Auto-Update: 2024-04-09T06:00:30.472719+00:00

CVE-2024/CVE-2024-16xx/CVE-2024-1664.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-1664",
+  "sourceIdentifier": "contact@wpscan.com",
+  "published": "2024-04-09T05:15:47.703",
+  "lastModified": "2024-04-09T05:15:47.703",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Responsive Gallery Grid WordPress plugin before 2.3.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://wpscan.com/vulnerability/fc3beca7-af38-4ab2-b05f-13b47d042b85/",
+      "source": "contact@wpscan.com"
+    }
+  ]
+}

CVE-2024/CVE-2024-306xx/CVE-2024-30679.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-30679",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-09T04:15:10.087",
+  "lastModified": "2024-04-09T04:15:10.087",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in the default configurations of ROS2 Iron Irwini ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows unauthenticated attackers to authenticate using default credentials."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/yashpatelphd/CVE-2024-30679",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-306xx/CVE-2024-30680.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-30680",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-09T04:15:10.583",
+  "lastModified": "2024-04-09T04:15:10.583",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Shell injection vulnerability was discovered in ROS2 (Robot Operating System 2) Iron Irwini in versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code escalate privileges, and obtain sensitive information due to the way ROS2 handles shell command execution in components like command interpreters or interfaces that process external inputs."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/yashpatelphd/CVE-2024-30680",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-306xx/CVE-2024-30681.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-30681",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-09T04:15:10.747",
+  "lastModified": "2024-04-09T04:15:10.747",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An OS command injection vulnerability has been discovered in ROS2 Iron Irwini version ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the command processing or system call components in ROS2."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/yashpatelphd/CVE-2024-30681",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-306xx/CVE-2024-30683.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-30683",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-09T04:15:10.877",
+  "lastModified": "2024-04-09T04:15:10.877",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "A buffer overflow vulnerability has been discovered in the C++ components of ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via improper handling of arrays or strings."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/yashpatelphd/CVE-2024-30683",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-306xx/CVE-2024-30684.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-30684",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-09T05:15:47.807",
+  "lastModified": "2024-04-09T05:15:47.807",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An insecure logging vulnerability has been identified within ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to access sensitive information via inadequate security measures implemented within the logging mechanisms of ROS2."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/yashpatelphd/CVE-2024-30684",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-306xx/CVE-2024-30686.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-30686",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-09T05:15:47.853",
+  "lastModified": "2024-04-09T05:15:47.853",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An issue was discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows remote attackers to execute arbitrary code via packages or nodes within the ROS2 system."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/yashpatelphd/CVE-2024-30686",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-306xx/CVE-2024-30687.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-30687",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-09T05:15:47.920",
+  "lastModified": "2024-04-09T05:15:47.920",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An insecure deserialization vulnerability has been identified in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted input to the Data Serialization and Deserialization Components, Inter-Process Communication Mechanisms, and Network Communication Interfaces."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/yashpatelphd/CVE-2024-30687",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-306xx/CVE-2024-30688.json

@@ -0,0 +1,20 @@
+{
+  "id": "CVE-2024-30688",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-04-09T05:15:47.980",
+  "lastModified": "2024-04-09T05:15:47.980",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "An arbitrary file upload vulnerability has been discovered in ROS2 Iron Irwini versions ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code via a crafted payload to the file upload mechanism of the ROS2 system, including the server\u2019s functionality for handling file uploads and the associated validation processes."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/yashpatelphd/CVE-2024-30688",
+      "source": "cve@mitre.org"
+    }
+  ]
+}

