admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-13T13:00:31.294993+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-13 13:03:19 +00:00
parent 902290de67
commit bb388bf239
60 changed files with 546 additions and 178 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2015/CVE-2015-101xx/CVE-2015-10123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2015-10123",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-03-13T09:15:06.633",
"lastModified": "2024-03-13T09:15:06.633",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2015/CVE-2015-101xx/CVE-2015-10130.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2015-10130",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T03:15:05.993",
"lastModified": "2024-03-13T03:15:05.993",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Team Circle Image Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the circle_thumbnail_slider_with_lightbox_image_management_func() function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious JavaScript, along with deleting images, and uploading malicious files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Team Circle Image Slider With Lightbox para WordPress es vulnerable a Cross-Site Request Forgery en la versi\u00f3n 1.0. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en la funci\u00f3n c\u00edrculo_thumbnail_slider_with_lightbox_image_management_func(). Esto hace posible que atacantes no autenticados editen datos de im\u00e1genes que pueden usarse para inyectar JavaScript malicioso, adem\u00e1s de eliminar im\u00e1genes y cargar archivos maliciosos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar a un administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

4
CVE-2018/CVE-2018-250xx/CVE-2018-25090.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-25090",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-03-13T09:15:07.040",
"lastModified": "2024-03-13T09:15:07.040",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2022/CVE-2022-343xx/CVE-2022-34321.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2022-34321",
"sourceIdentifier": "security@apache.org",
"published": "2024-03-12T19:15:47.303",
"lastModified": "2024-03-12T19:15:47.303",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Authentication vulnerability in Apache Pulsar Proxy allows an attacker to connect to the /proxy-stats endpoint without authentication. The vulnerable endpoint exposes detailed statistics about live connections, along with the capability to modify the logging level of proxied connections without requiring proper authentication credentials.\n\nThis issue affects Apache Pulsar versions from 2.6.0 to 2.10.5, from 2.11.0 to 2.11.2, from 3.0.0 to 3.0.1, and 3.1.0.\n\nThe known risks include exposing sensitive information such as connected client IP and unauthorized logging level manipulation which could lead to a denial-of-service condition by significantly increasing the proxy's logging overhead. When deployed via the Apache Pulsar Helm chart within Kubernetes environments, the actual client IP might not be revealed through the load balancer's default behavior, which typically obscures the original source IP addresses when externalTrafficPolicy is being configured to \"Cluster\" by default. The /proxy-stats endpoint contains topic level statistics, however, in the default configuration, the topic level statistics aren't known to be exposed.\n\n2.10 Pulsar Proxy users should upgrade to at least 2.10.6.\n2.11 Pulsar Proxy users should upgrade to at least 2.11.3.\n3.0 Pulsar Proxy users should upgrade to at least 3.0.2.\n3.1 Pulsar Proxy users should upgrade to at least 3.1.1.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. Additionally, it's imperative to recognize that the Apache Pulsar Proxy is not intended for direct exposure to the internet. The architectural design of Pulsar Proxy assumes that it will operate within a secured network environment, safeguarded by appropriate perimeter defenses."
},
{
"lang": "es",
"value": "Una vulnerabilidad de autenticaci\u00f3n incorrecta en Apache Pulsar Proxy permite a un atacante conectarse al endpoint /proxy-stats sin autenticaci\u00f3n. El endpoint vulnerable expone estad\u00edsticas detalladas sobre conexiones activas, junto con la capacidad de modificar el nivel de registro de conexiones proxy sin requerir credenciales de autenticaci\u00f3n adecuadas. Este problema afecta a las versiones de Apache Pulsar de 2.6.0 a 2.10.5, de 2.11.0 a 2.11.2, de 3.0.0 a 3.0.1 y 3.1.0. Los riesgos conocidos incluyen la exposici\u00f3n de informaci\u00f3n confidencial, como la IP del cliente conectado, y la manipulaci\u00f3n no autorizada del nivel de registro, lo que podr\u00eda conducir a una condici\u00f3n de denegaci\u00f3n de servicio al aumentar significativamente la sobrecarga de registro del proxy. Cuando se implementa a trav\u00e9s del gr\u00e1fico Apache Pulsar Helm dentro de entornos de Kubernetes, es posible que la IP real del cliente no se revele a trav\u00e9s del comportamiento predeterminado del balanceador de carga, que normalmente oscurece las direcciones IP de origen originales cuando externalTrafficPolicy se configura en \"Cl\u00faster\" de forma predeterminada. El endpoint /proxy-stats contiene estad\u00edsticas a nivel de tema; sin embargo, en la configuraci\u00f3n predeterminada, no se sabe que las estad\u00edsticas a nivel de tema est\u00e9n expuestas. 2.10 Los usuarios de Pulsar Proxy deben actualizar al menos a 2.10.6. 2.11 Los usuarios de Pulsar Proxy deben actualizar al menos a 2.11.3. Los usuarios de Pulsar Proxy 3.0 deben actualizar al menos a 3.0.2. 3.1 Los usuarios de Pulsar Proxy deben actualizar al menos a 3.1.1. Los usuarios que utilicen versiones anteriores a las enumeradas anteriormente deben actualizar a las versiones parcheadas antes mencionadas o a versiones m\u00e1s nuevas. Adem\u00e1s, es imperativo reconocer que Apache Pulsar Proxy no est\u00e1 manipulado para exposici\u00f3n directa a Internet. El dise\u00f1o arquitect\u00f3nico de Pulsar Proxy supone que funcionar\u00e1 dentro de un entorno de red seguro, salvaguardado por defensas perimetrales adecuadas."
}
],
"metrics": {

4
CVE-2023/CVE-2023-285xx/CVE-2023-28517.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28517",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-13T10:15:06.790",
"lastModified": "2024-03-13T10:15:06.790",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-309xx/CVE-2023-30968.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-30968",
"sourceIdentifier": "cve-coordination@palantir.com",
"published": "2024-03-12T20:15:07.347",
"lastModified": "2024-03-12T20:15:07.347",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "One of Gotham Gaia services was found to be vulnerable to a stored cross-site scripting (XSS) vulnerability that could have allowed an attacker to bypass CSP and get a persistent cross site scripting payload on the stack.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que uno de los servicios de Gotham Gaia era afectado por una vulnerabilidad de Cross Site Scripting (XSS) almacenadas que podr\u00eda haber permitido a un atacante eludir CSP y obtener un payload persistente de Cross Site Scripting en la pila."
}
],
"metrics": {

4
CVE-2023/CVE-2023-323xx/CVE-2023-32335.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32335",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-13T10:15:07.413",
"lastModified": "2024-03-13T10:15:07.413",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2023/CVE-2023-387xx/CVE-2023-38723.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38723",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-13T10:15:07.680",
"lastModified": "2024-03-13T10:15:07.680",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-423xx/CVE-2023-42307.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42307",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-12T21:15:55.703",
"lastModified": "2024-03-12T21:15:55.703",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via \"Subject Name\" and \"Subject Code\" section."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Code-Projects Exam Form Submission 1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de la secci\u00f3n \"Nombre del sujeto\" y \"C\u00f3digo del asunto\"."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-423xx/CVE-2023-42308.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-42308",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-12T21:15:55.787",
"lastModified": "2024-03-12T21:15:55.787",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 allows attackers to run arbitrary code via the \"Subject Name\" and \"Subject Code\" Section."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Manage Fastrack Subjects in Code-Projects Exam Form Submission 1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de la secci\u00f3n \"Nombre del sujeto\" y \"C\u00f3digo del asunto\"."
}
],
"metrics": {},

4
CVE-2023/CVE-2023-430xx/CVE-2023-43043.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43043",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-13T10:15:07.927",
"lastModified": "2024-03-13T10:15:07.927",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2023/CVE-2023-432xx/CVE-2023-43279.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43279",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-12T22:15:07.197",
"lastModified": "2024-03-12T22:15:07.197",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Null Pointer Dereference in mask_cidr6 component at cidr.c in Tcpreplay 4.4.4 allows attackers to crash the application via crafted tcprewrite command."
},
{
"lang": "es",
"value": "La desreferencia de puntero nulo en el componente mask_cidr6 en cidr.c en Tcpreplay 4.4.4 permite a los atacantes bloquear la aplicaci\u00f3n mediante un comando tcprewrite manipulado."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-432xx/CVE-2023-43292.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-43292",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-12T21:15:55.837",
"lastModified": "2024-03-12T21:15:55.837",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in My Food Recipe Using PHP with Source Code v.1.0 allows a local attacker to execute arbitrary code via a crafted payload to the Recipe Name, Procedure, and ingredients parameters."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting en My Food Recipe usando PHP con c\u00f3digo fuente v.1.0 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado para el nombre de la receta, el procedimiento y los par\u00e1metros de los ingredientes."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-48xx/CVE-2023-4839.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-4839",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T02:15:50.827",
"lastModified": "2024-03-13T02:15:50.827",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Go Maps for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."
},
{
"lang": "es",
"value": "WP Go Maps para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en versiones hasta la 9.0.32 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones en las que se ha deshabilitado unfiltered_html."
}
],
"metrics": {

8
CVE-2023/CVE-2023-54xx/CVE-2023-5410.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-5410",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-03-12T20:15:07.550",
"lastModified": "2024-03-12T20:15:07.550",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability."
},
{
"lang": "es",
"value": "Se ha informado de una posible vulnerabilidad de seguridad en el BIOS del sistema de ciertos productos de PC HP, que podr\u00eda permitir la manipulaci\u00f3n de la memoria. HP est\u00e1 lanzando medidas de mitigaci\u00f3n para la posible vulnerabilidad."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-70xx/CVE-2023-7072.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-7072",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-12T23:15:46.267",
"lastModified": "2024-03-12T23:15:46.267",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Post Grid Combo \u2013 36+ Gutenberg Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.68 via the 'get_posts' REST API Endpoint. This makes it possible for unauthenticated attackers to extract sensitive data including full draft posts and password protected posts, as well as the password for password-protected posts."
},
{
"lang": "es",
"value": "El complemento Post Grid Combo \u2013 36+ Gutenberg Blocks para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 2.2.68 incluida a trav\u00e9s del endpoint de la API REST 'get_posts'. Esto hace posible que atacantes no autenticados extraigan datos confidenciales, incluidos borradores completos de publicaciones y publicaciones protegidas con contrase\u00f1a, as\u00ed como la contrase\u00f1a de las publicaciones protegidas con contrase\u00f1a."
}
],
"metrics": {

