Auto-Update: 2024-04-15T16:00:29.960550+00:00

2025-05-08 19:47:09 +00:00 · 2024-04-15 16:03:20 +00:00 · 2024-04-15 16:03:20 +00:00 · a510f89de4
commit a510f89de4
parent 1f7a12526e
12 changed files with 650 additions and 328 deletions
--- a/CVE-2023/CVE-2023-65xx/CVE-2023-6536.json
+++ b/CVE-2023/CVE-2023-65xx/CVE-2023-6536.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-6536",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-02-07T21:15:08.733",
-  "lastModified": "2024-03-12T03:15:06.687",
+  "lastModified": "2024-04-15T14:15:07.447",
  "vulnStatus": "Modified",
  "descriptions": [
    {
@ -291,6 +291,10 @@
      "tags": [
        "Issue Tracking"
      ]
+    },
+    {
+      "url": "https://security.netapp.com/advisory/ntap-20240415-0001/",
+      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-310xx/CVE-2024-31080.json
+++ b/CVE-2024/CVE-2024-310xx/CVE-2024-31080.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-31080",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-04-04T14:15:10.330",
-  "lastModified": "2024-04-11T23:15:10.563",
+  "lastModified": "2024-04-15T14:15:07.710",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -62,6 +62,10 @@
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271997",
      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html",
+      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-310xx/CVE-2024-31081.json
+++ b/CVE-2024/CVE-2024-310xx/CVE-2024-31081.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-31081",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-04-04T14:15:10.593",
-  "lastModified": "2024-04-11T23:15:10.667",
+  "lastModified": "2024-04-15T14:15:07.830",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -62,6 +62,10 @@
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2271998",
      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html",
+      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-310xx/CVE-2024-31083.json
+++ b/CVE-2024/CVE-2024-310xx/CVE-2024-31083.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-31083",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-04-05T12:15:37.577",
-  "lastModified": "2024-04-11T23:15:10.773",
+  "lastModified": "2024-04-15T14:15:07.920",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
@ -62,6 +62,10 @@
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272000",
      "source": "secalert@redhat.com"
+    },
+    {
+      "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00009.html",
+      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3781.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3781.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-3781",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-04-15T14:15:08.013",
+  "lastModified": "2024-04-15T14:15:08.013",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Command injection vulnerability in the operating system. Improper neutralisation of special elements in Active Directory integration allows the intended command to be modified when sent to a downstream component in WBSAirback 21.02.04."
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad de inyecci\u00f3n de comandos en el sistema operativo. La neutralizaci\u00f3n inadecuada de elementos especiales en la integraci\u00f3n de Active Directory permite modificar el comando deseado cuando se env\u00eda a un componente posterior en WBSAirback 21.02.04."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.1,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3782.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3782.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-3782",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-04-15T14:15:08.213",
+  "lastModified": "2024-04-15T14:15:08.213",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Cross-Site Request Forgery vulnerability in WBSAirback 21.02.04, which could allow an attacker to create a manipulated HTML form to perform privileged actions once it is executed by a privileged user."
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad de Cross-Site Request Forgery en WBSAirback 21.02.04, que podr\u00eda permitir a un atacante crear un formulario HTML manipulado para realizar acciones privilegiadas una vez que lo ejecuta un usuario privilegiado."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-352"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3783.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3783.json
@ -0,0 +1,59 @@
+{
+  "id": "CVE-2024-3783",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-04-15T14:15:08.400",
+  "lastModified": "2024-04-15T14:15:08.400",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Backup Agents section in WBSAirback 21.02.04 is affected by a Path Traversal vulnerability, allowing a user with low privileges to download files from the system."
+    },
+    {
+      "lang": "es",
+      "value": "La secci\u00f3n agentes de respaldo en WBSAirback 21.02.04 se ve afectada por una vulnerabilidad Path Traversal, que permite a un usuario con pocos privilegios descargar archivos del sistema."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.7,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "cve-coordination@incibe.es",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-22"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3784.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3784.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-3784",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-04-15T14:15:08.600",
+  "lastModified": "2024-04-15T14:15:08.600",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through S3 Accounts (/admin/CloudAccounts). Exploitation of this vulnerability could allow a remote user to execute arbitrary code."
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad en WBSAirback 21.02.04, que implica la neutralizaci\u00f3n inadecuada de Server-Side Includes (SSI), a trav\u00e9s de Cuentas S3 (/admin/CloudAccounts). La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir que un usuario remoto ejecute c\u00f3digo arbitrario."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3785.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3785.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-3785",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-04-15T14:15:08.767",
+  "lastModified": "2024-04-15T14:15:08.767",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device NAS shared section (/admin/DeviceNAS). Exploitation of this vulnerability could allow a remote user to execute arbitrary code."
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad en WBSAirback 21.02.04, que implica la neutralizaci\u00f3n inadecuada de Server-Side Includes (SSI), a trav\u00e9s de la secci\u00f3n compartida del dispositivo NAS (/admin/DeviceNAS). La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir que un usuario remoto ejecute c\u00f3digo arbitrario."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-37xx/CVE-2024-3786.json
+++ b/CVE-2024/CVE-2024-37xx/CVE-2024-3786.json
@ -0,0 +1,47 @@
+{
+  "id": "CVE-2024-3786",
+  "sourceIdentifier": "cve-coordination@incibe.es",
+  "published": "2024-04-15T14:15:08.920",
+  "lastModified": "2024-04-15T14:15:08.920",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Vulnerability in WBSAirback 21.02.04, which involves improper neutralisation of Server-Side Includes (SSI), through Device Synchronizations (/admin/DeviceReplication). Exploitation of this vulnerability could allow a remote user to execute arbitrary code."
