cve@rapid7.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-299xx/CVE-2024-29947.json b/CVE-2024/CVE-2024-299xx/CVE-2024-29947.json new file mode 100644 index 00000000000..eb147bcc822 --- /dev/null +++ b/CVE-2024/CVE-2024-299xx/CVE-2024-29947.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-29947", + "sourceIdentifier": "hsrc@hikvision.com", + "published": "2024-04-02T11:15:51.640", + "lastModified": "2024-04-02T11:15:51.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "hsrc@hikvision.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-nvr-devices/", + "source": "hsrc@hikvision.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-299xx/CVE-2024-29948.json b/CVE-2024/CVE-2024-299xx/CVE-2024-29948.json new file mode 100644 index 00000000000..d43e5dd1168 --- /dev/null +++ b/CVE-2024/CVE-2024-299xx/CVE-2024-29948.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-29948", + "sourceIdentifier": "hsrc@hikvision.com", + "published": "2024-04-02T11:15:51.813", + "lastModified": "2024-04-02T11:15:51.813", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "hsrc@hikvision.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-nvr-devices/", + "source": "hsrc@hikvision.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-299xx/CVE-2024-29949.json b/CVE-2024/CVE-2024-299xx/CVE-2024-29949.json new file mode 100644 index 00000000000..8508c8acb89 --- /dev/null +++ b/CVE-2024/CVE-2024-299xx/CVE-2024-29949.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-29949", + "sourceIdentifier": "hsrc@hikvision.com", + "published": "2024-04-02T11:15:51.980", + "lastModified": "2024-04-02T11:15:51.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "hsrc@hikvision.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikvision-nvr-devices/", + "source": "hsrc@hikvision.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 181ac3acf96..95eb42d1821 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-02T10:00:37.802340+00:00 +2024-04-02T12:00:38.858985+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-02T09:15:07.567000+00:00 +2024-04-02T11:15:51.980000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -243696 +243712 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `16` -- [CVE-2024-1300](CVE-2024/CVE-2024-13xx/CVE-2024-1300.json) (`2024-04-02T08:15:53.993`) -- [CVE-2024-20799](CVE-2024/CVE-2024-207xx/CVE-2024-20799.json) (`2024-04-02T08:15:59.050`) -- [CVE-2024-2931](CVE-2024/CVE-2024-29xx/CVE-2024-2931.json) (`2024-04-02T09:15:07.567`) -- [CVE-2024-31002](CVE-2024/CVE-2024-310xx/CVE-2024-31002.json) (`2024-04-02T08:15:59.863`) -- [CVE-2024-31003](CVE-2024/CVE-2024-310xx/CVE-2024-31003.json) (`2024-04-02T08:16:05.277`) -- [CVE-2024-31004](CVE-2024/CVE-2024