From 92a0976f1e9a4052e8cd02f4712c5dab006894bf Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 17 Jun 2024 10:03:43 +0000 Subject: [PATCH] Auto-Update: 2024-06-17T10:00:52.107604+00:00 --- CVE-2024/CVE-2024-362xx/CVE-2024-36277.json | 32 +++++++++++ CVE-2024/CVE-2024-362xx/CVE-2024-36279.json | 32 +++++++++++ CVE-2024/CVE-2024-362xx/CVE-2024-36289.json | 32 +++++++++++ CVE-2024/CVE-2024-60xx/CVE-2024-6042.json | 22 ++++---- CVE-2024/CVE-2024-60xx/CVE-2024-6048.json | 59 +++++++++++++++++++++ README.md | 17 +++--- _state.csv | 14 +++-- 7 files changed, 184 insertions(+), 24 deletions(-) create mode 100644 CVE-2024/CVE-2024-362xx/CVE-2024-36277.json create mode 100644 CVE-2024/CVE-2024-362xx/CVE-2024-36279.json create mode 100644 CVE-2024/CVE-2024-362xx/CVE-2024-36289.json create mode 100644 CVE-2024/CVE-2024-60xx/CVE-2024-6048.json diff --git a/CVE-2024/CVE-2024-362xx/CVE-2024-36277.json b/CVE-2024/CVE-2024-362xx/CVE-2024-36277.json new file mode 100644 index 00000000000..40f651b3c36 --- /dev/null +++ b/CVE-2024/CVE-2024-362xx/CVE-2024-36277.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-36277", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-06-17T08:15:48.847", + "lastModified": "2024-06-17T08:15:48.847", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Improper verification of cryptographic signature issue exists in \"FreeFrom - the nostr client\" App versions prior to 1.3.5 for Android and iOS. The affected app cannot detect event data with invalid signatures." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://freefrom.space/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN55045256/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://play.google.com/store/apps/details?id=com.freefrom", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-362xx/CVE-2024-36279.json b/CVE-2024/CVE-2024-362xx/CVE-2024-36279.json new file mode 100644 index 00000000000..da6fc976ea6 --- /dev/null +++ b/CVE-2024/CVE-2024-362xx/CVE-2024-36279.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-36279", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-06-17T08:15:48.980", + "lastModified": "2024-06-17T08:15:48.980", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in \"FreeFrom - the nostr client\" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://freefrom.space/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN55045256/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://play.google.com/store/apps/details?id=com.freefrom", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-362xx/CVE-2024-36289.json b/CVE-2024/CVE-2024-362xx/CVE-2024-36289.json new file mode 100644 index 00000000000..eda76424e73 --- /dev/null +++ b/CVE-2024/CVE-2024-362xx/CVE-2024-36289.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-36289", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-06-17T08:15:49.063", + "lastModified": "2024-06-17T08:15:49.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Reusing a nonce, key pair in encryption issue exists in \"FreeFrom - the nostr client\" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://apps.apple.com/us/app/freefrom-the-nostr-client/id6446819930", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://freefrom.space/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://jvn.jp/en/jp/JVN55045256/", + "source": "vultures@jpcert.or.jp" + }, + { + "url": "https://play.google.com/store/apps/details?id=com.freefrom", + "source": "vultures@jpcert.or.jp" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6042.