+    },
+    {
+      "lang": "es",
+      "value": "Vulnerabilidad en WBSAirback 21.02.04, que involucra la neutralizaci\u00f3n inadecuada de Incluye del lado del servidor (SSI), a trav\u00e9s de Sincronizaciones de dispositivos (/admin/DeviceReplication). La explotaci\u00f3n de esta vulnerabilidad podr\u00eda permitir que un usuario remoto ejecute c\u00f3digo arbitrario."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve-coordination@incibe.es",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "HIGH",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "LOW",
+          "baseScore": 6.6,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.3,
+        "impactScore": 3.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-wbsairback-white-bear-solutions",
+      "source": "cve-coordination@incibe.es"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-04-15T14:00:56.204482+00:00
+2024-04-15T16:00:29.960550+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-04-15T13:15:51.577000+00:00
+2024-04-15T14:15:08.920000+00:00
 ```

 ### Last Data Feed Release
@ -33,47 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-245587
+245593
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `6`

- [CVE-2024-24891](CVE-2024/CVE-2024-248xx/CVE-2024-24891.json) (`2024-04-15T12:15:13.233`)
- [CVE-2024-24898](CVE-2024/CVE-2024-248xx/CVE-2024-24898.json) (`2024-04-15T12:15:13.440`)
- [CVE-2024-3780](CVE-2024/CVE-2024-37xx/CVE-2024-3780.json) (`2024-04-15T12:15:13.617`)
+- [CVE-2024-3781](CVE-2024/CVE-2024-37xx/CVE-2024-3781.json) (`2024-04-15T14:15:08.013`)
+- [CVE-2024-3782](CVE-2024/CVE-2024-37xx/CVE-2024-3782.json) (`2024-04-15T14:15:08.213`)
+- [CVE-2024-3783](CVE-2024/CVE-2024-37xx/CVE-2024-3783.json) (`2024-04-15T14:15:08.400`)
+- [CVE-2024-3784](CVE-2024/CVE-2024-37xx/CVE-2024-3784.json) (`2024-04-15T14:15:08.600`)
+- [CVE-2024-3785](CVE-2024/CVE-2024-37xx/CVE-2024-3785.json) (`2024-04-15T14:15:08.767`)
+- [CVE-2024-3786](CVE-2024/CVE-2024-37xx/CVE-2024-3786.json) (`2024-04-15T14:15:08.920`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `284`
+Recently modified CVEs: `4`

- [CVE-2024-3720](CVE-2024/CVE-2024-37xx/CVE-2024-3720.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3721](CVE-2024/CVE-2024-37xx/CVE-2024-3721.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3735](CVE-2024/CVE-2024-37xx/CVE-2024-3735.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3736](CVE-2024/CVE-2024-37xx/CVE-2024-3736.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3737](CVE-2024/CVE-2024-37xx/CVE-2024-3737.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3738](CVE-2024/CVE-2024-37xx/CVE-2024-3738.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3739](CVE-2024/CVE-2024-37xx/CVE-2024-3739.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3740](CVE-2024/CVE-2024-37xx/CVE-2024-3740.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3762](CVE-2024/CVE-2024-37xx/CVE-2024-3762.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3763](CVE-2024/CVE-2024-37xx/CVE-2024-3763.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3764](CVE-2024/CVE-2024-37xx/CVE-2024-3764.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3765](CVE-2024/CVE-2024-37xx/CVE-2024-3765.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3766](CVE-2024/CVE-2024-37xx/CVE-2024-3766.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3767](CVE-2024/CVE-2024-37xx/CVE-2024-3767.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3768](CVE-2024/CVE-2024-37xx/CVE-2024-3768.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3769](CVE-2024/CVE-2024-37xx/CVE-2024-3769.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3770](CVE-2024/CVE-2024-37xx/CVE-2024-3770.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3771](CVE-2024/CVE-2024-37xx/CVE-2024-3771.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3772](CVE-2024/CVE-2024-37xx/CVE-2024-3772.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3774](CVE-2024/CVE-2024-37xx/CVE-2024-3774.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3775](CVE-2024/CVE-2024-37xx/CVE-2024-3775.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3776](CVE-2024/CVE-2024-37xx/CVE-2024-3776.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3777](CVE-2024/CVE-2024-37xx/CVE-2024-3777.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3778](CVE-2024/CVE-2024-37xx/CVE-2024-3778.json) (`2024-04-15T13:15:31.997`)
- [CVE-2024-3802](CVE-2024/CVE-2024-38xx/CVE-2024-3802.json) (`2024-04-15T13:15:31.997`)
+- [CVE-2023-6536](CVE-2023/CVE-2023-65xx/CVE-2023-6536.json) (`2024-04-15T14:15:07.447`)
+- [CVE-2024-31080](CVE-2024/CVE-2024-310xx/CVE-2024-31080.json) (`2024-04-15T14:15:07.710`)
+- [CVE-2024-31081](CVE-2024/CVE-2024-310xx/CVE-2024-31081.json) (`2024-04-15T14:15:07.830`)
+- [CVE-2024-31083](CVE-2024/CVE-2024-310xx/CVE-2024-31083.json) (`2024-04-15T14:15:07.920`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv