admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-07 19:16:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-04-10T18:00:30.750444+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-04-10 18:03:20 +00:00
parent 83fa394806
commit b61806ad73
70 changed files with 4473 additions and 665 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
CVE-2021/CVE-2021-469xx/CVE-2021-46926.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46926",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.320",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-04-10T16:26:55.390",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,74 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda: intel-sdw-acpi: reforzar la detecci\u00f3n del controlador El c\u00f3digo existente actualmente establece un puntero a un identificador ACPI antes de verificar que en realidad es un controlador SoundWire. Esto puede provocar problemas en los que el recorrido del gr\u00e1fico contin\u00faa y finalmente falla, pero el puntero ya estaba configurado. Este parche cambia la l\u00f3gica para que la informaci\u00f3n proporcionada a la persona que llama se establezca cuando se encuentra un controlador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.13",
"matchCriteriaId": "593B86F2-A429-462E-84F5-AA4BA0DA61A3"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/385f287f9853da402d94278e59f594501c1d1dad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cce476954401e3421afafb25bbaa926050688b1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

70
CVE-2021/CVE-2021-469xx/CVE-2021-46927.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46927",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.410",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-04-10T16:25:32.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,15 +14,75 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nitro_enclaves: use la llamada get_user_pages_unlocked() para manejar mmap afirmar. Despu\u00e9s del commit 5b78ed24e8ec (\"mm/pagemap: agregue anotaciones mmap_assert_locked() a find_vma*()\"), la llamada a get_user_pages( ) activar\u00e1 la afirmaci\u00f3n mmap. est\u00e1tico en l\u00ednea void mmap_assert_locked(struct mm_struct *mm) { lockdep_assert_held(&mm->mmap_lock); VM_BUG_ON_MM(!rwsem_is_locked(&mm->mmap_lock), mm); } [62.521410] \u00a1ERROR del kernel en include/linux/mmap_lock.h:156! ................................................. ......... [ 62.538938] RIP: 0010:find_vma+0x32/0x80 ................................. ................................. [ 62.605889] Seguimiento de llamadas: [ 62.608502] [ 62.610956] ? LOCK_TIMER_BASE+0x61/0x80 [62.614106] find_extend_vma+0x19/0x80 [62.617195] __get_user_pages+0x9b/0x6a0 [62.6203356] __guup_longter_locked+0x42d/0x450 [62.620356] terminar_esperar+0x41/0x80 [62.626748]? __kmalloc+0x178/0x2f0 [ 62.629768] ne_set_user_memory_region_ioctl.isra.0+0x225/0x6a0 [nitro_enclaves] [ 62.635776] ne_enclave_ioctl+0x1cf/0x6d7 [nitro_enclaves] [ 62.639541] __x64 _sys_ioctl+0x82/0xb0 [ 62.642620] do_syscall_64+0x3b/0x90 [ 62.645642] Entry_SYSCALL_64_after_hwframe+0x44/0xae Utilice get_user_pages_unlocked() al configurar las regiones de memoria del enclave. Es un patr\u00f3n similar al mmap_read_lock() usado junto con get_user_pages()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.0",
"versionEndExcluding": "5.15.13",
"matchCriteriaId": "8CC64BCA-D219-487C-A123-4C470FE30AB2"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3a0152b219523227c2a62a0a122cf99608287176",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/90d2beed5e753805c5eab656b8d48257638fe543",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

81
CVE-2021/CVE-2021-469xx/CVE-2021-46928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46928",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.517",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-04-10T16:29:19.867",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,88 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: parisc: borra el valor IIR obsoleto en la trampa de derechos de acceso a instrucciones Cuando ocurre una trampa 7 (derechos de acceso a instrucciones), esto significa que la CPU no pudo ejecutar una instrucci\u00f3n debido a que faltan permisos de ejecuci\u00f3n en la regi\u00f3n de la memoria. En este caso, parece que la CPU ni siquiera obtuvo la instrucci\u00f3n de la memoria y, por lo tanto, no la almacen\u00f3 en el registro cr19 (IIR) antes de llamar al controlador de trampas. Entonces, el manejador de trampas encontrar\u00e1 alg\u00fan valor obsoleto aleatorio en cr19. Este parche simplemente sobrescribe el valor IIR obsoleto con un valor m\u00e1gico constante de \"mala comida\" (0xbaadf00d), con la esperanza de que la gente no empiece a intentar comprender los diversos valores IIR aleatorios en los volcados de la trampa 7."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.90",
"matchCriteriaId": "61DD4F08-4AE9-4FE1-8E26-1BD1C74B6B2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.0",
"versionEndExcluding": "5.15.13",
"matchCriteriaId": "083E0940-932B-447B-A6B2-677DAE27FD04"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/484730e5862f6b872dca13840bed40fd7c60fa26",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d01e9ce1af6116f812491d3d3873d204f10ae0b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e96373f0a5f484bc1e193f9951dcb3adf24bf3f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

