From a1b26177615628bc96e788dab57872d967ef37b6 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 4 Sep 2024 12:03:22 +0000 Subject: [PATCH] Auto-Update: 2024-09-04T12:00:23.390906+00:00 --- CVE-2024/CVE-2024-08xx/CVE-2024-0874.json | 6 +- CVE-2024/CVE-2024-449xx/CVE-2024-44946.json | 114 ++++++++++++++++++-- CVE-2024/CVE-2024-452xx/CVE-2024-45269.json | 75 +++++++++++-- CVE-2024/CVE-2024-452xx/CVE-2024-45270.json | 75 +++++++++++-- CVE-2024/CVE-2024-78xx/CVE-2024-7821.json | 16 +++ CVE-2024/CVE-2024-83xx/CVE-2024-8366.json | 71 ++++++++++-- CVE-2024/CVE-2024-84xx/CVE-2024-8413.json | 56 ++++++++++ README.md | 22 ++-- _state.csv | 22 ++-- 9 files changed, 411 insertions(+), 46 deletions(-) create mode 100644 CVE-2024/CVE-2024-78xx/CVE-2024-7821.json create mode 100644 CVE-2024/CVE-2024-84xx/CVE-2024-8413.json diff --git a/CVE-2024/CVE-2024-08xx/CVE-2024-0874.json b/CVE-2024/CVE-2024-08xx/CVE-2024-0874.json index a4c9fb5e933..3ee239fa77f 100644 --- a/CVE-2024/CVE-2024-08xx/CVE-2024-0874.json +++ b/CVE-2024/CVE-2024-08xx/CVE-2024-0874.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0874", "sourceIdentifier": "secalert@redhat.com", "published": "2024-04-25T17:15:47.083", - "lastModified": "2024-08-02T13:16:02.740", + "lastModified": "2024-09-04T11:15:12.400", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -60,6 +60,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:4850", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:6009", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0874", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-449xx/CVE-2024-44946.json b/CVE-2024/CVE-2024-449xx/CVE-2024-44946.json index f55071ba3de..18b8f454f68 100644 --- a/CVE-2024/CVE-2024-449xx/CVE-2024-44946.json +++ b/CVE-2024/CVE-2024-449xx/CVE-2024-44946.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44946", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-08-31T14:15:04.320", - "lastModified": "2024-09-03T12:59:02.453", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-04T10:30:42.877", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,123 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: kcm: serializar kcm_sendmsg() para el mismo socket. syzkaller inform\u00f3 de UAF en kcm_release(). [0] El escenario es 1. El hilo A crea un skb con MSG_MORE y establece kcm->seq_skb. 2. El hilo A reanuda la creaci\u00f3n de skb desde kcm->seq_skb, pero es bloqueado por sk_stream_wait_memory() 3. El hilo B llama a sendmsg() simult\u00e1neamente, termina de crear kcm->seq_skb y coloca el skb en la cola de escritura 4. El hilo A enfrenta un error y finalmente libera el skb que ya est\u00e1 en la cola de escritura 5. kcm_release() libera dos veces el skb en la cola de escritura Cuando un hilo est\u00e1 creando un skb MSG_MORE, otro hilo no debe tocarlo. Agreguemos un mutex por sk y serialicemos kcm_sendmsg(). [0]: BUG: KASAN: slab-use-after-free in __skb_unlink include/linux/skbuff.h:2366 [inline] BUG: KASAN: slab-use-after-free in __skb_dequeue include/linux/skbuff.h:2385 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] BUG: KASAN: slab-use-after-free in __skb_queue_purge include/linux/skbuff.h:3181 [inline] BUG: KASAN: slab-use-after-free in kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 Read of size 8 at addr ffff0000ced0fc80 by task syz-executor329/6167 CPU: 1 PID: 6167 Comm: syz-executor329 Tainted: G B 