8
CVE-2024/CVE-2024-03xx/CVE-2024-0386.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0386",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-12T22:15:07.250",
"lastModified": "2024-03-12T22:15:07.250",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento weForms para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del encabezado HTTP 'Referer' en todas las versiones hasta la 1.6.21 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-11xx/CVE-2024-1137.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1137",
"sourceIdentifier": "security@tibco.com",
"published": "2024-03-12T18:15:07.110",
"lastModified": "2024-03-12T18:15:07.110",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0.\n\n"
},
{
"lang": "es",
"value": "Los componentes Proxy y Cliente de TIBCO ActiveSpaces - Enterprise Edition de TIBCO Software Inc. contienen una vulnerabilidad que, en teor\u00eda, permite a un cliente de Active Spaces observar pasivamente el tr\u00e1fico de datos hacia otros clientes. Las versiones afectadas son TIBCO ActiveSpaces - Enterprise Edition de TIBCO Software Inc.: versiones 4.4.0 a 4.9.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-11xx/CVE-2024-1138.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1138",
"sourceIdentifier": "security@tibco.com",
"published": "2024-03-12T18:15:07.300",
"lastModified": "2024-03-12T18:15:07.300",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below.\n\n"
},
{
"lang": "es",
"value": "El componente del servidor FTL de TIBCO FTL - Enterprise Edition de TIBCO Software Inc. contiene una vulnerabilidad que permite a un atacante con pocos privilegios y acceso a la red ejecutar una escalada de privilegios en el servidor ftl afectado. Las versiones afectadas son TIBCO FTL - Enterprise Edition de TIBCO Software Inc.: versiones 6.10.1 e inferiores."
}
],
"metrics": {

8
CVE-2024/CVE-2024-13xx/CVE-2024-1397.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1397",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-12T23:15:46.480",
"lastModified": "2024-03-12T23:15:46.480",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento HT Mega \u2013 Absolute Addons For Elementor para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los bloques del complemento en todas las versiones hasta la 2.4.6 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en el 'titleTag' atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-14xx/CVE-2024-1410.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1410",
"sourceIdentifier": "cna@cloudflare.com",
"published": "2024-03-12T18:15:07.493",
"lastModified": "2024-03-12T18:15:07.493",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see RFC 9000 Section 5.1 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Endpoints declare the number of active connection IDs they are willing to support using the active_connection_id_limit transport parameter. The peer can create new IDs using a NEW_CONNECTION_ID frame but must stay within the active ID limit. This is done by retirement of old IDs, the endpoint sends NEW_CONNECTION_ID includes a value in the retire_prior_to field, which elicits a RETIRE_CONNECTION_ID frame as confirmation. An unauthenticated remote attacker can exploit the vulnerability by sending NEW_CONNECTION_ID frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that RETIRE_CONNECTION_ID frames can only be sent at a slower rate than they are received, leading to storage of information related to connection IDs in an unbounded queue. Quiche versions 0.19.2 and 0.20.1 are the earliest to address this problem. There is no workaround for affected versions.\n"
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Cloudflare quiche era vulnerable al almacenamiento ilimitado de informaci\u00f3n relacionada con la retirada del ID de conexi\u00f3n, lo que podr\u00eda provocar un consumo excesivo de recursos. Cada conexi\u00f3n QUIC posee un conjunto de Identificadores de conexi\u00f3n (ID); consulte RFC 9000 Secci\u00f3n 5.1 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1. Los endpoints declaran la cantidad de ID de conexi\u00f3n activa que est\u00e1n dispuestos a admitir mediante el par\u00e1metro de transporte active_connection_id_limit. El par puede crear nuevas ID utilizando un framework NEW_CONNECTION_ID pero debe permanecer dentro del l\u00edmite de ID activo. Esto se hace retirando los ID antiguos, el endpoint env\u00eda NEW_CONNECTION_ID e incluye un valor en el campo retire_prior_to, que genera un framework RETIRE_CONNECTION_ID como confirmaci\u00f3n. Un atacante remoto no autenticado puede explotar la vulnerabilidad enviando tramas NEW_CONNECTION_ID y manipulando la conexi\u00f3n (por ejemplo, restringiendo el tama\u00f1o de la ventana de congesti\u00f3n del par) de modo que las tramas RETIRE_CONNECTION_ID solo puedan enviarse a una velocidad m\u00e1s lenta de la que se reciben, lo que lleva al almacenamiento de informaci\u00f3n relacionada con ID de conexi\u00f3n en una cola ilimitada. Las versiones 0.19.2 y 0.20.1 de Quiche son las primeras en solucionar este problema. No existe ning\u00fan workaround para las versiones afectadas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-14xx/CVE-2024-1421.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1421",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-12T23:15:46.667",
"lastModified": "2024-03-12T23:15:46.667",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The HT Mega \u2013 Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018border_type\u2019 attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento HT Mega \u2013 Absolute Addons For Elementor para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo 'border_type' del widget Post Carousel en todas las versiones hasta la 2.4.4 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-15xx/CVE-2024-1582.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1582",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T02:15:51.000",
"lastModified": "2024-03-13T02:15:51.000",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento WP Go Maps (anteriormente WP Google Maps) para WordPress es vulnerable a las Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo abreviado 'wpgmza' del complemento en todas las versiones hasta la 9.0.32 incluida debido a una desinfecci\u00f3n insuficiente de las entradas y a que la salida se escape en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-17xx/CVE-2024-1765.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1765",
"sourceIdentifier": "cna@cloudflare.com",
"published": "2024-03-12T18:15:07.700",
"lastModified": "2024-03-12T18:15:07.700",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client.\nA remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake.\nExploitation was possible for the duration of the connection which could be extended by the attacker.\u00a0\nquiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue.\n\n"
},
{
"lang": "es",
"value": "Cloudflare Quiche (hasta la versi\u00f3n 0.19.1/0.20.0) se vio afectado por una vulnerabilidad de asignaci\u00f3n de recursos ilimitada que provoc\u00f3 un r\u00e1pido aumento del uso de memoria del sistema que ejecuta el servidor o cliente quiche. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad enviando repetidamente un n\u00famero ilimitado de fotogramas 1-RTT CRYPTO despu\u00e9s de completar previamente el protocolo de enlace QUIC. La explotaci\u00f3n era posible mientras durara la conexi\u00f3n, que el atacante pod\u00eda ampliar. quiche 0.19.2 y 0.20.1 son las primeras versiones que contienen la soluci\u00f3n para este problema."
}
],
"metrics": {

4
CVE-2024/CVE-2024-19xx/CVE-2024-1979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1979",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-03-13T10:15:08.153",
"lastModified": "2024-03-13T10:15:08.153",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-20xx/CVE-2024-2031.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2031",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-12T20:15:08.690",
"lastModified": "2024-03-12T20:15:08.690",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoom_recordings_by_meeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento Video Conferencing with Zoom para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto 'zoom_recordings_by_meeting' del complemento en todas las versiones hasta la 4.4.4 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-21xx/CVE-2024-2107.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2107",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-12T22:15:07.470",
"lastModified": "2024-03-12T22:15:07.470",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts."
},
{
"lang": "es",
"value": "El tema Blossom Spa para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.3.4 incluida a trav\u00e9s de la fuente generada. Esto hace posible que atacantes no autenticados extraigan datos confidenciales, incluido el contenido de publicaciones programadas o protegidas con contrase\u00f1a."
}
],
"metrics": {

4
CVE-2024/CVE-2024-21xx/CVE-2024-2123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2123",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T10:15:08.373",
"lastModified": "2024-03-13T10:15:08.373",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-21xx/CVE-2024-2130.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2130",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-12T20:15:08.853",
"lastModified": "2024-03-12T20:15:08.853",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
},
{
"lang": "es",
"value": "El complemento CWW Companion para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del widget Module2 en todas las versiones hasta la 1.2.7 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada."
}
],
"metrics": {

8
CVE-2024/CVE-2024-233xx/CVE-2024-23300.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-23300",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-12T21:15:58.077",
"lastModified": "2024-03-12T21:15:58.077",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution."
},
{
"lang": "es",
"value": "Se solucion\u00f3 un problema de use-after-free con una gesti\u00f3n de memoria mejorada. Este problema se solucion\u00f3 en GarageBand 10.4.11. El procesamiento de un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-23xx/CVE-2024-2395.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2395",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-12T22:15:07.640",
"lastModified": "2024-03-12T22:15:07.640",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to generate and delete labels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Bulgarisation for WooCommerce para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 3.0.14 incluida. Esto se debe a una validaci\u00f3n nonce faltante o incorrecta en varias funciones. Esto hace posible que atacantes no autenticados generen y eliminen etiquetas mediante una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."
}
],
"metrics": {

8
CVE-2024/CVE-2024-240xx/CVE-2024-24092.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24092",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-12T21:15:58.217",
"lastModified": "2024-03-12T21:15:58.217",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to run arbitrary code via login.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Code-projects.org Scholars Tracking System 1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de login.php."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-240xx/CVE-2024-24093.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24093",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-12T21:15:58.370",
"lastModified": "2024-03-12T21:15:58.370",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Code-projects Scholars Tracking System 1.0 permite a atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de informaci\u00f3n de actualizaci\u00f3n de informaci\u00f3n personal."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-240xx/CVE-2024-24097.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24097",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-12T21:15:58.497",
"lastModified": "2024-03-12T21:15:58.497",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en Code-projects Scholars Tracking System 1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de News Feed."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-241xx/CVE-2024-24101.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24101",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-12T22:15:07.423",
"lastModified": "2024-03-12T22:15:07.423",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update."
},
{
"lang": "es",
"value": "Code-projects Scholars Tracking System 1.0 es vulnerable a la inyecci\u00f3n SQL en la Actualizaci\u00f3n de informaci\u00f3n de elegibilidad."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-24xx/CVE-2024-2400.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2400",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-03-13T04:15:08.040",
"lastModified": "2024-03-13T04:15:08.040",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "Use after free en Performance Manager en Google Chrome anterior a 122.0.6261.128 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
}
],
"metrics": {},

8
CVE-2024/CVE-2024-24xx/CVE-2024-2406.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2406",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-12T21:15:59.713",
"lastModified": "2024-03-12T21:15:59.713",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256503."
},
{
"lang": "es",
"value": "Una vulnerabilidad fue encontrada en Gacjie Server hasta 1.0 y clasificada como cr\u00edtica. Esto afecta el \u00edndice de funci\u00f3n del archivo /app/admin/controller/Upload.php. La manipulaci\u00f3n del archivo de argumentos conduce a una carga sin restricciones. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador asociado de esta vulnerabilidad es VDB-256503."
}
],
"metrics": {