118
CVE-2021/CVE-2021-469xx/CVE-2021-46929.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46929",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.573",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-04-10T17:05:51.133",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,31 +14,131 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sctp: use call_rcu para liberar el endpoint. Este parche tiene como objetivo retrasar la liberaci\u00f3n del endpoint llamando a call_rcu() para solucionar otro problema de use-after-free en sctp_sock_dump(): ERROR: KASAN: use-after-free en __lock_acquire+0x36d9/0x4c20 Rastreo de llamadas: __lock_acquire+0x36d9/0x4c20 kernel/locking/lockdep.c:3218 lock_acquire+0x1ed/0x520 kernel/locking/lockdep.c:3844 __raw_spin_lock_bh include/linux/spinlock_api_smp.h :135 [en l\u00ednea] _raw_spin_lock_bh+0x31/0x40 kernel/locking/spinlock.c:168 spin_lock_bh include/linux/spinlock.h:334 [en l\u00ednea] __lock_sock+0x203/0x350 net/core/sock.c:2253 lock_sock_nested+0xfe/ 0x120 net/core/sock.c:2774 lock_sock include/net/sock.h:1492 [en l\u00ednea] sctp_sock_dump+0x122/0xb20 net/sctp/diag.c:324 sctp_for_each_transport+0x2b5/0x370 net/sctp/socket.c: 5091 sctp_diag_dump+0x3ac/0x660 net/sctp/diag.c:527 __inet_diag_dump+0xa8/0x140 net/ipv4/inet_diag.c:1049 inet_diag_dump+0x9b/0x110 net/ipv4/inet_diag.c:1065 netlink_dump+0x6 06/0x1080 neto/ netlink/af_netlink.c:2244 __netlink_dump_start+0x59a/0x7c0 net/netlink/af_netlink.c:2352 netlink_dump_start include/linux/netlink.h:216 [en l\u00ednea] inet_diag_handler_cmd+0x2ce/0x3f0 net/ipv4/inet_diag.c:1170 __sock_diag_cm re neto /core/sock_diag.c:232 [en l\u00ednea] sock_diag_rcv_msg+0x31d/0x410 net/core/sock_diag.c:263 netlink_rcv_skb+0x172/0x440 net/netlink/af_netlink.c:2477 sock_diag_rcv+0x2a/0x40 net/core/sock_diag. c:274 Este problema ocurre cuando se quita asoc y se libera el sk antiguo despu\u00e9s de obtenerlo mediante asoc->base.sk y antes de llamar a lock_sock(sk). Para evitar que sk se libere, como titular de sk, ep debe estar activo al llamar a lock_sock(). Este parche usa call_rcu() y mueve sock_put y ep free a sctp_endpoint_destroy_rcu(), por lo que es seguro intentar mantener el ep bajo rcu_read_lock en sctp_transport_traverse_process(). Si sctp_endpoint_hold() devuelve verdadero, significa que este ep todav\u00eda est\u00e1 vivo, lo hemos retenido y podemos continuar descart\u00e1ndolo; Si devuelve falso, significa que este ep est\u00e1 muerto y puede liberarse despu\u00e9s de rcu_read_unlock, y debemos omitirlo. En sctp_sock_dump(), despu\u00e9s de bloquear el sk, si este ep es diferente de tsp->asoc->ep, significa que durante este volcado, este asoc se elimin\u00f3 antes de llamar a lock_sock(), y el sk debe omitirse; Si este ep es el mismo con tsp->asoc->ep, significa que no se produce ning\u00fan despegue en este asoc y, debido a lock_sock, tampoco se producir\u00e1 ning\u00fan despegue hasta que se libere_sock. Tenga en cuenta que retrasar la liberaci\u00f3n del endpoint no retrasar\u00e1 la liberaci\u00f3n del puerto, ya que la liberaci\u00f3n del puerto ocurre en sctp_endpoint_destroy() antes de llamar a call_rcu(). Adem\u00e1s, liberar el endpoint mediante call_rcu() hace que sea seguro acceder a sk mediante asoc->base.sk en sctp_assocs_seq_show() y sctp_rcv(). Gracias Jones por plantear este problema. v1->v2: - mejorar el registro de cambios. - agregue kfree(ep) a sctp_endpoint_destroy_rcu(), como not\u00f3 Jakub."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.0",
"versionEndExcluding": "4.14.261",
"matchCriteriaId": "D04E4F21-CE5F-4E9D-A182-492968E35204"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15.0",
"versionEndExcluding": "4.19.224",
"matchCriteriaId": "B34A1353-506A-4AB9-87EC-CD50F09DFB8A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20.0",
"versionEndExcluding": "5.4.170",
"matchCriteriaId": "56D16FBB-453E-4316-A027-E517828203D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.0",
"versionEndExcluding": "5.10.90",
"matchCriteriaId": "C87FB3FD-3E74-4588-A1A4-B9BA8AE0C06B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.0",
"versionEndExcluding": "5.15.13",
"matchCriteriaId": "083E0940-932B-447B-A6B2-677DAE27FD04"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5ec7d18d1813a5bead0b495045606c93873aecbb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/75799e71df1da11394740b43ae5686646179561d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/769d14abd35e0e153b5149c3e1e989a9d719e3ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/831de271452b87657fcf8d715ee20519b79caef5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8873140f95d4977bf37e4cf0d5c5e3f6e34cdd3e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/af6e6e58f7ebf86b4e7201694b1e4f3a62cbc3ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2021/CVE-2021-469xx/CVE-2021-46930.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46930",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.637",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-04-10T16:39:23.653",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: mtu3: correcci\u00f3n de advertencia de verificaci\u00f3n de list_head Esto se debe a la desinicializaci\u00f3n de list_head. ERROR: KASAN: uso despu\u00e9s de la liberaci\u00f3n en __list_del_entry_valid+0x34/0xe4 Rastreo de llamadas: dump_backtrace+0x0/0x298 show_stack+0x24/0x34 dump_stack+0x130/0x1a8 print_address_description+0x88/0x56c __kasan_report+0x1b8/0x2a0 kasan_report +0x14/0x20 __asan_load8+ 0x9c/0xa0 __list_del_entry_valid+0x34/0xe4 mtu3_req_complete+0x4c/0x300 [mtu3] mtu3_gadget_stop+0x168/0x448 [mtu3] usb_gadget_unregister_driver+0x204/0x3a0 unregister_gadget_item+0x44/0xa4"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2.0",
"versionEndExcluding": "5.4.170",
"matchCriteriaId": "F16D775D-ABA7-4B59-864E-A4F31BF976B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.0",
"versionEndExcluding": "5.10.90",
"matchCriteriaId": "C87FB3FD-3E74-4588-A1A4-B9BA8AE0C06B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.0",
"versionEndExcluding": "5.15.13",
"matchCriteriaId": "083E0940-932B-447B-A6B2-677DAE27FD04"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/249ddfbe00570d6dc76208e88017937d4d374c79",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3b6efe0b7ba03cc2acf0694b46d6ff33c5b4c295",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/585e2b244dda7ea733274e4b8fa27853d625d3bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8c313e3bfd9adae8d5c4ba1cc696dcbc86fbf9bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2021/CVE-2021-469xx/CVE-2021-46931.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-46931",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-27T10:15:07.690",
"lastModified": "2024-02-27T14:20:06.637",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-04-10T16:31:14.667",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,19 +14,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: envuelve la devoluci\u00f3n de llamada del volcado de tx reporter para extraer el sq. La funci\u00f3n mlx5e_tx_reporter_dump_sq() lanza su argumento void * a la estructura mlx5e_txqsq *, pero en el flujo TX-timeout-recovery el argumento en realidad es de tipo struct mlx5e_tx_timeout_ctx *. mlx5_core 0000: 08: 00.1 enp8s0f1: tx timeout detectado mlx5_core 0000: 08: 00.1 enp8s0f1: tx timeout en cola: 1, sq: 0x11ec, cq: 0x146d, sq consecuencia: 0x0 sq prod: 0x1, usecs desde el \u00faltimo trans: 21565000 : la p\u00e1gina de protecci\u00f3n de pila fue visitada en 0000000093f1a2de (la pila es 00000000b66ea0dc..000000004d932dae) Desbordamiento de pila del kernel (fallo de p\u00e1gina): 0000 [#1] SMP NOPTI CPU: 5 PID: 95 Comm: kworker/u20:1 Contaminado: GW OE 5.13. 0_mlnx #1 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 Cola de trabajo: mlx5e mlx5e_tx_timeout_work [mlx5_core] RIP: 0010:mlx5e_tx_reporter_ volcado_sq +0xd3/0x180 [mlx5_core] Seguimiento de llamadas: mlx5e_tx_reporter_dump+0x43/0x1c0 [mlx5_core] devlink_health_do_dump.part.91+0x71/0xd0 devlink_health_report+0x157/0x1b0 mlx5e_reporter_tx_timeout+0xb9/0xf0 [ml x5_core] ? mlx5e_tx_reporter_err_cqe_recover+0x1d0/0x1d0 [mlx5_core] ? mlx5e_health_queue_dump+0xd0/0xd0 [mlx5_core] ? update_load_avg+0x19b/0x550? set_next_entity+0x72/0x80? pick_next_task_fair+0x227/0x340? Finish_task_switch+0xa2/0x280 mlx5e_tx_timeout_work+0x83/0xb0 [mlx5_core] Process_one_work+0x1de/0x3a0 trabajador_thread+0x2d/0x3c0? proceso_one_work+0x3a0/0x3a0 kthread+0x115/0x130 ? kthread_park+0x90/0x90 ret_from_fork+0x1f/0x30 --[ end trace 51ccabea504edaff ]--- RIP: 0010:mlx5e_tx_reporter_dump_sq+0xd3/0x180 PKRU: 55555554 P\u00e1nico del kernel - no sincronizado: excepci\u00f3n fatal Compensaci\u00f3n del kernel: final deshabilitado P\u00e1nico del kernel - no sincronizar : Excepci\u00f3n fatal Para corregir este error, agregue un contenedor para mlx5e_tx_reporter_dump_sq() que extrae el sq de la estructura mlx5e_tx_timeout_ctx y lo configura como devoluci\u00f3n de llamada de volcado de flujo de recuperaci\u00f3n de tiempo de espera de TX."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.7.0",
"versionEndExcluding": "5.10.90",
"matchCriteriaId": "5A19B2DB-FAE4-47E4-AF15-A25633B06323"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.0",
"versionEndExcluding": "5.15.13",
"matchCriteriaId": "083E0940-932B-447B-A6B2-677DAE27FD04"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/07f13d58a8ecc3baf9a488588fb38c5cb0db484f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/73665165b64a8f3c5b3534009a69be55bb744f05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/918fc3855a6507a200e9cf22c20be852c0982687",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

