Auto-Update: 2024-06-17T10:00:52.107604+00:00

CVE-2024/CVE-2024-362xx/CVE-2024-36277.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2024-36277",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-06-17T08:15:48.847",
+  "lastModified": "2024-06-17T08:15:48.847",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Improper verification of cryptographic signature issue exists in \"FreeFrom - the nostr client\" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://freefrom.space/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN55045256/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://play.google.com/store/apps/details?id=com.freefrom",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2024/CVE-2024-362xx/CVE-2024-36279.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2024-36279",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-06-17T08:15:48.980",
+  "lastModified": "2024-06-17T08:15:48.980",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in \"FreeFrom - the nostr client\" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://freefrom.space/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN55045256/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://play.google.com/store/apps/details?id=com.freefrom",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2024/CVE-2024-362xx/CVE-2024-36289.json

@@ -0,0 +1,32 @@
+{
+  "id": "CVE-2024-36289",
+  "sourceIdentifier": "vultures@jpcert.or.jp",
+  "published": "2024-06-17T08:15:49.063",
+  "lastModified": "2024-06-17T08:15:49.063",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Reusing a nonce, key pair in encryption issue exists in \"FreeFrom - the nostr client\" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://freefrom.space/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://jvn.jp/en/jp/JVN55045256/",
+      "source": "vultures@jpcert.or.jp"
+    },
+    {
+      "url": "https://play.google.com/store/apps/details?id=com.freefrom",
+      "source": "vultures@jpcert.or.jp"
+    }
+  ]
+}

CVE-2024/CVE-2024-60xx/CVE-2024-6042.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-6042",
   "sourceIdentifier": "cna@vuldb.com",
   "published": "2024-06-17T00:15:09.323",
-  "lastModified": "2024-06-17T00:15:09.323",
+  "lastModified": "2024-06-17T09:15:08.983",
   "vulnStatus": "Received",
   "descriptions": [
     {
@@ -17,19 +17,19 @@
         "type": "Secondary",
         "cvssData": {
           "version": "3.1",
-          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
           "attackVector": "NETWORK",
           "attackComplexity": "LOW",
-          "privilegesRequired": "LOW",
+          "privilegesRequired": "NONE",
           "userInteraction": "NONE",
           "scope": "UNCHANGED",
           "confidentialityImpact": "LOW",
           "integrityImpact": "LOW",
           "availabilityImpact": "LOW",
-          "baseScore": 6.3,
-          "baseSeverity": "MEDIUM"
+          "baseScore": 7.3,
+          "baseSeverity": "HIGH"
         },
-        "exploitabilityScore": 2.8,
+        "exploitabilityScore": 3.9,
         "impactScore": 3.4
       }
     ],
@@ -39,17 +39,17 @@
         "type": "Secondary",
         "cvssData": {
           "version": "2.0",
-          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
+          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
           "accessVector": "NETWORK",
           "accessComplexity": "LOW",
-          "authentication": "SINGLE",
+          "authentication": "NONE",
           "confidentialityImpact": "PARTIAL",
           "integrityImpact": "PARTIAL",
           "availabilityImpact": "PARTIAL",
-          "baseScore": 6.5
+          "baseScore": 7.5
         },
-        "baseSeverity": "MEDIUM",
-        "exploitabilityScore": 8.0,
+        "baseSeverity": "HIGH",
+        "exploitabilityScore": 10.0,
         "impactScore": 6.4,
         "acInsufInfo": false,
         "obtainAllPrivilege": false,

CVE-2024/CVE-2024-60xx/CVE-2024-6048.json

@@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-6048",
+  "sourceIdentifier": "twcert@cert.org.tw",
+  "published": "2024-06-17T08:15:49.150",
+  "lastModified": "2024-06-17T08:15:49.150",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "twcert@cert.org.tw",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "twcert@cert.org.tw",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html",
+      "source": "twcert@cert.org.tw"
+    },
+    {
+      "url": "https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html",
+      "source": "twcert@cert.org.tw"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-06-17T08:00:19.404156+00:00
+2024-06-17T10:00:52.107604+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-06-17T07:15:41.647000+00:00
+2024-06-17T09:15:08.983000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,23 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-254255
+254259
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `4`
 
-- [CVE-2024-3236](CVE-2024/CVE-2024-32xx/CVE-2024-3236.json) (`2024-06-17T06:15:08.923`)
-- [CVE-2024-4305](CVE-2024/CVE-2024-43xx/CVE-2024-4305.json) (`2024-06-17T06:15:09.140`)
-- [CVE-2024-5650](CVE-2024/CVE-2024-56xx/CVE-2024-5650.json) (`2024-06-17T07:15:41.647`)
-- [CVE-2024-6047](CVE-2024/CVE-2024-60xx/CVE-2024-6047.json) (`2024-06-17T06:15:09.237`)
+- [CVE-2024-36277](CVE-2024/CVE-2024-362xx/CVE-2024-36277.json) (`2024-06-17T08:15:48.847`)
+- [CVE-2024-36279](CVE-2024/CVE-2024-362xx/CVE-2024-36279.json) (`2024-06-17T08:15:48.980`)
+- [CVE-2024-36289](CVE-2024/CVE-2024-362xx/CVE-2024-36289.json) (`2024-06-17T08:15:49.063`)
+- [CVE-2024-6048](CVE-2024/CVE-2024-60xx/CVE-2024-6048.json) (`2024-06-17T08:15:49.150`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `1`
 