8
CVE-2024/CVE-2024-24xx/CVE-2024-2412.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2412",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-03-13T03:15:06.577",
"lastModified": "2024-03-13T03:15:06.577",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled."
},
{
"lang": "es",
"value": "La funci\u00f3n de desactivaci\u00f3n de la p\u00e1gina de registro de usuarios para Heimavista Rpage y Epage no est\u00e1 implementada correctamente, lo que permite a atacantes remotos completar el registro de usuarios en sitios donde se supone que el registro de usuarios est\u00e1 desactivado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-24xx/CVE-2024-2413.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2413",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-03-13T03:15:06.793",
"lastModified": "2024-03-13T03:15:06.793",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality."
},
{
"lang": "es",
"value": "Intumit SmartRobot utiliza una clave de cifrado fija para la autenticaci\u00f3n. Los atacantes remotos pueden usar esta clave para cifrar una cadena compuesta por el nombre del usuario y la marca de tiempo para generar un c\u00f3digo de autenticaci\u00f3n. Con este c\u00f3digo de autenticaci\u00f3n, pueden obtener privilegios de administrador y posteriormente ejecutar c\u00f3digo arbitrario en el servidor remoto utilizando la funcionalidad integrada del sistema."
}
],
"metrics": {

55
CVE-2024/CVE-2024-24xx/CVE-2024-2414.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2414",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-03-13T12:15:06.960",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-419"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-movistar-4g-router",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2024/CVE-2024-24xx/CVE-2024-2415.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2415",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-03-13T12:15:07.293",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Command injection vulnerability in Movistar 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an authenticated user to execute commands inside the router by making a POST request to the URL '/cgi-bin/gui.cgi'."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-movistar-4g-router",
"source": "cve-coordination@incibe.es"
}
]
}

55
CVE-2024/CVE-2024-24xx/CVE-2024-2416.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-2416",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-03-13T12:15:07.513",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery vulnerability in Movistar's 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application in which they are currently authenticated."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve-coordination@incibe.es",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "cve-coordination@incibe.es",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-movistar-4g-router",
"source": "cve-coordination@incibe.es"
}
]
}

4
CVE-2024/CVE-2024-265xx/CVE-2024-26529.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26529",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-13T08:15:43.410",
"lastModified": "2024-03-13T08:15:43.410",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-271xx/CVE-2024-27135.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27135",
"sourceIdentifier": "security@apache.org",
"published": "2024-03-12T19:15:47.567",
"lastModified": "2024-03-12T19:15:47.567",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with \"functionsWorkerEnabled=true\".\n\nThis issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.\n3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.\n3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.\n3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.\n"
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en Pulsar Function Worker permite que un usuario autenticado malicioso ejecute c\u00f3digo Java arbitrario en Pulsar Function Worker, fuera de los entornos limitados designados para ejecutar funciones proporcionadas por el usuario. Esta vulnerabilidad tambi\u00e9n se aplica al Pulsar Broker cuando est\u00e1 configurado con \"functionsWorkerEnabled=true\". Este problema afecta a las versiones de Apache Pulsar de 2.4.0 a 2.10.5, de 2.11.0 a 2.11.3, de 3.0.0 a 3.0.2, de 3.1.0 a 3.1.2 y 3.2.0. 2.10 Los usuarios de Pulsar Function Worker deben actualizar al menos a 2.10.6. 2.11 Los usuarios de Pulsar Function Worker deben actualizar al menos a 2.11.4. Los usuarios de 3.0 Pulsar Function Worker deben actualizar al menos a 3.0.3. 3.1 Los usuarios de Pulsar Function Worker deben actualizar al menos a 3.1.3. 3.2 Los usuarios de Pulsar Function Worker deben actualizar al menos a 3.2.1. Los usuarios que utilicen versiones anteriores a las enumeradas anteriormente deben actualizar a las versiones parcheadas antes mencionadas o a versiones m\u00e1s nuevas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-273xx/CVE-2024-27305.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27305",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T21:15:58.630",
"lastModified": "2024-03-12T21:15:58.630",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "aiosmtpd es una reimplementaci\u00f3n de Python stdlib smtpd.py basada en asyncio. aiosmtpd es vulnerable al contrabando SMTP entrante. El contrabando SMTP es una vulnerabilidad novedosa basada en diferencias de interpretaci\u00f3n no tan novedosas del protocolo SMTP. Al explotar el contrabando SMTP, un atacante puede enviar correos electr\u00f3nicos de contrabando/falsificaci\u00f3n con direcciones de remitente falsas, lo que permite ataques de phishing avanzados. Este problema tambi\u00e9n existe en otro software SMTP como Postfix. Con la constelaci\u00f3n de servidores SMTP adecuada, un atacante puede enviar correos electr\u00f3nicos falsificados a instancias entrantes/receptoras de aiosmtpd. Este problema se solucion\u00f3 en la versi\u00f3n 1.4.5. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-273xx/CVE-2024-27317.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27317",
"sourceIdentifier": "security@apache.org",
"published": "2024-03-12T19:15:47.777",
"lastModified": "2024-03-12T19:15:47.777",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in the zip files, which aren't properly validated, contain special elements like \"..\", altering the directory path. This could allow an attacker to create or modify files outside of the designated extraction directory, potentially influencing system behavior. This vulnerability also applies to the Pulsar Broker when it is configured with \"functionsWorkerEnabled=true\".\n\nThis issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.\n3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.\n3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.\n3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions."
},
{
"lang": "es",
"value": "En Pulsar Functions Worker, los usuarios autenticados pueden cargar funciones en archivos jar o nar. Estos archivos, esencialmente archivos zip, son extra\u00eddos por Functions Worker. Sin embargo, si se carga un archivo malicioso, podr\u00eda aprovechar una vulnerabilidad de cruce de directorio. Esto ocurre cuando los nombres de los archivos zip, que no est\u00e1n validados correctamente, contienen elementos especiales como \"..\", alterando la ruta del directorio. Esto podr\u00eda permitir a un atacante crear o modificar archivos fuera del directorio de extracci\u00f3n designado, lo que podr\u00eda influir en el comportamiento del sistema. Esta vulnerabilidad tambi\u00e9n se aplica al Pulsar Broker cuando est\u00e1 configurado con \"functionsWorkerEnabled=true\". Este problema afecta a las versiones de Apache Pulsar de 2.4.0 a 2.10.5, de 2.11.0 a 2.11.3, de 3.0.0 a 3.0.2, de 3.1.0 a 3.1.2 y 3.2.0. 2.10 Los usuarios de Pulsar Function Worker deben actualizar al menos a 2.10.6. 2.11 Los usuarios de Pulsar Function Worker deben actualizar al menos a 2.11.4. Los usuarios de 3.0 Pulsar Function Worker deben actualizar al menos a 3.0.3. 3.1 Los usuarios de Pulsar Function Worker deben actualizar al menos a 3.1.3. 3.2 Los usuarios de Pulsar Function Worker deben actualizar al menos a 3.2.1. Los usuarios que utilicen versiones anteriores a las enumeradas anteriormente deben actualizar a las versiones parcheadas antes mencionadas o a versiones m\u00e1s nuevas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-274xx/CVE-2024-27440.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27440",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-03-13T06:15:52.273",
"lastModified": "2024-03-13T06:15:52.273",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n oficial de Toyoko Inn para versiones de iOS anteriores a 1.13.0 y la aplicaci\u00f3n oficial de Toyoko Inn para versiones de Android anteriores a 1.3.14 no verifican correctamente los certificados del servidor, lo que permite a un atacante intermediario falsificar servidores y obtener datos e informaci\u00f3n confidencial a trav\u00e9s de un certificado elaborado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-278xx/CVE-2024-27894.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27894",
"sourceIdentifier": "security@apache.org",
"published": "2024-03-12T19:15:47.970",
"lastModified": "2024-03-12T19:15:47.970",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include \"file\", \"http\", and \"https\". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks.\nThis vulnerability also applies to the Pulsar Broker when it is configured with \"functionsWorkerEnabled=true\".\n\nThis issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \n\n2.10 Pulsar Function Worker users should upgrade to at least 2.10.6.\n2.11 Pulsar Function Worker users should upgrade to at least 2.11.4.\n3.0 Pulsar Function Worker users should upgrade to at least 3.0.3.\n3.1 Pulsar Function Worker users should upgrade to at least 3.1.3.\n3.2 Pulsar Function Worker users should upgrade to at least 3.2.1.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.\n\nThe updated versions of Pulsar Functions Worker will, by default, impose restrictions on the creation of functions using URLs. For users who rely on this functionality, the Function Worker configuration provides two configuration keys: \"additionalEnabledConnectorUrlPatterns\" and \"additionalEnabledFunctionsUrlPatterns\". These keys allow users to specify a set of URL patterns that are permitted, enabling the creation of functions using URLs that match the defined patterns. This approach ensures that the feature remains available to those who require it, while limiting the potential for unauthorized access and exploitation."
},
{
"lang": "es",
"value": "Pulsar Functions Worker incluye una capacidad que permite a los usuarios autenticados crear funciones donde se hace referencia a la implementaci\u00f3n de la funci\u00f3n mediante una URL. Los esquemas de URL admitidos incluyen \"archivo\", \"http\" y \"https\". Cuando se crea una funci\u00f3n utilizando este m\u00e9todo, Functions Worker recuperar\u00e1 la implementaci\u00f3n de la URL proporcionada por el usuario. Sin embargo, esta caracter\u00edstica introduce una vulnerabilidad que puede ser aprovechada por un atacante para obtener acceso no autorizado a cualquier archivo para el que el proceso Pulsar Functions Worker tenga permisos de lectura. Esto incluye la lectura del entorno del proceso, que potencialmente incluye informaci\u00f3n confidencial, como secretos. Adem\u00e1s, un atacante podr\u00eda aprovechar esta vulnerabilidad para utilizar Pulsar Functions Worker como proxy para acceder al contenido de las URL de endpoints HTTP y HTTPS remotos. Esto tambi\u00e9n podr\u00eda usarse para llevar a cabo ataques de denegaci\u00f3n de servicio. Esta vulnerabilidad tambi\u00e9n se aplica al Pulsar Broker cuando est\u00e1 configurado con \"functionsWorkerEnabled=true\". Este problema afecta a las versiones de Apache Pulsar de 2.4.0 a 2.10.5, de 2.11.0 a 2.11.3, de 3.0.0 a 3.0.2, de 3.1.0 a 3.1.2 y 3.2.0. 2.10 Los usuarios de Pulsar Function Worker deben actualizar al menos a 2.10.6. 2.11 Los usuarios de Pulsar Function Worker deben actualizar al menos a 2.11.4. Los usuarios de 3.0 Pulsar Function Worker deben actualizar al menos a 3.0.3. 3.1 Los usuarios de Pulsar Function Worker deben actualizar al menos a 3.1.3. 3.2 Los usuarios de Pulsar Function Worker deben actualizar al menos a 3.2.1. Los usuarios que utilicen versiones anteriores a las enumeradas anteriormente deben actualizar a las versiones parcheadas antes mencionadas o a versiones m\u00e1s nuevas. Las versiones actualizadas de Pulsar Functions Worker impondr\u00e1n, de forma predeterminada, restricciones a la creaci\u00f3n de funciones mediante URL. Para los usuarios que dependen de esta funcionalidad, la configuraci\u00f3n de Function Worker proporciona dos claves de configuraci\u00f3n: \"additionalEnabledConnectorUrlPatterns\" y \"additionalEnabledFunctionsUrlPatterns\". Estas claves permiten a los usuarios especificar un conjunto de patrones de URL permitidos, lo que permite la creaci\u00f3n de funciones utilizando URL que coinciden con los patrones definidos. Este enfoque garantiza que la funci\u00f3n permanezca disponible para quienes la requieren, al tiempo que limita el potencial de acceso y explotaci\u00f3n no autorizados."
}
],
"metrics": {