55
CVE-2023/CVE-2023-69xx/CVE-2023-6916.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6916",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-04-10T16:15:09.190",
"lastModified": "2024-04-10T16:15:09.190",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Audit records for OpenAPI requests may include sensitive information.\n\nThis could lead to unauthorized accesses and privilege escalation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://security.nozominetworks.com/NN-2023:17-01",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2024/CVE-2024-02xx/CVE-2024-0218.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-0218",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2024-04-10T16:15:09.413",
"lastModified": "2024-04-10T16:15:09.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets.\n\nNetwork traffic may not be analyzed until the IDS module is restarted.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://security.nozominetworks.com/NN-2024:1-01",
"source": "prodsec@nozominetworks.com"
}
]
}

55
CVE-2024/CVE-2024-15xx/CVE-2024-1511.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1511",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:51.670",
"lastModified": "2024-04-10T17:15:51.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The parisneo/lollms-webui repository is susceptible to a path traversal vulnerability due to inadequate validation of user-supplied file paths. This flaw allows an unauthenticated attacker to read, write, and in certain configurations execute arbitrary files on the server by exploiting various endpoints. The vulnerability can be exploited even when the service is bound to localhost, through cross-site requests facilitated by malicious HTML/JS pages."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/62b77589-772d-4d6e-aef4-2aec4cfe5f8b",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-15xx/CVE-2024-1520.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1520",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:51.930",
"lastModified": "2024-04-10T17:15:51.930",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An OS Command Injection vulnerability exists in the '/open_code_folder' endpoint of the parisneo/lollms-webui application, due to improper validation of user-supplied input in the 'discussion_id' parameter. Attackers can exploit this vulnerability by injecting malicious OS commands, leading to unauthorized command execution on the underlying operating system. This could result in unauthorized access, data leakage, or complete system compromise."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/parisneo/lollms-webui/commit/2497d1a4fe5a09f003bf7a9bc426139e9295a934",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/405c2059-3fe9-4233-8eed-741ec847d181",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-15xx/CVE-2024-1599.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1599",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:52.120",
"lastModified": "2024-04-10T17:15:52.120",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "lunary-ai/lunary version 0.3.0 is vulnerable to unauthorized project creation due to insufficient server-side validation of user account types during project creation. In the free account tier, users are limited to creating only two projects. However, this restriction is enforced only in the web UI and not on the server side, allowing users to bypass the limitation and create an unlimited number of projects without upgrading their account or incurring additional charges. This vulnerability is due to the lack of checks in the project creation endpoint."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/48d66a3deef8788fda7621e88f0e3a8a4a1ddeb9",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/f1f9e9d6-de5f-48c4-b4f4-fbd192370417",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-16xx/CVE-2024-1600.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1600",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:52.317",
"lastModified": "2024-04-10T17:15:52.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Local File Inclusion (LFI) vulnerability exists in the parisneo/lollms-webui application, specifically within the `/personalities` route. An attacker can exploit this vulnerability by crafting a URL that includes directory traversal sequences (`../../`) followed by the desired system file path, URL encoded. Successful exploitation allows the attacker to read any file on the filesystem accessible by the web server. This issue arises due to improper control of filename for include/require statement in the application."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://github.com/parisneo/lollms-webui/commit/49b0332e98d42dd5204dda53dee410b160106265",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/29ec621a-bd69-4225-ab0f-5bb8a1d10c67",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-16xx/CVE-2024-1602.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1602",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:52.537",
"lastModified": "2024-04-10T17:15:52.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "parisneo/lollms-webui is vulnerable to stored Cross-Site Scripting (XSS) that leads to Remote Code Execution (RCE). The vulnerability arises due to inadequate sanitization and validation of model output data, allowing an attacker to inject malicious JavaScript code. This code can be executed within the user's browser context, enabling the attacker to send a request to the `/execute_code` endpoint and establish a reverse shell to the attacker's host. The issue affects various components of the application, including the handling of user input and model output."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/59be0d5a-f18e-4418-8f29-72320269a097",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-16xx/CVE-2024-1625.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1625",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:52.727",
"lastModified": "2024-04-10T17:15:52.727",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. The vulnerability is due to insufficient authorization checks in the project deletion endpoint, where the endpoint fails to verify if the project ID provided in the request belongs to the requesting user's organization. As a result, an attacker can delete projects belonging to any organization by sending a crafted DELETE request with the target project's ID. This issue affects the project deletion functionality implemented in the projects.delete route."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/88f98e29f19da9d1f5de45c5b163fd5b48e0bcec",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/cf6dd625-e6c9-44df-a072-13686816de21",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-16xx/CVE-2024-1643.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1643",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:52.917",
"lastModified": "2024-04-10T17:15:52.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The flaw is due to insufficient verification of user permissions when joining an organization."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/67eaefe1c77c882c628780940c704a117b561d51",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/ce2563a2-3d81-4e2e-954e-abecb9332416",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-17xx/CVE-2024-1728.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1728",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:53.097",
"lastModified": "2024-04-10T17:15:53.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "gradio-app/gradio is vulnerable to a local file inclusion vulnerability due to improper validation of user-supplied input in the UploadButton component. Attackers can exploit this vulnerability to read arbitrary files on the filesystem, such as private SSH keys, by manipulating the file path in the request to the `/queue/join` endpoint. This issue could potentially lead to remote code execution. The vulnerability is present in the handling of file upload paths, allowing attackers to redirect file uploads to unintended locations on the server."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/gradio-app/gradio/commit/16fbe9cd0cffa9f2a824a0165beb43446114eec7",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/9bb33b71-7995-425d-91cc-2c2a2f2a068a",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-17xx/CVE-2024-1740.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-1740",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:53.293",
"lastModified": "2024-04-10T17:15:53.293",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In lunary-ai/lunary version 1.0.1, a vulnerability exists where a user removed from an organization can still read, create, modify, and delete logs by re-using an old authorization token. The lunary web application communicates with the server using an 'Authorization' token in the browser, which does not properly invalidate upon the user's removal from the organization. This allows the removed user to perform unauthorized actions on logs and access project and external user details without valid permissions."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/c1a51f71-628e-4eb5-ac35-50bf64832cfd",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-17xx/CVE-2024-1741.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1741",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:53.483",
"lastModified": "2024-04-10T17:15:53.483",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "lunary-ai/lunary version 1.0.1 is vulnerable to improper authorization, allowing removed members to read, create, modify, and delete prompt templates using an old authorization token. Despite being removed from an organization, these members can still perform operations on prompt templates by sending HTTP requests with their previously captured authorization token. This issue exposes organizations to unauthorized access and manipulation of sensitive template data."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/671bd040-1cc5-4227-8182-5904e9c5ed3b",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-19xx/CVE-2024-1902.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-1902",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:53.680",
"lastModified": "2024-04-10T17:15:53.680",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "lunary-ai/lunary is vulnerable to a session reuse attack, allowing a removed user to change the organization name without proper authorization. The vulnerability stems from the lack of validation to check if a user is still part of an organization before allowing them to make changes. An attacker can exploit this by using an old authorization token to send a PATCH request, modifying the organization's name even after being removed from the organization. This issue is due to incorrect synchronization and affects the orgs.patch route."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-821"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/e536310e-abe7-4585-9cf6-21f77390a5e8",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-20xx/CVE-2024-2029.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2029",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:53.880",
"lastModified": "2024-04-10T17:15:53.880",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command injection vulnerability exists in the `TranscriptEndpoint` of mudler/localai, specifically within the `audioToWav` function used for converting audio files to WAV format for transcription. The vulnerability arises due to the lack of sanitization of user-supplied filenames before passing them to ffmpeg via a shell command, allowing an attacker to execute arbitrary commands on the host system. Successful exploitation could lead to unauthorized access, data breaches, or other detrimental impacts, depending on the privileges of the process executing the code."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/mudler/localai/commit/31a4c9c9d3abc58de2bdc5305419181c8b33eb1c",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/e092528a-ce3b-4e66-9b98-3f56d6b276b0",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-21xx/CVE-2024-2195.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2195",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:54.067",
"lastModified": "2024-04-10T17:15:54.067",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A critical Remote Code Execution (RCE) vulnerability was identified in the aimhubio/aim project, specifically within the `/api/runs/search/run/` endpoint, affecting versions >= 3.0.0. The vulnerability resides in the `run_search_api` function of the `aim/web/api/runs/views.py` file, where improper restriction of user access to the `RunView` object allows for the execution of arbitrary code via the `query` parameter. This issue enables attackers to execute arbitrary commands on the server, potentially leading to full system compromise."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/22f2355e-b875-4c01-b454-327e5951c018",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-21xx/CVE-2024-2196.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2196",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:54.257",
"lastModified": "2024-04-10T17:15:54.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "aimhubio/aim is vulnerable to Cross-Site Request Forgery (CSRF), allowing attackers to perform actions such as deleting runs, updating data, and stealing data like log records and notes without the user's consent. The vulnerability stems from the lack of CSRF and CORS protection in the aim dashboard. An attacker can exploit this by tricking a user into executing a malicious script that sends unauthorized requests to the aim server, leading to potential data loss and unauthorized data manipulation."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/e141e3f2-afbb-405f-a891-f66628c8b68f",
"source": "security@huntr.dev"
}
]
}

