diff --git a/CVE-2023/CVE-2023-63xx/CVE-2023-6349.json b/CVE-2023/CVE-2023-63xx/CVE-2023-6349.json new file mode 100644 index 00000000000..6874572f006 --- /dev/null +++ b/CVE-2023/CVE-2023-63xx/CVE-2023-6349.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2023-6349", + "sourceIdentifier": "cve-coordination@google.com", + "published": "2024-05-27T12:15:08.810", + "lastModified": "2024-05-27T12:15:08.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A heap overflow vulnerability exists in libvpx -\u00a0Encoding a frame that has larger dimensions than the originally configured size with VP9 may result in a heap overflow in libvpx.\nWe recommend upgrading to version 1.13.1 or above" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "cve-coordination@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://crbug.com/webm/1642", + "source": "cve-coordination@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3381.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3381.json new file mode 100644 index 00000000000..6e87155758c --- /dev/null +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3381.json @@ -0,0 +1,15 @@ +{ + "id": "CVE-2024-3381", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-05-27T13:15:08.490", + "lastModified": "2024-05-27T13:15:08.490", + "vulnStatus": "Rejected", + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5405.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5405.json new file mode 100644 index 00000000000..42ed885bc91 --- /dev/null +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5405.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5405", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-05-27T12:15:09.067", + "lastModified": "2024-05-27T12:15:09.067", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via\u00a0/tools/redis.php page in the k, hash, key and p parameters. This vulnerability could allow a remote user to submit a specially crafted JavaScript payload for an authenticated user to retrieve their session details." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winnmp-wtriple", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5406.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5406.json new file mode 100644 index 00000000000..959399a56a9 --- /dev/null +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5406.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5406", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-05-27T12:15:09.333", + "lastModified": "2024-05-27T12:15:09.333", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability had been discovered in WinNMP 19.02 consisting of an XSS attack via\u00a0index page in from, subject, text and hash parameters. This vulnerability could allow a remote user to send a specially crafted query to an authenticated user and steal their session details." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-winnmp-wtriple", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5407.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5407.json new file mode 100644 index 00000000000..c78969b00f8 --- /dev/null +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5407.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-5407", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-05-27T13:15:08.573", + "lastModified": "2024-05-27T13:15:08.573", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the \"search\" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/josepsanzcamp/RhinOS", + "source": "cve-coordination@incibe.es" + }, + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5408.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5408.json new file mode 100644 index 00000000000..2daee6970cb --- /dev/null +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5408.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-5408", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-05-27T13:15:08.817", + "lastModified": "2024-05-27T13:15:08.817", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the \"search\" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/josepsanzcamp/RhinOS", + "source": "cve-coordination@incibe.es" + }, + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5409.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5409.json new file mode 100644 index 00000000000..cffad3cfa4c --- /dev/null +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5409.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-5409", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-05-27T13:15:09.040", + "lastModified": "2024-05-27T13:15:09.