8
CVE-2024/CVE-2024-280xx/CVE-2024-28098.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28098",
"sourceIdentifier": "security@apache.org",
"published": "2024-03-12T19:15:48.177",
"lastModified": "2024-03-12T19:15:48.177",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role.\n\nThis issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. \n\n2.10 Apache Pulsar users should upgrade to at least 2.10.6.\n2.11 Apache Pulsar users should upgrade to at least 2.11.4.\n3.0 Apache Pulsar users should upgrade to at least 3.0.3.\n3.1 Apache Pulsar users should upgrade to at least 3.1.3.\n3.2 Apache Pulsar users should upgrade to at least 3.2.1.\n\nUsers operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions.\n"
},
{
"lang": "es",
"value": "La vulnerabilidad permite a los usuarios autenticados con permisos solo de producci\u00f3n o consumo modificar pol\u00edticas a nivel de tema, como retenci\u00f3n, TTL y configuraciones de descarga. Estas operaciones de administraci\u00f3n deben restringirse a usuarios con la funci\u00f3n de administrador de inquilinos o la funci\u00f3n de superusuario. Este problema afecta a las versiones de Apache Pulsar de 2.7.1 a 2.10.5, de 2.11.0 a 2.11.3, de 3.0.0 a 3.0.2, de 3.1.0 a 3.1.2 y 3.2.0. 2.10 Los usuarios de Apache Pulsar deben actualizar al menos a 2.10.6. 2.11 Los usuarios de Apache Pulsar deben actualizar al menos a 2.11.4. Los usuarios de Apache Pulsar 3.0 deben actualizar al menos a 3.0.3. 3.1 Los usuarios de Apache Pulsar deben actualizar al menos a 3.1.3. 3.2 Los usuarios de Apache Pulsar deben actualizar al menos a 3.2.1. Los usuarios que utilicen versiones anteriores a las enumeradas anteriormente deben actualizar a las versiones parcheadas antes mencionadas o a versiones m\u00e1s nuevas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-281xx/CVE-2024-28112.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28112",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T20:15:07.730",
"lastModified": "2024-03-12T20:15:07.730",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the `name` attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "Peering Manager es una herramienta de gesti\u00f3n de sesiones BGP. Las versiones afectadas de Peering Manager est\u00e1n sujetas a un posible ataque de Cross-Site Scripting (XSS) almacenado en el atributo \"nombre\" de AS o plataforma. El XSS se activa en la p\u00e1gina de detalles de un enrutador. Los adversarios pueden ejecutar c\u00f3digo JavaScript arbitrario con el permiso de la v\u00edctima. Los ataques XSS se utilizan a menudo para robar credenciales o tokens de inicio de sesi\u00f3n de otros usuarios. Este problema se solucion\u00f3 en la versi\u00f3n 1.8.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-281xx/CVE-2024-28113.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28113",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T20:15:07.933",
"lastModified": "2024-03-12T20:15:07.933",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Peering Manager is a BGP session management tool. In Peering Manager <=1.8.2, it is possible to redirect users to an arbitrary page using a crafted url. As a result users can be redirected to an unexpected location. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Peering Manager es una herramienta de gesti\u00f3n de sesiones BGP. En Peering Manager &lt;=1.8.2, es posible redirigir a los usuarios a una p\u00e1gina arbitraria mediante una URL manipulada. Como resultado, los usuarios pueden ser redirigidos a una ubicaci\u00f3n inesperada. Este problema se solucion\u00f3 en la versi\u00f3n 1.8.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-281xx/CVE-2024-28114.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28114",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T20:15:08.113",
"lastModified": "2024-03-12T20:15:08.113",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager <=1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
},
{
"lang": "es",
"value": "Peering Manager es una herramienta de gesti\u00f3n de sesiones BGP. Existe una vulnerabilidad de inyecci\u00f3n de plantilla del lado del servidor que conduce a la ejecuci\u00f3n remota de c\u00f3digo en Peering Manager &lt;=1.8.2. Como resultado, se pueden ejecutar comandos arbitrarios en el sistema operativo que ejecuta Peering Manager. Este problema se solucion\u00f3 en la versi\u00f3n 1.8.3. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-281xx/CVE-2024-28121.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28121",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T20:15:08.313",
"lastModified": "2024-03-12T20:15:08.313",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security implications. To invoke a reflex a websocket message of the following shape is sent: `\\\"target\\\":\\\"[class_name]#[method_name]\\\",\\\"args\\\":[]`. The server will proceed to instantiate `reflex` using the provided `class_name` as long as it extends `StimulusReflex::Reflex`. It then attempts to call `method_name` on the instance with the provided arguments. This is problematic as `reflex.method method_name` can be more methods that those explicitly specified by the developer in their reflex class. A good example is the instance_variable_set method. This vulnerability has been patched in versions 3.4.2 and 3.5.0.rc4. Users unable to upgrade should: see the backing GHSA advisory for mitigation advice."
},
{
"lang": "es",
"value": "stimulus_reflex es un sistema para ampliar las capacidades de Rails y Stimulus interceptando las interacciones del usuario y pas\u00e1ndolas a Rails a trav\u00e9s de websockets en tiempo real. En las versiones afectadas se pueden invocar m\u00e1s m\u00e9todos de los esperados en instancias reflejas. Poder llamar a algunos de ellos tiene implicaciones de seguridad. Para invocar un reflejo, se env\u00eda un mensaje websocket con la siguiente forma: `\\\"target\\\":\\\"[class_name]#[method_name]\\\",\\\"args\\\":[]`. El servidor proceder\u00e1 a crear una instancia de `reflex` utilizando el `class_name` proporcionado siempre que extienda `StimulusReflex::Reflex`. Luego intenta llamar a \"method_name\" en la instancia con los argumentos proporcionados. Esto es problem\u00e1tico ya que `reflex.method method_name` puede contener m\u00e1s m\u00e9todos que los especificados expl\u00edcitamente por el desarrollador en su clase refleja. Un buen ejemplo es el m\u00e9todo instance_variable_set. Esta vulnerabilidad ha sido parcheada en las versiones 3.4.2 y 3.5.0.rc4. Los usuarios que no puedan actualizar deben: consultar el aviso de respaldo de GHSA para obtener consejos de mitigaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-281xx/CVE-2024-28186.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28186",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T20:15:08.503",
"lastModified": "2024-03-12T20:15:08.503",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "FreeScout is an open source help desk and shared inbox built with PHP.\n\nA vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing complete stack traces of exceptions in its database. The sensitive information is then inadvertently disclosed to users via the `/conversation/ajax-html/send_log?folder_id=&thread_id={id}` endpoint. The stack trace reveals value of parameters, including the username and password, passed to the `Swift_Transport_Esmtp_Auth_LoginAuthenticator->authenticate()` function. Exploiting this vulnerability allows an attacker to gain unauthorized access to SMTP server credentials. With this sensitive information in hand, the attacker can potentially send unauthorized emails from the compromised SMTP server, posing a severe threat to the confidentiality and integrity of email communications. This could lead to targeted attacks on both the application users and the organization itself, compromising the security of email exchange servers. This issue has been addressed in version 1.8.124. Users are advised to upgrade. Users unable to upgrade should adopt the following measures: 1. Avoid Storing Complete Stack Traces, 2. Implement redaction mechanisms to filter and exclude sensitive information, and 3. Review and enhance the application's logging practices."
},
{
"lang": "es",
"value": "FreeScout es una mesa de ayuda de c\u00f3digo abierto y una bandeja de entrada compartida creada con PHP. Se ha identificado una vulnerabilidad en la aplicaci\u00f3n Free Scout, que expone las credenciales del servidor SMTP utilizadas por una organizaci\u00f3n en la aplicaci\u00f3n a los usuarios de la aplicaci\u00f3n. Este problema surge cuando la aplicaci\u00f3n almacena seguimientos completos de excepciones en su base de datos. Luego, la informaci\u00f3n confidencial se divulga inadvertidamente a los usuarios a trav\u00e9s del endpoint `/conversation/ajax-html/send_log?folder_id=&amp;thread_id={id}`. El seguimiento de la pila revela el valor de los par\u00e1metros, incluidos el nombre de usuario y la contrase\u00f1a, pasados a la funci\u00f3n `Swift_Transport_Esmtp_Auth_LoginAuthenticator-&gt;authenticate()`. La explotaci\u00f3n de esta vulnerabilidad permite a un atacante obtener acceso no autorizado a las credenciales del servidor SMTP. Con esta informaci\u00f3n confidencial en la mano, el atacante puede potencialmente enviar correos electr\u00f3nicos no autorizados desde el servidor SMTP comprometido, lo que representa una grave amenaza para la confidencialidad y la integridad de las comunicaciones por correo electr\u00f3nico. Esto podr\u00eda dar lugar a ataques dirigidos tanto a los usuarios de la aplicaci\u00f3n como a la propia organizaci\u00f3n, comprometiendo la seguridad de los servidores de intercambio de correo electr\u00f3nico. Este problema se solucion\u00f3 en la versi\u00f3n 1.8.124. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar deben adoptar las siguientes medidas: 1. Evitar almacenar seguimientos de pila completos, 2. Implementar mecanismos de redacci\u00f3n para filtrar y excluir informaci\u00f3n confidencial, y 3. Revisar y mejorar las pr\u00e1cticas de registro de la aplicaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-282xx/CVE-2024-28236.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28236",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T21:15:59.027",
"lastModified": "2024-03-12T21:15:59.027",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like `parameters`, `image` and `entrypoint` to inject secrets into a plugin/image and \u2014 by using common substitution string manipulation \u2014 can bypass log masking and expose secrets without the use of the commands block. This unexpected behavior primarily impacts secrets restricted by the \"no commands\" option. This can lead to unintended use of the secret value, and increased risk of exposing the secret during image execution bypassing log masking. **To exploit this** the pipeline author must be supplying the secrets to a plugin that is designed in such a way that will print those parameters in logs. Plugin parameters are not designed for sensitive values and are often intentionally printed throughout execution for informational/debugging purposes. Parameters should therefore be treated as insensitive. While Vela provides secrets masking, secrets exposure is not entirely solved by the masking process. A docker image (plugin) can easily expose secrets if they are not handled properly, or altered in some way. There is a responsibility on the end-user to understand how values injected into a plugin are used. This is a risk that exists for many CICD systems (like GitHub Actions) that handle sensitive runtime variables. Rather, the greater risk is that users who restrict a secret to the \"no commands\" option and use image restriction can still have their secret value exposed via substitution tinkering, which turns the image and command restrictions into a false sense of security. This issue has been addressed in version 0.23.2. Users are advised to upgrade. Users unable to upgrade should not provide sensitive values to plugins that can potentially expose them, especially in `parameters` that are not intended to be used for sensitive values, ensure plugins (especially those that utilize shared secrets) follow best practices to avoid logging parameters that are expected to be sensitive, minimize secrets with `pull_request` events enabled, as this allows users to change pipeline configurations and pull in secrets to steps not typically part of the CI process, make use of the build approval setting, restricting builds from untrusted users, and limit use of shared secrets, as they are less restrictive to access by nature."
},
{
"lang": "es",
"value": "Vela es un marco de automatizaci\u00f3n de tuber\u00edas (CI/CD) construido sobre tecnolog\u00eda de contenedores de Linux escrita en Golang. Los pipelines de Vela pueden usar sustituci\u00f3n de variables combinada con campos insensibles como \"par\u00e1metros\", \"imagen\" y \"punto de entrada\" para inyectar secretos en un complemento/imagen y, mediante el uso de manipulaci\u00f3n com\u00fan de cadenas de sustituci\u00f3n, pueden evitar el enmascaramiento de registros y exponer secretos sin el uso de el bloque de comandos. Este comportamiento inesperado afecta principalmente a los secretos restringidos por la opci\u00f3n \"sin comandos\". Esto puede provocar un uso no intencionado del valor secreto y un mayor riesgo de exponer el secreto durante la ejecuci\u00f3n de la imagen sin pasar por el enmascaramiento del registro. **Para explotar esto**, el autor de la canalizaci\u00f3n debe proporcionar los secretos a un complemento manipulado de tal manera que imprima esos par\u00e1metros en los registros. Los par\u00e1metros del complemento no est\u00e1n manipulados para valores confidenciales y, a menudo, se imprimen intencionalmente durante la ejecuci\u00f3n con fines informativos/depuraci\u00f3n. Por lo tanto, los par\u00e1metros deben tratarse como insensibles. Si bien Vela proporciona enmascaramiento de secretos, la exposici\u00f3n de secretos no se resuelve por completo mediante el proceso de enmascaramiento. Una imagen acoplable (complemento) puede exponer secretos f\u00e1cilmente si no se manejan adecuadamente o se modifican de alguna manera. El usuario final tiene la responsabilidad de comprender c\u00f3mo se utilizan los valores inyectados en un complemento. Este es un riesgo que existe para muchos sistemas CICD (como GitHub Actions) que manejan variables confidenciales de tiempo de ejecuci\u00f3n. M\u00e1s bien, el mayor riesgo es que los usuarios que restringen un secreto a la opci\u00f3n \"sin comandos\" y usan restricci\u00f3n de im\u00e1genes a\u00fan puedan exponer su valor secreto a trav\u00e9s de modificaciones de sustituci\u00f3n, lo que convierte las restricciones de im\u00e1genes y comandos en una falsa sensaci\u00f3n de seguridad. Este problema se solucion\u00f3 en la versi\u00f3n 0.23.2. Se recomienda a los usuarios que actualicen. Los usuarios que no puedan actualizar no deben proporcionar valores confidenciales a los complementos que potencialmente puedan exponerlos, especialmente en los \"par\u00e1metros\" que no est\u00e1n destinados a ser utilizados para valores confidenciales, aseg\u00farese de que los complementos (especialmente aquellos que utilizan secretos compartidos) sigan las mejores pr\u00e1cticas para evitar el registro de par\u00e1metros. que se espera que sean confidenciales, minimice los secretos con los eventos `pull_request` habilitados, ya que esto permite a los usuarios cambiar las configuraciones de canalizaci\u00f3n e incorporar secretos a pasos que normalmente no forman parte del proceso de CI, utilice la configuraci\u00f3n de aprobaci\u00f3n de compilaci\u00f3n y restrinja las compilaciones que no sean de confianza, usuarios y limitar el uso de secretos compartidos, ya que su acceso es menos restrictivo por naturaleza."
}
],
"metrics": {