-310xx/CVE-2024-31004.json) (`2024-04-02T08:16:10.720`) -- [CVE-2024-31005](CVE-2024/CVE-2024-310xx/CVE-2024-31005.json) (`2024-04-02T08:16:16.147`) +- [CVE-2023-51452](CVE-2023/CVE-2023-514xx/CVE-2023-51452.json) (`2024-04-02T11:15:49.830`) +- [CVE-2023-51453](CVE-2023/CVE-2023-514xx/CVE-2023-51453.json) (`2024-04-02T11:15:50.080`) +- [CVE-2023-51454](CVE-2023/CVE-2023-514xx/CVE-2023-51454.json) (`2024-04-02T11:15:50.273`) +- [CVE-2023-51455](CVE-2023/CVE-2023-514xx/CVE-2023-51455.json) (`2024-04-02T11:15:50.520`) +- [CVE-2023-51456](CVE-2023/CVE-2023-514xx/CVE-2023-51456.json) (`2024-04-02T11:15:50.717`) +- [CVE-2023-6948](CVE-2023/CVE-2023-69xx/CVE-2023-6948.json) (`2024-04-02T11:15:50.890`) +- [CVE-2023-6949](CVE-2023/CVE-2023-69xx/CVE-2023-6949.json) (`2024-04-02T11:15:51.070`) +- [CVE-2023-6950](CVE-2023/CVE-2023-69xx/CVE-2023-6950.json) (`2024-04-02T11:15:51.243`) +- [CVE-2023-6951](CVE-2023/CVE-2023-69xx/CVE-2023-6951.json) (`2024-04-02T11:15:51.417`) +- [CVE-2024-1732](CVE-2024/CVE-2024-17xx/CVE-2024-1732.json) (`2024-04-02T10:15:07.900`) +- [CVE-2024-1807](CVE-2024/CVE-2024-18xx/CVE-2024-1807.json) (`2024-04-02T10:15:09.257`) +- [CVE-2024-1946](CVE-2024/CVE-2024-19xx/CVE-2024-1946.json) (`2024-04-02T10:15:09.573`) +- [CVE-2024-2745](CVE-2024/CVE-2024-27xx/CVE-2024-2745.json) (`2024-04-02T10:15:09.950`) +- [CVE-2024-29947](CVE-2024/CVE-2024-299xx/CVE-2024-29947.json) (`2024-04-02T11:15:51.640`) +- [CVE-2024-29948](CVE-2024/CVE-2024-299xx/CVE-2024-29948.json) (`2024-04-02T11:15:51.813`) +- [CVE-2024-29949](CVE-2024/CVE-2024-299xx/CVE-2024-29949.json) (`2024-04-02T11:15:51.980`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 7e5ebef6ac8..8f4d06019c7 100644 --- a/_state.csv +++ b/_state.csv @@ -235582,6 +235582,11 @@ CVE-2023-51449,0,0,f6f071342927b7cd7dc56e8bf3007483d3f9e2baa5fb74cac7df73fb722a4 CVE-2023-5145,0,0,f79cea8c0acf2023f1c0eb4330c3c115d9e6098fc27eb087f30457eb0776673e,2024-03-21T02:50:09.500000 CVE-2023-51450,0,0,f9cbf65937352a3bc782f0e4bfb38411f39084e0ae7ad3562f3c14712bfb52f7,2024-02-22T19:07:27.197000 CVE-2023-51451,0,0,ca5ecc34bbc7b6d6e9bc17fa25ebb534b6e8fb432c5fa4cf3ee8904248760869,2024-01-03T20:52:26.203000 +CVE-2023-51452,1,1,ca6855d508bf8edfe74d1d8830b648be753fe77a7052a3d579059d8737761e1c,2024-04-02T11:15:49.830000 +CVE-2023-51453,1,1,e7102e8a5627f7b4234f71ed4bbe05ec8e5257064158d9448c1eaa9803334d20,2024-04-02T11:15:50.080000 +CVE-2023-51454,1,1,82fe5510e0a3ee178fe5fec91c789a485179d33e5ddd8f3dd3f62754f32498a8,2024-04-02T11:15:50.273000 +CVE-2023-51455,1,1,fcf13487ea00ca31579cd7d5e745c145387e0d4fedcf7d622f7eaaadacc7fe30,2024-04-02T11:15:50.520000 +CVE-2023-51456,1,1,66bcafe19f4805e560eae6078ac967764d42f447646ff7d423c78a6da36d0e13,2024-04-02T11:15:50.717000 