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "RhinOS 3.0-1190 is vulnerable to an XSS via the \"tamper\" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/josepsanzcamp/RhinOS", + "source": "cve-coordination@incibe.es" + }, + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rhinos-saltos", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 149ec0e076d..27a9909777f 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-27T12:00:58.250278+00:00 +2024-05-27T14:01:09.648917+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-27T11:15:08.710000+00:00 +2024-05-27T13:15:09.040000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -251857 +251864 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `7` -- [CVE-2024-36383](CVE-2024/CVE-2024-363xx/CVE-2024-36383.json) (`2024-05-27T11:15:08.710`) +- [CVE-2023-6349](CVE-2023/CVE-2023-63xx/CVE-2023-6349.json) (`2024-05-27T12:15:08.810`) +- [CVE-2024-3381](CVE-2024/CVE-2024-33xx/CVE-2024-3381.json) (`2024-05-27T13:15:08.490`) +- [CVE-2024-5405](CVE-2024/CVE-2024-54xx/CVE-2024-5405.json) (`2024-05-27T12:15:09.067`) +- [CVE-2024-5406](CVE-2024/CVE-2024-54xx/CVE-2024-5406.json) (`2024-05-27T12:15:09.333`) +- [CVE-2024-5407](CVE-2024/CVE-2024-54xx/CVE-2024-5407.json) (`2024-05-27T13:15:08.573`) +- [CVE-2024-5408](CVE-2024/CVE-2024-54xx/CVE-2024-5408.json) (`2024-05-27T13:15:08.817`) +- [CVE-2024-5409](CVE-2024/CVE-2024-54xx/CVE-2024-5409.json) (`2024-05-27T13:15:09.040`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 7de12cf34d8..aac6ae72180 100644 --- a/_state.csv +++ b/_state.csv @@ -239364,6 +239364,7 @@ CVE-2023-6345,0,0,a9d7fbb37b5bedc60cc374c5aba487da97d8bafd2dd093fe7949f604d257b7 CVE-2023-6346,0,0,c40bf8c265a92108ff97f9d05c1f66ae31d46069c960237aa0eb79c96f65109d,2024-01-31T17:15:23.213000 CVE-2023-6347,0,0,d95524d2c228513203a102be0e94cb621b285684af6da72197460b84ebeb516d,2024-01-31T17:15:23.647000 CVE-2023-6348,0,0,706b82708bceb6844e727704576bb420554258a8d74eede78820e3034fd2985c,2024-01-31T17:15:23.980000 +CVE-2023-6349,1,1,339d13717e8ecfab2196bb13c6a4404b7b127f771b20585d94508cfec3aacc82,2024-05-27T12:15:08.810000 CVE-2023-6350,0,0,9d7ad504737b94d45fc95132d0bdf31e98f4b10c438be5a55687a8cc1730d327,2024-01-31T17:15:24.350000 CVE-2023-6351,0,0,b642b9477c499dc985ed242dcc1430092dc5faffae820429036d91341cf9907b,2024-01-31T17:15:24.673000 CVE-2023-6352,0,0,a7c9f6deee309d44509b6c9208a201145230316f41723e551e729328a3c70e36,2023-12-11T14:40:41.233000 @@ -249841,6 +249842,7 @@ CVE-2024-33791,0,0,2786e7a8195c6ad972434c0d7a30a33f957fdd2fdd91aaac75f6ce3fbef54 CVE-2024-33792,0,0,7e8694e2bb2a659e8d08c902362d29026ff1c04595111f0bccc0fd7b0663e1e1,2024-05-07T05:15:51.893000 CVE-2024-33793,0,0,1bdbd66edb6a4ee81475ab628b3dbabe390dd8c440854dad95c22ae762967d37,2024-05-07T06:15:08.720000 CVE-2024-33809,0,0,a9244b7bac7a01a848ecf7adc4839dcc7ecaf56436a02182e43d1bf648cb6641,2024-05-24T18:09:20.027000 +CVE-2024-3381,1,1,2675878f918c9740671fc065cc6afea6b859e07b3f755ce74555424e09b49f5d,2024-05-27T13:15:08.490000 CVE-2024-33818,0,0,fcf08ee825495c7c9196412d6a7ac485908da9a914b001b572e82e64bc2af5f7,2024-05-14T16:12:23.490000 CVE-2024-33819,0,0,27ebf543bf09f96d296185f9994673eb8c5aa230fac1ef1d22da8e6b7ccd2158,2024-05-14T16:12:23.490000 CVE-2024-3382,0,0,359ee56c09e0a2a64315ebc823efc4b55ab60390ccbf48a0550f896cf550e0d4,2024-04-10T19:49:51.183000 @@ -250818,7 +250820,7 @@ CVE-2024-3631,0,0,52e896a80c9b063fda6224c04771bbd75f72f78e3d3636ccff4bb724fd1661 CVE-2024-3634,0,0,940ae4dd6e92f9452379e49ccdcd29aa6fe6e9bda25faf9f7045c78090371ae8,2024-05-15T16:40:19.330000 CVE-2024-36361,0,0,f38f7877ee2fdf122f5bc8d2352bd0aed642365f6f8794612d7f1076f7aeed30,2024-05-24T13:03:05.093000 CVE-2024-3637,0,0,e0d8ef5f7498633f88592f7b832da01e95be5d925cdaa67450761833b0152a3c,2024-05-03T12:48:41.067000 -CVE-2024-36383,1,1,dd2d731676f21cacd8273346cbb59f1ab2515383e717d10c6f16475bc29b966b,2024-05-27T11:15:08.710000 +CVE-2024-36383,0,0,dd2d731676f21cacd8273346cbb59f1ab2515383e717d10c6f16475bc29b966b,2024-05-27T11:15:08.710000 CVE-2024-36384,0,0,a0d79da3fdcabd7b9bb7cff9348fa87578adddb020086454394ad176d2bb39e2,2024-05-27T04:15:09.143000 CVE-2024-3640,0,0,abbf5a33cbca708fe19710dda7a796491ae1d1614e9cd03f43d6cddef8b09500,2024-05-17T18:36:31.297000 CVE-2024-3641,0,0,c281de95cce057acff2793609e8f843aad579a2f0257c0c2e0b6442733e87b14,2024-05-16T13:03:05.353000 @@ -251856,3 +251858,8 @@ CVE-2024-5397,0,0,127f0e4aebb20af982b9f8f3c5e3c610f094604b0e4dbcdf747a9ca9a9d17d CVE-2024-5399,0,0,11939ed21acc3c5ec586746ddde14b797a390e121836283682232169079970b5,2024-05-27T04:15:09.300000 CVE-2024-5400,0,0,3934e126a75210a22708febe3829ce6c46f46cc7e12a3a7182ec01f8e6ac35ad,2024-05-27T06:15:10.620000 CVE-2024-5403,0,0,ed1d166ca6bf87c091bd718e3e0b00502f1d612d8d3d042e4dc422513dd0bdef,2024-05-27T07:15:09.530000 +CVE-2024-5405,1,1,49942e4a68a09244f074abab0118a3e725704e492551d35caf34af31201462e6,2024-05-27T12:15:09.067000 +CVE-2024-5406,1,1,8388cdb5206a2260ff3ef4be55e5195b9526275a7722f69924ed74fee613c514,2024-05-27T12:15:09.333000 +CVE-2024-5407,1,1,f6f018cb73591d5951317cf6cb9418428e5bc3ae925c84689b3ce2d5c483f30a,2024-05-27T13:15:08.573000 +CVE-2024-5408,1,1,219da37207b714ce9e3524b5c58f50d48db58bc623cbb609140a8131f93b7a65,2024-05-27T13:15:08.817000 +CVE-2024-5409,1,1,dc5f7da4fafab5ffa6fcbfdf146c0d675a15daf5a8580fc3a389221d5de44817,2024-05-27T13:15:09.040000