8
CVE-2024/CVE-2024-282xx/CVE-2024-28238.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28238",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T21:15:59.297",
"lastModified": "2024-03-12T21:15:59.297",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Directus es una API y un panel de aplicaciones en tiempo real para administrar el contenido de la base de datos SQL. Al llegar a la p\u00e1gina /files, se pasa un JWT mediante una solicitud GET. La inclusi\u00f3n de tokens de sesi\u00f3n en las URL plantea un riesgo de seguridad ya que las URL a menudo se registran en varios lugares (por ejemplo, registros del servidor web, historial del navegador). Los atacantes que obtienen acceso a estos registros pueden secuestrar sesiones de usuarios activos, lo que lleva a un acceso no autorizado a informaci\u00f3n confidencial o acciones en nombre del usuario. Este problema se solucion\u00f3 en la versi\u00f3n 10.10.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

8
CVE-2024/CVE-2024-282xx/CVE-2024-28239.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-28239",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-12T21:15:59.513",
"lastModified": "2024-03-12T21:15:59.513",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message \"Your password needs to be updated\" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "Directus es una API y un panel de aplicaciones en tiempo real para administrar el contenido de la base de datos SQL. La API de autenticaci\u00f3n tiene un par\u00e1metro \"redirect\" que puede explotarse como una vulnerabilidad de redireccionamiento abierto cuando el usuario intenta iniciar sesi\u00f3n a trav\u00e9s de la URL de la API. Hay una redirecci\u00f3n que se realiza despu\u00e9s de iniciar sesi\u00f3n correctamente a trav\u00e9s de la solicitud GET de Auth API a `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. Si bien las credenciales no parecen pasarse al sitio del atacante, se puede hacer phishing al usuario para que haga clic en un sitio directo leg\u00edtimo y ser llevado a un sitio malicioso que parece un mensaje de error \"Su contrase\u00f1a debe actualizarse\" para phishing. sacar la contrase\u00f1a actual. Los usuarios que inician sesi\u00f3n a trav\u00e9s de OAuth2 en Directus pueden estar en riesgo. Este problema se solucion\u00f3 en la versi\u00f3n 10.10.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
}
],
"metrics": {

4
CVE-2024/CVE-2024-286xx/CVE-2024-28623.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28623",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-13T08:15:43.497",
"lastModified": "2024-03-13T08:15:43.497",
"vulnStatus": "Received",
"lastModified": "2024-03-13T12:33:51.697",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

46
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-13T11:01:03.190504+00:00
2024-03-13T13:00:31.294993+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-13T10:15:08.373000+00:00
2024-03-13T12:33:51.697000+00:00
```
### Last Data Feed Release
@ -29,27 +29,47 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
241262
241265
```
### CVEs added in the last Commit
Recently added CVEs: `8`
Recently added CVEs: `3`
* [CVE-2015-10123](CVE-2015/CVE-2015-101xx/CVE-2015-10123.json) (`2024-03-13T09:15:06.633`)
* [CVE-2018-25090](CVE-2018/CVE-2018-250xx/CVE-2018-25090.json) (`2024-03-13T09:15:07.040`)
* [CVE-2023-28517](CVE-2023/CVE-2023-285xx/CVE-2023-28517.json) (`2024-03-13T10:15:06.790`)
* [CVE-2023-32335](CVE-2023/CVE-2023-323xx/CVE-2023-32335.json) (`2024-03-13T10:15:07.413`)
* [CVE-2023-38723](CVE-2023/CVE-2023-387xx/CVE-2023-38723.json) (`2024-03-13T10:15:07.680`)
* [CVE-2023-43043](CVE-2023/CVE-2023-430xx/CVE-2023-43043.json) (`2024-03-13T10:15:07.927`)
* [CVE-2024-1979](CVE-2024/CVE-2024-19xx/CVE-2024-1979.json) (`2024-03-13T10:15:08.153`)
* [CVE-2024-2123](CVE-2024/CVE-2024-21xx/CVE-2024-2123.json) (`2024-03-13T10:15:08.373`)
* [CVE-2024-2414](CVE-2024/CVE-2024-24xx/CVE-2024-2414.json) (`2024-03-13T12:15:06.960`)
* [CVE-2024-2415](CVE-2024/CVE-2024-24xx/CVE-2024-2415.json) (`2024-03-13T12:15:07.293`)
* [CVE-2024-2416](CVE-2024/CVE-2024-24xx/CVE-2024-2416.json) (`2024-03-13T12:15:07.513`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `55`
* [CVE-2024-2395](CVE-2024/CVE-2024-23xx/CVE-2024-2395.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-2400](CVE-2024/CVE-2024-24xx/CVE-2024-2400.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-2406](CVE-2024/CVE-2024-24xx/CVE-2024-2406.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-24092](CVE-2024/CVE-2024-240xx/CVE-2024-24092.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-24093](CVE-2024/CVE-2024-240xx/CVE-2024-24093.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-24097](CVE-2024/CVE-2024-240xx/CVE-2024-24097.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-24101](CVE-2024/CVE-2024-241xx/CVE-2024-24101.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-2412](CVE-2024/CVE-2024-24xx/CVE-2024-2412.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-2413](CVE-2024/CVE-2024-24xx/CVE-2024-2413.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-26529](CVE-2024/CVE-2024-265xx/CVE-2024-26529.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-27135](CVE-2024/CVE-2024-271xx/CVE-2024-27135.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-27305](CVE-2024/CVE-2024-273xx/CVE-2024-27305.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-27317](CVE-2024/CVE-2024-273xx/CVE-2024-27317.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-27440](CVE-2024/CVE-2024-274xx/CVE-2024-27440.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-27894](CVE-2024/CVE-2024-278xx/CVE-2024-27894.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-28098](CVE-2024/CVE-2024-280xx/CVE-2024-28098.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-28112](CVE-2024/CVE-2024-281xx/CVE-2024-28112.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-28113](CVE-2024/CVE-2024-281xx/CVE-2024-28113.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-28114](CVE-2024/CVE-2024-281xx/CVE-2024-28114.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-28121](CVE-2024/CVE-2024-281xx/CVE-2024-28121.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-28186](CVE-2024/CVE-2024-281xx/CVE-2024-28186.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-28236](CVE-2024/CVE-2024-282xx/CVE-2024-28236.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-28238](CVE-2024/CVE-2024-282xx/CVE-2024-28238.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-28239](CVE-2024/CVE-2024-282xx/CVE-2024-28239.json) (`2024-03-13T12:33:51.697`)
* [CVE-2024-28623](CVE-2024/CVE-2024-286xx/CVE-2024-28623.json) (`2024-03-13T12:33:51.697`)
## Download and Usage