CVE-2023-51457,0,0,1abda757e34627235e76fb521686de76ad0fb8e5a9cf332173e98a6b3bcc41b1,2023-12-28T20:14:43.737000 CVE-2023-51458,0,0,06ee9bcfd9d8cde6b55c5a73cc1015b3d993fec2cc3cab61cffb709af58222bf,2023-12-28T20:14:49.643000 CVE-2023-51459,0,0,6d1ba6d3f389b6e7ea7ba2c62540951c0302d98efecec636e627ba400bbd934d,2023-12-27T18:43:46.757000 @@ -237751,6 +237756,10 @@ CVE-2023-6943,0,0,243f1053dc4e751cf9cd9ea1a3feec90de136a148b35d72e90dd7754899a39 CVE-2023-6944,0,0,b453ccc11666e3e20f635934304e12206f6d1751449fa49547d4c54d9fe58e02,2024-02-04T20:15:46.650000 CVE-2023-6945,0,0,007e0f92725daf06d651ac151184bc7523442b13bcb68ca0fb465e1949f5b0b3,2024-03-21T02:50:50.240000 CVE-2023-6946,0,0,6d15d49849355e757559f9bf6499dd17a73c47e11df17a484f0afc7b82a71381,2024-02-03T00:24:34.007000 +CVE-2023-6948,1,1,13e109a50111d97be4c1b453286918b794ead803bf4e278d699a03d068a52b5f,2024-04-02T11:15:50.890000 +CVE-2023-6949,1,1,3b6e1671a137bbd6561827c83727e6518b972fa2eb9931fb7d9d313636ecabb7,2024-04-02T11:15:51.070000 +CVE-2023-6950,1,1,a92f0a74a24d5559ffd6effcf8f698afaa92a20704b5727c3df0a8b95112e162,2024-04-02T11:15:51.243000 +CVE-2023-6951,1,1,b632d27b08baf9099f9ee2ba2b967edbc1a5a0acc1956d865ef40c3e044897ae,2024-04-02T11:15:51.417000 CVE-2023-6953,0,0,a4eae60c09f86b37536b6072986cf2d081babcc1cdd107376a1ba9bb2012ddfc,2024-02-22T03:39:59.017000 CVE-2023-6954,0,0,e16e3ea43f2a86b70e5255d158fba6afb9dfffc3f3f53935b7f577ca79a58f8d,2024-03-13T18:16:18.563000 CVE-2023-6955,0,0,7a80cfe846d10fcea6780b4ae01cccd9684aeac6ad97c3a3415c4424a672be7e,2024-01-18T21:16:42.053000 @@ -238976,7 +238985,7 @@ CVE-2024-1294,0,0,9641429abe5a940a43824ce0a1ebfc70cc6e8bb9d03222022ce919558da2ba CVE-2024-1296,0,0,d628c54417435b81c9a35f9055b41796b04338bd627b433b683ddaaee5c39d70,2024-03-13T18:16:18.563000 CVE-2024-1297,0,0,1fc219bb038ab422185a999365115aff94759fe3e5ff94e3dc4180f1d6bc82d0,2024-02-20T19:50:53.960000 CVE-2024-1299,0,0,952d3e1978bc9a123968ee45cc4c039cf2f6a96c36b8ac699d5424c827f802f2,2024-03-07T13:52:27.110000 -CVE-2024-1300,1,1,abae4f8540c4f3b05756025aad1aa01a339099f43bb9c0198c3f05ceaaca4dd0,2024-04-02T08:15:53.993000 +CVE-2024-1300,0,0,abae4f8540c4f3b05756025aad1aa01a339099f43bb9c0198c3f05ceaaca4dd0,2024-04-02T08:15:53.993000 CVE-2024-1301,0,0,ad76e593d116a58eeaf318bfd22383ec748ba7dfe41e7fb39acf2b71f8bc8595,2024-03-12T17:46:17.273000 CVE-2024-1302,0,0,0d92f40493f04fb89736b5d4813cc04155db2e6292914bd81a508f53301b17b8,2024-03-12T17:46:17.273000 CVE-2024-1303,0,0,2c083eedd4995023cbd1b7a6bdebb4abb78e7f89b28ee91bf701625b1108f30f,2024-03-12T17:46:17.273000 @@ -239250,6 +239259,7 @@ CVE-2024-1725,0,0,ee1fb8cd83e91b3cc554ef61ba8506273bf384217121fa2160f3c7c69e57a9 