From 89d0639eb07529ee12a616284a08dcf029fc2009 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 20 Jun 2024 04:03:03 +0000 Subject: [PATCH] Auto-Update: 2024-06-20T04:00:11.334919+00:00 --- CVE-2023/CVE-2023-32xx/CVE-2023-3204.json | 51 ++++++++++++++++ CVE-2024/CVE-2024-11xx/CVE-2024-1168.json | 47 +++++++++++++++ CVE-2024/CVE-2024-35xx/CVE-2024-3558.json | 71 +++++++++++++++++++++++ CVE-2024/CVE-2024-35xx/CVE-2024-3561.json | 55 ++++++++++++++++++ CVE-2024/CVE-2024-35xx/CVE-2024-3562.json | 55 ++++++++++++++++++ CVE-2024/CVE-2024-35xx/CVE-2024-3597.json | 47 +++++++++++++++ CVE-2024/CVE-2024-36xx/CVE-2024-3602.json | 47 +++++++++++++++ CVE-2024/CVE-2024-36xx/CVE-2024-3605.json | 47 +++++++++++++++ CVE-2024/CVE-2024-36xx/CVE-2024-3627.json | 47 +++++++++++++++ CVE-2024/CVE-2024-46xx/CVE-2024-4626.json | 51 ++++++++++++++++ CVE-2024/CVE-2024-47xx/CVE-2024-4742.json | 47 +++++++++++++++ CVE-2024/CVE-2024-52xx/CVE-2024-5213.json | 59 +++++++++++++++++++ CVE-2024/CVE-2024-54xx/CVE-2024-5432.json | 51 ++++++++++++++++ CVE-2024/CVE-2024-61xx/CVE-2024-6177.json | 32 ++++++++++ CVE-2024/CVE-2024-61xx/CVE-2024-6178.json | 32 ++++++++++ CVE-2024/CVE-2024-61xx/CVE-2024-6179.json | 32 ++++++++++ README.md | 33 +++++++---- _state.csv | 30 +++++++--- 18 files changed, 815 insertions(+), 19 deletions(-) create mode 100644 CVE-2023/CVE-2023-32xx/CVE-2023-3204.json create mode 100644 CVE-2024/CVE-2024-11xx/CVE-2024-1168.json create mode 100644 CVE-2024/CVE-2024-35xx/CVE-2024-3558.json create mode 100644 CVE-2024/CVE-2024-35xx/CVE-2024-3561.json create mode 100644 CVE-2024/CVE-2024-35xx/CVE-2024-3562.json create mode 100644 CVE-2024/CVE-2024-35xx/CVE-2024-3597.json create mode 100644 CVE-2024/CVE-2024-36xx/CVE-2024-3602.json create mode 100644 CVE-2024/CVE-2024-36xx/CVE-2024-3605.json create mode 100644 CVE-2024/CVE-2024-36xx/CVE-2024-3627.json create mode 100644 CVE-2024/CVE-2024-46xx/CVE-2024-4626.json create mode 100644 CVE-2024/CVE-2024-47xx/CVE-2024-4742.json create mode 100644 CVE-2024/CVE-2024-52xx/CVE-2024-5213.json create mode 100644 CVE-2024/CVE-2024-54xx/CVE-2024-5432.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6177.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6178.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6179.json diff --git a/CVE-2023/CVE-2023-32xx/CVE-2023-3204.json b/CVE-2023/CVE-2023-32xx/CVE-2023-3204.json new file mode 100644 index 00000000000..a1630b9c06e --- /dev/null +++ b/CVE-2023/CVE-2023-32xx/CVE-2023-3204.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2023-3204", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:09.147", + "lastModified": "2024-06-20T02:15:09.147", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Materialis theme for WordPress is vulnerable to limited arbitrary options updates in versions up to, and including, 1.1.24. This is due to missing authorization checks on the companion_disable_popup() function called via an AJAX action. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to modify any option on the site to a numerical value." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://themes.trac.wordpress.org/browser/materialis/1.1.20/inc/companion.php#L45", + "source": "security@wordfence.com" + }, + { + "url": "https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=231816%40materialis&new=231816%40materialis&sfp_email=&sfph_mail=#file6", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e05094-8344-4388-a703-518daf3d2948?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-11xx/CVE-2024-1168.json b/CVE-2024/CVE-2024-11xx/CVE-2024-1168.json new file mode 100644 index 00000000000..238f98d0141 --- /dev/null +++ b/CVE-2024/CVE-2024-11xx/CVE-2024-1168.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-1168", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:09.420", + "lastModified": "2024-06-20T02:15:09.420", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The SEOPress \u2013 On-site SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's social image URL in all versions up to, and including, 7.9 due to insufficient input sanitization and output escaping on user supplied image URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/wp-seopress/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c446f429-1981-4d6d-a5ec-a5837428d212?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3558.