113
_state.csv
View File

@ -74556,7 +74556,7 @@ CVE-2015-1012,0,0,7777e1624467c07d90fc6228dcb3cca0b6f092e5fbcfe37c3d155136cc858b
CVE-2015-10120,0,0,2d68b8e97de7127978f37d04434cb6175a6542d0921158265bfe0bbadaca830f,2024-02-29T01:16:12.167000
CVE-2015-10121,0,0,3e6f025f979ba6762c6b6039d41006e698cba93d953d49e03032b2b311a7ef53,2024-02-29T01:16:12.260000
CVE-2015-10122,0,0,998390a6ce73740fc3805774a60d188589b8db3beae0057ad1b1d8d9af45c74f,2024-02-29T01:16:12.333000
CVE-2015-10123,1,1,3a1d883d0827ac3cdfb05f278b83bf9a8f0bce0db69e0cf5e3ae9c192e934345,2024-03-13T09:15:06.633000
CVE-2015-10123,0,1,cddfca6651417fdc3880d45efb10a952989f236441c905a378780e933f554ae6,2024-03-13T12:33:51.697000
CVE-2015-10124,0,0,c0490d9f4c65ce964bd11bcf26ea3b54bd50ac2b7b5f6665b83e02fa0892812f,2024-02-29T01:16:12.430000
CVE-2015-10125,0,0,aa5d2e3a50d45f4a43843a32eef9e2d3eb114b87557df91910ca9536f86c8227,2024-02-29T01:16:12.533000
CVE-2015-10126,0,0,0c7ca5e0adde33e9c1c60d1714cb9ea5ed587a48c07b34bab574653d2ae00d99,2024-02-29T01:16:12.620000
@ -74564,7 +74564,7 @@ CVE-2015-10127,0,0,135ec75bbb60ac1d3498fbe3853a6f7fdb3c113fe85618f37f9ebed37375f
CVE-2015-10128,0,0,15bd6b8a650a6a2200ccd02e0c94ea61c311e4ee86aaeba3e2c710f81253bb40,2024-02-29T01:16:12.793000
CVE-2015-10129,0,0,0c802a4fffa1be27673773609ec54ea1a2d6b37c5e92509dd9c48591b1b73a7d,2024-02-29T01:16:12.903000
CVE-2015-1013,0,0,23f947ef2a14ceb5b694d30df996f8b07d473b30458159701da9568ed0c06853,2015-05-27T16:44:25.970000
CVE-2015-10130,0,0,19f2dea40e8d2371b089b9f3199d452f158c13bd436816d2f74c955463b67592,2024-03-13T03:15:05.993000
CVE-2015-10130,0,1,c9cd0bb1902f6b2922598f4ff9cb0b2bc2845ec1c78759c0478a96b36f83ddfe,2024-03-13T12:33:51.697000
CVE-2015-1014,0,0,bcef1257ddc4c4f77cf21cd284e8ee72e8a135c6962181cd5a3131a49fdfdb96,2019-10-09T23:13:03.937000
CVE-2015-1015,0,0,956792c50ce2b78cf733dec45219e1d485d14d19c9547c307372ee3a9d399d12,2015-10-06T23:49:39.873000
CVE-2015-1026,0,0,267d1aaec4f9d9694d71557c2fea9d2ff75e1a7f8f7e8d82ae922091bfb48756,2018-10-09T19:55:41.077000
@ -121359,7 +121359,7 @@ CVE-2018-25086,0,0,fef9b30e18987be0e57a4557f97b6ca5f655ad678567e7beef83c2b266688
CVE-2018-25087,0,0,25f0745ceeece7f4dd5ce343196b26509332cb9d75643c5805917d6d700b4651,2024-02-29T01:23:14.767000
CVE-2018-25088,0,0,1b36c43d1a3cc2e5cada8ff165d24b7db8bb22403aaa7618ad56d867e313f7a3,2024-02-29T01:23:14.860000
CVE-2018-25089,0,0,6b678cc239ea7aabf19e23269db326530c77b650c21bfd212147ef39b8273bb0,2024-02-29T01:23:14.960000
CVE-2018-25090,1,1,ceb738177643265d82800e1f23117ee055b903aca8b7e59d86156685cf52e56b,2024-03-13T09:15:07.040000
CVE-2018-25090,0,1,21c1b39dedf93912ca93ebda5a6ea121652a794a8dcb63f9b125373c0306881a,2024-03-13T12:33:51.697000
CVE-2018-25091,0,0,a9e1af0dfa5f6f4201536a763a51b3ff50809da3614841287698d9d33720e483,2023-10-19T14:01:05.073000
CVE-2018-25092,0,0,50184a2276bbedcf429af128f009ae97a16e3c5d0663d0719f966002bd2a16e3,2024-02-29T01:23:15.070000
CVE-2018-25093,0,0,2f4e125c33cc935641e45101e57eb03ab216fd0e695b1a7ad936e68f8923ca9f,2024-02-29T01:23:15.163000
@ -200728,7 +200728,7 @@ CVE-2022-34318,0,0,ee2e04bf754c379b5816fa247af6d025f7d7fb33e5911e0d2b30dc09a960f
CVE-2022-34319,0,0,f0c823501e5894965ac6d9ed57d1dd3ca0b8c4ec2d000e9681c588e734d58246,2023-11-07T03:48:32.310000
CVE-2022-3432,0,0,ab6b85a47217749966be4e8c245fb6c573126e20d2b210ad8c76ad8b863a08aa,2023-02-03T18:24:45.757000
CVE-2022-34320,0,0,f002d4c5af5d11d655c22a0753f56cd6a0c984815c5b1258572e0ec1ac87a2e4,2023-11-07T03:48:32.423000
CVE-2022-34321,0,0,446cd9021328420505d05a208772a864fdb91c5d378e2dac68e3b2275050e7cc,2024-03-12T19:15:47.303000
CVE-2022-34321,0,1,3db7d19352359554ded18a3e284cc3be03778fc1877499a13b5773d2f620c1df,2024-03-13T12:33:51.697000
CVE-2022-34322,0,0,56d0797334231c8bcd93b681e8d2bda02e4b07471c6e2bc8568bc8d2e5bef264,2023-01-09T16:16:09.550000
CVE-2022-34323,0,0,9c4360c159eb3e0e14ee838f5ac5709e7de891789deedc7a8e76d748a6394caa,2023-01-09T16:22:36.953000
CVE-2022-34324,0,0,fffbb9155e0ad85a1f120c200fe341013895e51b23d2d39ac3ff8e5e2c0bda6a,2023-01-09T15:24:44.180000
@ -220164,7 +220164,7 @@ CVE-2023-2851,0,0,92413164918326bcbdc0d9c7609376fed1722150a4930dd4074634fb5e83fd
CVE-2023-28512,0,0,35a4c01427b53af36ecd75a797354c3bb9cf5b15376216b566152f060b0e57a5,2024-03-04T13:58:23.447000
CVE-2023-28513,0,0,e652398fc7be4c8b602f7170a3584626006c5e4b2c82c51a90f0dccef195c05e,2023-07-31T18:52:53.283000
CVE-2023-28514,0,0,13c8eb9909ce797d0a78e74cca50d0b13dc4c738c801301dfdcda30df4fca0b4,2023-05-26T15:42:03.927000
CVE-2023-28517,1,1,54f32d01b0e701ee666483a47b7485f66e7137df19fc29f0633ca66b5aba03c2,2024-03-13T10:15:06.790000
CVE-2023-28517,0,1,59d0dfac88d25f2ed6b0e543a21e57b239a630b2775acb155c073f8bb8694439,2024-03-13T12:33:51.697000
CVE-2023-2852,0,0,9e7ab75f67deb8e584c7f063682dc633c05ba1ccab104314cbdc92fe0a93db0e,2023-07-14T17:46:14.223000
CVE-2023-28520,0,0,6d3894db7ff47e1b21104537808095d722e6ede0f5633aed0fbf9feb507162d6,2023-05-19T17:13:10.227000
CVE-2023-28522,0,0,8bbf4232c7eaccf09e2c9b67036392ce612e474f12236686ad3e107906edd35d,2023-05-22T14:51:38.743000
@ -221984,7 +221984,7 @@ CVE-2023-30961,0,0,8584a8dd87c1a1aaad34ee5a0f0aecc09be0b1e2709534bd00668442991f6
CVE-2023-30962,0,0,6db7ed0fc76b123c7c348b8ad22a9d53a6758b482429ec94d4f6b7b94dfb6391,2023-11-07T04:14:09.340000
CVE-2023-30963,0,0,08ee7dab2580679df1423c8057c0fad42f6b01e80febc0319fa9c5ca82aec511,2023-11-07T04:14:09.497000
CVE-2023-30967,0,0,6246ee0f3c942a2c540e2140d832814330936adf9602b9a25b94ff0c0ea5ff12,2023-11-07T04:14:09.610000
CVE-2023-30968,0,0,ea58e673f6861cb74af70a1011c0d65eeea28aeb052d97cb18b036435226e2ba,2024-03-12T20:15:07.347000
CVE-2023-30968,0,1,f260d86d75863868ce02d928e9382bb9d441ed3d01ccb036844293827525e57c,2024-03-13T12:33:51.697000
CVE-2023-30969,0,0,a59f750e5c2029dcd0d86cb77bfd7d8c64cc03777e913b0707ac5208406c2a4f,2023-11-07T04:14:09.777000
CVE-2023-3097,0,0,6a1aaa0de8b3d9a71561ccbb3842a82101382d140be5defd58eed55410f84016,2024-02-29T01:40:22.320000
CVE-2023-30970,0,0,d7e144174523a7ba80c8e3114e26f5372d070cfac9bf268ac369ee629791ba4d,2024-02-07T21:04:19.733000
@ -222888,7 +222888,7 @@ CVE-2023-32331,0,0,117acd59399195d85fcaa56b1056fb6042c6e939204692f24e2a3a17b6468
CVE-2023-32332,0,0,7980ff395efe7bbcbf918186797a04f674c532be63c1f22a4c9301d37356dde9,2023-09-13T12:46:51.907000
CVE-2023-32333,0,0,ae035d67d3adb864f8f628bb1fd0f3d6b8b8420cfea980d91e03880271cce2c1,2024-02-07T20:50:16.983000
CVE-2023-32334,0,0,bd48dcbd6fe2a930dd9112e43e65a167887ed5323c2b0931863e5bc613843129,2023-06-10T00:01:21.103000
CVE-2023-32335,1,1,453d31efb1bd16a5824a5f0696578d1a9c6ac2c115613471f6de075010a93c6a,2024-03-13T10:15:07.413000