6.8.0-rc5-syzkaller-g9abbc24128bc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/25/2024 Call trace: dump_backtrace+0x1b8/0x1e4 arch/arm64/kernel/stacktrace.c:291 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:298 __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd0/0x124 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0x178/0x518 mm/kasan/report.c:488 kasan_report+0xd8/0x138 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 __skb_unlink include/linux/skbuff.h:2366 [inline] __skb_dequeue include/linux/skbuff.h:2385 [inline] __skb_queue_purge_reason include/linux/skbuff.h:3175 [inline] __skb_queue_purge include/linux/skbuff.h:3181 [inline] kcm_release+0x170/0x4c8 net/kcm/kcmsock.c:1691 __sock_release net/socket.c:659 [inline] sock_close+0xa4/0x1e8 net/socket.c:1421 __fput+0x30c/0x738 fs/file_table.c:376 ____fput+0x20/0x30 fs/file_table.c:404 task_work_run+0x230/0x2e0 kernel/task_work.c:180 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0x618/0x1f64 kernel/exit.c:871 do_group_exit+0x194/0x22c kernel/exit.c:1020 get_signal+0x1500/0x15ec kernel/signal.c:2893 do_signal+0x23c/0x3b44 arch/arm64/kernel/signal.c:1249 do_notify_resume+0x74/0x1f4 arch/arm64/kernel/entry-common.c:148 exit_to_user_mode_prepare arch/arm64/kernel/entry-common.c:169 [inline] exit_to_user_mode arch/arm64/kernel/entry-common.c:178 [inline] el0_svc+0xac/0x168 arch/arm64/kernel/entry-common.c:713 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Allocated by task 6166: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x40/0x78 mm/kasan/common.c:68 kasan_save_alloc_info+0x70/0x84 mm/kasan/generic.c:626 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x74/0x8c mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_node+0x204/0x4c0 mm/slub.c:3903 __alloc_skb+0x19c/0x3d8 net/core/skbuff.c:641 alloc_skb include/linux/skbuff.h:1296 [inline] kcm_sendmsg+0x1d3c/0x2124 net/kcm/kcmsock.c:783 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x220/0x2c0 net/socket.c:768 splice_to_socket+0x7cc/0xd58 fs/splice.c:889 do_splice_from fs/splice.c:941 [inline] direct_splice_actor+0xec/0x1d8 fs/splice.c:1164 splice_direct_to_actor+0x438/0xa0c fs/splice.c:1108 do_splice_direct_actor ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.6", + "versionEndExcluding": "6.1.107", + "matchCriteriaId": "90446753-6047-4C19-AD2D-8691C846DDB3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.48", + "matchCriteriaId": "9DE9201A-CE6B-4726-BABB-8265EA0F8AE4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.7", + "matchCriteriaId": "D2AFDFD1-D95A-4EB7-843B-5E7659518B67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/00425508f30baa5ab6449a1f478480ca7cffa6da", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/72da240aafb142630cf16adc803ccdacb3780849", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/807067bf014d4a3ae2cc55bd3de16f22a01eb580", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9c8d544ed619f704e2b70e63e08ab75630c2ea23", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45269.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45269.json index b1505b2cbf3..e7366507747 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45269.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45269.