From 8dcc2bf4c13c1c01f8d2d712665d439a737de66c Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 24 Jul 2024 10:03:12 +0000 Subject: [PATCH] Auto-Update: 2024-07-24T10:00:17.241292+00:00 --- CVE-2023/CVE-2023-324xx/CVE-2023-32471.json | 60 +++++++++++++++++ CVE-2023/CVE-2023-483xx/CVE-2023-48362.json | 37 +++++++++++ CVE-2024/CVE-2024-32xx/CVE-2024-3297.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-34xx/CVE-2024-3454.json | 60 +++++++++++++++++ CVE-2024/CVE-2024-396xx/CVE-2024-39676.json | 37 +++++++++++ CVE-2024/CVE-2024-61xx/CVE-2024-6197.json | 37 +++++++++++ CVE-2024/CVE-2024-66xx/CVE-2024-6629.json | 4 ++ CVE-2024/CVE-2024-68xx/CVE-2024-6874.json | 37 +++++++++++ CVE-2024/CVE-2024-69xx/CVE-2024-6930.json | 72 +++++++++++++++++++++ README.md | 25 +++---- _state.csv | 20 ++++-- 11 files changed, 432 insertions(+), 17 deletions(-) create mode 100644 CVE-2023/CVE-2023-324xx/CVE-2023-32471.json create mode 100644 CVE-2023/CVE-2023-483xx/CVE-2023-48362.json create mode 100644 CVE-2024/CVE-2024-32xx/CVE-2024-3297.json create mode 100644 CVE-2024/CVE-2024-34xx/CVE-2024-3454.json create mode 100644 CVE-2024/CVE-2024-396xx/CVE-2024-39676.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6197.json create mode 100644 CVE-2024/CVE-2024-68xx/CVE-2024-6874.json create mode 100644 CVE-2024/CVE-2024-69xx/CVE-2024-6930.json diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32471.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32471.json new file mode 100644 index 00000000000..15c55d29dcb --- /dev/null +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32471.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2023-32471", + "sourceIdentifier": "security_alert@emc.com", + "published": "2024-07-24T08:15:02.393", + "lastModified": "2024-07-24T08:15:02.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits." + }, + { + "lang": "es", + "value": "El BIOS de Dell Edge Gateway, versiones 3200 y 5200, contiene una vulnerabilidad de lectura fuera de los l\u00edmites. Un usuario malintencionado local autenticado con altos privilegios podr\u00eda explotar esta vulnerabilidad para leer el contenido de la memoria de la pila y utilizar esta informaci\u00f3n para futuras vulnerabilidades." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security_alert@emc.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security_alert@emc.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://www.dell.com/support/kbdoc/en-us/000214917/dsa-2023-225-security-update-for-dell-bios-edge-gateway-5200-and-edge-gateway-3200", + "source": "security_alert@emc.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-483xx/CVE-2023-48362.json b/CVE-2023/CVE-2023-483xx/CVE-2023-48362.json new file mode 100644 index 00000000000..8162dc0263e --- /dev/null +++ b/CVE-2023/CVE-2023-483xx/CVE-2023-48362.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2023-48362", + "sourceIdentifier": "security@apache.org", + "published": "2024-07-24T08:15:02.627", + "lastModified": "2024-07-24T08:15:02.627", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "XXE in the XML Format Plugin in Apache Drill version 1.19.0 and greater allows a user to read any file on a remote file system or execute commands via a malicious XML file.\nUsers are recommended to upgrade to version 1.21.2, which fixes this issue." + }, + { + "lang": "es", + "value": "XXE en el complemento de formato XML en Apache Drill versi\u00f3n 1.19.0 y superior permite al usuario leer cualquier archivo en un sistema de archivos remoto o ejecutar comandos a trav\u00e9s de un archivo XML malicioso. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.21.2, que soluciona este problema." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/9tt0q4bdjwgw0dz0l9knqxjnpb5y6zsl", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3297.