6
CVE-2024/CVE-2024-224xx/CVE-2024-22423.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22423",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-09T18:15:08.150",
"lastModified": "2024-04-10T13:24:00.070",
"lastModified": "2024-04-10T16:15:09.793",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -70,6 +70,10 @@
{
"url": "https://github.com/yt-dlp/yt-dlp/security/advisories/GHSA-hjq6-52gw-2g7p",
"source": "security-advisories@github.com"
},
{
"url": "https://www.kb.cert.org/vuls/id/123335",
"source": "security-advisories@github.com"
}
]
}

59
CVE-2024/CVE-2024-22xx/CVE-2024-2217.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2217",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:54.440",
"lastModified": "2024-04-10T17:15:54.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "gaizhenbiao/chuanhuchatgpt is vulnerable to improper access control, allowing unauthorized access to the `config.json` file. This vulnerability is present in both authenticated and unauthenticated versions of the application, enabling attackers to obtain sensitive information such as API keys (`openai_api_key`, `google_palm_api_key`, `xmchat_api_key`, etc.), configuration details, and user credentials. The issue stems from the application's handling of HTTP requests for the `config.json` file, which does not properly restrict access based on user authentication."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/c5ae3b5ae6b47259e0ce8730e0a47e85121f4a7d",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/e4df74bf-b2ee-490f-a9c9-e5c8010b8b29",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-22xx/CVE-2024-2221.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-2221",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:54.633",
"lastModified": "2024-04-10T17:15:54.633",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and overwrite any file on the filesystem, leading to potential remote code execution. This issue affects the integrity and availability of the system, enabling unauthorized access and potentially causing the server to malfunction."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/qdrant/qdrant/commit/e6411907f0ecf3c2f8ba44ab704b9e4597d9705d",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/6be8d4e3-67e6-4660-a8db-04215a1cff3e",
"source": "security@huntr.dev"
}
]
}

24
CVE-2024/CVE-2024-237xx/CVE-2024-23734.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23734",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-10T16:15:09.890",
"lastModified": "2024-04-10T16:15:09.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Request Forgery vulnerability in in the upload functionality of the User Profile pages in savignano S/Notify before 2.0.1 for Bitbucket allow attackers to replace S/MIME certificate or PGP keys for arbitrary users via crafted link."
}
],
"metrics": {},
"references": [
{
"url": "https://help.savignano.net/snotify-email-encryption/sa-2023-11-28",
"source": "cve@mitre.org"
},
{
"url": "https://help.savignano.net/snotify-email-encryption/security-advisories",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-237xx/CVE-2024-23735.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-23735",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-10T16:15:09.950",
"lastModified": "2024-04-10T16:15:09.950",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in in the S/MIME certificate upload functionality of the User Profile pages in savignano S/Notify before 4.0.0 for Confluence allows attackers to manipulate user data via specially crafted certificate."
}
],
"metrics": {},
"references": [
{
"url": "https://help.savignano.net/snotify-email-encryption/sa-2023-11-02",
"source": "cve@mitre.org"
},
{
"url": "https://help.savignano.net/snotify-email-encryption/security-advisories",
"source": "cve@mitre.org"
}
]
}

6
CVE-2024/CVE-2024-245xx/CVE-2024-24576.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24576",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-09T18:15:08.420",
"lastModified": "2024-04-10T13:24:00.070",
"lastModified": "2024-04-10T16:15:10.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -79,6 +79,10 @@
"url": "https://github.com/rust-lang/rust/security/advisories/GHSA-q455-m56c-85mh",
"source": "security-advisories@github.com"
},
{
"url": "https://www.kb.cert.org/vuls/id/123335",
"source": "security-advisories@github.com"
},
{
"url": "https://www.rust-lang.org/policies/security",
"source": "security-advisories@github.com"