+- [CVE-2024-6042](CVE-2024/CVE-2024-60xx/CVE-2024-6042.json) (`2024-06-17T09:15:08.983`)
 
 
 ## Download and Usage

_state.csv

@@ -249934,7 +249934,7 @@ CVE-2024-32354,0,0,2cb98cf03f55f0d3f314d8f78a7b2ae13f23e6c4927c02df2076089e9fc3c
 CVE-2024-32355,0,0,2701a15118616315b80ef66d15278af6b7051848ac735d5427c3a4cdd16dfa55,2024-05-14T19:17:55.627000
 CVE-2024-32358,0,0,4361acd373c6387e4e9f8c587956d55ed79588179fa5465dd154715a342d96e5,2024-04-25T17:24:59.967000
 CVE-2024-32359,0,0,b4d29b953e327824af6c91976648aff102dd83fb9c76233181d51fd1f9cb1231,2024-05-02T18:00:37.360000
-CVE-2024-3236,1,1,75bea4137d8edbae355f7a6346bcdbeee4a422fdd030e3b76c726676436069d0,2024-06-17T06:15:08.923000
+CVE-2024-3236,0,0,75bea4137d8edbae355f7a6346bcdbeee4a422fdd030e3b76c726676436069d0,2024-06-17T06:15:08.923000
 CVE-2024-32368,0,0,e5f9ac1f5e4b7deacae1b8adfb72b39f31c0e06e3a2c110e19b743f4b05d773c,2024-04-22T19:24:12.920000
 CVE-2024-32369,0,0,9089831a6180c7b5be681767b4ccc10fae87b49242f26b69d51f8d148f2c2512,2024-05-07T20:07:58.737000
 CVE-2024-3237,0,0,98b407c7ff694e30bff011becf60591f80a0369e19a531a10c3c30601e8332ec,2024-05-06T12:44:56.377000
@@ -252313,8 +252313,11 @@ CVE-2024-36264,0,0,3852f3a1f0d8a2d4f62090f3b6254d16b37a584c2a4799814e318aea1f241
 CVE-2024-36265,0,0,00a9e362e8a489eb7027d68fd71b14b08824e37d9652a79a38b01c7bc61baef1,2024-06-13T21:15:57.170000
 CVE-2024-36266,0,0,251ca14083666637d83281029e46640454efd455680ea38b3c5a664d41d8a836,2024-06-11T13:54:12.057000
 CVE-2024-36267,0,0,5b402628b4c430b8eab614a5b3330f6f2d186537f83ff9a60bb1a91e4b3c3cac,2024-05-30T13:15:41.297000
+CVE-2024-36277,1,1,63dd18b81c9fc8c44df0e6d60c7bc7caa73ebf9b031cb82c2f5074e4399a0028,2024-06-17T08:15:48.847000
+CVE-2024-36279,1,1,378561b590c600011b335a45290d727da5402797a1196b977b3b7aeb453302a5,2024-06-17T08:15:48.980000
 CVE-2024-3628,0,0,ad2a38a3d431944b5239dd67ace3bcd2603e3057c8d0a04d847db45516b0c9ea,2024-05-07T13:39:32.710000
 CVE-2024-36287,0,0,7dad7370c22f073f62724eebac2c879eee476043b802bc617e62e661dfc2d306,2024-06-14T09:15:09.450000
+CVE-2024-36289,1,1,ae5fb94ad521898d947542ad2af2b7c0cff151d11fdec057b962deff46c2e40d,2024-06-17T08:15:49.063000
 CVE-2024-3629,0,0,ed67d1a2dc82a6f7d8e47e5534a14b4493dd33c5e11e4c564b2ef763c111a4ba,2024-05-15T16:40:19.330000
 CVE-2024-3630,0,0,1b4d82e848787accdc20ad3d430430e1a1fa399ad678a3e5fbc87f1ba9867411,2024-05-15T16:40:19.330000
 CVE-2024-36302,0,0,e1f4931beacda377102258578e84cb72b47284751be4a5dc324f70f76b3c6500,2024-06-11T13:54:12.057000
@@ -253218,7 +253221,7 @@ CVE-2024-4301,0,0,7d8f056252c47ce14526f7e57454b7b6b871eb1459dd2b3842b28d98543d66
 CVE-2024-4302,0,0,39865ef94639e31233f81e22f823186b850ad673927660a59987e37ec9048236,2024-04-29T12:42:03.667000
 CVE-2024-4303,0,0,dc23292aa9a60d1b5e39a68c94abae91eeace7edd419d8c3c5c76a7757513679,2024-04-29T12:42:03.667000
 CVE-2024-4304,0,0,26620f2e8ced99fdd3bda531b587b99eceacc7574327e1e3504df0a80354f331,2024-04-29T12:42:03.667000