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3297.json new file mode 100644 index 00000000000..7972cabc11d --- /dev/null +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3297.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-3297", + "sourceIdentifier": "cve-requests@bitdefender.com", + "published": "2024-07-24T08:15:02.880", + "lastModified": "2024-07-24T08:15:02.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue in the Certificate Authenticated Session Establishment (CASE) protocol for establishing secure sessions between two devices, as implemented in the Matter protocol versions before Matter 1.1 allows an attacker to replay manipulated CASE Sigma1 messages to make the device unresponsive until\u00a0the device is power-cycled." + }, + { + "lang": "es", + "value": "Un problema en el protocolo de establecimiento de sesi\u00f3n autenticado por certificado (CASE) para establecer sesiones seguras entre dos dispositivos, tal como se implement\u00f3 en las versiones del protocolo Matter anteriores a Matter 1.1, permite a un atacante reproducir mensajes CASE Sigma1 manipulados para que el dispositivo no responda hasta que se encienda ciclado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-requests@bitdefender.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve-requests@bitdefender.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://www.bitdefender.com/support/security-advisories/session-establishment-lock-up-during-replay-of-case-sigma1-messages/", + "source": "cve-requests@bitdefender.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-34xx/CVE-2024-3454.json b/CVE-2024/CVE-2024-34xx/CVE-2024-3454.json new file mode 100644 index 00000000000..b25e63fe033 --- /dev/null +++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3454.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-3454", + "sourceIdentifier": "cve-requests@bitdefender.com", + "published": "2024-07-24T08:15:03.123", + "lastModified": "2024-07-24T08:15:03.123", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An implementation issue in the Connectivity Standards Alliance Matter 1.2 protocol as used in the connectedhomeip SDK allows a third party to disclose information about devices part of the same fabric (footprinting), even though the protocol is designed to prevent access to such information." + }, + { + "lang": "es", + "value": "Un problema de implementaci\u00f3n en el protocolo Connectivity Standards Alliance Matter 1.2, tal como se utiliza en el SDK de connecthomeip, permite a un tercero revelar informaci\u00f3n sobre dispositivos que forman parte del mismo tejido (footprinting), aunque el protocolo est\u00e1 dise\u00f1ado para impedir el acceso a dicha informaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-requests@bitdefender.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve-requests@bitdefender.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://www.bitdefender.com/support/security-advisories/in-fabric-matter-cluster-attribute-disclosure/", + "source": "cve-requests@bitdefender.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-396xx/CVE-2024-39676.json b/CVE-2024/CVE-2024-396xx/CVE-2024-39676.json new file mode 100644 index 00000000000..d2b80346565 --- /dev/null +++ b/CVE-2024/CVE-2024-396xx/CVE-2024-39676.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-39676", + "sourceIdentifier": "security@apache.org", + "published": "2024-07-24T08:15:02.773", + "lastModified": "2024-07-24T08:15:02.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Pinot.\n\nThis issue affects Apache Pinot: from 0.1 before 1.0.0.\n\nUsers are recommended to upgrade to version 1.0.0\u00a0and configure RBAC, which fixes the issue.