CVE-2024-1727,0,0,f4e653a98477d638f895ffe05e108bd41757e63f270b3b4944ff32c3013cd3b1,2024-03-22T12:45:36.130000 CVE-2024-1729,0,0,14bef8901dd1d9abbe90b38de5f3542677bbf5514e82e7ac8ea472c9b111efa4,2024-03-29T12:45:02.937000 CVE-2024-1731,0,0,a54dfdadfcd6666506c62883f073482e904182fadeecad8ff7a349f271e0661b,2024-03-05T13:41:01.900000 +CVE-2024-1732,1,1,49276833c3e9fe6c342402724fc5f41b6c7162c1d6a03ad15202b9be7eeefb99,2024-04-02T10:15:07.900000 CVE-2024-1733,0,0,d9cf8004467e67497b484a605a620c0a0db32312b35f534ec3be854a6ce160fc,2024-03-17T22:38:29.433000 CVE-2024-1735,0,0,fef99247045161df3b08e17c74949b5db371420b96202703c89efa90d1969060,2024-02-26T16:32:25.577000 CVE-2024-1742,0,0,49a014e71feeebf0985e26bc6d9858143440f2617b6f3a9f2dea0afb22280114,2024-03-22T12:45:36.130000 @@ -239293,6 +239303,7 @@ CVE-2024-1800,0,0,f53314859df2ff8acf8c284afd628cdf89b33b507d44df4413be063b7de588 CVE-2024-1801,0,0,22b7a02f8400e6c62f43c0a6ce63e01f389097184cf969a99878bc2375a229fd,2024-03-20T17:18:26.603000 CVE-2024-1802,0,0,fc49d6852e2d9c806d87bd476c49eb44290671042d27cb531abfd095f2e45f37,2024-03-08T14:02:57.420000 CVE-2024-1806,0,0,73f76c289a42538b0e30741cbd9c42340b0dc0b9404f8627ff555054eb7d9696,2024-03-13T18:15:58.530000 +CVE-2024-1807,1,1,d4aecedd41b6d8f2145667eb6eb68eec1ea0248356756a49db355048ceb1cb08,2024-04-02T10:15:09.257000 CVE-2024-1808,0,0,2da113a6f87d1b28b926abe8dc4a1c1454247327ae44f0a848973179ceb1addc,2024-02-28T14:06:45.783000 CVE-2024-1810,0,0,3ed28ead4309aa20d8dbb01f1df05396f6299eece4357cb3786e9b9d0cf9a602,2024-02-26T13:42:22.567000 CVE-2024-1811,0,0,9068bcb9f3f34b43c28e19cffa3601442b80523a5e4a96d5aeb9503893bd6c78,2024-03-20T17:18:26.603000 @@ -239385,6 +239396,7 @@ CVE-2024-1939,0,0,862ed503c4cd6a96fea863f557f2290de2baf913d152cc1cb93720d0bf768f CVE-2024-1941,0,0,2deee38d49f655dc85a14e0f9cc0860e5fd72126cfed04ebe024762ac27ab897,2024-03-01T14:04:26.010000 CVE-2024-1942,0,0,d2058cc77179b578f0e78baf64d5b6e05e82d9b31a50db95cc791849070a4ce9,2024-02-29T13:49:29.390000 CVE-2024-1943,0,0,e7dc18d05b40bfd7ee5ebc3227fce56e30acd0b0b15356871ecd447fe6351a02,2024-02-28T14:06:45.783000 +CVE-2024-1946,1,1,16cc5fd21d5729f855bcb718e4df2899932bcff7d13454bda5802e4baf0fb848,2024-04-02T10:15:09.573000 CVE-2024-1949,0,0,a4a1f3609fef0e2a230c1b010f52bf7d305a09f4861227b8e294f8389476ffa5,2024-02-29T13:49:29.390000 CVE-2024-1950,0,0,c81433ece9eb03bb069d6c71602c7c3532a36d1bc1ef9cde659f5feb4021e880,2024-03-13T18:15:58.530000 CVE-2024-1951,0,0,6f53c63bb13d7d4b26a6ea73367658c4321e9a09c9e4edd0413bbd0b4467224a,2024-03-13T18:15:58.530000 @@ -239662,7 +239674,7 @@ CVE-2024-20768,0,0,7801fe19f37e045dfaa63591debdec338bb248ebe98979bd1417c8db12646 CVE-2024-2077,0,0,5ca3f9022129534f614f35499858c838a2901ea9cdb4aa8c5469f82f0ebb4ea1,2024-03-21T02:52:29 