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45269", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-02T00:15:11.680", - "lastModified": "2024-09-03T12:59:02.453", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-04T11:49:36.950", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,82 @@ "value": "El complemento \"Carousel Slider\" de WordPress proporcionado por Sayful Islam contiene una vulnerabilidad de cross-site request forgery en la funci\u00f3n de selecci\u00f3n de im\u00e1genes de Carousel. Al iniciar sesi\u00f3n en el sitio de WordPress con el complemento Carousel Slider habilitado, acceder a una p\u00e1gina creada puede hacer que un usuario altere el contenido del sitio de WordPress." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:majeedraza:carousel_slider:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.0", + "matchCriteriaId": "762166A4-E06E-4987-94A7-FF2D11CD4487" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sayful1/carousel-slider", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product", + "Release Notes" + ] }, { "url": "https://jvn.jp/en/jp/JVN25264194/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://wordpress.org/plugins/carousel-slider/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45270.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45270.json index 068772c588c..62ce11c3cc1 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45270.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45270.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45270", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-09-02T00:15:11.767", - "lastModified": "2024-09-03T12:59:02.453", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-04T11:51:30.887", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,82 @@ "value": "El complemento \"Carousel Slider\" de WordPress proporcionado por Sayful Islam contiene una vulnerabilidad de cross-site request forgery en la funci\u00f3n de selecci\u00f3n de im\u00e1genes de h\u00e9roe. Mientras se est\u00e1 conectado al sitio de WordPress con el complemento Carousel Slider habilitado, acceder a una p\u00e1gina creada puede hacer que un usuario altere el contenido del sitio de WordPress." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:majeedraza:carousel_slider:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.2.4", + "matchCriteriaId": "E8ACB7DA-024D-468C-9531-70BF01212001" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/sayful1/carousel-slider", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product", + "Release Notes" + ] }, { "url": "https://jvn.jp/en/jp/JVN25264194/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://wordpress.org/plugins/carousel-slider/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7821.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7821.json new file mode 100644 index 00000000000..f261d6dec70 --- /dev/null +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7821.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2024-7821", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-09-04T10:15:03.553", + "lastModified": "2024-09-04T10:15:03.553", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-83xx/CVE-2024-8366.json b/CVE-2024/CVE-2024-83xx/CVE-2024-8366.json index 07472391df4..31a6958e75b 100644 --- a/CVE-2024/CVE-2024-83xx/CVE-2024-8366.json +++ b/CVE-2024/CVE-2024-83xx/CVE-2024-8366.