CVE-2023-32335,0,1,e937fbe5dee5284f93fe866202eae159c969b33aaa06fd3bb25505b2a50ed84d,2024-03-13T12:33:51.697000
CVE-2023-32336,0,0,9495f63b7361761055c0b77b32f758c020fcb645998db7902cfa540bdb7005f6,2023-05-26T02:06:02.840000
CVE-2023-32337,0,0,8e13798dfac3f013e8239723ef9473a6944d9a8f93ad0482ad50725ce52892f3,2024-01-24T21:24:01.383000
CVE-2023-32338,0,0,200428ab3c1992e5f90ce1dbd8a0d7d16c17cba2799c97b1edb7a00b6fcad314,2023-09-08T16:53:07.857000
@ -227400,7 +227400,7 @@ CVE-2023-3872,0,0,facf4d2c06262f9effc46d8d28ea10a5b80a413aaec9aac12ef5031f2c0e7c
CVE-2023-38720,0,0,35e9fc28ab404db547942e0de22238b38471a81956be951de883e0556e080837,2023-12-22T21:08:14.097000
CVE-2023-38721,0,0,adea9723da3bc2a887e2239522340df13384479ee40d95de34e37b8a7308c56c,2023-08-23T16:43:40.517000
CVE-2023-38722,0,0,671011fc37535d006e8bd4f6abb1cbe4df128c90fe5d2c6bd583ead77ce13e0d,2023-10-28T03:32:31.233000
CVE-2023-38723,1,1,d1a5155793fddfcda8be17c0b889ca9bd9322f3eb3ecb01be7aff7aefe2cbd81,2024-03-13T10:15:07.680000
CVE-2023-38723,0,1,96134dfa5c8cc6a33ce702e38b1d00898c8a0da2b221bfaeb2380ab217692854,2024-03-13T12:33:51.697000
CVE-2023-38727,0,0,67e3acf0dbfaba760bdb5942f0f234a680ed76f81d4b3e56c5dc500c4ddf8ec4,2024-01-19T16:15:09.123000
CVE-2023-38728,0,0,4ae0aa245bfd2c5b381beb3353a88eb25960c87d2f2b539906ba0ee433f0dd76,2023-12-22T21:08:08.530000
CVE-2023-3873,0,0,49463f8c5027505c6119ee1bbf961a3d40b3b21adb0c05c2a3c23d9d36923179,2024-02-29T01:40:48.760000
@ -229712,8 +229712,8 @@ CVE-2023-42295,0,0,76e92c5a31a1c38c774b96fb948b716fe550c55e664576533af49902b5cab
CVE-2023-42298,0,0,007b09605f4ed7b0628f77a85d1e0a7fe95be1f19353799459bee4c90043a90b,2023-10-17T14:11:02.190000
CVE-2023-42299,0,0,54772fa99a7414f8b4e9da566be57b517ecfcfc76d5e3020251730f7847cac7b,2023-11-10T04:12:40.023000
CVE-2023-4230,0,0,6d7bd5e717f426a79420f1ddb6b096459a8fff7bab939f00eda6d67ab17f196e,2023-09-01T17:12:36.097000
CVE-2023-42307,0,0,45d1a2df0f389c8fa63fbddc3d045032c99edf9943e2d0491d832e5c79e9d05d,2024-03-12T21:15:55.703000
CVE-2023-42308,0,0,c573c8073614954132aaf9f45f54741450bc1aae5095c974a7532814e8b588d2,2024-03-12T21:15:55.787000
CVE-2023-42307,0,1,ce382c187fb7a4dc1beb875d9d0cc216e45f2fc80e1bb73f16f8b6f543bfb27a,2024-03-13T12:33:51.697000
CVE-2023-42308,0,1,cb65467d45f4c68f0a1c71a970a325eb4ae4d780de531cbeadeee9e224398dfb,2024-03-13T12:33:51.697000
CVE-2023-4231,0,0,9fe438b362e987e1bd5478fecc03b722cdeb47042c8b48f7f1a0c8b2252caa0f,2023-09-20T15:34:03.560000
CVE-2023-42319,0,0,87c7f208f7b7fa9dd6600e58b74858fba05deaefd76c0c4895dbb2329a41e4f1,2023-10-25T17:39:00.483000
CVE-2023-42320,0,0,3e7352de3aa6a2b56fea495ac18def69c814404eafb546927db3da5449ccca60,2023-09-21T17:37:44.687000
@ -230225,7 +230225,7 @@ CVE-2023-4303,0,0,2c12b3e78cbec10edb71c0fbc53445241d506ae36d9f0fb78c5aaba2f436d6
CVE-2023-4304,0,0,660d6cccb8e02663a9ba84830bd8105baf146f4123de3c254e40adb51051cfac,2023-12-18T11:15:13.893000
CVE-2023-43041,0,0,e16c503e7d5d47658f011f60a7df14425f60135399b4140838cd3633017249fb,2023-11-07T19:50:24.617000
CVE-2023-43042,0,0,c288ece6660ac5a136d6bc934f9aaa48e9f389c0348766072b07b7d134b7768e,2023-12-19T01:35:21.737000
CVE-2023-43043,1,1,9a6fa3ad6e5f76024380ccba6d8c13d6184ffd528e691b2e8161c0e137635f52,2024-03-13T10:15:07.927000
CVE-2023-43043,0,1,e470117b783987d989642fb789f0734a76eedb925978b0dd0c218afe87703d5c,2024-03-13T12:33:51.697000
CVE-2023-43044,0,0,9ac76b88b15848176985813ea4cc6c90d9d2cc43a599d7ecd67732370be5224c,2023-10-03T00:42:10.740000
CVE-2023-43045,0,0,615ff04eb4ccc37953d7722ecd16952879ca2876fbb52885620eca88a67e35af,2023-10-28T03:33:35.547000
CVE-2023-43051,0,0,77b07505e5cd9c7e1920cd645ed73206a1f96a85220915ef765381a6ccbd5cc9,2024-02-26T16:32:25.577000
@ -230348,13 +230348,13 @@ CVE-2023-43271,0,0,eed1b842f51121f55ac61b5e82eb82d797b3d3f51dfbd7f29fc145284b338
CVE-2023-43274,0,0,9a76a4f96bdabc078eca25d6d30a731c62d6b0536040a8aceec7ed331b2ca0b6,2023-09-22T02:15:02.017000
CVE-2023-43275,0,0,a66f26a59cf0c59ffad4695c3eab962513cd731b129f69d22d80e3df142a296d,2023-11-21T01:51:11.677000
CVE-2023-43278,0,0,0f16c98f2e89fb91931050970b11d8655bc98d54c38b788f418cf003b78d9eeb,2023-09-26T14:38:05.117000
CVE-2023-43279,0,0,2678cdcd59ab90e0f89a0665657286053085312598cfa175ef26706c460adaca,2024-03-12T22:15:07.197000
CVE-2023-43279,0,1,0501bbf5591532731c5b92a6d48f7850ad66c1502a216c9abe61f26f687167b5,2024-03-13T12:33:51.697000
CVE-2023-4328,0,0,371da3fc45b68a0efdcfc87a7f560b95fe448a3483245968bf37f1cf8be27bcb,2023-09-08T16:15:07.617000
CVE-2023-43281,0,0,56d43eafc66518f898f0c81e127f487e22af687eefeb51260967c6407c7cc8cd,2023-11-07T04:21:19.967000
CVE-2023-43284,0,0,653c4223aeac7f457d39a3cd2a7626ef038d14cf3e013b79b9dc69a51dc40b3f,2023-11-22T15:15:09.303000
CVE-2023-4329,0,0,90fe3f782a7469dbb8dc6b664c1989f544ff51163f32a419f94813e920dd2bfb,2023-08-21T18:40:42.853000
CVE-2023-43291,0,0,64cc543ad8e57e146c4c6543666077d8703324efdb6007c729232dedfd630bf7,2023-09-29T17:25:25.957000
CVE-2023-43292,0,0,8984c00ed269eab5f777ec84581090cf0edba80b882ca9e4ec98608d4da6d92b,2024-03-12T21:15:55.837000
CVE-2023-43292,0,1,d4edf53ab7fc1310a02c1210877c9a5547240c1652a40c6118f7b5ceba0f432b,2024-03-13T12:33:51.697000
CVE-2023-43295,0,0,d41dfbf2d27d545700ba100e9d0c77ed6c69cab56ee2253e8c0673d945370ad2,2023-11-08T18:29:14.447000
CVE-2023-43297,0,0,374096ab4bf7ab967d0bbb01a3ffd5cc0aa9699b3cf19a9c8bc527d59afc2d82,2023-10-04T17:05:58.947000
CVE-2023-43298,0,0,f801a5ee7a9cb995161a69130501b1f7660522a40ea1936619259f0399769d3a,2023-12-11T17:48:50.780000
@ -233494,7 +233494,7 @@ CVE-2023-48384,0,0,2bab1347f41c2a057fef2f7cd0fcfadd1b98db03fbdfba1cd9ca8cd1165a6
CVE-2023-48387,0,0,9955b3d84b9077be3d2d63e882ec4ddd844a0c84695e65601fb70e69aa47868c,2024-01-31T03:15:08.213000
CVE-2023-48388,0,0,2a26d36b3036fda1db696b612ebf767e25f4d12bf331a58f031651c9f6a05c8b,2023-12-22T16:07:01.780000
CVE-2023-48389,0,0,40f57c393bc441d7534360ceb6491a81918bd1ce4cdf5309d5977cc1fc67037e,2023-12-22T16:12:50.417000
CVE-2023-4839,0,0,407ccbb02a584246185e9851b2a573f693625fec922b212cfb578853d8b2c1b8,2024-03-13T02:15:50.827000
CVE-2023-4839,0,1,33082079f4ad4375525f6c0a2452ff133aebd52c8dd55385063d491f009b0ba6,2024-03-13T12:33:51.697000
CVE-2023-48390,0,0,97a1d2591c5c5e82fd35f60aec0cb181513d17049e4e5bae3e50085004531742,2023-12-22T16:05:04.157000
CVE-2023-48392,0,0,8477dfef0ae02c8ac4ae7fb286fa250f75ccfcf4d82395707585be88def83009,2023-12-22T15:46:03.297000
CVE-2023-48393,0,0,eb2be5ce9484bf33d839a19d622d5eddc9bdd71b5929ac2b7d10360261b406c7,2023-12-22T15:43:05.987000
@ -236098,7 +236098,7 @@ CVE-2023-5399,0,0,2d6fd5d7032d3fde2b56bbe17324f865d32db5a9ef5d31298ecfc991427861