55
CVE-2024/CVE-2024-29xx/CVE-2024-2952.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2952",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:54.823",
"lastModified": "2024-04-10T17:15:54.823",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "BerriAI/litellm is vulnerable to Server-Side Template Injection (SSTI) via the `/completions` endpoint. The vulnerability arises from the `hf_chat_template` method processing the `chat_template` parameter from the `tokenizer_config.json` file through the Jinja template engine without proper sanitization. Attackers can exploit this by crafting malicious `tokenizer_config.json` files that execute arbitrary code on the server."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-76"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/a9e0a164-6de0-43a4-a640-0cbfb54220a4",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-30xx/CVE-2024-3025.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3025",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:55.993",
"lastModified": "2024-04-10T17:15:55.993",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "mintplex-labs/anything-llm is vulnerable to path traversal attacks due to insufficient validation of user-supplied input in the logo filename functionality. Attackers can exploit this vulnerability by manipulating the logo filename to reference files outside of the restricted directory. This can lead to unauthorized reading or deletion of files by utilizing the `/api/system/upload-logo` and `/api/system/logo` endpoints. The issue stems from the lack of filtering or validation on the logo filename, allowing attackers to target sensitive files such as the application's database."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/7de23dbb2da932fbfb39f56d981784d3702cf5ce",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/fb09a352-1016-4481-ae88-7460e2b6062b",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-30xx/CVE-2024-3098.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3098",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:56.213",
"lastModified": "2024-04-10T17:15:56.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was identified in the `exec_utils` class of the `llama_index` package, specifically within the `safe_eval` function, allowing for prompt injection leading to arbitrary code execution. This issue arises due to insufficient validation of input, which can be exploited to bypass method restrictions and execute unauthorized code. The vulnerability is a bypass of the previously addressed CVE-2023-39662, demonstrated through a proof of concept that creates a file on the system by exploiting the flaw."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/run-llama/llama_index/commit/5fbcb5a8b9f20f81b791c7fc8849e352613ab475",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/1bce0d61-ad03-4b22-bc32-8f99f92974e7",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31240.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31240",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:12.047",
"lastModified": "2024-04-10T16:15:12.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in InfoTheme WP Poll Maker.This issue affects WP Poll Maker: from n/a through 3.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/epoll-wp-voting/wordpress-wp-poll-maker-plugin-3-1-subscriber-arbitrary-file-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31245.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31245",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:12.257",
"lastModified": "2024-04-10T16:15:12.257",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in ConvertKit.This issue affects ConvertKit: from n/a through 2.4.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/convertkit/wordpress-convertkit-plugin-2-4-5-email-disclosure-in-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31247.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31247",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:12.470",
"lastModified": "2024-04-10T16:15:12.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in Fr\u00e9d\u00e9ric GILLES FG Drupal to WordPress.This issue affects FG Drupal to WordPress: from n/a through 3.70.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fg-drupal-to-wp/wordpress-fg-drupal-to-wordpress-plugin-3-70-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31249.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31249",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:12.670",
"lastModified": "2024-04-10T16:15:12.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in WPKube Subscribe To Comments Reloaded.This issue affects Subscribe To Comments Reloaded: from n/a through 220725.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/subscribe-to-comments-reloaded/wordpress-subscribe-to-comments-reloaded-plugin-220725-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31253.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31253",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:12.867",
"lastModified": "2024-04-10T16:15:12.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/oauth2-provider/wordpress-wp-oauth-server-oauth-authentication-plugin-4-3-3-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31254.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31254",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:13.073",
"lastModified": "2024-04-10T16:15:13.073",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration.This issue affects WordPress Backup & Migration: from n/a through 1.4.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-migration-duplicator/wordpress-wordpress-backup-migration-plugin-1-4-7-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31259.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31259",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:13.283",
"lastModified": "2024-04-10T16:15:13.283",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.5.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/searchiq/wordpress-searchiq-plugin-4-5-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31278.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31278",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:13.483",
"lastModified": "2024-04-10T16:15:13.483",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons for Elementor.This issue affects Premium Addons for Elementor: from n/a through 4.10.22.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/premium-addons-for-elementor/wordpress-premium-addons-for-elementor-plugin-4-10-22-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31282.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31282",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:13.693",
"lastModified": "2024-04-10T16:15:13.693",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/app-builder/wordpress-app-builder-plugin-3-8-7-open-redirection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31287.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31287",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:13.910",
"lastModified": "2024-04-10T16:15:13.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Max Foundry Media Library Folders.This issue affects Media Library Folders: from n/a through 8.1.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/media-library-plus/wordpress-media-library-folders-plugin-8-1-8-directory-traversal-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31297.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31297",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:14.137",
"lastModified": "2024-04-10T16:15:14.137",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WPExperts Wholesale For WooCommerce.This issue affects Wholesale For WooCommerce: from n/a through 2.3.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-wholesale-pricing/wordpress-wholesale-for-woocommerce-plugin-2-3-1-unauthenticated-arbitrary-post-page-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31298.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31298",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:14.353",
"lastModified": "2024-04-10T16:15:14.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in Joel Hardi User Spam Remover.This issue affects User Spam Remover: from n/a through 1.0.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/user-spam-remover/wordpress-user-spam-remover-plugin-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-312xx/CVE-2024-31299.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31299",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T17:15:55.013",
"lastModified": "2024-04-10T17:15:55.013",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Reservation Diary ReDi Restaurant Reservation allows Cross-Site Scripting (XSS).This issue affects ReDi Restaurant Reservation: from n/a through 24.0128.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/redi-restaurant-reservation/wordpress-redi-restaurant-reservation-plugin-24-0128-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-313xx/CVE-2024-31302.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31302",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:14.563",
"lastModified": "2024-04-10T16:15:14.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodePeople Contact Form Email.This issue affects Contact Form Email: from n/a through 1.3.44.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/contact-form-to-email/wordpress-contact-form-email-plugin-1-3-44-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-313xx/CVE-2024-31342.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31342",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T17:15:55.217",
"lastModified": "2024-04-10T17:15:55.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in WPcloudgallery WordPress Gallery Exporter.This issue affects WordPress Gallery Exporter: from n/a through 1.3.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-gallery-exporter/wordpress-gallery-exporter-plugin-1-3-arbitrary-file-download-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-313xx/CVE-2024-31343.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31343",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T17:15:55.417",
"lastModified": "2024-04-10T17:15:55.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10.1.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mp3-music-player-by-sonaar/wordpress-mp3-audio-player-for-music-radio-podcast-by-sonaar-plugin-4-10-1-arbitrary-file-download-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-313xx/CVE-2024-31353.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31353",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:14.777",
"lastModified": "2024-04-10T16:15:14.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information into Log File vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-8-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-313xx/CVE-2024-31355.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31355",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T17:15:55.617",
"lastModified": "2024-04-10T17:15:55.617",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Tribulant Slideshow Gallery.This issue affects Slideshow Gallery: from n/a through 1.7.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/slideshow-gallery/wordpress-slideshow-gallery-lite-plugin-1-7-8-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-313xx/CVE-2024-31356.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31356",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T17:15:55.807",
"lastModified": "2024-04-10T17:15:55.807",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solwin Infotech User Activity Log.This issue affects User Activity Log: from n/a through 1.8.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/user-activity-log/wordpress-user-activity-log-plugin-1-8-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