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-04-09T04:00:38.328110+00:00
+2024-04-09T06:00:30.472719+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-04-09T03:15:07.830000+00:00
+2024-04-09T05:15:47.980000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,15 +33,22 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-244504
+244513
 ```
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `2`
+Recently added CVEs: `9`
 
-- [CVE-2024-30676](CVE-2024/CVE-2024-306xx/CVE-2024-30676.json) (`2024-04-09T03:15:07.763`)
-- [CVE-2024-30678](CVE-2024/CVE-2024-306xx/CVE-2024-30678.json) (`2024-04-09T03:15:07.830`)
+- [CVE-2024-1664](CVE-2024/CVE-2024-16xx/CVE-2024-1664.json) (`2024-04-09T05:15:47.703`)
+- [CVE-2024-30679](CVE-2024/CVE-2024-306xx/CVE-2024-30679.json) (`2024-04-09T04:15:10.087`)
+- [CVE-2024-30680](CVE-2024/CVE-2024-306xx/CVE-2024-30680.json) (`2024-04-09T04:15:10.583`)
+- [CVE-2024-30681](CVE-2024/CVE-2024-306xx/CVE-2024-30681.json) (`2024-04-09T04:15:10.747`)
+- [CVE-2024-30683](CVE-2024/CVE-2024-306xx/CVE-2024-30683.json) (`2024-04-09T04:15:10.877`)
+- [CVE-2024-30684](CVE-2024/CVE-2024-306xx/CVE-2024-30684.json) (`2024-04-09T05:15:47.807`)
+- [CVE-2024-30686](CVE-2024/CVE-2024-306xx/CVE-2024-30686.json) (`2024-04-09T05:15:47.853`)
+- [CVE-2024-30687](CVE-2024/CVE-2024-306xx/CVE-2024-30687.json) (`2024-04-09T05:15:47.920`)
+- [CVE-2024-30688](CVE-2024/CVE-2024-306xx/CVE-2024-30688.json) (`2024-04-09T05:15:47.980`)
 
 
 ### CVEs modified in the last Commit

_state.csv

@@ -239326,6 +239326,7 @@ CVE-2024-1653,0,0,875a0ad46333e774de4f895ea6a9ead74cdbdb6ae6c4ddb02a960bfb85513a
 CVE-2024-1654,0,0,ac0509f6deb6f3ed4a3e95d25ed4dd3bdd67f0f87914e461aded05c6f6644ae7,2024-03-14T12:52:09.877000
 CVE-2024-1658,0,0,bd2757c2314dc2f8bd52ce15b18a6ca41069d2e3f9ff401d7a725ad82b1db09d,2024-03-18T19:40:00.173000
 CVE-2024-1661,0,0,f00eb2f2c3ce60fab79d51162055435d68cf3cf34607838bd07b04f2f9625a7f,2024-03-21T02:51:44.103000
+CVE-2024-1664,1,1,d44b304f4d2e9fb868c37e41062a28e28d439c03500b6ce19eb20ded1c1b3e37,2024-04-09T05:15:47.703000
 CVE-2024-1668,0,0,5ab0efbb5f521102a265a18c62e4efdda2d28d47a9245ca5f6f130ff2a6275be,2024-03-13T18:15:58.530000
 CVE-2024-1669,0,0,3362eeabf5b6399fda046d3f728ab967509d79cc74a91c5ce260a94031135ec7,2024-02-26T16:27:52.577000
 CVE-2024-1670,0,0,ae75c94f0b29c0a28e4a7c87bcbb408051ef24e0c713cce4805624b9b431840f,2024-02-26T16:27:52.643000
@@ -244192,8 +244193,16 @@ CVE-2024-30667,0,0,ff284e163d8506ead82a88e1e0195d7345f11e18d3b36d2dad51ac5fe6f1c
 CVE-2024-30672,0,0,5f03fe7211bd8d45b5928b91a5ac0350abcfb5c5194aa5b0296fc94c9e863bc2,2024-04-08T18:48:40.217000
 CVE-2024-30674,0,0,6ed6c67e9f9314eaeb2be25e85ad7999c533cc1beb21c8cb467ab7a893f16710,2024-04-08T18:48:40.217000
 CVE-2024-30675,0,0,8b91a2fb611ecb3c19dd6a14ce9d54a86e8a20f268f642c9f4e164c260b50edd,2024-04-08T18:48:40.217000
-CVE-2024-30676,1,1,2a073dd564e86e695eb2f919b139d388a2d6007b80e09fcf5430f574293c04d1,2024-04-09T03:15:07.763000
-CVE-2024-30678,1,1,ef2be53ace00dddfb9477c2105eab4a719d2b1864b4c7a0736a5393b059f1a2f,2024-04-09T03:15:07.830000
+CVE-2024-30676,0,0,2a073dd564e86e695eb2f919b139d388a2d6007b80e09fcf5430f574293c04d1,2024-04-09T03:15:07.763000
+CVE-2024-30678,0,0,ef2be53ace00dddfb9477c2105eab4a719d2b1864b4c7a0736a5393b059f1a2f,2024-04-09T03:15:07.830000
+CVE-2024-30679,1,1,6f05a7fd5aff6056f1cd0ac249bbcd7614976a073740a795bbdcf43e4db0951d,2024-04-09T04:15:10.087000
+CVE-2024-30680,1,1,0db6be591c415718737384ee863de3874b3c91f1f1f8d6ff4a25940f4a6fadbe,2024-04-09T04:15:10.583000
+CVE-2024-30681,1,1,8cce67f169b8935564837b759c0252e1d62dcd48e7bcfe48dfbbecb14ddf135e,2024-04-09T04:15:10.747000
+CVE-2024-30683,1,1,b7621d84f614230c0df5165592f4f5b9dfd62300b10a45fd3e9810b90ac95d0f,2024-04-09T04:15:10.877000
+CVE-2024-30684,1,1,9be1f5115249bab85819d159de79365c3e4b80b2ec8ce819e9edf872119e3ac8,2024-04-09T05:15:47.807000
+CVE-2024-30686,1,1,541ea82cba3076dc93b4cf3d209232d5820c095c8704cbaf1cc6fac7df5cb046,2024-04-09T05:15:47.853000
+CVE-2024-30687,1,1,d41d39118a6364deb76328cc8c97b0d3e4e72fc3b9af23bace5281a4fd92503f,2024-04-09T05:15:47.920000
+CVE-2024-30688,1,1,e87ed7a45faf17208575ce7e369e08e5fc2c6646724b14c3d5b68e746ee07a95,2024-04-09T05:15:47.980000
 CVE-2024-3077,0,0,df42d4a62ceb1c6a6275b9b1d36ac8da42c0ae3505d0e07beac8238605b5504b,2024-03-29T12:45:02.937000
 CVE-2024-3078,0,0,cde724dd3faba12829b2b6702d06fc6a91a021819aa4d3333d39ab34ce48e248,2024-03-29T13:28:22.880000
 CVE-2024-30806,0,0,3c4bbd71defb52c4de24f9ad1626459edef6b60997b976e6d74aead4ee0b3b0f,2024-04-02T20:31:58.463000