\n\nDetails:\u00a0\n\nWhen using a request to path \u201c/appconfigs\u201d to the controller, it can lead to the disclosure of sensitive information such as system information (e.g. arch, os version), environment information (e.g. maxHeapSize) and Pinot configurations (e.g. zookeeper path). This issue was addressed by the Role-based Access Control https://docs.pinot.apache.org/operators/tutorials/authentication/basic-auth-access-control , so that /appConfigs` and all other APIs can be access controlled. Only authorized users have access to it. Note the user needs to add the admin role accordingly to the RBAC guide to control access to this endpoint, and in the future version of Pinot, a default admin role is planned to be added.\n\n" + }, + { + "lang": "es", + "value": "Exposici\u00f3n de informaci\u00f3n confidencial a una vulnerabilidad de actor no autorizado en Apache Pinot. Este problema afecta a Apache Pinot: desde 0.1 antes de 1.0.0. Se recomienda a los usuarios actualizar a la versi\u00f3n 1.0.0 y configurar RBAC, lo que soluciona el problema. Detalles: cuando se utiliza una solicitud para la ruta \"/appconfigs\" al controlador, se puede revelar informaci\u00f3n confidencial, como informaci\u00f3n del sistema (por ejemplo, arch, versi\u00f3n del sistema operativo), informaci\u00f3n del entorno (por ejemplo, maxHeapSize) y configuraciones de Pinot (por ejemplo, ruta del cuidador del zool\u00f3gico). ). Este problema fue solucionado por el control de acceso basado en roles https://docs.pinot.apache.org/operators/tutorials/authentication/basic-auth-access-control, de modo que /appConfigs` y todas las dem\u00e1s API puedan tener acceso controlado . S\u00f3lo los usuarios autorizados tienen acceso a \u00e9l. Tenga en cuenta que el usuario debe agregar la funci\u00f3n de administrador de acuerdo con la gu\u00eda RBAC para controlar el acceso a este punto final y, en la versi\u00f3n futura de Pinot, se planea agregar una funci\u00f3n de administrador predeterminada." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/hsm0b2w8qr0sqy4rj1mfnnw286tslpzc", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6197.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6197.json new file mode 100644 index 00000000000..f6d8de67356 --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6197.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-6197", + "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", + "published": "2024-07-24T08:15:03.340", + "lastModified": "2024-07-24T09:15:02.390", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "libcurl's ASN1 parser has this utf8asn1str() function used for parsing an ASN.1 UTF-8 string. Itcan detect an invalid field and return error. Unfortunately, when doing so it also invokes `free()` on a 4 byte localstack buffer. Most modern malloc implementations detect this error and immediately abort. Some however accept the input pointer and add that memory to its list of available chunks. This leads to the overwriting of nearby stack memory. The content of the overwrite is decided by the `free()` implementation; likely to be memory pointers and a set of flags. The most likely outcome of exploting this flaw is a crash, although it cannot be ruled out that more serious results can be had in special circumstances." + }, + { + "lang": "es", + "value": "El analizador ASN1 de libcurl tiene esta funci\u00f3n utf8asn1str() utilizada para analizar una cadena ASN.1 UTF-8. Puede detectar un campo no v\u00e1lido y devolver un error. Desafortunadamente, al hacerlo tambi\u00e9n invoca `free()` en un b\u00fafer localstack de 4 bytes. La mayor\u00eda de las implementaciones modernas de malloc detectan este error y lo abortan inmediatamente. Sin embargo, algunos aceptan el puntero de entrada y agregan esa memoria a su lista de fragmentos disponibles. Esto lleva a la sobrescritura de la memoria de stack. El contenido de la sobrescritura lo decide la implementaci\u00f3n `free()`; Es probable que sean punteros de memoria y un conjunto de banderas. El resultado m\u00e1s probable de explotar este defecto es un colapso, aunque no se puede descartar que se puedan obtener resultados m\u00e1s graves en circunstancias especiales." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/24/1", + "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + }, + { + "url": "https://curl.se/docs/CVE-2024-6197.html", + "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + }, + { + "url": "https://curl.se/docs/CVE-2024-6197.json", + "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + }, + { + "url": "https://hackerone.com/reports/2559516", + "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6629.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6629.json index a13d232a84a..1f3fdd261be 100644 --- a/CVE-2024/CVE-2024-66xx/CVE-2024-6629.json +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6629.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "The All-in-One Video Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Video shortcode in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": " El complemento All-in-One Video Gallery para WordPress es vulnerable a Cross-Site Scripting almacenado del c\u00f3digo abreviado de video del complemento en todas las versiones hasta la 3.7.1 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6874.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6874.json new file mode 100644 index 00000000000..4bc99ac7b92 --- /dev/null +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6874.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-6874", + "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", + "published": "2024-07-24T08:15:03.413", + "lastModified": "2024-07-24T09:15:02.503", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "libcurl's URL API function\n[curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) offers punycode\nconversions, to and from IDN. Asking to convert a name that is exactly 256\nbytes, libcurl ends up reading outside of a stack based buffer when built to\nuse the *macidn* IDN backend. The conversion function then fills up the\nprovided buffer exactly - but does not null terminate the string.\n\nThis flaw can lead to stack contents accidently getting returned as part of\nthe converted string." + }, + { + "lang": "es", + "value": "La funci\u00f3n API de URL de libcurl [curl_url_get()](https://curl.se/libcurl/c/curl_url_get.html) ofrece conversiones punycode, hacia y desde IDN. Al solicitar convertir un nombre que tiene exactamente 256 bytes, libcurl termina leyendo fuera de un b\u00fafer en la regi\u00f3n stack de la memoria cuando se construye para usar el backend IDN *macidn*. Luego, la funci\u00f3n de conversi\u00f3n llena exactamente el b\u00fafer proporcionado, pero no termina en nulo la cadena. Esta falla puede provocar que el contenido de la pila se devuelva accidentalmente como parte de la cadena convertida." + } + ], + "metrics": {}, + "references": [ + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/24/2", + "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + }, + { + "url": "https://curl.se/docs/CVE-2024-6874.html", + "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + }, + { + "url": "https://curl.se/docs/CVE-2024-6874.json", + "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + }, + { + "url": "https://hackerone.com/reports/2604391", + "source": "2499f714-1537-4658-8207-48ae4bb9eae9" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-69xx/CVE-2024-6930.json b/CVE-2024/CVE-2024-69xx/CVE-2024-6930.json new file mode 100644 index 00000000000..325125f0da6 --- /dev/null +++ b/CVE-2024/CVE-2024-69xx/CVE-2024-6930.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-6930", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-24T08:15:03.477", + "lastModified": "2024-07-24T08:15:03.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute within the plugin's bookingform shortcode in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WP Booking Calendar para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del atributo 'type' dentro del c\u00f3digo abreviado del formulario de reserva del complemento en todas las versiones hasta la 10.2.1 incluida debido a una sanitizaci\u00f3n de entrada y a un escape de salida insuficientes en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/booking/trunk/core/lib/wpdev-booking-class.php#L849", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3123628/", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/booking/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2aaca776-03ce-43bb-9553-f455f57124a3?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 53b20eb077f..2dacea35f2d 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-24T08:00:17.346517+00:00 +2024-07-24T10:00:17.241292+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-24T07:15:02.820000+00:00 +2024-07-24T09:15:02.503000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -257872 +257880 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `8` -- [CVE-2023-32466](CVE-2023/CVE-2023-324xx/CVE-2023-32466.json) (`2024-07-24T07:15:01.953`) -- [CVE-2024-6094](CVE-2024/CVE-2024-60xx/CVE-2024-6094.json) (`2024-07-24T06:15:01.903`) -- [CVE-2024-6553](CVE-2024/CVE-2024-65xx/CVE-2024-6553.json) (`2024-07-24T07:15:02.350`) -- [CVE-2024-6571](CVE-2024/CVE-2024-65xx/CVE-2024-6571.json) (`2024-07-24T07:15:02.600`) -- [CVE-2024-6629](CVE-2024/CVE-2024-66xx/CVE-2024-6629.json) (`2024-07-24T07:15:02.820`) -- [CVE-2024-6836](CVE-2024/CVE-2024-68xx/CVE-2024-6836.json) (`2024-07-24T06:15:02.087`) +- [CVE-2023-32471](CVE-2023/CVE-2023-324xx/CVE-2023-32471.json) (`2024-07-24T08:15:02.393`) +- [CVE-2023-48362](CVE-2023/CVE-2023-483xx/CVE-2023-48362.json) (`2024-07-24T08:15:02.627`) +- [CVE-2024-3297](CVE-2024/CVE-2024-32xx/CVE-2024-3297.json) (`2024-07-24T08:15:02.880`) +- [CVE-2024-3454](CVE-2024/CVE-2024-34xx/CVE-2024-3454.json) (`2024-07-24T08:15:03.123`) +- [CVE-2024-39676](CVE-2024/CVE-2024-396xx/CVE-2024-39676.json) (`2024-07-24T08:15:02.773`) +- [CVE-2024-6197](CVE-2024/CVE-2024-61xx/CVE-2024-6197.json) (`2024-07-24T08:15:03.340`) +- [CVE-2024-6874](CVE-2024/CVE-2024-68xx/CVE-2024-6874.json) (`2024-07-24T08:15:03.413`) +- [CVE-2024-6930](CVE-2024/CVE-2024-69xx/CVE-2024-6930.json) (`2024-07-24T08:15:03.477`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-6629](CVE-2024/CVE-2024-66xx/CVE-2024-6629.json) (`2024-07-24T07:15:02.820`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 3472b5405ca..c7d3c11c44c 100644 --- a/_state.csv +++ b/_state.csv @@ -224253,12 +224253,13 @@ CVE-2023-32462,0,0,e07a0b8cf235c91f117aab5542e8a1e08692a6b7bc816a6d84fdff7939ebf CVE-2023-32463,0,0,9c0648bf3a62c21ad36b1e856d010660c2e367e55959b2f6ee06517e731afabd,2023-07-05T18:33:55.533000 CVE-2023-32464,0,0,5002bc22d174d03b224c414e085222536ab31791807238bbf4cd033cfd86a1ab,2023-07-05T18:31:27.907000 CVE-2023-32465,0,0,3b910cb507c14d4c201ed99e11b2f097c6e541241b586413c4b2c4c1c1c5ebcd,2023-06-27T18:39:23.987000 -CVE-2023-32466,1,1,2390536344af0252ea883e678ac94b8ab2c71aa723dc425d7c107ee620d31531,2024-07-24T07:15:01.953000 +CVE-2023-32466,0,0,2390536344af0252ea883e678ac94b8ab2c71aa723dc425d7c107ee620d31531,2024-07-24T07:15:01.953000 CVE-2023-32467,0,0,92dc670a37cbc195f9aee3f2f699c2fc979d516f1a92fbab736ae2a84445b2ab,2024-07-11T13:05:54.930000 