55
CVE-2024/CVE-2024-313xx/CVE-2024-31358.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-31358",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:14.980",
"lastModified": "2024-04-10T16:15:14.980",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Saleswonder.Biz 5 Stars Rating Funnel.This issue affects 5 Stars Rating Funnel: from n/a through 1.2.67.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/5-stars-rating-funnel/wordpress-5-stars-rating-funnel-plugin-1-2-67-arbitrary-content-deletion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

59
CVE-2024/CVE-2024-318xx/CVE-2024-31871.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-31871",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-10T16:15:15.183",
"lastModified": "2024-04-10T16:15:15.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287306",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7147932",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2024/CVE-2024-318xx/CVE-2024-31872.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-31872",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-10T16:15:15.413",
"lastModified": "2024-04-10T16:15:15.413",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-599"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287316",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7147932",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2024/CVE-2024-318xx/CVE-2024-31873.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-31873",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-10T16:15:15.670",
"lastModified": "2024-04-10T16:15:15.670",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287317",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7147932",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2024/CVE-2024-318xx/CVE-2024-31874.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-31874",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-04-10T16:15:15.890",
"lastModified": "2024-04-10T16:15:15.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Security Verify Access Appliance 10.0.0 through 10.0.7 uses uninitialized variables when deploying that could allow a local user to cause a denial of service. IBM X-Force ID: 287318."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-457"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287318",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7147932",
"source": "psirt@us.ibm.com"
}
]
}

59
CVE-2024/CVE-2024-31xx/CVE-2024-3101.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3101",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:56.417",
"lastModified": "2024-04-10T17:15:56.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In mintplex-labs/anything-llm, an improper input validation vulnerability allows attackers to escalate privileges by deactivating 'Multi-User Mode'. By sending a specially crafted curl request with the 'multi_user_mode' parameter set to false, an attacker can deactivate 'Multi-User Mode'. This action permits the creation of a new admin user without requiring a password, leading to unauthorized administrative access."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/52fac844221a9b951d08ceb93c4c014e9397b1f2",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/c114c03e-3348-450f-88f7-538502047bcc",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-32xx/CVE-2024-3283.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3283",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:56.600",
"lastModified": "2024-04-10T17:15:56.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in mintplex-labs/anything-llm allows users with manager roles to escalate their privileges to admin roles through a mass assignment issue. The '/admin/system-preferences' API endpoint improperly authorizes manager-level users to modify the 'multi_user_mode' system variable, enabling them to access the '/api/system/enable-multi-user' endpoint and create a new admin user. This issue results from the endpoint accepting a full JSON object in the request body without proper validation of modifiable fields, leading to unauthorized modification of system settings and subsequent privilege escalation."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-915"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/52fac844221a9b951d08ceb93c4c014e9397b1f2",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/a8000cce-0ecb-4820-9cfb-57ba6f4d58a2",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-33xx/CVE-2024-3382.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3382",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-04-10T17:15:56.793",
"lastModified": "2024-04-10T17:15:56.793",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A memory leak exists in Palo Alto Networks PAN-OS software that enables an attacker to send a burst of crafted packets through the firewall that eventually prevents the firewall from processing traffic. This issue applies only to PA-5400 Series devices that are running PAN-OS software with the SSL Forward Proxy feature enabled."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3382",
"source": "psirt@paloaltonetworks.com"
}
]
}

55
CVE-2024/CVE-2024-33xx/CVE-2024-3383.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3383",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-04-10T17:15:57.000",
"lastModified": "2024-04-10T17:15:57.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-282"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3383",
"source": "psirt@paloaltonetworks.com"
}
]
}

55
CVE-2024/CVE-2024-33xx/CVE-2024-3384.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3384",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-04-10T17:15:57.217",
"lastModified": "2024-04-10T17:15:57.217",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Palo Alto Networks PAN-OS software enables a remote attacker to reboot PAN-OS firewalls when receiving Windows New Technology LAN Manager (NTLM) packets from Windows servers. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1286"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3384",
"source": "psirt@paloaltonetworks.com"
}
]
}

59
CVE-2024/CVE-2024-33xx/CVE-2024-3385.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3385",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-04-10T17:15:57.410",
"lastModified": "2024-04-10T17:15:57.410",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A packet processing mechanism in Palo Alto Networks PAN-OS software enables a remote attacker to reboot hardware-based firewalls. Repeated attacks eventually cause the firewall to enter maintenance mode, which requires manual intervention to bring the firewall back online.\n\nThis affects the following hardware firewall models:\n- PA-5400 Series firewalls\n- PA-7000 Series firewalls"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
},
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3385",
"source": "psirt@paloaltonetworks.com"
}
]
}

55
CVE-2024/CVE-2024-33xx/CVE-2024-3386.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3386",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-04-10T17:15:57.593",
"lastModified": "2024-04-10T17:15:57.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An incorrect string comparison vulnerability in Palo Alto Networks PAN-OS software prevents Predefined Decryption Exclusions from functioning as intended. This can cause traffic destined for domains that are not specified in Predefined Decryption Exclusions to be unintentionally excluded from decryption."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-436"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3386",
"source": "psirt@paloaltonetworks.com"
}
]
}

55
CVE-2024/CVE-2024-33xx/CVE-2024-3387.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-3387",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-04-10T17:15:57.787",
"lastModified": "2024-04-10T17:15:57.787",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A weak (low bit strength) device certificate in Palo Alto Networks Panorama software enables an attacker to perform a meddler-in-the-middle (MitM) attack to capture encrypted traffic between the Panorama management server and the firewalls it manages. With sufficient computing resources, the attacker could break encrypted communication and expose sensitive information that is shared between the management server and the firewalls."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3387",
"source": "psirt@paloaltonetworks.com"
}
]
}

59
CVE-2024/CVE-2024-33xx/CVE-2024-3388.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3388",
"sourceIdentifier": "psirt@paloaltonetworks.com",
"published": "2024-04-10T17:15:57.970",
"lastModified": "2024-04-10T17:15:57.970",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@paloaltonetworks.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
},
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://security.paloaltonetworks.com/CVE-2024-3388",
"source": "psirt@paloaltonetworks.com"
}
]
}