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6042.json index 3b68bcb0069..be57b7f041f 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6042.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6042.json @@ -2,7 +2,7 @@ "id": "CVE-2024-6042", "sourceIdentifier": "cna@vuldb.com", "published": "2024-06-17T00:15:09.323", - "lastModified": "2024-06-17T00:15:09.323", + "lastModified": "2024-06-17T09:15:08.983", "vulnStatus": "Received", "descriptions": [ { @@ -17,19 +17,19 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "LOW", + "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW", - "baseScore": 6.3, - "baseSeverity": "MEDIUM" + "baseScore": 7.3, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 2.8, + "exploitabilityScore": 3.9, "impactScore": 3.4 } ], @@ -39,17 +39,17 @@ "type": "Secondary", "cvssData": { "version": "2.0", - "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "LOW", - "authentication": "SINGLE", + "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", - "baseScore": 6.5 + "baseScore": 7.5 }, - "baseSeverity": "MEDIUM", - "exploitabilityScore": 8.0, + "baseSeverity": "HIGH", + "exploitabilityScore": 10.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6048.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6048.json new file mode 100644 index 00000000000..73f9c22fb43 --- /dev/null +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6048.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-6048", + "sourceIdentifier": "twcert@cert.org.tw", + "published": "2024-06-17T08:15:49.150", + "lastModified": "2024-06-17T08:15:49.150", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Openfind's MailGates and MailAudit fail to properly filter user input when analyzing email attachments. An unauthenticated remote attacker can exploit this vulnerability to inject system commands and execute them on the remote server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "twcert@cert.org.tw", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "twcert@cert.org.tw", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://www.twcert.org.tw/en/cp-139-7886-20b61-2.html", + "source": "twcert@cert.org.tw" + }, + { + "url": "https://www.twcert.org.tw/tw/cp-132-7885-a8013-1.html", + "source": "twcert@cert.org.tw" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 7ad1af43412..90f06c09d7f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-17T08:00:19.404156+00:00 +2024-06-17T10:00:52.107604+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-17T07:15:41.647000+00:00 +2024-06-17T09:15:08.983000+00:00 ``` ### Last Data Feed Release @@ -33,23 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -254255 +254259 ``` ### CVEs added in the last Commit Recently added CVEs: `4` -- [CVE-2024-3236](CVE-2024/CVE-2024-32xx/CVE-2024-3236.json) (`2024-06-17T06:15:08.923`) -- [CVE-2024-4305](CVE-2024/CVE-2024-43xx/CVE-2024-4305.json) (`2024-06-17T06:15:09.140`) -- [CVE-2024-5650](CVE-2024/CVE-2024-56xx/CVE-2024-5650.json) (`2024-06-17T07:15:41.647`) -- [CVE-2024-6047](CVE-2024/CVE-2024-60xx/CVE-2024-6047.json) (`2024-06-17T06:15:09.237`) +- [CVE-2024-36277](CVE-2024/CVE-2024-362xx/CVE-2024-36277.json) (`2024-06-17T08:15:48.847`) +- [CVE-2024-36279](CVE-2024/CVE-2024-362xx/CVE-2024-36279.json) (`2024-06-17T08:15:48.980`) +- [CVE-2024-36289](CVE-2024/CVE-2024-362xx/CVE-2024-36289.json) (`2024-06-17T08:15:49.063`) +- [CVE-2024-6048](CVE-2024/CVE-2024-60xx/CVE-2024-6048.json) (`2024-06-17T08:15:49.150`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-6042](CVE-2024/CVE-2024-60xx/CVE-2024-6042.json) (`2024-06-17T09:15:08.983`) ## Download and Usage diff --git a/_state.csv b/_state.csv index aac507f33db..b206aa1b11e 100644 --- a/_state.csv +++ b/_state.csv @@ -249934,7 +249934,7 @@ CVE-2024-32354,0,0,2cb98cf03f55f0d3f314d8f78a7b2ae13f23e6c4927c02df2076089e9fc3c CVE-2024-32355,0,0,2701a15118616315b80ef66d15278af6b7051848ac735d5427c3a4cdd16dfa55,2024-05-14T19:17:55.627000 CVE-2024-32358,0,0,4361acd373c6387e4e9f8c587956d55ed79588179fa5465dd154715a342d96e5,2024-04-25T17:24:59.967000 CVE-2024-32359,0,0,b4d29b953e327824af6c91976648aff102dd83fb9c76233181d51fd1f9cb1231,2024-05-02T18:00:37.360000 -CVE-2024-3236,1,1,75bea4137d8edbae355f7a6346bcdbeee4a422fdd030e3b76c726676436069d0,2024-06-17T06:15:08.923000 +CVE-2024-3236,0,0,75bea4137d8edbae355f7a6346bcdbeee4a422fdd030e3b76c726676436069d0,2024-06-17T06:15:08.923000 CVE-2024-32368,0,0,e5f9ac1f5e4b7deacae1b8adfb72b39f31c0e06e3a2c110e19b743f4b05d773c,2024-04-22T19:24:12.920000 CVE-2024-32369,0,0,9089831a6180c7b5be681767b4ccc10fae87b49242f26b69d51f8d148f2c2512,2024-05-07T20:07:58.737000 CVE-2024-3237,0,0,98b407c7ff694e30bff011becf60591f80a0369e19a531a10c3c30601e8332ec,2024-05-06T12:44:56.377000 @@ -252313,8 +252313,11 @@ CVE-2024-36264,0,0,3852f3a1f0d8a2d4f62090f3b6254d16b37a584c2a4799814e318aea1f241 CVE-2024-36265,0,0,00a9e362e8a489eb7027d68fd71b14b08824e37d9652a79a38b01c7bc61baef1,2024-06-13T21:15:57.170000 CVE-2024-36266,0,0,251ca14083666637d83281029e46640454efd455680ea38b3c5a664d41d8a836,2024-06-11T13:54:12.057000 CVE-2024-36267,0,0,5b402628b4c430b8eab614a5b3330f6f2d186537f83ff9a60bb1a91e4b3c3cac,2024-05-30T13:15:41.297000 +CVE-2024-36277,1,1,63dd18b81c9fc8c44df0e6d60c7bc7caa73ebf9b031cb82c2f5074e4399a0028,2024-06-17T08:15:48.847000 +CVE-2024-36279,1,1,378561b590c600011b335a45290d727da5402797a1196b977b3b7aeb453302a5,2024-06-17T08:15:48.980000 CVE-2024-3628,0,0,ad2a38a3d431944b5239dd67ace3bcd2603e3057c8d0a04d847db45516b0c9ea,2024-05-07T13:39:32.710000 CVE-2024-36287,0,0,7dad7370c22f073f62724eebac2c879eee476043b802bc617e62e661dfc2d306,2024-06-14T09:15:09.450000 +CVE-2024-36289,1,1,ae5fb94ad521898d947542ad2af2b7c0cff151d11fdec057b962deff46c2e40d,2024-06-17T08:15:49.063000 CVE-2024-3629,0,0,ed67d1a2dc82a6f7d8e47e5534a14b4493dd33c5e11e4c564b2ef763c111a4ba,2024-05-15T16:40:19.330000 CVE-2024-3630,0,0,1b4d82e848787accdc20ad3d430430e1a1fa399ad678a3e5fbc87f1ba9867411,2024-05-15T16:40:19.330000 CVE-2024-36302,0,0,e1f4931beacda377102258578e84cb72b47284751be4a5dc324f70f76b3c6500,2024-06-11T13:54:12.057000 @@ -253218,7 +253221,7 @@ CVE-2024-4301,0,0,7d8f056252c47ce14526f7e57454b7b6b871eb1459dd2b3842b28d98543d66 