CVE-2023-32468,0,0,3aaf8d963cbce4f5d5319dd617a26b2fa711b5f2996fe21d5e604c3f9b4c55f8,2023-08-03T18:23:50.197000 CVE-2023-32469,0,0,6b66634362347d05c43893f73f84b043ba50f94ace2183d7db139e18e104e674,2023-11-29T19:49:42.947000 CVE-2023-3247,0,0,dc024bb4c63f22d2d922c859e74704e54f9264e2ea29c37dc55d1fd134910214,2023-08-01T16:38:09.033000 CVE-2023-32470,0,0,1d1831b86e4f49c8df32eecce1f1b20c4ae5ed94d12e60777f158aa9c9815ea1,2023-09-13T14:37:24.530000 +CVE-2023-32471,1,1,c878c1d06f25f64c1e1f626dca3430edb93f9cfc2f126ec944df578916f4b138,2024-07-24T08:15:02.393000 CVE-2023-32472,0,0,17c2725f723be369591982ed957fd026847faf3ab703e66da6749f40fa5279fc,2024-07-11T13:05:54.930000 CVE-2023-32474,0,0,d6a828b10f15016d3a4296d029159cd45eff255f547ac600257d313f221bad5c,2024-02-12T21:37:18.687000 CVE-2023-32475,0,0,1d606a374c4ae0f3a73cad6cf7cc78e1a939167312580108942fa2c074cb968a,2024-06-07T14:56:05.647000 @@ -235776,6 +235777,7 @@ CVE-2023-48358,0,0,fd42ec30edf0b4bc87a28db5c64e1d59dfe5aa82b9d6889cf14523d9f1e0b CVE-2023-48359,0,0,ccb3f595ead47de0e806cbd75338965d59fe717be8a86c3f09bb684f53159c8a,2024-01-24T20:35:30.263000 CVE-2023-4836,0,0,08652eb22d8d820537a32135d6cdb0072945ba41f47c5813b91b860f7c20fc7e,2023-11-08T18:30:46.937000 CVE-2023-48360,0,0,5b6e5d7b5fe192061e064b563bfee066f7ff8cfae4d4ee5e2ae28883a2e5e83c,2024-01-05T22:04:53.347000 +CVE-2023-48362,1,1,ebfaafb940cfdd6e0c33e0912a5376be9ed5968439213870a60215f83c210d62,2024-07-24T08:15:02.627000 CVE-2023-48363,0,0,2bfc4ec5e7e25cb483b369af5958deb5dd28dd7cd426eb9cf32d0a8e81c4f250,2024-07-09T12:15:10.147000 CVE-2023-48364,0,0,b82391d36b810ac4492568e964e6ec98f18ee88a09432c62aa0865e4a71170e3,2024-07-09T12:15:10.277000 CVE-2023-48365,0,0,08ac0336d1b7c8130bf42658d4f4f8599137b51618c91dfe4765b7deedb1fc3a,2023-11-29T20:43:54.133000 @@ -251445,6 +251447,7 @@ CVE-2024-32964,0,0,b623874e6a0274971696b1b7da0d2f443f746dffed315cb1a514ae93f0a27 CVE-2024-32966,0,0,c438f55196809bbbc973f729157ff8c0c6df1250009855187f1fc3a5f9a87d17,2024-05-01T13:01:51.263000 CVE-2024-32967,0,0,edb16c37f9c2fc6d1e9a47803a7b1119309dad5cfcac07761a5d0ee65a1bacec,2024-05-01T13:01:51.263000 CVE-2024-32969,0,0,6ef0f8d88265e6683965945b29c1106dae41ceee98d494ed8c3a06c6d351066c,2024-05-24T01:15:30.977000 +CVE-2024-3297,1,1,e4dc45707207617e17cd6ca7c1187cdab66d5dfe2081d261d3210381d15c7582,2024-07-24T08:15:02.880000 CVE-2024-32970,0,0,5a01359cfb986ee6b849bc2a7e60567b8f37d4b5ce19db35dccc9f7464a14062,2024-05-01T13:02:20.750000 CVE-2024-32971,0,0,ab8a148088c73648f89e5b394dd5a94a547e8c2e4b0230a8c2d6e56a7f3b753a,2024-05-02T13:27:25.103000 CVE-2024-32972,0,0,dc515bb8aec39a31fdf47e578fc51873affc085f71d155b12852513b737283e1,2024-05-06T16:00:59.253000 @@ -252348,6 +252351,7 @@ CVE-2024-34533,0,0,8566d0e8dbd9cd4017bd3a534ac0fd9822a90bf76d2b3f6401a871fd79682 CVE-2024-34534,0,0,bc0f446d96fd1bff04cb40a3d47d7cedb5384511135e58f39b13d3fecfe87cc4,2024-07-03T02:00:34.370000 CVE-2024-34538,0,0,feba2430cb16511882082bb58c8b82ea01c0b09af4d84fa976b42058411470a6,2024-07-03T02:00:35.197000 CVE-2024-34539,0,0,9ef63927e8927d2fb2816c186d7e6407d6365bb9385ba11a715c86bc1697a83f,2024-07-03T02:00:36.057000 +CVE-2024-3454,1,1,b41fe92c6b1ce4c99591a736aa8a2914195391fb0c5e815d3f5ffaac980f0333,2024-07-24T08:15:03.123000 CVE-2024-34546,0,0,8800da10c69fec688483057d2cb770a66eb40079057655e7555d9e5ef263c46b,2024-05-08T13:15:00.690000 CVE-2024-34547,0,0,823aa1b861a91366dddc57a5e7dd1048515142481ea3eeb344f690ed0a7ca84c,2024-05-08T13:15:00.690000 CVE-2024-34548,0,0,8caa33bdc3c5be33f667017355107b8d8cdf99ab7255d3c04528b6e278893606,2024-05-08T13:15:00.690000 @@ -255306,6 +255310,7 @@ CVE-2024-3966,0,0,73fb2ae6dbee87e9388d8eb74bc7dee75170ed92fa9ef996fc6e09e4c624ed CVE-2024-39669,0,0,56d6b274e749be30b1ff4d12ff6c858882279f47b773d710e8ac61d1e37bcfa3,2024-07-03T02:05:50.580000 