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3558.json new file mode 100644 index 00000000000..867f67951de --- /dev/null +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3558.json @@ -0,0 +1,71 @@ +{ + "id": "CVE-2024-3558", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:09.663", + "lastModified": "2024-06-20T02:15:09.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the the 'cfs[post_title]' parameter versions up to, and including, 2.6.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://core.trac.wordpress.org/ticket/56655", + "source": "security@wordfence.com" + }, + { + "url": "https://en-gb.wordpress.org/plugins/custom-field-suite/", + "source": "security@wordfence.com" + }, + { + "url": "https://github.com/WordPress/WordPress/blob/22d95abc55824e83904dc0fef290464b6bec7708/wp-admin/includes/template.php#L1384", + "source": "security@wordfence.com" + }, + { + "url": "https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/api.php#L282", + "source": "security@wordfence.com" + }, + { + "url": "https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/field_group.php#L20", + "source": "security@wordfence.com" + }, + { + "url": "https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/form.php#L64", + "source": "security@wordfence.com" + }, + { + "url": "https://mgibbs189.github.io/custom-field-suite/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8e4dc6fd-4bd5-4ed1-ade0-cf2f8831fac3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3561.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3561.json new file mode 100644 index 00000000000..ccd1f3640dc --- /dev/null +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3561.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-3561", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:09.920", + "lastModified": "2024-06-20T02:15:09.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Custom Field Suite plugin for WordPress is vulnerable to SQL Injection via the the 'Term' custom field in all versions up to, and including, 2.6.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://en-gb.wordpress.org/plugins/custom-field-suite/", + "source": "security@wordfence.com" + }, + { + "url": "https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/term.php#L58", + "source": "security@wordfence.com" + }, + { + "url": "https://mgibbs189.github.io/custom-field-suite/field-types/term.html", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/afc00118-e87e-475a-8ad6-b68d09ee2e44?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3562.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3562.json new file mode 100644 index 00000000000..0a585aa350d --- /dev/null +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3562.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-3562", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:10.140", + "lastModified": "2024-06-20T02:15:10.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() function. This makes it possible for authenticated attackers, with contributor-level access and above, to execute arbitrary PHP code on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/loop.php#L192", + "source": "security@wordfence.com" + }, + { + "url": "https://github.com/mgibbs189/custom-field-suite/blob/963dfcede18ff4ad697498556d9058db07d74fa3/includes/fields/loop.php#L224", + "source": "security@wordfence.com" + }, + { + "url": "https://mgibbs189.github.io/custom-field-suite/field-types/loop.html", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dfd7b788-03a0-41a4-96f2-cfca74ef281b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3597.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3597.json new file mode 100644 index 00000000000..e0cf09e1b64 --- /dev/null +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3597.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3597", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:10.363", + "lastModified": "2024-06-20T02:15:10.363", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Export WP Page to Static HTML/CSS plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 2.2.2. This is due to insufficient validation on the redirect url supplied via the rc_exported_zip_file parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/export-wp-page-to-static-html/trunk/admin/class-export-wp-page-to-static-html-admin.php#L1289", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/598e2c2e-7dd5-435e-a366-6c7569243f2a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3602.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3602.json new file mode 100644 index 00000000000..043bfb2c98d --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3602.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3602", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:10.590", + "lastModified": "2024-06-20T02:15:10.590", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers \u2013 Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber access or higher, to remove the Promolayer connection." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/promolayer-popup-builder/trunk/admin/class-promolayer-admin.php#L208", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/05b051bc-3b1c-412e-b3d0-98ff2c8bc06e?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3605.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3605.json new file mode 100644 index 00000000000..a981686838b --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3605.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3605", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:10.817", + "lastModified": "2024-06-20T02:15:10.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The WP Hotel Booking plugin for WordPress is vulnerable to SQL Injection via the 'room_type' parameter of the /wphb/v1/rooms/search-rooms REST API endpoint in all versions up to, and including, 2.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://wordpress.org/plugins/wp-hotel-booking/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5931ad4e-7de3-41ac-b783-f7e58aaef569?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3627.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3627.json new file mode 100644 index 00000000000..12b5fab2ce9 --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3627.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3627", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:11.040", + "lastModified": "2024-06-20T02:15:11.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Wheel of Life: Coaching and Assessment Tool for Life Coach plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on several functions in the AjaxFunctions.php file in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts and modify settings." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/wheel-of-life/trunk/includes/functions/AjaxFunctions.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0615d1be-f9fa-45b3-9d5b-3ad1f36be8e1?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-46xx/CVE-2024-4626.json b/CVE-2024/CVE-2024-46xx/CVE-2024-4626.json new file mode 100644 index 00000000000..f7d025f1cc2 --- /dev/null +++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4626.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-4626", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:11.270", + "lastModified": "2024-06-20T02:15:11.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The JetWidgets For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018layout_type\u2019 and 'id' parameters in all versions up to, and including, 1.0.17 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3103042/jetwidgets-for-elementor/tags/1.0.18/includes/addons/jet-widgets-image-comparison.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3103042/jetwidgets-for-elementor/tags/1.0.18/includes/addons/jet-widgets-images-layout.php", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4457d15e-2c01-498d-b94a-a6e93adcf70c?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4742.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4742.json new file mode 100644 index 00000000000..181cce3c286 --- /dev/null +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4742.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-4742", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:11.500", + "lastModified": "2024-06-20T02:15:11.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Youzify \u2013 BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the order_by shortcode attribute in all versions up to, and including, 1.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/youzify/trunk/includes/public/core/functions/youzify-account-verification-functions.php#L294", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/08bd24ca-eec6-4b62-af49-192496e65a5b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5213.