CVE-2024-4302,0,0,39865ef94639e31233f81e22f823186b850ad673927660a59987e37ec9048236,2024-04-29T12:42:03.667000 CVE-2024-4303,0,0,dc23292aa9a60d1b5e39a68c94abae91eeace7edd419d8c3c5c76a7757513679,2024-04-29T12:42:03.667000 CVE-2024-4304,0,0,26620f2e8ced99fdd3bda531b587b99eceacc7574327e1e3504df0a80354f331,2024-04-29T12:42:03.667000 -CVE-2024-4305,1,1,d35774118ecf764d0a942956bd90ab19ea9ec26ac335556caa76076ef2607ae0,2024-06-17T06:15:09.140000 +CVE-2024-4305,0,0,d35774118ecf764d0a942956bd90ab19ea9ec26ac335556caa76076ef2607ae0,2024-06-17T06:15:09.140000 CVE-2024-4306,0,0,e9aaa66e23013eeddb017fc28910aff24c8ac74d8e5a2f36c0285b37028fcebf,2024-04-29T12:42:03.667000 CVE-2024-4307,0,0,8632ca6475393105acd262617756d75d5dfc473b5ad0365976bdee020429b7af,2024-04-30T13:11:16.690000 CVE-2024-4308,0,0,c30b8d7bce14d8d06db9bf545139ec925cbf528f27e8b442e0e9c6b9a7a51847,2024-04-30T13:11:16.690000 @@ -254115,7 +254118,7 @@ CVE-2024-5638,0,0,ecd29107ace2c39372f8ad7d26b6d92a031cf986dc4e07d96162e8140ebd09 CVE-2024-5640,0,0,86163b3d741cee0a4e50ef8553f0c82f1f0c15bd48d022d2d250ef0f55c23f10,2024-06-07T14:56:05.647000 CVE-2024-5645,0,0,1faba0fd6e05694e3fff7011c206b3ecee3c45fddb7e6c575993af231224a181,2024-06-11T17:57:47.197000 CVE-2024-5646,0,0,23240aeec5f40e46e6951e19eff4b72273567c29932f06ca0851d3144bb5ebaa,2024-06-13T18:36:09.013000 -CVE-2024-5650,1,1,d150ba9135c0cbc011e01b5df5c37d308515ee8c2debc8941020c718f492c7ea,2024-06-17T07:15:41.647000 +CVE-2024-5650,0,0,d150ba9135c0cbc011e01b5df5c37d308515ee8c2debc8941020c718f492c7ea,2024-06-17T07:15:41.647000 CVE-2024-5653,0,0,283076b6ccce08ae3d1ddf9d7f5983a839d66c80929543a8a527d0bfdf86a2f9,2024-06-06T14:17:35.017000 CVE-2024-5654,0,0,e22a0b433d38e113ff7c2fe935a2ac4a2eac96ee27b605312aa4a4c8d50d69a0,2024-06-10T02:52:08.267000 CVE-2024-5656,0,0,40c34e526e2032c59043b8834b1648291001d5e69a19326cbf74d918e6c8fbc1,2024-06-13T14:15:13.397000 @@ -254248,9 +254251,10 @@ CVE-2024-6015,0,0,ce17981a2f5c1abb173d15e7815cded0a62d2475c1da467d89f43737bdc158 CVE-2024-6016,0,0,ca762f4b4cad5059b56c7cba83da0542825d18a3a76ea0906d6c1e6b2a00f540,2024-06-15T19:15:48.443000 CVE-2024-6039,0,0,b95cc2c25372a777e07390d97534935dbe452a5a533742bda3ef4325dc878c01,2024-06-16T22:15:09.360000 CVE-2024-6041,0,0,e6d63ca11ea2ff9ed09ea53c6094128fe340ff7325fdab7606f076aa9a2a1946,2024-06-16T23:15:49.417000 -CVE-2024-6042,0,0,ed54c5636265103325c04d8d2622ce50f3889c9971c74cd395d52c55b95a2414,2024-06-17T00:15:09.323000 +CVE-2024-6042,0,1,7fd15ec07025fdf2bfe5b3ea61db3e32dd9bf8f8de6ac401538e5b2f34729e50,2024-06-17T09:15:08.983000 CVE-2024-6043,0,0,ed62535c42832e37b4fd65db6511e39d988a0b0325ab18bd1d36764965ef2443,2024-06-17T01:15:49.627000 CVE-2024-6044,0,0,e7b2e64c18c97b6be6b2136ab4aca56f14648e5731c5f26d1f52a5c372063f27,2024-06-17T03:15:09.163000 CVE-2024-6045,0,0,5e79506df39ea8f7267328abe49cc0d381005956c29a9bbdf201937bde58f730,2024-06-17T04:15:09.287000 CVE-2024-6046,0,0,cf19d451114556c426f3983a5e1a8618f01d19ba531031d5d307bd6aadf6f22a,2024-06-17T04:15:09.867000 -CVE-2024-6047,1,1,33851d2173ef78ee0807d12113329874f85615006162a09982f22e0159875ef2,2024-06-17T06:15:09.237000 +CVE-2024-6047,0,0,33851d2173ef78ee0807d12113329874f85615006162a09982f22e0159875ef2,2024-06-17T06:15:09.237000 +CVE-2024-6048,1,1,4410756e8eb5df65c59c1f095305742228f1f91588f7696c391d2ae77254a57d,2024-06-17T08:15:49.150000