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8366", "sourceIdentifier": "cna@vuldb.com", "published": "2024-08-31T18:15:13.257", - "lastModified": "2024-09-03T12:59:02.453", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-04T11:26:49.020", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -109,6 +129,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +150,51 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:pharmacy_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "9943605C-820A-4C9A-8A5E-1BA71F57F048" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://vuldb.com/?ctiid.276261", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.276261", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.398777", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-84xx/CVE-2024-8413.json b/CVE-2024/CVE-2024-84xx/CVE-2024-8413.json new file mode 100644 index 00000000000..54e76d9142a --- /dev/null +++ b/CVE-2024/CVE-2024-84xx/CVE-2024-8413.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-8413", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-09-04T11:15:12.780", + "lastModified": "2024-09-04T11:15:12.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting (XSS) vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerability by sending a specially crafted JavaScript payload to an authenticated user and partially hijacking their session details.\n\nReferences list" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-xss-raspcontrol", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 5f6a0e85a20..22959720f19 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-04T10:00:17.593280+00:00 +2024-09-04T12:00:23.390906+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-04T09:15:04.977000+00:00 +2024-09-04T11:51:30.887000+00:00 ``` ### Last Data Feed Release @@ -33,24 +33,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -261853 +261855 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `2` -- [CVE-2024-45195](CVE-2024/CVE-2024-451xx/CVE-2024-45195.json) (`2024-09-04T09:15:04.397`) -- [CVE-2024-45507](CVE-2024/CVE-2024-455xx/CVE-2024-45507.json) (`2024-09-04T09:15:04.520`) -- [CVE-2024-7870](CVE-2024/CVE-2024-78xx/CVE-2024-7870.json) (`2024-09-04T09:15:04.660`) -- [CVE-2024-8289](CVE-2024/CVE-2024-82xx/CVE-2024-8289.json) (`2024-09-04T09:15:04.977`) -- [CVE-2024-8318](CVE-2024/CVE-2024-83xx/CVE-2024-8318.json) (`2024-09-04T08:15:03.167`) +- [CVE-2024-7821](CVE-2024/CVE-2024-78xx/CVE-2024-7821.json) (`2024-09-04T10:15:03.553`) +- [CVE-2024-8413](CVE-2024/CVE-2024-84xx/CVE-2024-8413.json) (`2024-09-04T11:15:12.780`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `5` +- [CVE-2024-0874](CVE-2024/CVE-2024-08xx/CVE-2024-0874.json) (`2024-09-04T11:15:12.400`) +- [CVE-2024-44946](CVE-2024/CVE-2024-449xx/CVE-2024-44946.json) (`2024-09-04T10:30:42.877`) +- [CVE-2024-45269](CVE-2024/CVE-2024-452xx/CVE-2024-45269.json) (`2024-09-04T11:49:36.950`) +- [CVE-2024-45270](CVE-2024/CVE-2024-452xx/CVE-2024-45270.json) (`2024-09-04T11:51:30.887`) +- [CVE-2024-8366](CVE-2024/CVE-2024-83xx/CVE-2024-8366.json) (`2024-09-04T11:26:49.020`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 2bbb4ff36ea..7be2e6b58ec 100644 --- a/_state.csv +++ b/_state.csv @@ -241880,7 +241880,7 @@ CVE-2024-0870,0,0,81c9458cce7cc0e61b7169edfd34a4893d929270ea38d26c7d47585fceda22 CVE-2024-0871,0,0,2a81c9221f676df23b70ee25b96f92b79bd7fe2d47d83d3cf9575aeab8537ea4,2024-03-13T18:16:18.563000 CVE-2024-0872,0,0,59570f703919134c83976c0a589bd002a09343b74061ad8cfeb778f494366fb8,2024-04-10T13:24:00.070000 CVE-2024-0873,0,0,0d017532f0822fb01a43bd5a5b6fb8ed2d6c3075b76ac0b6436fcb6d890c9423,2024-04-10T13:24:00.070000 -CVE-2024-0874,0,0,0d06d41ad980e2c2fabe0273b7dabf70fd4ee5748515375a76f42170d33e1729,2024-08-02T13:16:02.740000 +CVE-2024-0874,0,1,836685a63fa1b3dd3b3946eb84f633d0e60c91977bbcad5ba4fa4496d5daaf2b,2024-09-04T11:15:12.400000 CVE-2024-0879,0,0,40ca4d922e04a74721c93cda9d6ef307a09b39f845db5f9dd6db6b694e034cf2,2024-01-31T19:16:07.630000 CVE-2024-0880,0,0,44431bf4f01e73978bc2a282db63f61857269e71b91d3e3d902140e76c6dd1ce,2024-05-17T02:35:00.317000 CVE-2024-0881,0,0,98f221da2ce5b910f526cf4601e71f3a4679fdd70405fdedbf2c41fb491a9b53,2024-08-30T13:15:12.190000 @@ -258879,7 +258879,7 @@ CVE-2024-44942,0,0,17b37362bd3ba24b1a5ce481b72105519e3d684fbcb26bdd0327529225c43 CVE-2024-44943,0,0,5bf597bf2fa044f6eb0ba2afa66eeb4ae405658ddc3b2a597c7fedca3c5f2035,2024-08-28T12:57:17.117000 CVE-2024-44944,0,0,9d04637232a0ef520df300c879d5cc54bad658bb5749e19928008538f4b841f0,2024-09-03T14:49:19.227000 CVE-2024-44945,0,0,a3745a898858327b7fbd2ec8b66c922f7135590f07273b0fe5d696fead01dfa7,2024-09-03T12:59:02.453000 -CVE-2024-44946,0,0,bde7ad6a01f44be414c4bd3445317849337d69127ec3a8ea5812ab15acbffb3b,2024-09-03T12:59:02.453000 +CVE-2024-44946,0,1,840622fa40396f381092981f094105f5a4b5018ba8d0e3ad2fd20e8f17321db7,2024-09-04T10:30:42.877000 CVE-2024-44947,0,0,302d818ccd9e40f7bfb098ff4a6341ad3e0925adc3de08e949498bcabcb806a4,2024-09-03T12:59:02.453000 CVE-2024-4495,0,0,cb1d8bc801c43f7ab8180176a646c9e39a56603c1305eac804522af3adac0fa8,2024-05-17T02:40:25.167000 CVE-2024-4496,0,0,6e858d3d5b48b877aff577f900a80fd10c799bd74cdf4188d346fa0d13641a80,2024-06-04T19:20:39.340000 @@ -258934,7 +258934,7 @@ CVE-2024-45190,0,0,d66cd4c54a74e68d49ead3a1a738b5a5af6006ce6c10ee38db19e97b19943 CVE-2024-45191,0,0,8410bc983e36e5828d4c81d5e10811b72eb1342d768b1b1249b7ba20875ec3a3,2024-09-01T22:15:13.697000 CVE-2024-45192,0,0,5da4aeb150ce1f250e3c04f3741f974ba0c69f3ea24005aed7598a0020d8fabe,2024-09-01T22:15:13.880000 CVE-2024-45193,0,0,1554745324792bf9e818f523be327d3eb138b0a7e9f93b1f1c9abf081b45aade,2024-09-01T22:15:13.943000 -CVE-2024-45195,1,1,cdafc12e5104e432ed5e7efa91ca71d1d0149897c54ce1859e27f9f2213091c2,2024-09-04T09:15:04.397000 +CVE-2024-45195,0,0,cdafc12e5104e432ed5e7efa91ca71d1d0149897c54ce1859e27f9f2213091c2,2024-09-04T09:15:04.397000 CVE-2024-4520,0,0,b2949348c863aeabf77cf8262dadc8a1301ac645ed88723ebde503df8cb28e51,2024-06-11T17:02:16.967000 CVE-2024-45201,0,0,83db05d7484ca5c2638e18e64e3b5c06d28a9caaae332ad6d01f844ea902b04a,2024-08-23T16:18:28.547000 CVE-2024-4521,0,0,a1d240438f25322e21494c2ddd2f5ee26b23410f012534bc2c27a0a49b09a860,2024-06-04T19:20:41.223000 @@ -258958,9 +258958,9 @@ CVE-2024-45258,0,0,20ee97d2eb3a83f8d2a7be46b53936d32dfd424c455ff5dc5358a331a56de CVE-2024-4526,0,0,87a45e4eb41404ceb4b9ba3ca9513f18cac2687a381a0d6211a80485bbac625a,2024-06-04T19:20:41.720000 CVE-2024-45264,0,0,822145f9a1da648532bc7a1b41e14edccb94fd2d8996f04c204c8fc97c8f117a,2024-08-30T15:02:34.610000 CVE-2024-45265,0,0,32b1057978cea9d5f5845b9f4e3926bb7432d8755213d6bbe9f6e3c948032919,2024-08-27T14:35:12.220000 -CVE-2024-45269,0,0,328232f4e6013b81872032b3d2c987ce8019a102862b2806b0bb5d3a9cab042a,2024-09-03T12:59:02.453000 +CVE-2024-45269,0,1,930c2dda66909b7393cc3daf8d8e0bcb8066c589d45124dd784354d0c2c32ffd,2024-09-04T11:49:36.950000 CVE-2024-4527,0,0,c7ad79186f39af6c4287cf90f197f2ec298291b738fc5af7e4ddede8b4e9adfb,2024-06-04T19:20:41.810000 -CVE-2024-45270,0,0,85266ba30af5929d87dfba263cddcdfe8d0c39a6d8ab6685433b5391e9b08217,2024-09-03T12:59:02.453000 +CVE-2024-45270,0,1,c7af37af49333c30529c68858eecc171381f5cb95414149d25997e187a81c107,2024-09-04T11:51:30.887000 CVE-2024-4528,0,0,7b720d00d965c73e07e6aefd4c36ac932b079840a05c5efc530ca8c4800fb595,2024-06-04T19:20:41.917000 CVE-2024-4529,0,0,5fbb4c14219ef7d51954458b7780a68dbee769876e9489db6e9ba34bd68834fa,2024-07-03T02:07:42.220000 CVE-2024-4530,0,0,6b78f15ba2a60e96a20ff176cd49d228ee37f0e30a4b3e696092a717f8a23e27,2024-05-28T12:39:28.377000 @@ -259017,7 +259017,7 @@ CVE-2024-4549,0,0,e09f9cdaebb6118867e13a9d3ab643eb98c9f9e356cd137ad04d5c4afde157 CVE-2024-45490,0,0,540514ff834e3c0b6fe4ca0c9a351c7af66437b260e35f3424d90136724978ba,2024-08-30T19:35:07.050000 CVE-2024-45491,0,0,d50817a58309934ce1e6c9f069c18968451a3af67ad0b3f9c4ed58ff8571c85d,2024-08-30T14:35:09.057000 CVE-2024-45492,0,0,cab4c5ca84baf34dea16b84281c2356a238ac9571c230c2d937a4646809be15a,2024-08-30T14:35:09.790000 -CVE-2024-45507,1,1,63cdf9aa14c0ea74031dc14c75c05ee0984698ebbe4ac382ca28ab2a55f0ef28,2024-09-04T09:15:04.520000 +CVE-2024-45507,0,0,63cdf9aa14c0ea74031dc14c75c05ee0984698ebbe4ac382ca28ab2a55f0ef28,2024-09-04T09:15:04.520000 CVE-2024-45508,0,0,ede56f3905b1dcc10c04b3d644571c8107eb04ace8141ef25c182c6bbe150155,2024-09-03T15:35:11.293000 CVE-2024-45509,0,0,7ae0701701e527eeb1a65d0426f01f3918ecf13457164c0117e7a52864e5dc08,2024-09-03T15:35:12.080000 CVE-2024-4551,0,0,5eadeaa2a7f21f0b3297f45277617c137a52e984170b931f9145e745d378c040,2024-06-17T12:42:04.623000 @@ -261559,6 +261559,7 @@ CVE-2024-7812,0,0,7d23c7651a18766135526d086e05755f7342e9775f0f39e533e1590484eb2e CVE-2024-7813,0,0,660725c7439a0ec1a8a527e4f36d939d7005bd8e1713b07e4bd27cf3728c3f7f,2024-08-19T18:16:48.327000 CVE-2024-7814,0,0,77d672b90a1329b486901cf23b6e584004769dc821cc49b3c03fcd61d7b51c38,2024-08-19T18:31:16.473000 CVE-2024-7815,0,0,414a9ddc4da9ca2a40da2f6f1d9c0348a16eb40238a0ca5a655b1ae9bc8cc665,2024-08-19T18:32:00.617000 +CVE-2024-7821,1,1,a6cbf4229b3ac9caad2c13358d94e9d25b2f946f0353199ff2ed2717953ff2a4,2024-09-04T10:15:03.553000 CVE-2024-7827,0,0,20afe3aa4a313fb97b1d97a1cbf5257a0701f273bd3d99d4148b86bfbef51981,2024-08-20T15:44:20.567000 CVE-2024-7828,0,0,e3115575bb7dae7cb27cdf5edd1f5d03fa0744cba105509a33368f4e132d9ca7,2024-08-19T18:33:17.583000 CVE-2024-7829,0,0,3634da4931045efa2221e4dd20ed9805c5f347e47423b6602d3467d4b2db62e9,2024-08-19T18:34:00.040000 @@ -261587,7 +261588,7 @@ CVE-2024-7858,0,0,dbe22e1f02da632a108fdb9c096b7008488e7f6cd1024c2ca6a33d2456cc06 CVE-2024-7866,0,0,4c0cb0c858c0ff2de3d3bc9c6187348080bb51d5934bb16167513e626d441be5,2024-08-20T19:23:02.780000 CVE-2024-7867,0,0,cc4e8e2cbae6cc9c2393332b56b3dc1a7160836d4b3b7919e8d1234e73599a3b,2024-08-28T21:59:33.973000 CVE-2024-7868,0,0,426aac72107d4f020c4b4c2ec1e49b6873953f44556989351b1605a1e98035d8,2024-08-19T13:00:23.117000 -CVE-2024-7870,1,1,b250ee641ec38a02db3a5a758a0bc4eab293e891c58e8e02e617e323d301ec42,2024-09-04T09:15:04.660000 +CVE-2024-7870,0,0,b250ee641ec38a02db3a5a758a0bc4eab293e891c58e8e02e617e323d301ec42,2024-09-04T09:15:04.660000 CVE-2024-7871,0,0,2c328bdd5eb833a0c2cdd650bf9983700c0e0f359ad3da892ab737e8787bc1bc,2024-09-03T12:59:02.453000 CVE-2024-7885,0,0,53926a53ab4f71fc31c04b79b6d61e8c39bb180f373c05a721578db45aa87a6a,2024-08-23T17:05:24.343000 CVE-2024-7886,0,0,b8c1f856b8479c6982faa8a2fc4a6d8b2480e045b8b096d9bd3b8640a06eb6f3,2024-08-19T13:00:23.117000 @@ -261798,7 +261799,7 @@ CVE-2024-8260,0,0,80de48284b9b1f60542ccd162f62ac34372df44b6034ef82705622d907f322 