Auto-Update: 2024-05-27T14:01:09.648917+00:00

2025-05-08 11:37:26 +00:00 · 2024-05-27 14:04:01 +00:00 · 2024-05-27 14:04:01 +00:00 · 9ce3d1afdd
commit 9ce3d1afdd
parent 4ffcd6fa89
9 changed files with 353 additions and 6 deletions
--- a/CVE-2023/CVE-2023-63xx/CVE-2023-6349.json
+++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6349.json
@ -0,0 +1,32 @@
+{
+  "id": "CVE-2023-6349",
+  "sourceIdentifier": "cve-coordination@google.com",
+  "published": "2024-05-27T12:15:08.810",
+  "lastModified": "2024-05-27T12:15:08.810",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A heap overflow vulnerability exists in libvpx -\u00a0Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx.\nWe recommend upgrading to version 1.13.1 or above"
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "cve-coordination@google.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-122"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://crbug.com/webm/1642",
+      "source": "cve-coordination@google.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-33xx/CVE-2024-3381.json
+++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3381.json
@ -0,0 +1,15 @@
+{
+  "id": "CVE-2024-3381",
+  "sourceIdentifier": "security@huntr.dev",
+  "published": "2024-05-27T13:15:08.490",
+  "lastModified": "2024-05-27T13:15:08.490",
+  "vulnStatus": "Rejected",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/CVE-2024/CVE-2024-54xx/CVE-2024-5405.json
+++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5405.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-5405",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-05-27T12:15:09.067",
+  "lastModified": "2024-05-27T12:15:09.067",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via\u00a0/tools/redis.php page in the k, hash, key and p parameters. This vulnerability could allow a remote user to submit a specially crafted JavaScript payload for an authenticated user to retrieve their session details."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winnmp-wtriple",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-54xx/CVE-2024-5406.json
+++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5406.json
@ -0,0 +1,55 @@
+{
+  "id": "CVE-2024-5406",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-05-27T12:15:09.333",
+  "lastModified": "2024-05-27T12:15:09.333",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via\u00a0index page in from, subject, text and hash parameters. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their session details."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winnmp-wtriple",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-54xx/CVE-2024-5407.json
+++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5407.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-5407",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-05-27T13:15:08.573",
+  "lastModified": "2024-05-27T13:15:08.573",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the \"search\" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 10.0,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/josepsanzcamp/RhinOS",
+      "source": "cve-coordination@incibe.es"
+    },
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-54xx/CVE-2024-5408.json
+++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5408.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-5408",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-05-27T13:15:08.817",
+  "lastModified": "2024-05-27T13:15:08.817",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the \"search\" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/josepsanzcamp/RhinOS",
+      "source": "cve-coordination@incibe.es"
+    },
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-54xx/CVE-2024-5409.json
+++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5409.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-5409",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-05-27T13:15:09.040",
+  "lastModified": "2024-05-27T13:15:09.040",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "RhinOS 3.0-1190 is vulnerable to an XSS via the \"tamper\" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 7.1,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/josepsanzcamp/RhinOS",
+      "source": "cve-coordination@incibe.es"
+    },
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-05-27T12:00:58.250278+00:00
+2024-05-27T14:01:09.648917+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-05-27T11:15:08.710000+00:00
+2024-05-27T13:15:09.040000+00:00
 ```

 ### Last Data Feed Release
@ -33,14 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-251857