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5213.json new file mode 100644 index 00000000000..59b28537fde --- /dev/null +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5213.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-5213", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-06-20T03:15:09.067", + "lastModified": "2024-06-20T03:15:09.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In mintplex-labs/anything-llm versions up to and including 1.5.3, an issue was discovered where the password hash of a user is returned in the response after login (`POST /api/request-token`) and after account creations (`POST /api/admin/users/new`). This exposure occurs because the entire User object, including the bcrypt password hash, is included in the response sent to the frontend. This practice could potentially lead to sensitive information exposure despite the use of bcrypt, a strong hashing algorithm. It is recommended not to expose any clues about passwords to the frontend. " + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1230" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mintplex-labs/anything-llm/commit/9df4521113ddb9a3adb5d0e3941e7d494992629c", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/8794fb65-50aa-40e3-b348-a29838dbf63d", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5432.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5432.json new file mode 100644 index 00000000000..0da96b3d5eb --- /dev/null +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5432.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-5432", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-06-20T02:15:11.737", + "lastModified": "2024-06-20T02:15:11.737", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/includes/class-lifeline-donation.php?rev=2575844#L292", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/lifeline-donation/trunk/vendor/webinane/webinane-commerce/includes/Classes/Checkout.php?rev=2490935#L125", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2e24da0c-13d2-4a3d-b918-0d28e3341d88?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6177.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6177.json new file mode 100644 index 00000000000..6f287c15d11 --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6177.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-6177", + "sourceIdentifier": "product.security@lge.com", + "published": "2024-06-20T02:15:11.980", + "lastModified": "2024-06-20T02:15:11.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u00a0This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "product.security@lge.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails", + "source": "product.security@lge.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6178.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6178.json new file mode 100644 index 00000000000..e67f525b5cb --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6178.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-6178", + "sourceIdentifier": "product.security@lge.com", + "published": "2024-06-20T02:15:12.123", + "lastModified": "2024-06-20T02:15:12.123", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u00a0This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "product.security@lge.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails", + "source": "product.security@lge.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6179.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6179.json new file mode 100644 index 00000000000..7d51833c4f7 --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6179.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-6179", + "sourceIdentifier": "product.security@lge.com", + "published": "2024-06-20T02:15:12.257", + "lastModified": "2024-06-20T02:15:12.257", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LG Electronics SuperSign CMS allows Reflected XSS.\u00a0This issue affects SuperSign CMS: from 4.1.3 before < 4.3.1." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "product.security@lge.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails", + "source": "product.security@lge.