-CVE-2024-4305,1,1,d35774118ecf764d0a942956bd90ab19ea9ec26ac335556caa76076ef2607ae0,2024-06-17T06:15:09.140000
+CVE-2024-4305,0,0,d35774118ecf764d0a942956bd90ab19ea9ec26ac335556caa76076ef2607ae0,2024-06-17T06:15:09.140000
 CVE-2024-4306,0,0,e9aaa66e23013eeddb017fc28910aff24c8ac74d8e5a2f36c0285b37028fcebf,2024-04-29T12:42:03.667000
 CVE-2024-4307,0,0,8632ca6475393105acd262617756d75d5dfc473b5ad0365976bdee020429b7af,2024-04-30T13:11:16.690000
 CVE-2024-4308,0,0,c30b8d7bce14d8d06db9bf545139ec925cbf528f27e8b442e0e9c6b9a7a51847,2024-04-30T13:11:16.690000
@@ -254115,7 +254118,7 @@ CVE-2024-5638,0,0,ecd29107ace2c39372f8ad7d26b6d92a031cf986dc4e07d96162e8140ebd09
 CVE-2024-5640,0,0,86163b3d741cee0a4e50ef8553f0c82f1f0c15bd48d022d2d250ef0f55c23f10,2024-06-07T14:56:05.647000
 CVE-2024-5645,0,0,1faba0fd6e05694e3fff7011c206b3ecee3c45fddb7e6c575993af231224a181,2024-06-11T17:57:47.197000
 CVE-2024-5646,0,0,23240aeec5f40e46e6951e19eff4b72273567c29932f06ca0851d3144bb5ebaa,2024-06-13T18:36:09.013000
-CVE-2024-5650,1,1,d150ba9135c0cbc011e01b5df5c37d308515ee8c2debc8941020c718f492c7ea,2024-06-17T07:15:41.647000
+CVE-2024-5650,0,0,d150ba9135c0cbc011e01b5df5c37d308515ee8c2debc8941020c718f492c7ea,2024-06-17T07:15:41.647000
 CVE-2024-5653,0,0,283076b6ccce08ae3d1ddf9d7f5983a839d66c80929543a8a527d0bfdf86a2f9,2024-06-06T14:17:35.017000
 CVE-2024-5654,0,0,e22a0b433d38e113ff7c2fe935a2ac4a2eac96ee27b605312aa4a4c8d50d69a0,2024-06-10T02:52:08.267000
 CVE-2024-5656,0,0,40c34e526e2032c59043b8834b1648291001d5e69a19326cbf74d918e6c8fbc1,2024-06-13T14:15:13.397000
@@ -254248,9 +254251,10 @@ CVE-2024-6015,0,0,ce17981a2f5c1abb173d15e7815cded0a62d2475c1da467d89f43737bdc158
 CVE-2024-6016,0,0,ca762f4b4cad5059b56c7cba83da0542825d18a3a76ea0906d6c1e6b2a00f540,2024-06-15T19:15:48.443000
 CVE-2024-6039,0,0,b95cc2c25372a777e07390d97534935dbe452a5a533742bda3ef4325dc878c01,2024-06-16T22:15:09.360000
 CVE-2024-6041,0,0,e6d63ca11ea2ff9ed09ea53c6094128fe340ff7325fdab7606f076aa9a2a1946,2024-06-16T23:15:49.417000
-CVE-2024-6042,0,0,ed54c5636265103325c04d8d2622ce50f3889c9971c74cd395d52c55b95a2414,2024-06-17T00:15:09.323000
+CVE-2024-6042,0,1,7fd15ec07025fdf2bfe5b3ea61db3e32dd9bf8f8de6ac401538e5b2f34729e50,2024-06-17T09:15:08.983000
 CVE-2024-6043,0,0,ed62535c42832e37b4fd65db6511e39d988a0b0325ab18bd1d36764965ef2443,2024-06-17T01:15:49.627000
 CVE-2024-6044,0,0,e7b2e64c18c97b6be6b2136ab4aca56f14648e5731c5f26d1f52a5c372063f27,2024-06-17T03:15:09.163000
 CVE-2024-6045,0,0,5e79506df39ea8f7267328abe49cc0d381005956c29a9bbdf201937bde58f730,2024-06-17T04:15:09.287000
 CVE-2024-6046,0,0,cf19d451114556c426f3983a5e1a8618f01d19ba531031d5d307bd6aadf6f22a,2024-06-17T04:15:09.867000
-CVE-2024-6047,1,1,33851d2173ef78ee0807d12113329874f85615006162a09982f22e0159875ef2,2024-06-17T06:15:09.237000
+CVE-2024-6047,0,0,33851d2173ef78ee0807d12113329874f85615006162a09982f22e0159875ef2,2024-06-17T06:15:09.237000
+CVE-2024-6048,1,1,4410756e8eb5df65c59c1f095305742228f1f91588f7696c391d2ae77254a57d,2024-06-17T08:15:49.150000