44
CVE-2024/CVE-2024-35xx/CVE-2024-3566.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-3566",
"sourceIdentifier": "cret@cert.org",
"published": "2024-04-10T16:15:16.083",
"lastModified": "2024-04-10T16:15:16.083",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A command inject vulnerability allows an attacker to perform command injection on Windows applications that indirectly depend on the CreateProcess function when the specific conditions are satisfied."
}
],
"metrics": {},
"references": [
{
"url": "https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/",
"source": "cret@cert.org"
},
{
"url": "https://kb.cert.org/vuls/id/123335",
"source": "cret@cert.org"
},
{
"url": "https://learn.microsoft.com/en-us/archive/blogs/twistylittlepassagesallalike/everyone-quotes-command-line-arguments-the-wrong-way",
"source": "cret@cert.org"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-1874",
"source": "cret@cert.org"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-22423",
"source": "cret@cert.org"
},
{
"url": "https://www.cve.org/CVERecord?id=CVE-2024-24576",
"source": "cret@cert.org"
},
{
"url": "https://www.kb.cert.org/vuls/id/123335",
"source": "cret@cert.org"
}
]
}

59
CVE-2024/CVE-2024-35xx/CVE-2024-3568.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3568",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:58.160",
"lastModified": "2024-04-10T17:15:58.160",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://github.com/huggingface/transformers/commit/693667b8ac8138b83f8adb6522ddaf42fa07c125",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/b3c36992-5264-4d7f-9906-a996efafba8f",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-35xx/CVE-2024-3569.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3569",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:58.350",
"lastModified": "2024-04-10T17:15:58.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/efe9dfa5e3550d12abd34d06ab7f8fbcf2206cfa",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/619e13bd-b723-4727-9ccb-5099d698432e",
"source": "security@huntr.dev"
}
]
}

59
CVE-2024/CVE-2024-35xx/CVE-2024-3570.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-3570",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-10T17:15:58.543",
"lastModified": "2024-04-10T17:15:58.543",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to perform actions on behalf of the user, such as creating a new admin account or changing the user's password, leading to a complete takeover of the AnythingLLM application. The vulnerability stems from the improper sanitization of user and ChatBot input, specifically through the use of `dangerouslySetInnerHTML`. Successful exploitation requires convincing an admin to add a malicious LocalAI ChatBot to their AnythingLLM instance."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE"
},
"exploitabilityScore": 0.3,
"impactScore": 0.0
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/mintplex-labs/anything-llm/commit/a4ace56a401ffc8ce0082d7444159dfd5dc28834",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/f0eaf552-aaf3-42b6-a5df-cfecd2de15ee",
"source": "security@huntr.dev"
}
]
}