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d1845fa22af..6360fb1c299 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-20T02:00:17.916835+00:00 +2024-06-20T04:00:11.334919+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-20T01:15:49.023000+00:00 +2024-06-20T03:15:09.067000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -254619 +254635 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `16` -- [CVE-2024-5182](CVE-2024/CVE-2024-51xx/CVE-2024-5182.json) (`2024-06-20T00:15:09.487`) -- [CVE-2024-6100](CVE-2024/CVE-2024-61xx/CVE-2024-6100.json) (`2024-06-20T00:15:09.810`) -- [CVE-2024-6101](CVE-2024/CVE-2024-61xx/CVE-2024-6101.json) (`2024-06-20T00:15:09.967`) -- [CVE-2024-6102](CVE-2024/CVE-2024-61xx/CVE-2024-6102.json) (`2024-06-20T00:15:10.053`) -- [CVE-2024-6103](CVE-2024/CVE-2024-61xx/CVE-2024-6103.json) (`2024-06-20T00:15:10.133`) -- [CVE-2024-6176](CVE-2024/CVE-2024-61xx/CVE-2024-6176.json) (`2024-06-20T01:15:49.023`) +- [CVE-2023-3204](CVE-2023/CVE-2023-32xx/CVE-2023-3204.json) (`2024-06-20T02:15:09.147`) +- [CVE-2024-1168](CVE-2024/CVE-2024-11xx/CVE-2024-1168.json) (`2024-06-20T02:15:09.420`) +- [CVE-2024-3558](CVE-2024/CVE-2024-35xx/CVE-2024-3558.json) (`2024-06-20T02:15:09.663`) +- [CVE-2024-3561](CVE-2024/CVE-2024-35xx/CVE-2024-3561.json) (`2024-06-20T02:15:09.920`) +- [CVE-2024-3562](CVE-2024/CVE-2024-35xx/CVE-2024-3562.json) (`2024-06-20T02:15:10.140`) +- [CVE-2024-3597](CVE-2024/CVE-2024-35xx/CVE-2024-3597.json) (`2024-06-20T02:15:10.363`) +- [CVE-2024-3602](CVE-2024/CVE-2024-36xx/CVE-2024-3602.json) (`2024-06-20T02:15:10.590`) +- [CVE-2024-3605](CVE-2024/CVE-2024-36xx/CVE-2024-3605.json) (`2024-06-20T02:15:10.817`) +- [CVE-2024-3627](CVE-2024/CVE-2024-36xx/CVE-2024-3627.json) (`2024-06-20T02:15:11.040`) +- [CVE-2024-4626](CVE-2024/CVE-2024-46xx/CVE-2024-4626.json) (`2024-06-20T02:15:11.270`) +- [CVE-2024-4742](CVE-2024/CVE-2024-47xx/CVE-2024-4742.json) (`2024-06-20T02:15:11.500`) +- [CVE-2024-5213](CVE-2024/CVE-2024-52xx/CVE-2024-5213.json) (`2024-06-20T03:15:09.067`) +- [CVE-2024-5432](CVE-2024/CVE-2024-54xx/CVE-2024-5432.json) (`2024-06-20T02:15:11.737`) +- [CVE-2024-6177](CVE-2024/CVE-2024-61xx/CVE-2024-6177.json) (`2024-06-20T02:15:11.980`) +- [CVE-2024-6178](CVE-2024/CVE-2024-61xx/CVE-2024-6178.json) (`2024-06-20T02:15:12.123`) +- [CVE-2024-6179](CVE-2024/CVE-2024-61xx/CVE-2024-6179.json) (`2024-06-20T02:15:12.257`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-0985](CVE-2024/CVE-2024-09xx/CVE-2024-0985.json) (`2024-06-20T00:15:09.260`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e1078129117..ff2d4c5166f 100644 --- a/_state.csv +++ b/_state.csv @@ -223603,6 +223603,7 @@ CVE-2023-32035,0,0,f9817d32cead9a5ff84a9ea55b3d6f38d1338b8f97fa149fd6e8271fd0147 CVE-2023-32037,0,0,5812c20945775e76d4c23f4f209d094253668c628184a75a4434c38317c5a314,2024-05-29T03:15:40.027000 CVE-2023-32038,0,0,de6d98a0b125713c23a8b3afa233e1e74ff95a0fd20d416693aa965e8d6abfcd,2024-05-29T03:15:40.210000 CVE-2023-32039,0,0,9b411f39ff333ad234f11449bd59a0cfe751618de7aa8a63af2d3143b02135d5,2024-05-29T03:15:40.413000 +CVE-2023-3204,1,1,ab4c1a4387e947ba69afd56664e48bb9797efbfb1be3a2ee16b53bb32ac39a49,2024-06-20T02:15:09.147000 CVE-2023-32040,0,0,dc7d053c3177127d571a31983f41f8acd819b60e1d358a856abddc6682d6927e,2024-05-29T03:15:40.580000 CVE-2023-32041,0,0,ad091a32826d0af26a7c8fabf43d50cb6532b1a9ff516f399d08d56d750de3b0,2024-05-29T03:15:40.770000 CVE-2023-32042,0,0,4bcb20c5e1a80a7bd4085078de801bc55a175e599f7c46a0788dd056524f905f,2024-05-29T03:15:41.073000 @@ -241300,7 +241301,7 @@ CVE-2024-0979,0,0,b84dcc09c9c8fc834250a86a7302df86cb5995ce3e7d4add546aea16fff0f1 CVE-2024-0980,0,0,f315f58bbc7d421e9e9b581f53566d3945bc347b1ca4f3f65618a1b592d8dba3,2024-03-28T02:01:13.303000 CVE-2024-0983,0,0,ae05daa2819fc42abf2cc0aed0ec977b40d58c31465549c2cfe7791e8c6cecae,2024-02-29T13:49:29.390000 CVE-2024-0984,0,0,32a53697d4c68794e0f7d534229f2199d1ec3163c027c80a4fc5f01ab0bb8955,2024-02-29T13:49:29.390000 -CVE-2024-0985,0,1,6abdc3a2e97e39786284b3bc77a2915cf97149b89c179d3872f3c6717cda4a06,2024-06-20T00:15:09.260000 +CVE-2024-0985,0,0,6abdc3a2e97e39786284b3bc77a2915cf97149b89c179d3872f3c6717cda4a06,2024-06-20T00:15:09.260000 CVE-2024-0986,0,0,72f9486968f11da33c6e63164349dbf0abedcbb9a3c9bf91066b1ee35c4270b8,2024-05-17T02:35:07.203000 CVE-2024-0987,0,0,5801414b82c7b2917af43c39141dfe1f1e7f0c982b0bef329ac6f9b0b28c20b8,2024-05-17T02:35:07.313000 CVE-2024-0988,0,0,68860901f1965c1c448789084d069aceca0887686a8256d545e41c2ea5ae82cd,2024-05-17T02:35:07.413000 @@ -241472,6 +241473,7 @@ CVE-2024-1164,0,0,8ceb95fcba553c0447a63d8e5e80c1481416a7a28be670b34d68b7bc77538c CVE-2024-1165,0,0,09d0c48437e50305f6b70b9aab3bb8805a9bc240d0fb341de398e33a6ad98f02,2024-02-26T16:32:25.577000 