CVE-2024-8274,0,0,81f15088246893eaf3249a3304ee5d5199071263c8883a7f9f22c293a16a376a,2024-09-03T14:28:06.853000 CVE-2024-8276,0,0,6d091b531458424cc4635f6e051f410dabbe91d1101fd761130b66815a93f34d,2024-09-03T12:59:02.453000 CVE-2024-8285,0,0,3b0be068594bf7034dac9ef4fa68f5d83c55fdc692ee8082bd0a6e0eca73c78a,2024-09-03T12:59:02.453000 -CVE-2024-8289,1,1,8abfef3a2f5989871cc859d9bbb0c18860417b43aaf9f5041b0aeef750c4eea7,2024-09-04T09:15:04.977000 +CVE-2024-8289,0,0,8abfef3a2f5989871cc859d9bbb0c18860417b43aaf9f5041b0aeef750c4eea7,2024-09-04T09:15:04.977000 CVE-2024-8294,0,0,76cafe7a1838d9cd0244706a299f12cd4ba69ef653952654db2fa070ca07bd0d,2024-08-30T15:38:13.437000 CVE-2024-8295,0,0,907331a3a97a6618443e3aff92f4e758c3135b25ca0d9fb01d74d067e9cd6716,2024-08-30T15:37:41.510000 CVE-2024-8296,0,0,e31c225486c181d770097ee2f86386b9a5d776a033c8c4a5860d3ba550c9de51,2024-08-30T15:36:36.383000 @@ -261808,7 +261809,7 @@ CVE-2024-8301,0,0,517ca402c22af2219c7d5e72c26f25471bc06be609f1fc004544a29726452f CVE-2024-8302,0,0,bda50b555854cd31882c0ef2167f779bd3ff1746a67f4e225a03fe8a32f42f3f,2024-08-30T13:00:05.390000 CVE-2024-8303,0,0,7d291660edacb98ef58ef33c4f7785c68c1ad74e546b2f9d99bc765dad9ef6ed,2024-08-30T13:00:05.390000 CVE-2024-8304,0,0,02fe3479f6e17fb07e472eabe123127bcfa4991aa0aa38b065a739eef0a9393c,2024-08-30T13:00:05.390000 -CVE-2024-8318,1,1,36dd592d15466c1237fa3297c96f420fa0abebabd15b3c32cd2005f8137d0409,2024-09-04T08:15:03.167000 +CVE-2024-8318,0,0,36dd592d15466c1237fa3297c96f420fa0abebabd15b3c32cd2005f8137d0409,2024-09-04T08:15:03.167000 CVE-2024-8319,0,0,19bee7e43deb1719502aef7eb4c05b0fb28cffea0ae04999821f01ddbcc0e265,2024-09-03T14:43:13.787000 CVE-2024-8325,0,0,618f072111937b2543d3b7dee95e28ca3a3393fee12a22e196fc16fdb45d3602,2024-09-04T06:15:17.657000 CVE-2024-8327,0,0,90ce1c0d5f2bf16169e6685e1181bb32bc7482e79f281a32577436dff63843d4,2024-08-30T13:00:05.390000 @@ -261835,7 +261836,7 @@ CVE-2024-8347,0,0,f378304bad132e1fe8ab7ce77e9900ef7bd30b779db5a43daec9479c5b4ff2 CVE-2024-8348,0,0,e9c7a689c9c3358ae92d1f6cfe0169cecaa626880b5382f148983a377fe43677,2024-09-03T12:59:02.453000 CVE-2024-8362,0,0,04b2d14446101ffa95f88da5e5db97fc1570651c65c9e307be50262d8777355b,2024-09-03T23:15:23.933000 CVE-2024-8365,0,0,6b096e2916d276a090b51412ab1dac14b65c506c007678b1e1eba80f19fe636f,2024-09-03T12:59:02.453000 -CVE-2024-8366,0,0,289304ced3600bcbe677d955e304ef0b3ec32239db793be5e51dd86a202837ba,2024-09-03T12:59:02.453000 +CVE-2024-8366,0,1,be663b51eff047ef5324516e3dc05e341a7647978df6a6f91fe297f3f5c5eb50,2024-09-04T11:26:49.020000 CVE-2024-8367,0,0,5172ded1dd5d5dccb77f0059a7c6495922e642ce8e52859a1f0a60d7fb927bb9,2024-09-03T12:59:02.453000 CVE-2024-8368,0,0,e7e5b26d7b7405775320cdcede5a20a801cf8fd2fd5d2c94eef71d16b702c5d1,2024-09-03T12:59:02.453000 CVE-2024-8370,0,0,64120d391bac6f64ab186b0c09a7545128a19dc5df44f367c6d51bbce7b58a09,2024-09-03T14:15:17.787000 @@ -261852,3 +261853,4 @@ CVE-2024-8387,0,0,a3a4ffd386669c751e51534334429c7aa7719b496d6c236587ca9f3124ab59 CVE-2024-8388,0,0,fe5700fbfa44251541892935d34e117d24a52d265fc210840d61b4c99ed842ff,2024-09-03T15:12:16.467000 CVE-2024-8389,0,0,2a0ca530b7b6eb915d2e5cb6434892ad982bd6d94765b32fce372846982f2195,2024-09-03T16:35:17.947000 CVE-2024-8399,0,0,c43179ebf394f67d58ebeabe5adc04d9934dae295353f6033d5b6ea1496e4f62,2024-09-03T20:15:09.430000 +CVE-2024-8413,1,1,31f945b943fa0681a96714225a63b69c96df1a1450eee06974ceb087fe75c77e,2024-09-04T11:15:12.780000