93
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-04-10T16:00:38.733090+00:00
2024-04-10T18:00:30.750444+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-04-10T15:31:51.440000+00:00
2024-04-10T17:15:58.543000+00:00
```
### Last Data Feed Release
@ -33,69 +33,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
245007
245067
```
### CVEs added in the last Commit
Recently added CVEs: `99`
Recently added CVEs: `60`
- [CVE-2024-30736](CVE-2024/CVE-2024-307xx/CVE-2024-30736.json) (`2024-04-10T05:15:50.090`)
- [CVE-2024-30737](CVE-2024/CVE-2024-307xx/CVE-2024-30737.json) (`2024-04-10T05:15:50.147`)
- [CVE-2024-31309](CVE-2024/CVE-2024-313xx/CVE-2024-31309.json) (`2024-04-10T12:15:09.257`)
- [CVE-2024-31492](CVE-2024/CVE-2024-314xx/CVE-2024-31492.json) (`2024-04-10T13:51:38.607`)
- [CVE-2024-31924](CVE-2024/CVE-2024-319xx/CVE-2024-31924.json) (`2024-04-10T13:51:38.793`)
- [CVE-2024-3210](CVE-2024/CVE-2024-32xx/CVE-2024-3210.json) (`2024-04-10T06:15:07.763`)
- [CVE-2024-3235](CVE-2024/CVE-2024-32xx/CVE-2024-3235.json) (`2024-04-10T05:15:50.417`)
- [CVE-2024-3448](CVE-2024/CVE-2024-34xx/CVE-2024-3448.json) (`2024-04-10T14:15:07.937`)
- [CVE-2024-3526](CVE-2024/CVE-2024-35xx/CVE-2024-3526.json) (`2024-04-10T01:15:19.210`)
- [CVE-2024-3528](CVE-2024/CVE-2024-35xx/CVE-2024-3528.json) (`2024-04-10T01:15:19.547`)
- [CVE-2024-3529](CVE-2024/CVE-2024-35xx/CVE-2024-3529.json) (`2024-04-10T01:15:19.890`)
- [CVE-2024-3530](CVE-2024/CVE-2024-35xx/CVE-2024-3530.json) (`2024-04-10T01:15:20.233`)
- [CVE-2024-3531](CVE-2024/CVE-2024-35xx/CVE-2024-3531.json) (`2024-04-10T02:15:10.653`)
- [CVE-2024-3532](CVE-2024/CVE-2024-35xx/CVE-2024-3532.json) (`2024-04-10T02:15:11.273`)
- [CVE-2024-3533](CVE-2024/CVE-2024-35xx/CVE-2024-3533.json) (`2024-04-10T02:15:12.473`)
- [CVE-2024-3534](CVE-2024/CVE-2024-35xx/CVE-2024-3534.json) (`2024-04-10T03:15:06.970`)
- [CVE-2024-3535](CVE-2024/CVE-2024-35xx/CVE-2024-3535.json) (`2024-04-10T03:15:07.333`)
- [CVE-2024-3536](CVE-2024/CVE-2024-35xx/CVE-2024-3536.json) (`2024-04-10T04:15:10.303`)
- [CVE-2024-3537](CVE-2024/CVE-2024-35xx/CVE-2024-3537.json) (`2024-04-10T04:15:10.893`)
- [CVE-2024-3538](CVE-2024/CVE-2024-35xx/CVE-2024-3538.json) (`2024-04-10T05:15:50.643`)
- [CVE-2024-3539](CVE-2024/CVE-2024-35xx/CVE-2024-3539.json) (`2024-04-10T05:15:50.967`)
- [CVE-2024-3540](CVE-2024/CVE-2024-35xx/CVE-2024-3540.json) (`2024-04-10T05:15:51.300`)
- [CVE-2024-3541](CVE-2024/CVE-2024-35xx/CVE-2024-3541.json) (`2024-04-10T06:15:08.140`)
- [CVE-2024-3542](CVE-2024/CVE-2024-35xx/CVE-2024-3542.json) (`2024-04-10T06:15:08.727`)
- [CVE-2024-3567](CVE-2024/CVE-2024-35xx/CVE-2024-3567.json) (`2024-04-10T15:16:05.097`)
- [CVE-2024-31298](CVE-2024/CVE-2024-312xx/CVE-2024-31298.json) (`2024-04-10T16:15:14.353`)
- [CVE-2024-31299](CVE-2024/CVE-2024-312xx/CVE-2024-31299.json) (`2024-04-10T17:15:55.013`)
- [CVE-2024-31302](CVE-2024/CVE-2024-313xx/CVE-2024-31302.json) (`2024-04-10T16:15:14.563`)
- [CVE-2024-31342](CVE-2024/CVE-2024-313xx/CVE-2024-31342.json) (`2024-04-10T17:15:55.217`)
- [CVE-2024-31343](CVE-2024/CVE-2024-313xx/CVE-2024-31343.json) (`2024-04-10T17:15:55.417`)
- [CVE-2024-31353](CVE-2024/CVE-2024-313xx/CVE-2024-31353.json) (`2024-04-10T16:15:14.777`)
- [CVE-2024-31355](CVE-2024/CVE-2024-313xx/CVE-2024-31355.json) (`2024-04-10T17:15:55.617`)
- [CVE-2024-31356](CVE-2024/CVE-2024-313xx/CVE-2024-31356.json) (`2024-04-10T17:15:55.807`)
- [CVE-2024-31358](CVE-2024/CVE-2024-313xx/CVE-2024-31358.json) (`2024-04-10T16:15:14.980`)
- [CVE-2024-31871](CVE-2024/CVE-2024-318xx/CVE-2024-31871.json) (`2024-04-10T16:15:15.183`)
- [CVE-2024-31872](CVE-2024/CVE-2024-318xx/CVE-2024-31872.json) (`2024-04-10T16:15:15.413`)
- [CVE-2024-31873](CVE-2024/CVE-2024-318xx/CVE-2024-31873.json) (`2024-04-10T16:15:15.670`)
- [CVE-2024-31874](CVE-2024/CVE-2024-318xx/CVE-2024-31874.json) (`2024-04-10T16:15:15.890`)
- [CVE-2024-3283](CVE-2024/CVE-2024-32xx/CVE-2024-3283.json) (`2024-04-10T17:15:56.600`)
- [CVE-2024-3382](CVE-2024/CVE-2024-33xx/CVE-2024-3382.json) (`2024-04-10T17:15:56.793`)
- [CVE-2024-3383](CVE-2024/CVE-2024-33xx/CVE-2024-3383.json) (`2024-04-10T17:15:57.000`)
- [CVE-2024-3384](CVE-2024/CVE-2024-33xx/CVE-2024-3384.json) (`2024-04-10T17:15:57.217`)
- [CVE-2024-3385](CVE-2024/CVE-2024-33xx/CVE-2024-3385.json) (`2024-04-10T17:15:57.410`)
- [CVE-2024-3386](CVE-2024/CVE-2024-33xx/CVE-2024-3386.json) (`2024-04-10T17:15:57.593`)
- [CVE-2024-3387](CVE-2024/CVE-2024-33xx/CVE-2024-3387.json) (`2024-04-10T17:15:57.787`)
- [CVE-2024-3388](CVE-2024/CVE-2024-33xx/CVE-2024-3388.json) (`2024-04-10T17:15:57.970`)
- [CVE-2024-3566](CVE-2024/CVE-2024-35xx/CVE-2024-3566.json) (`2024-04-10T16:15:16.083`)
- [CVE-2024-3568](CVE-2024/CVE-2024-35xx/CVE-2024-3568.json) (`2024-04-10T17:15:58.160`)
- [CVE-2024-3569](CVE-2024/CVE-2024-35xx/CVE-2024-3569.json) (`2024-04-10T17:15:58.350`)
- [CVE-2024-3570](CVE-2024/CVE-2024-35xx/CVE-2024-3570.json) (`2024-04-10T17:15:58.543`)
### CVEs modified in the last Commit
Recently modified CVEs: `465`
Recently modified CVEs: `8`
- [CVE-2024-31507](CVE-2024/CVE-2024-315xx/CVE-2024-31507.json) (`2024-04-10T13:24:00.070`)
- [CVE-2024-31544](CVE-2024/CVE-2024-315xx/CVE-2024-31544.json) (`2024-04-10T13:24:22.187`)
- [CVE-2024-3167](CVE-2024/CVE-2024-31xx/CVE-2024-3167.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-31864](CVE-2024/CVE-2024-318xx/CVE-2024-31864.json) (`2024-04-10T13:24:22.187`)
- [CVE-2024-31865](CVE-2024/CVE-2024-318xx/CVE-2024-31865.json) (`2024-04-10T13:24:22.187`)
- [CVE-2024-31866](CVE-2024/CVE-2024-318xx/CVE-2024-31866.json) (`2024-04-10T13:24:22.187`)
- [CVE-2024-31867](CVE-2024/CVE-2024-318xx/CVE-2024-31867.json) (`2024-04-10T13:24:00.070`)
- [CVE-2024-31868](CVE-2024/CVE-2024-318xx/CVE-2024-31868.json) (`2024-04-10T13:24:22.187`)
- [CVE-2024-3208](CVE-2024/CVE-2024-32xx/CVE-2024-3208.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3213](CVE-2024/CVE-2024-32xx/CVE-2024-3213.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3214](CVE-2024/CVE-2024-32xx/CVE-2024-3214.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3244](CVE-2024/CVE-2024-32xx/CVE-2024-3244.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3266](CVE-2024/CVE-2024-32xx/CVE-2024-3266.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3267](CVE-2024/CVE-2024-32xx/CVE-2024-3267.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3281](CVE-2024/CVE-2024-32xx/CVE-2024-3281.json) (`2024-04-10T13:24:22.187`)
- [CVE-2024-3313](CVE-2024/CVE-2024-33xx/CVE-2024-3313.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3446](CVE-2024/CVE-2024-34xx/CVE-2024-3446.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3512](CVE-2024/CVE-2024-35xx/CVE-2024-3512.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3514](CVE-2024/CVE-2024-35xx/CVE-2024-3514.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3521](CVE-2024/CVE-2024-35xx/CVE-2024-3521.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3522](CVE-2024/CVE-2024-35xx/CVE-2024-3522.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3523](CVE-2024/CVE-2024-35xx/CVE-2024-3523.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3524](CVE-2024/CVE-2024-35xx/CVE-2024-3524.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3525](CVE-2024/CVE-2024-35xx/CVE-2024-3525.json) (`2024-04-10T13:23:38.787`)
- [CVE-2024-3545](CVE-2024/CVE-2024-35xx/CVE-2024-3545.json) (`2024-04-10T13:23:38.787`)
- [CVE-2021-46926](CVE-2021/CVE-2021-469xx/CVE-2021-46926.json) (`2024-04-10T16:26:55.390`)
- [CVE-2021-46927](CVE-2021/CVE-2021-469xx/CVE-2021-46927.json) (`2024-04-10T16:25:32.067`)
- [CVE-2021-46928](CVE-2021/CVE-2021-469xx/CVE-2021-46928.json) (`2024-04-10T16:29:19.867`)
- [CVE-2021-46929](CVE-2021/CVE-2021-469xx/CVE-2021-46929.json) (`2024-04-10T17:05:51.133`)
- [CVE-2021-46930](CVE-2021/CVE-2021-469xx/CVE-2021-46930.json) (`2024-04-10T16:39:23.653`)
- [CVE-2021-46931](CVE-2021/CVE-2021-469xx/CVE-2021-46931.json) (`2024-04-10T16:31:14.667`)
- [CVE-2024-22423](CVE-2024/CVE-2024-224xx/CVE-2024-22423.json) (`2024-04-10T16:15:09.793`)
- [CVE-2024-24576](CVE-2024/CVE-2024-245xx/CVE-2024-24576.json) (`2024-04-10T16:15:10.010`)
## Download and Usage

1200
_state.csv
View File

File diff suppressed because it is too large Load Diff