CVE-2024-1166,0,0,cbc50c0645991c69523344b23f8a84819598bdfdeb24c5f4ba7570f86b9c6398,2024-05-14T16:13:02.773000 CVE-2024-1167,0,0,646f860ad24a5198d530bba39bcdba3b9fb385431091cfa90a0190891cfad025,2024-02-09T20:20:51.900000 +CVE-2024-1168,1,1,10134d5551957bcbcc4f441efcc5d053e0b12f7b3f77d1d637b73305d119cebb,2024-06-20T02:15:09.420000 CVE-2024-1169,0,0,f519c7f99749582bebe013a87c95bdf3b84f2eaee24ddc4513116c225a8401a2,2024-03-07T13:52:27.110000 CVE-2024-1170,0,0,8c5173edd657df97640022e14408ad562874ba7f628f780dfa1960fdbf90e9a7,2024-03-07T13:52:27.110000 CVE-2024-1171,0,0,6b87cc518b4ec22739c7ae66eda5d8c3cdf1db30d4dec8967ce2f3257f9601bb,2024-02-29T13:49:29.390000 @@ -251850,6 +251852,7 @@ CVE-2024-35571,0,0,dcefc26d9b657207625437e63a7ceff75cf8ace6d5c78cee94aa9e811570b CVE-2024-35576,0,0,6fd29acfb903a2443f8d00c4cda4f5ba191f77d5b0b1351e41a5877536c1ac12,2024-05-20T19:34:58.277000 CVE-2024-35578,0,0,11eb62338421587fed66b0ca7ef3560bcd4370552307bc4119662b3c0deaaac8,2024-05-20T19:34:58.277000 CVE-2024-35579,0,0,271374c19e13bccc58e82fc2a49bd5a4d9e26c3bbc49d82078ba3c56ef3686b3,2024-05-20T19:34:58.277000 +CVE-2024-3558,1,1,aee6f96f049a15f414529e8404cedf675915f8c43ce91717273c55ce6036e8cd,2024-06-20T02:15:09.663000 CVE-2024-35580,0,0,0345a89b9d1b0b2bc3648b28bbf695e495afdf532600f33365cca04a56d5d3d5,2024-05-20T19:34:58.277000 CVE-2024-35581,0,0,0251a3e87b13757c3a03e890126d433466629cf50c68351c4c02a6208e1e9c23,2024-05-29T13:02:09.280000 CVE-2024-35582,0,0,e476c64ba51d10b24dcb30010c383cdc2c74fb3a3a57489cdf68eb2dbeda37c9,2024-05-29T13:02:09.280000 @@ -251860,7 +251863,9 @@ CVE-2024-35592,0,0,8f6a7fbbc655181061e6850b1df1cfc42aef549b106dc16a322109a72795d CVE-2024-35593,0,0,ac49e872b55e54f210318d86332baa52d20d8879f1cd298d8a19635900c842e2,2024-05-24T18:09:20.027000 CVE-2024-35595,0,0,309ff184e92dd2b3f270cd8670573cca3fd077dcdf3378b4aa602096b5697fba,2024-05-24T18:09:20.027000 CVE-2024-3560,0,0,66c1a96b1f1d19ab8c2a91f30bb939a8ccde028ecd6951f27029cb1628de4d35,2024-04-19T13:10:25.637000 +CVE-2024-3561,1,1,7965e3bd9afcd5e625055c0d215c14fa20cb25eba48adecb93064d75fe9ec4a9,2024-06-20T02:15:09.920000 CVE-2024-35618,0,0,fc2572e9e8823eb6313bf2bb54c527fc11c4117d0d0837dc8f8794515acd3b77,2024-05-24T18:09:20.027000 +CVE-2024-3562,1,1,6a7d7b5a1f2611d38f61bd061ce33826074aaaaa2a34a86aa73a1948947295a3,2024-06-20T02:15:10.140000 CVE-2024-35621,0,0,eff37f6109cc46dfb019de6bac1c1e4ffe46087d96bb684a690c4e1a8342c7d1,2024-05-28T17:11:47.007000 CVE-2024-35627,0,0,152f6a140367536a1e62d9a33b0213a3c0edb39ccbba33db112f0915411e954b,2024-05-24T01:15:30.977000 CVE-2024-35628,0,0,e05989fc65de82e8f7f616462cd9eeb8a5a0a479a9823d124fa71f478b90d503,2024-06-13T18:36:45.417000 @@ -252202,6 +252207,7 @@ CVE-2024-35966,0,0,c5fe47d4bcd9271f5e602a237b487a254165526cb77cec4c5b3e9d6030961 CVE-2024-35967,0,0,bb3ff79041a63b72013c8e6fdadf5992d4071019718c97182c4796281f76705f,2024-05-20T13:00:04.957000 CVE-2024-35968,0,0,a78badb5439f85aa8efb4a9cdf528d05f2c802d5a327056a2636c278abe68375,2024-05-20T13:00:04.957000 CVE-2024-35969,0,0,f72d3b48ca1d088451c0875483e2ba33d5a31cccef78ceaedc36918359206c4f,2024-05-20T13:00:04.957000 +CVE-2024-3597,1,1,640564eea7f6156724d73d5a0cfe16383f9b118bcd1fe7c2e5e2a524d17354f9,2024-06-20T02:15:10.363000 CVE-2024-35970,0,0,6dc1144434a50796750071e0c3d32f1adfe548b8c17aaa45ca8711be6b4aea01,2024-05-20T13:00:04.957000 CVE-2024-35971,0,0,789d8533d8a5b9480a46b5c467b61e45b7f385d5215ba9c26c6a1dfe1f86553e,2024-06-10T18:15:35.383000 CVE-2024-35972,0,0,8fcf39d4ace4f1fcc0a244e6329df0b275111c4ac22e4ce79dcba8599cd853de,2024-05-23T21:04:02.433000 @@ -252256,6 +252262,7 @@ CVE-2024-36016,0,0,4cba6e6a75f627dee0859835e4746e030cdfcba67d3294485222008ad5f51 CVE-2024-36017,0,0,06b3fa4d5fc5124fbcb85f162223c7c3aac5c8e863443f7f4e826cb80c4f6854,2024-05-30T13:40:12.593000 CVE-2024-36018,0,0,3a8206a02c5adfc67a2a516b8b16f0711b57e1035b88218c63b323725b6cdf46,2024-05-30T18:19:11.743000 CVE-2024-36019,0,0,cbde2a6e185dae769cb5f8294d3446f38fd341f16f132fc23455025199fad60c,2024-05-30T18:19:11.743000 +CVE-2024-3602,1,1,973d9791c8041d94ee624935706a459dce9d0fa1d56f51c81acd345a82fcc68c,2024-06-20T02:15:10.590000 CVE-2024-36020,0,0,d1532c8fb5d7b7afa7aea5593f1a6ab29599f87f13e46423cba38d38e702b7e0,2024-05-30T18:19:11.743000 CVE-2024-36021,0,0,94f9365ed1db16f5cf54c6394739d97158e9ef58d8893123ecd517ca9b226174,2024-05-30T18:19:11.743000 CVE-2024-36022,0,0,20f730e70cbf9f258d0a4f7215eac5cd45435a01501c51da7968f945b5992211,2024-05-30T18:19:11.743000 @@ -252277,6 +252284,7 @@ CVE-2024-36042,0,0,2ba301066fcf3b5e2098ddfbb2759b29cc55ab5a805cf9edc9ebe22e6b436 CVE-2024-36043,0,0,a692d077d358c1feb0a509deb9a8e16caf647bf207b7ab7a4cd103038bbab39e,2024-05-20T13:00:04.957000 CVE-2024-36048,0,0,28009f5c9c89d66914a954a3622c5cc8d7b761845f43a58d1b9db13955c9fa8c,2024-06-10T17:16:32.167000 CVE-2024-36049,0,0,3a7a1da30d4597dad4c167032717d4ea0f9bb4c5d5396bc121febaf5ae683a7e,2024-05-24T18:09:20.027000 +CVE-2024-3605,1,1,da2c81fa30bf94940472a93d78752d6912620435c83e9734ff6d129391208ceb,2024-06-20T02:15:10.817000 CVE-2024-36050,0,0,4c307008c713c918a6e3b84da1e5e49b2b2247354b7102850872f2f1076c6edc,2024-05-22T16:15:10.777000 CVE-2024-36052,0,0,8db219128822e3b435341a720fec4da51967df08eb27bb5fb0af45f420ce346c,2024-05-22T12:46:53.887000 CVE-2024-36053,0,0,672a3b34a9bdb19210396687438a3a5963248f4f357ce5db05db5d249614922b,2024-05-20T13:00:04.957000 @@ -252437,6 +252445,7 @@ CVE-2024-36264,0,0,3852f3a1f0d8a2d4f62090f3b6254d16b37a584c2a4799814e318aea1f241 CVE-2024-36265,0,0,00a9e362e8a489eb7027d68fd71b14b08824e37d9652a79a38b01c7bc61baef1,2024-06-13T21:15:57.170000 CVE-2024-36266,0,0,251ca14083666637d83281029e46640454efd455680ea38b3c5a664d41d8a836,2024-06-11T13:54:12.057000 CVE-2024-36267,0,0,5b402628b4c430b8eab614a5b3330f6f2d186537f83ff9a60bb1a91e4b3c3cac,2024-05-30T13:15:41.297000 +CVE-2024-3627,1,1,27cc7dbcd171ebd08dba9b8d84497f559c447113f2a8152b6630981255d91d23,2024-06-20T02:15:11.040000 CVE-2024-36277,0,0,20d47326e280adb94d9059aa48d208d3f478f327ce890b8688aef81aa91e0089,2024-06-17T12:42:04.623000 CVE-2024-36279,0,0,3325b8af913fac0d163d5be9a8802e9f76dc63912c8cffea0ae3040270976e9f,2024-06-17T12:42:04.623000 CVE-2024-3628,0,0,ad2a38a3d431944b5239dd67ace3bcd2603e3057c8d0a04d847db45516b0c9ea,2024-05-07T13:39:32.710000 @@ -253771,6 +253780,7 @@ CVE-2024-4621,0,0,0dcad97674134d7acc0f6a3b23542c7c7b4811503a20f42bfd18c3bed8fb5f CVE-2024-4622,0,0,4b1992fe33b227c66e64bdd4cf1c71e31b73a98abda6bdd8e7687e0db4e86196,2024-05-15T18:35:11.453000 CVE-2024-4623,0,0,cd721a04521d6e02c865f3b0b5d4fa5dafaaa0badffaa20fa9d718d9a931704d,2024-06-19T04:15:12.107000 CVE-2024-4624,0,0,2a601b2b9934f4e4184c90fc3ba9cbddeec712a59701e0372ed6d18cfcc3b7c7,2024-05-14T19:17:55.627000 +CVE-2024-4626,1,1,1737ca763d8dab682eb9c7440e886feabd631f674bded8e18f747432571b5179,2024-06-20T02:15:11.270000 CVE-2024-4630,0,0,f5808b44be131bdae6b6920228d425b0dd235ef4afe8685cc2ea30d538a619f5,2024-05-14T16:11:39.510000 CVE-2024-4631,0,0,e8ed3d07eca49fd9ce5a62406bcf23da9793cbcc792a956665a267b4f25fd693,2024-05-14T15:44:13.487000 CVE-2024-4632,0,0,171126908555386a9eebbbcc3e4f5f7a8e1ab1327161a7a2dc0367d749ddc44d,2024-06-19T09:15:11.740000 @@ -253859,6 +253869,7 @@ CVE-2024-4735,0,0,525831e83b784b99ed7ef48881d0a232b57485de376b3c68786c9225fdef83 CVE-2024-4736,0,0,35e0fe51ccd6e16c666173722ffd72f471827cead112caeaf869dd95515427ec,2024-06-04T19:20:48.497000 CVE-2024-4737,0,0,0d605ad76fcca9d9a8748ea1570213b2a20be8e7af59e1490aa0de37640ee426,2024-06-04T19:20:48.597000 CVE-2024-4738,0,0,703597dd680fa7def2747a141a4237503bd7e8917e070a49546a7e715e951f69,2024-06-04T19:20:48.783000 +CVE-2024-4742,1,1,950346e30ea4fa96f70dfef723fb3b7840bcad29ae25b8002204ca2d63cef11d,2024-06-20T02:15:11.500000 CVE-2024-4743,0,0,e42c9380fd03fa2e7e8dd1d108eb6ee48e234f06ee604011f8e8a51de81bb3cb,2024-06-11T17:32:50.367000 CVE-2024-4744,0,0,00389d0f632a53abd6687abe1695ed0d94106b42a5446a5e1de91a20dcdffac8,2024-06-12T16:44:12.157000 CVE-2024-4745,0,0,52090afb58a281a3371ee6c6ad54ec80b0aac7a7ded5dbbe0e95b57b1a9dc746,2024-06-12T16:23:34.197000 @@ -254153,7 +254164,7 @@ CVE-2024-5172,0,0,6f81a674f5782cb8792fa5dd56ecc7e266f5bfc474a6989e555bcaf073124d CVE-2024-5176,0,0,d56ed998903dfaef1849b554412c043d7bedaec08a06683735e348a1e4cdd46d,2024-06-05T15:15:12.620000 CVE-2024-5177,0,0,754731e9b12ab9d5b8190add19111b94a5e340744a68664c6a765c48e93c422c,2024-05-24T01:15:30.977000 CVE-2024-5179,0,0,54358caa6e0360966d6f1b65f621cdbf9937e802ed8f2b5c2ee31999cdede484,2024-06-06T14:17:35.017000 -CVE-2024-5182,1,1,75843e136ff752684512fe999e6c26d863acb5df23a67529923a59ab0a6bd209,2024-06-20T00:15:09.487000 +CVE-2024-5182,0,0,75843e136ff752684512fe999e6c26d863acb5df23a67529923a59ab0a6bd209,2024-06-20T00:15:09.487000 CVE-2024-5184,0,0,de97ef0558df300043d1123a6fe8d6e2df5444a09bff76f28ec8a01317d2d79c,2024-06-18T17:06:20.257000 CVE-2024-5185,0,0,b5caf3da810dd6351b96bbd5e231331a05f92e8956c63f18c155c13a8af19485,2024-05-29T15:18:26.427000 CVE-2024-5186,0,0,c6b2efdad9b4d04477e8bc0a562c3aef2ed32ffb2bffbc88ea5624073db9f4b8,2024-06-07T14:56:05.647000 @@ -254175,6 +254186,7 @@ CVE-2024-5206,0,0,dfdbb2d2210fa9604e6469b5345cbda30a0f0ae57d39e7dfc070825e6f9316 CVE-2024-5207,0,0,837facf8fac5843bbf7aea1ce36fa00287f1ba077f8fbca1302b0ab4087ec522,2024-05-30T13:15:41.297000 CVE-2024-5208,0,0,ac2fc4715d85a3e7f4f64d0ecbe8e701363c156621f940cec8a96468853fa2ea,2024-06-19T06:15:11.420000 CVE-2024-5211,0,0,a4277f26aaa565cc417eac86a473b48ddc12386cf29490b9b3d30644e664c347,2024-06-13T18:36:09.010000 +CVE-2024-5213,1,1,03605ea4a03b33511830b296d344f60cd868c58f83804e2bd653db0d056f404f,2024-06-20T03:15:09.067000 CVE-2024-5214,0,0,77a86526714522a20940695733fe46b4562089752d3c663cf289b583b7c6bbda,2024-06-03T19:15:09.360000 CVE-2024-5218,0,0,928b5f8d4e08afc285c0cf6e370373ec87899b716b1cb4db68027907b01d2a82,2024-05-28T12:39:42.673000 CVE-2024-5220,0,0,f61a4e43424028e9a9336f6f6ed766295c86a8a5421f6ff87daa2be13ac80d02,2024-05-28T12:39:42.673000 @@ -254335,6 +254347,7 @@ CVE-2024-5425,0,0,198a56668ec12904be81f8cc7c88bdb7cf556c1b42bf2a53d8f10dc0d316d5 CVE-2024-5426,0,0,463afa72e5ec754a0d270917d456b87514b8458a939d0b61aeddc71dea0e191e,2024-06-11T18:03:58.213000 CVE-2024-5427,0,0,e86cc201b7d64d377c97e091606dc3804ebb54017d6aedd32a3c8a9e9f3ee33f,2024-05-31T13:01:46.727000 CVE-2024-5428,0,0,febfd9b4f977de4c3dc04e5fc8e71b9454e3ad809e74595cd325ad9561a295a7,2024-05-28T14:59:09.827000 +CVE-2024-5432,1,1,c03f9b3047ee58a33a5e5ee412fc11310da04ed3865ca3a5438e8299a0046ea3,2024-06-20T02:15:11.737000 CVE-2024-5433,0,0,d0946774ada383b4af0e78f23b9c449d05f83a7124810af4e383f90b0cdbda75,2024-05-29T13:02:09.280000 CVE-2024-5434,0,0,dc2716eb218edba725ac85c17a2930de7a00b6563d0ca53040574106ea0b92ed,2024-05-29T13:02:09.280000 CVE-2024-5436,0,0,512ff808a53596bd19353e26c03602bd4b39921efe131952ebcd76460c505fa6,2024-05-31T13:01:46.727000 @@ -254596,10 +254609,10 @@ CVE-2024-6080,0,0,ce117abbbf27c271f3b1c554aeba9f1090748517ce038abb4811acdf5fadb2 CVE-2024-6082,0,0,b34a8b9e9d7597c030b945a5724fac42f5803ca75f53728fefe9f424acf1cad3,2024-06-17T23:15:51.920000 CVE-2024-6083,0,0,6fddaebd6fd505529ccfd2377fbb90eb3ff967f1b7daa3e62aab60a1d99a55f2,2024-06-18T00:15:09.853000 CVE-2024-6084,0,0,e83127a2367dfc14c5a74f105b11646fecd7f02b89d4abf85a631505a5590b54,2024-06-18T14:15:12.317000 -CVE-2024-6100,1,1,54010ce6f238bde544fe7f7d259cdef651074d4c63d3f1e19c90005e63648320,2024-06-20T00:15:09.810000 -CVE-2024-6101,1,1,ef79fea232f05f9286b27581de6444f5cbf6f48ca26c4b4a071a7186f13e9abe,2024-06-20T00:15:09.967000 -CVE-2024-6102,1,1,0a75cd12056caf692bff4dd6d8b4e609f3c0d523976ccb9d5e105b14b81085b8,2024-06-20T00:15:10.053000 -CVE-2024-6103,1,1,3c22aa639787761a456bc2fa5de7b15f8c606a7657056ec8f8b4a112895ac4c2,2024-06-20T00:15:10.133000 +CVE-2024-6100,0,0,54010ce6f238bde544fe7f7d259cdef651074d4c63d3f1e19c90005e63648320,2024-06-20T00:15:09.810000 +CVE-2024-6101,0,0,ef79fea232f05f9286b27581de6444f5cbf6f48ca26c4b4a071a7186f13e9abe,2024-06-20T00:15:09.967000 +CVE-2024-6102,0,0,0a75cd12056caf692bff4dd6d8b4e609f3c0d523976ccb9d5e105b14b81085b8,2024-06-20T00:15:10.053000 +CVE-2024-6103,0,0,3c22aa639787761a456bc2fa5de7b15f8c606a7657056ec8f8b4a112895ac4c2,2024-06-20T00:15:10.133000 CVE-2024-6108,0,0,629cb2a981568eef963fe0fd8730638a990cab0f00ba579fb1df944ef1acda4c,2024-06-18T10:15:11.653000 CVE-2024-6109,0,0,ac88b829202223826825501cf9791e4a037baf3e8842ea6d10b43cea56f9fb4c,2024-06-18T12:15:12.987000 CVE-2024-6110,0,0,a93edb70ebaea05e4db1d298919bf28b75b9891dd6a65a876e1ff434451eb3ce,2024-06-18T12:15:13.290000 @@ -254617,4 +254630,7 @@ CVE-2024-6143,0,0,9532ba45db565215853ddf49c1a0164531f9356075191c1044d52df4608053 CVE-2024-6144,0,0,7cec310494d62a62033523df063be2341004a6dea8160cb5bd0d55e2f0065cc2,2024-06-19T00:15:50.133000 CVE-2024-6145,0,0,16e7e12932fe3f6cc4edd6cd1b11782632ac16fbbec9fab4c39f453507b11bae,2024-06-19T00:15:50.413000 CVE-2024-6146,0,0,b20add1bacc42bc316876ff3352b5fc3b113cf054bc134b5a4212df29f6f9ae6,2024-06-19T00:15:50.703000 -CVE-2024-6176,1,1,bd660c0cde647fe1bccb04d647014bfeadeca873814685115b39e74c61c8f2a1,2024-06-20T01:15:49.023000 +CVE-2024-6176,0,0,bd660c0cde647fe1bccb04d647014bfeadeca873814685115b39e74c61c8f2a1,2024-06-20T01:15:49.023000 +CVE-2024-6177,1,1,e2006bd8c117b361d15d615544253325ed284d266829d0d7c581f459913766c1,2024-06-20T02:15:11.980000 +CVE-2024-6178,1,1,b585588c1b5751ce256a7f1d8c6c6c4f50d67eb468665169500a1bbf3e780a64,2024-06-20T02:15:12.123000 +CVE-2024-6179,1,1,65c180015474b6671311fe92692345a2f1123e438c5d25ef1d3bb1089c68bc2d,2024-06-20T02:15:12.257000