CVE-2024-3967,0,0,5862f1bd72fcf48f7d564d5c642edefacf28c5dccb3d99f9648feaeaf3e033bf,2024-05-15T18:35:11.453000 CVE-2024-39675,0,0,324904789d577f8da38a1b1d1fcdf082a86fba9fd2cc1697c3fb80289cc5120e,2024-07-09T18:19:14.047000 +CVE-2024-39676,1,1,a6a622475144409ca7eca813502661a61efb33c25469d6887411c8bbacef3ffd,2024-07-24T08:15:02.773000 CVE-2024-39677,0,0,c1a0d9a5a9ccbb7df09329c8ee16f641c4f9bc5f42ed88da1c64c5051e623648,2024-07-08T15:49:22.437000 CVE-2024-39678,0,0,f0f13ad18e725d440582b3a4bbd425936455389008ece86cf58b8c9519b22e2a,2024-07-18T12:28:43.707000 CVE-2024-39679,0,0,ce5bdc949f2b785748533e9e266e218a34e39cb3d0887231dc8fbb4c0a149bec,2024-07-18T12:28:43.707000 @@ -257418,7 +257423,7 @@ CVE-2024-6086,0,0,47215fd632ba621ffeef67af3acb9b5d4df100629d5a1e80c438d45f990f65 CVE-2024-6088,0,0,ed650bb4582239ce54305f8b10efe45d50e8cb6f1aa2aa30a6eb4b92f9ce96ee,2024-07-02T18:08:38.550000 CVE-2024-6089,0,0,2e36ec68c046c195b7c2f86ee35013ba223063fb476a7c2f6d245a7b85cc69f4,2024-07-16T18:00:02.110000 CVE-2024-6090,0,0,97ec0efad50117bd537daa7e8cf0d79ae16e3a9835d40dc90b67ac25a55b7eab,2024-06-27T19:25:12.067000 -CVE-2024-6094,1,1,3c90347939a1f190e70109a37076f0ce0dbdf744b626071cec340a61b12536be,2024-07-24T06:15:01.903000 +CVE-2024-6094,0,0,3c90347939a1f190e70109a37076f0ce0dbdf744b626071cec340a61b12536be,2024-07-24T06:15:01.903000 CVE-2024-6095,0,0,1bbfd7c9b87c44d08a43ff0a5e8179e2c5df6e66e4cde292cf2d451628bbb0a8,2024-07-09T17:41:10.523000 CVE-2024-6099,0,0,122ce35d776bcd880891466a825515ec577be2ec80ec19c4510dcdd6af223974,2024-07-02T18:08:53.233000 CVE-2024-6100,0,0,22a1633b125d31ae1c260507b63f1a44d0021fa11eedbf918d3886af2f39e630,2024-07-03T02:09:40.497000 @@ -257494,6 +257499,7 @@ CVE-2024-6193,0,0,00fd76685b00c66c75878efc81598a588f58971e8df576cbee2d630c4caeff CVE-2024-6194,0,0,2fd14db6633e624a38e90bae695b4c4d57fa0e3aaeb642623d447d03f1402676,2024-06-21T11:22:01.687000 CVE-2024-6195,0,0,6a062efe55296f0b78677192fb0a748b37d8f49a4a61cffdf8e5d965a387b28b,2024-06-21T11:22:01.687000 CVE-2024-6196,0,0,ee53490a34820f9c77a5a8ca54b2af4db4b9298e709dd53453d8c4a657cc2768,2024-06-21T17:15:11.350000 +CVE-2024-6197,1,1,801370748751e8e8f478d20c164fed6af08010ae773166f84500504349e1402f,2024-07-24T09:15:02.390000 CVE-2024-6205,0,0,113d559849ca9c5bf761a83fad7d31b96491373e555c09e3fa45e37c92251187,2024-07-19T20:23:18.960000 CVE-2024-6206,0,0,7ae31b087265fa68705a3f153945ecef18a4fdd89eba1b0f5f6a9be630fb6cf5,2024-06-26T12:44:29.693000 CVE-2024-6209,0,0,dde817e69ddab612402867a39af366fc36713e43c4758f0a34432256fd885f93,2024-07-08T15:35:25.837000 @@ -257687,7 +257693,7 @@ CVE-2024-6539,0,0,81a7a773476044a536e1904849aff55df114add8144e8265b917f8120b92d8 CVE-2024-6540,0,0,f13af52637070826766869c9a967d13110a057955f51f107eb0d0f88b4032338,2024-07-16T18:05:37.267000 CVE-2024-6542,0,0,54f8a75473ca23470adff5375410f0163accbe3baf07cee08839e7a197565332,2024-07-22T13:00:31.330000 CVE-2024-6550,0,0,6c4bb046e65a00df1f67c81af4edc0fc3847fdca60c1beea606bf943b5851318,2024-07-11T13:05:54.930000 -CVE-2024-6553,1,1,879877ef6ddc882555f2763bcffa21e66b10deb67f1bdd0f69793285dd29e02d,2024-07-24T07:15:02.350000 +CVE-2024-6553,0,0,879877ef6ddc882555f2763bcffa21e66b10deb67f1bdd0f69793285dd29e02d,2024-07-24T07:15:02.350000 CVE-2024-6554,0,0,c39b715167392909a130cc6479af2acca1cb23375ca0bdab5b0fb951f0bce662,2024-07-12T17:01:48.353000 CVE-2024-6555,0,0,bf68ef8f1bd3876021fc33b504457daba53832080530806ef27f797ea5536a0b,2024-07-12T12:49:07.030000 CVE-2024-6556,0,0,246920c1b32eb0a0369982110178f9a30464427865e75d42710950bf8d6bff6c,2024-07-11T13:05:54.930000 @@ -257698,7 +257704,7 @@ CVE-2024-6563,0,0,1b4d88909a8afd884220e1df693026407578c717bcca7ba5cdd4e0bbbf29fb CVE-2024-6564,0,0,b381c943e4dc87d72df0560a8008d835d4542fba3e8b6a3b21a1beca0e3a3fa5,2024-07-09T14:19:14.760000 CVE-2024-6565,0,0,43def900ab0d6afe7974c0f6bcdb1952d3f11b54fce1bb808ab6238edf9d39c2,2024-07-16T13:43:58.773000 