CVE-2024-2078,0,0,c5cf1f8224dc1437cc5c72b4c20f193ca60f923ea1195c1e3b8d6f13446a32c9,2024-03-01T14:04:04.827000 CVE-2024-2079,0,0,d19df912ca8f24c4783570207f7ead00a2f333eee11795e142007ff6a5180cfc,2024-03-14T12:52:16.723000 -CVE-2024-20799,1,1,43bb6a51868126746f1c5d3e37e8934e2b57f251b1dc9adefc6844232e69cb35,2024-04-02T08:15:59.050000 +CVE-2024-20799,0,0,43bb6a51868126746f1c5d3e37e8934e2b57f251b1dc9adefc6844232e69cb35,2024-04-02T08:15:59.050000 CVE-2024-2080,0,0,32a4465f2fc45199bcb0563622cd911532e367b79194bc4a312258059486223d,2024-03-22T12:45:36.130000 CVE-2024-20802,0,0,09b0e538ab7892d37fab32a8e5c61289f6ef8af3dfbdfbb048a6512fa7396094,2024-01-10T16:14:57.787000 CVE-2024-20803,0,0,6c415e68c0cc04850639517c5e65b145b62c937ecdd266efbaf3b8a7e936e490,2024-01-10T16:11:26.313000 @@ -242552,6 +242564,7 @@ CVE-2024-27440,0,0,f656cf3f867b554b4acbc17eee670f16835e4e41b3c8da203b1b487ef7d6f CVE-2024-27441,0,0,e840685b8600bbca2bd5265ffc2375dd0e1834727afca845fa72402578217a21,2024-03-13T15:15:52.083000 CVE-2024-27444,0,0,a237f36c45a82911cb697384887c7b89bc1c2ea038ffd45f33470a0acaad42ea,2024-02-26T16:32:25.577000 CVE-2024-27447,0,0,cb57e8d03df573cd861f28c33cc0f260471c72de24ec7e9c3037c0509931fb18,2024-02-26T16:32:25.577000 +CVE-2024-2745,1,1,ae742b8dba51cd0b46eabfa0bc9316d5efa6dd024d746c4b1003417d74613678,2024-04-02T10:15:09.950000 CVE-2024-27454,0,0,420cb9ec3b08ac5a96e141e933952328f4cf525758241b7fd36981eea8d7ea27,2024-02-26T16:32:25.577000 CVE-2024-27455,0,0,2d941179924c9f77cb732b35f1b7b9f5792b70ca51de1e84f09167eb77852176,2024-03-26T16:15:12.263000 CVE-2024-27456,0,0,af8b9eeeffd0370c5237af64d481e919abc5d541ec3702413fff35287d9c8d37,2024-02-26T16:32:25.577000 @@ -243175,7 +243188,7 @@ CVE-2024-2930,0,0,1ad9e8da3d9e338360bae5cfe06f7f2b34c53691a77fd9b2835daafc635760 CVE-2024-29301,0,0,154c6ea8f36ae553114269a1e880d159b7e9b09b869cc177af921f11e043c79a,2024-03-26T12:55:05.010000 CVE-2024-29302,0,0,befca4baa09da55c6ccc652e95ace012df1b1e2aab7ec33ac183ae5971911acf,2024-03-26T12:55:05.010000 CVE-2024-29303,0,0,9fc5b63681179dd34090ab25180fdf1128a0a8fe7fe2b044acdbb780ed8094f7,2024-03-26T12:55:05.010000 -CVE-2024-2931,1,1,784c5f35b16ad4976ac066198687046575b3695a0232752b170c78276040ce72,2024-04-02T09:15:07.567000 +CVE-2024-2931,0,0,784c5f35b16ad4976ac066198687046575b3695a0232752b170c78276040ce72,2024-04-02T09:15:07.567000 CVE-2024-29316,0,0,d27cba85226074cd9f892f0c325cdf6da8119e3ab549faa34cd3ad95bf88e266,2024-03-29T12:45:02.937000 CVE-2024-2932,0,0,e7442b733184a1b9f22f25ceb3ef49f5e962fea29dd14cc27b02db5eca7f4996,2024-03-27T12:29:30.307000 CVE-2024-29338,0,0,17a24f10f7d0496e7fcb2400fc6c6af48717728349b99b9f4dc4f19499bc4c6d,2024-03-22T19:02:10.300000 @@ -243371,6 +243384,9 @@ CVE-2024-29943,0,0,39d573a490fc5d2b219e8af270d3feeff9aa72e4341ddd52f10b0ddfa677f CVE-2024-29944,0,0,4d21f9c7c1ab1ff30cce77b261f7b06b8e28526248b968d986726dab452f24fc,2024-03-25T17:15:51.670000 CVE-2024-29945,0,0,190dfffe03a4552b7a3336c91ae5cb654590b3a4e8d6546022be7d3fa4eebdc6,2024-04-01T15:38:11.317000 CVE-2024-29946,0,0,123b9f98636ec2cf294525bb56a69eca05d3c5adbf81684dd9775492b3869f64,2024-04-01T15:39:30.217000 +CVE-2024-29947,1,1,a97a8c868179957c3ba51700208942c2c9af791c346a697749f12dc7ef0ddc8c,2024-04-02T11:15:51.640000 +CVE-2024-29948,1,1,9c004105c68e37306d0a5d0cac7f4fcef4f669ad2c187242b8d7f2d170531a4b,2024-04-02T11:15:51.813000 +CVE-2024-29949,1,1,57fa5a922fd86a45bf6b67deedaac67c3118ef74aacb157d810ecd61fa9804cb,2024-04-02T11:15:51.980000 CVE-2024-2995,0,0,6938b04394412a984b03c3b3f2aae9a80d546f606dc78bd3c0d765c908d4e00d,2024-03-28T02:01:13.303000 CVE-2024-2996,0,0,a33827e06c0891f964663494f7bcb2f8e84df325c8f21a7c33767ff93c651a34,2024-03-28T02:01:13.303000 CVE-2024-2997,0,0,edf54a0b2200417f8f2161eecc7e05836af23a7a14234d037fa87fe37094f10d,2024-03-28T02:01:13.303000 @@ -243623,10 +243639,10 @@ CVE-2024-3089,0,0,b4f31458bb9b11408f751c36503b5a78d4493afb2b414607628068f199bdcb CVE-2024-3090,0,0,e521b31492c960816f2b9672e6c814449ea6ce77dbc34054aeb4b3c679ad2119,2024-04-01T01:12:59.077000 CVE-2024-3091,0,0,e5161a5a2d0196ce39626dff7591f836486bee878683ee478a2b6a285b1e55df,2024-04-01T01:12:59.077000 CVE-2024-3094,0,0,90dd4a4fc9f3a1805900d0aa3c586a11abe50efccc342603e40885595ed200f2,2024-04-01T18:15:08.130000 -CVE-2024-31002,1,1,e636dbaa3a7921617069df36e211df0abf7ba8fa1d42e4af7411b6f244dbc249,2024-04-02T08:15:59.863000 -CVE-2024-31003,1,1,9d961459451573e70f2a0e1229db0c362e2fd0ddcfa61c304cd4774588710061,2024-04-02T08:16:05.277000 -CVE-2024-31004,1,1,da67836b8a215b08d9d6d7895c9aff31350aaacfe08a6f35c986958007776680,2024-04-02T08:16:10.720000 -CVE-2024-31005,1,1,fa602670ac0c1ede500a0197b534198586241c9567df7215c8f28d15dddcd2d8,2024-04-02T08:16:16.147000 +CVE-2024-31002,0,0,e636dbaa3a7921617069df36e211df0abf7ba8fa1d42e4af7411b6f244dbc249,2024-04-02T08:15:59.863000 +CVE-2024-31003,0,0,9d961459451573e70f2a0e1229db0c362e2fd0ddcfa61c304cd4774588710061,2024-04-02T08:16:05.277000 +CVE-2024-31004,0,0,da67836b8a215b08d9d6d7895c9aff31350aaacfe08a6f35c986958007776680,2024-04-02T08:16:10.720000 +CVE-2024-31005,0,0,fa602670ac0c1ede500a0197b534198586241c9567df7215c8f28d15dddcd2d8,2024-04-02T08:16:16.147000 CVE-2024-31032,0,0,c23457a1b61188b806e7f7013717ab2174a595288e28b36b486645ce08e16035,2024-04-01T01:12:59.077000 CVE-2024-31033,0,0,b68c0579ca8a1928aaa2c04420bd909e78d3dea0bf9cb7601dc000d4dad4d6ac,2024-04-01T12:49:09.583000 CVE-2024-31061,0,0,3a611478260a969dc7c268c913c4f396b21e3b4ebcb9a4cb4b0ae2a352b58da0,2024-03-28T20:53:20.813000