+251864
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `1`
+Recently added CVEs: `7`

- [CVE-2024-36383](CVE-2024/CVE-2024-363xx/CVE-2024-36383.json) (`2024-05-27T11:15:08.710`)
+- [CVE-2023-6349](CVE-2023/CVE-2023-63xx/CVE-2023-6349.json) (`2024-05-27T12:15:08.810`)
+- [CVE-2024-3381](CVE-2024/CVE-2024-33xx/CVE-2024-3381.json) (`2024-05-27T13:15:08.490`)
+- [CVE-2024-5405](CVE-2024/CVE-2024-54xx/CVE-2024-5405.json) (`2024-05-27T12:15:09.067`)
+- [CVE-2024-5406](CVE-2024/CVE-2024-54xx/CVE-2024-5406.json) (`2024-05-27T12:15:09.333`)
+- [CVE-2024-5407](CVE-2024/CVE-2024-54xx/CVE-2024-5407.json) (`2024-05-27T13:15:08.573`)
+- [CVE-2024-5408](CVE-2024/CVE-2024-54xx/CVE-2024-5408.json) (`2024-05-27T13:15:08.817`)
+- [CVE-2024-5409](CVE-2024/CVE-2024-54xx/CVE-2024-5409.json) (`2024-05-27T13:15:09.040`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -239364,6 +239364,7 @@ CVE-2023-6345,0,0,a9d7fbb37b5bedc60cc374c5aba487da97d8bafd2dd093fe7949f604d257b7
 CVE-2023-6346,0,0,c40bf8c265a92108ff97f9d05c1f66ae31d46069c960237aa0eb79c96f65109d,2024-01-31T17:15:23.213000
 CVE-2023-6347,0,0,d95524d2c228513203a102be0e94cb621b285684af6da72197460b84ebeb516d,2024-01-31T17:15:23.647000
 CVE-2023-6348,0,0,706b82708bceb6844e727704576bb420554258a8d74eede78820e3034fd2985c,2024-01-31T17:15:23.980000
+CVE-2023-6349,1,1,339d13717e8ecfab2196bb13c6a4404b7b127f771b20585d94508cfec3aacc82,2024-05-27T12:15:08.810000
 CVE-2023-6350,0,0,9d7ad504737b94d45fc95132d0bdf31e98f4b10c438be5a55687a8cc1730d327,2024-01-31T17:15:24.350000
 CVE-2023-6351,0,0,b642b9477c499dc985ed242dcc1430092dc5faffae820429036d91341cf9907b,2024-01-31T17:15:24.673000
 CVE-2023-6352,0,0,a7c9f6deee309d44509b6c9208a201145230316f41723e551e729328a3c70e36,2023-12-11T14:40:41.233000
@ -249841,6 +249842,7 @@ CVE-2024-33791,0,0,2786e7a8195c6ad972434c0d7a30a33f957fdd2fdd91aaac75f6ce3fbef54
 CVE-2024-33792,0,0,7e8694e2bb2a659e8d08c902362d29026ff1c04595111f0bccc0fd7b0663e1e1,2024-05-07T05:15:51.893000
 CVE-2024-33793,0,0,1bdbd66edb6a4ee81475ab628b3dbabe390dd8c440854dad95c22ae762967d37,2024-05-07T06:15:08.720000
 CVE-2024-33809,0,0,a9244b7bac7a01a848ecf7adc4839dcc7ecaf56436a02182e43d1bf648cb6641,2024-05-24T18:09:20.027000
+CVE-2024-3381,1,1,2675878f918c9740671fc065cc6afea6b859e07b3f755ce74555424e09b49f5d,2024-05-27T13:15:08.490000
 CVE-2024-33818,0,0,fcf08ee825495c7c9196412d6a7ac485908da9a914b001b572e82e64bc2af5f7,2024-05-14T16:12:23.490000
 CVE-2024-33819,0,0,27ebf543bf09f96d296185f9994673eb8c5aa230fac1ef1d22da8e6b7ccd2158,2024-05-14T16:12:23.490000
 CVE-2024-3382,0,0,359ee56c09e0a2a64315ebc823efc4b55ab60390ccbf48a0550f896cf550e0d4,2024-04-10T19:49:51.183000
@ -250818,7 +250820,7 @@ CVE-2024-3631,0,0,52e896a80c9b063fda6224c04771bbd75f72f78e3d3636ccff4bb724fd1661
 CVE-2024-3634,0,0,940ae4dd6e92f9452379e49ccdcd29aa6fe6e9bda25faf9f7045c78090371ae8,2024-05-15T16:40:19.330000
 CVE-2024-36361,0,0,f38f7877ee2fdf122f5bc8d2352bd0aed642365f6f8794612d7f1076f7aeed30,2024-05-24T13:03:05.093000
 CVE-2024-3637,0,0,e0d8ef5f7498633f88592f7b832da01e95be5d925cdaa67450761833b0152a3c,2024-05-03T12:48:41.067000
-CVE-2024-36383,1,1,dd2d731676f21cacd8273346cbb59f1ab2515383e717d10c6f16475bc29b966b,2024-05-27T11:15:08.710000
+CVE-2024-36383,0,0,dd2d731676f21cacd8273346cbb59f1ab2515383e717d10c6f16475bc29b966b,2024-05-27T11:15:08.710000
 CVE-2024-36384,0,0,a0d79da3fdcabd7b9bb7cff9348fa87578adddb020086454394ad176d2bb39e2,2024-05-27T04:15:09.143000
 CVE-2024-3640,0,0,abbf5a33cbca708fe19710dda7a796491ae1d1614e9cd03f43d6cddef8b09500,2024-05-17T18:36:31.297000
 CVE-2024-3641,0,0,c281de95cce057acff2793609e8f843aad579a2f0257c0c2e0b6442733e87b14,2024-05-16T13:03:05.353000
@ -251856,3 +251858,8 @@ CVE-2024-5397,0,0,127f0e4aebb20af982b9f8f3c5e3c610f094604b0e4dbcdf747a9ca9a9d17d
 CVE-2024-5399,0,0,11939ed21acc3c5ec586746ddde14b797a390e121836283682232169079970b5,2024-05-27T04:15:09.300000
 CVE-2024-5400,0,0,3934e126a75210a22708febe3829ce6c46f46cc7e12a3a7182ec01f8e6ac35ad,2024-05-27T06:15:10.620000
 CVE-2024-5403,0,0,ed1d166ca6bf87c091bd718e3e0b00502f1d612d8d3d042e4dc422513dd0bdef,2024-05-27T07:15:09.530000
+CVE-2024-5405,1,1,49942e4a68a09244f074abab0118a3e725704e492551d35caf34af31201462e6,2024-05-27T12:15:09.067000
+CVE-2024-5406,1,1,8388cdb5206a2260ff3ef4be55e5195b9526275a7722f69924ed74fee613c514,2024-05-27T12:15:09.333000
+CVE-2024-5407,1,1,f6f018cb73591d5951317cf6cb9418428e5bc3ae925c84689b3ce2d5c483f30a,2024-05-27T13:15:08.573000
+CVE-2024-5408,1,1,219da37207b714ce9e3524b5c58f50d48db58bc623cbb609140a8131f93b7a65,2024-05-27T13:15:08.817000
+CVE-2024-5409,1,1,dc5f7da4fafab5ffa6fcbfdf146c0d675a15daf5a8580fc3a389221d5de44817,2024-05-27T13:15:09.040000