CVE-2024-6570,0,0,1c2083317d49d5094b93c672429fe80fa3944fba8c36de7f1f2403e55beb6b46,2024-07-16T13:43:58.773000 -CVE-2024-6571,1,1,d44d33dd39e189562de2262ba15ca925ae1204c315b8c2cb8b9ed3cea9e44aba,2024-07-24T07:15:02.600000 +CVE-2024-6571,0,0,d44d33dd39e189562de2262ba15ca925ae1204c315b8c2cb8b9ed3cea9e44aba,2024-07-24T07:15:02.600000 CVE-2024-6574,0,0,63009fc3946aa6aa37035c823fc25710c373929512d42b52b922f4cc721537b8,2024-07-15T13:00:34.853000 CVE-2024-6579,0,0,70ddc19f754f7cb2643cde5cc84c5570c5648bfc6d8e404da6cc6aa9bb2155c8,2024-07-16T13:43:58.773000 CVE-2024-6580,0,0,d43dfa58651574c4447e8f323f3cb1f6a00d6bdef0613d5834aefccecf968c5d,2024-07-09T18:19:14.047000 @@ -257725,7 +257731,7 @@ CVE-2024-6615,0,0,21e70ce6d005932fad51efb1cef43277a3ff57e367ed55aea5460b226c9f9b CVE-2024-6621,0,0,245e22cf8c695e01e46245f83baf1a8e74fd9ede2206edccd3aaa25f1c00ba0d,2024-07-16T13:43:58.773000 CVE-2024-6624,0,0,d641d0598d5f0d62f69b2f0bb30153f1263b9aa17a64dd7567b42517a1bc6027,2024-07-12T16:51:31.487000 CVE-2024-6625,0,0,b913737eefce9f28c47dc537f0edd398b1eeb297cd2eb30c69b59c3401317130,2024-07-12T12:49:07.030000 -CVE-2024-6629,1,1,722bbaee5eccd01b9e17fcb8cbbf5caf8be6e3fa1ebb26a778c24f118a28c2b1,2024-07-24T07:15:02.820000 +CVE-2024-6629,0,1,5a513387975d08a19e1a9bfd2fa4eb70fd173a82998793f3fcdede44d45e9f3e,2024-07-24T07:15:02.820000 CVE-2024-6630,0,0,7742b604143993a9d769b9ab9c3e5aab85337a51e6772bb186961af80d29fee2,2024-07-10T18:15:05.407000 CVE-2024-6635,0,0,97d6e55960f6f2e5010584395fc193a0feb186e4d795b57d89159c3132b84fff,2024-07-22T13:00:31.330000 CVE-2024-6636,0,0,b927f4aba2100824a9064e3c9444e3f54a47671d743161ced3b5a100a38b49ab,2024-07-22T13:00:31.330000 @@ -257812,8 +257818,9 @@ CVE-2024-6828,0,0,e8e5364a43527004d310abc814718f6da23bb18bdc1eed3d86b65930ef5f36 CVE-2024-6830,0,0,66325e33317c6fde8b929b285667c5104c4ae04492532b5067560968ff36e7fb,2024-07-18T12:28:43.707000 CVE-2024-6833,0,0,b0ea48d29166f6347ac218b4f9f93d3f7fc599fd932b64c35cfa55e5a1a94672,2024-07-18T12:28:43.707000 CVE-2024-6834,0,0,9b06026f568f95c4c2a4be9208340b1bc5ab27fea601ce9296ee0a0b671ec68d,2024-07-18T12:28:43.707000 -CVE-2024-6836,1,1,a7e643cb6230d5e98667acb22e4fe58264e905462db11f5ad0ed41334cc0c973,2024-07-24T06:15:02.087000 +CVE-2024-6836,0,0,a7e643cb6230d5e98667acb22e4fe58264e905462db11f5ad0ed41334cc0c973,2024-07-24T06:15:02.087000 CVE-2024-6848,0,0,e171c12c58967922126feefb09977b436bb9e206684562a37899ca6ed3e35d20,2024-07-22T13:00:31.330000 +CVE-2024-6874,1,1,2d8921d3e444b9f0010b465e4bbb46c8cc3cf47b5c0a7b34e2564073144ea54f,2024-07-24T09:15:02.503000 CVE-2024-6885,0,0,d90ac2819f3fbb5ad9a46d3bc60924206cfe9c6a245e942b59dba4be3dd37e51,2024-07-23T02:15:02.610000 CVE-2024-6895,0,0,ba732cd0d0196677d9fba02b4344054d4844d09e5d174114e4dcf4446ecf9262,2024-07-22T13:00:53.287000 CVE-2024-6898,0,0,98dae2dc951da0c9f1ac4e695a7ad38573b2abb15f5508f51642ed9635c194c6,2024-07-19T13:01:44.567000 @@ -257831,6 +257838,7 @@ CVE-2024-6911,0,0,7f4ddcbca588794e13c2f123b3057f4d2ae0b7c0814e3ad95ee8587c42e2b3 CVE-2024-6912,0,0,19ffbe14a9786c836ebae1173b484d62d4eb03f1527258ec6cd573c3aea4cab0,2024-07-23T03:15:02.097000 CVE-2024-6913,0,0,f5e293443f520d9493e0fe66d0100592db283e2483702e8be0c1e32232769fc8,2024-07-23T03:15:02.170000 CVE-2024-6916,0,0,1d247ae867be71d9af12779cc6db2629ce2403155b9fbbc87b676a3b33127b65,2024-07-19T13:01:44.567000 +CVE-2024-6930,1,1,51e135d21d7c07927d45aad2995c8278e53f9368fe4af477e790eb887ce0df6a,2024-07-24T08:15:03.477000 CVE-2024-6932,0,0,67a8aa74150c82de9338c7f5e13237de6a0b3fc058478249ab687a9bbea18d6e,2024-07-22T13:00:31.330000 CVE-2024-6933,0,0,31e003a378d639e27641dced44e726d35d058acd0301a48a16d76976ef2aa1ee,2024-07-22T13:00:31.330000 CVE-2024-6934,0,0,2773a2900bf573ac6cdadde3da52af842db87181b62c4a3816dd0aac8b92139a,2024-07-22T13:00:31.330000