CVE-2023-5402,0,0,d6ca0e0d138e7f0e18108bc80eb991912358210793d36b8686051b13c8765059,2023-10-11T19:19:54.037000
CVE-2023-5408,0,0,443628942e473656420f67d7b7b9b3fa498d5d13f709544aa261b0e4696090c6,2024-01-21T01:48:09.767000
CVE-2023-5409,0,0,fbd015e1d6485109c973409b573d46ee4742f3527e9f86b450178ea53a356496,2023-10-20T15:42:22.057000
CVE-2023-5410,0,0,0284e238f9d9814a3572987bc4c5bf280dfeeba7f5b91c1b33a5bdaf6b68058c,2024-03-12T20:15:07.550000
CVE-2023-5410,0,1,3afa624573d7dfa13f8b27aa43095672b709f7063dade6dd92133c498fc07d7e,2024-03-13T12:33:51.697000
CVE-2023-5411,0,0,f4bcf198f04caf620b198f0ec2918fa9ded24d58a6bd16b2268e79d389820a85,2023-11-27T20:15:34.987000
CVE-2023-5412,0,0,2f9efa39e9d561fae0d9329c540519d3815f404c05c03f1dd3e24b81dea0248f,2023-11-07T04:23:58.473000
CVE-2023-5413,0,0,3a28d9238b6e8c0f4006a763334223fef1ed160db83bc352e308332373363a30,2023-12-22T19:50:32.857000
@ -237435,7 +237435,7 @@ CVE-2023-7068,0,0,ef1408f6c6fd79c5af19d0633c8238c454cea54fd087b8b89da5773f13dad9
CVE-2023-7069,0,0,76accaf19ff7061689b623859471b6167bfd5be5c4040f161f8f881f1093dc5f,2024-02-07T16:28:40.250000
CVE-2023-7070,0,0,6c8bd2c09a87f95a15301a389b593ff945e70de707293c37e60be3f2a98abc3d,2024-01-17T22:40:43.227000
CVE-2023-7071,0,0,78f74dc912537e618118419b14904618dddacf09709f10c13e8f266737a05610,2024-01-18T17:36:11.930000
CVE-2023-7072,0,0,a826a87bdece0c861eae1651958161a39eba36d8b53df243cac9b4c32796c8c8,2024-03-12T23:15:46.267000
CVE-2023-7072,0,1,b3f88e4f264e605e176fee64d4b48ecf7c140e88975c1f766cd228335172670c,2024-03-13T12:33:51.697000
CVE-2023-7074,0,0,8f1ea4c91bbed5f749e5ad5898f652b9d3535e567ecfe0485c584e8d36746192,2024-02-03T00:27:20.647000
CVE-2023-7075,0,0,1e8d50856ed09dc2da0f090e53334c53e66b79bfe72d0c24b008411cda3483d1,2024-02-29T01:42:52.060000
CVE-2023-7076,0,0,c0aa47ffdb1b11be4bad6ee96c7ad56a0a2e836463637688b25aa6c1ae2a5f68,2024-02-29T01:42:52.140000
@ -237797,7 +237797,7 @@ CVE-2024-0380,0,0,3f3894f5083e9ad8feafa10eee28775174e246729c7af4fbf8093c7f923985
CVE-2024-0381,0,0,cc404e9ab60526f4cfd2cba8d7ea8cb6a7e1eef465808eab04f8e02e2e2ed4df,2024-01-24T20:48:35.827000
CVE-2024-0382,0,0,ab33ccbf2aeb6736aa9a498513aba9dba3b237c3d9fe3e776d686fd399098525,2024-02-07T23:32:02.143000
CVE-2024-0384,0,0,5eba97ede5e4794d92f0b763409403bdfcbde410a2df433510faaeddc85a4fb3,2024-02-07T23:32:14.717000
CVE-2024-0386,0,0,9924a53603d4063f6e8699ad337382287b8e5b405311999ccd3513eded448017,2024-03-12T22:15:07.250000
CVE-2024-0386,0,1,8d804ee9a3a51d016220166b449c94366950fc2260124c0222047bc30a6e9571,2024-03-13T12:33:51.697000
CVE-2024-0387,0,0,23bc6e3476c46e45c0f1cab9e646ec38242c781b5838e9b0de1712412e6d8882,2024-02-26T16:32:25.577000
CVE-2024-0389,0,0,72b9f5269adae6a8b489d96d3cadfcb14eda75cc21b32e2278bad2966709f2e2,2024-02-29T01:43:10.310000
CVE-2024-0390,0,0,9f797e4a099c94c2da0407f1b9d4e4b6fb9f46975b208cacd9e42b322aa5198b,2024-02-15T14:28:31.380000
@ -238353,8 +238353,8 @@ CVE-2024-1129,0,0,9e26e4f963c1529e8b107dd7310b33bd78874e7f902263578d3990ceccc816
CVE-2024-1130,0,0,66f1630830ed1d095eb852a3f063099a0dc3b2263f9c4f8743191411b15cbd61,2024-02-29T13:49:29.390000
CVE-2024-1133,0,0,f54c13e75504a33df1719912bb33888a3dda43c72b9fbad06fbd1a2119733510,2024-02-29T13:49:29.390000
CVE-2024-1136,0,0,ddbab785a300248570d0bd371489495da54c46a2ea5ca03cda6c17da31b61667,2024-02-28T14:06:45.783000
CVE-2024-1137,0,0,3bd3e52ed6d2a6eb97279eb92ea2dc23b02f2d89a43b6e78c68169cb1f93177f,2024-03-12T18:15:07.110000
CVE-2024-1138,0,0,17791fc1435ef64038ea950d7e6b4ac7d362debdb02aeab4037e8d20b64b811f,2024-03-12T18:15:07.300000
CVE-2024-1137,0,1,9f8c1cf74ca4778ab709faeea998997368a7f042480977a7d6535f2dd892d7f7,2024-03-13T12:33:51.697000
CVE-2024-1138,0,1,0bb26866b03e9dd351d8284004467140fe2cfdfbd72af071fda864e5a2dc9e58,2024-03-13T12:33:51.697000
CVE-2024-1140,0,0,113ab98fbbd3f38fc36026b5aef44eb4b38cd7d347ba07fcabb6b9d9a69118a5,2024-02-27T19:17:32.253000
CVE-2024-1141,0,0,48ded67d016daf0f3b16719f5ccedb465e548a958cef24ce4f350672f3d23e36,2024-02-09T20:22:03.893000
CVE-2024-1143,0,0,0e1cc50dc6fadb90e5e9f42ce552c5269c71acc03717875a86d6ea10d7db2994,2024-02-09T19:08:27.423000
@ -238501,7 +238501,7 @@ CVE-2024-1382,0,0,eadf9bcf07f33f456d30153fea1d47c75e560cdef58bba2704e859f9e7013d
CVE-2024-1388,0,0,9f4f35daf92433c068c4ad0e3cff9f0fc31d7e6b5e8f690807686322bd29d2ae,2024-02-28T14:06:45.783000
CVE-2024-1389,0,0,62d171117c191cb5fc110201c06be5328bba09160ed0dc883ad2c72ee32b12f1,2024-02-29T13:49:29.390000
CVE-2024-1390,0,0,760bcdaac2db269a3249aaa20e58e1659b2977bdb995748ef5e46a1ecb85447f,2024-02-29T13:49:29.390000
CVE-2024-1397,0,0,d172b8d4f2cbfd2ed0f268b354eb7f89fac5acac137adde141be4e79233eae29,2024-03-12T23:15:46.480000
CVE-2024-1397,0,1,e6d8c9c2beca75d3fdc5f918cb423cf21913a9c807f46126d5b49c29c7bd60f0,2024-03-13T12:33:51.697000
CVE-2024-1398,0,0,7a7783e481aa897afa83bd125da0d53c431d5a5a9d43f1ade8b1e715449f59a0,2024-03-04T13:58:23.447000
CVE-2024-1400,0,0,295a10f36c3e13d694d09cafc6872c0c48f9e2b4c87da0889327ecdac7abe4ac,2024-03-12T12:40:13.500000
CVE-2024-1402,0,0,f5ee948d1697d1774361c2691c46c88d302c6ae408ab90a865a59173f66ccaae,2024-02-15T18:42:03.397000
@ -238510,11 +238510,11 @@ CVE-2024-1404,0,0,1b49ab95872e7aebf44ce53f8bd207dc74e587353a926692e694bcd6ae3118
CVE-2024-1405,0,0,3d09a229f734c3d62073fd3fca46f0f14dd9b0beb7a393eda4ddd2f48077244e,2024-02-29T01:43:49.767000
CVE-2024-1406,0,0,4018ea0b3e838ba7d5440649980e065581ae2ff96f6d0f8aa31a401b288445e1,2024-02-29T01:43:49.860000
CVE-2024-1408,0,0,ca3b04233eec2be4662614cb76615845bd09ccf1b21baa349fd39f723b121764,2024-02-29T13:49:29.390000
CVE-2024-1410,0,0,79f004c8511409262522dfcd75d298b0bd4411c796b0c34ea3a9609af0d4a599,2024-03-12T18:15:07.493000
CVE-2024-1410,0,1,535308bfcb5b14b9cf6546577fa611ecf7473e04ab146e149a1b5e72425241fd,2024-03-13T12:33:51.697000
CVE-2024-1411,0,0,030f897eed6e6219f0d1c0b9b3349832bbb4c8ad1dac44c5a94f383da8f08bf9,2024-02-29T13:49:29.390000
CVE-2024-1419,0,0,2c70f60b0f2ce39c1fb701bf4c4f420108cacd5e876318aed7a6153508e9a501,2024-03-07T13:52:27.110000
CVE-2024-1420,0,0,63be6135cf11500708980f0eb6e023d1c00fd2eeb1aa055b1a9dd099f6d1d32a,2024-02-12T15:15:07.733000
CVE-2024-1421,0,0,179cfea3877e72bd06f3056ed80aecaf7c6819365b5df1df754f3f625c08055c,2024-03-12T23:15:46.667000
CVE-2024-1421,0,1,f03d7f3ef1765f0f145e59552c7f2e0551f5780bf62fafd3ac0b92ab1fea1897,2024-03-13T12:33:51.697000
CVE-2024-1423,0,0,6e27005a2bc9cac940b744a08e145c97df4169105a5c6ac980f63cd4cfdbe785,2024-02-27T15:15:07.460000
CVE-2024-1425,0,0,7bd23f13ec6e59c9c0cdfb4dd0d18d7583033ed33c6961c2f335253af10e4df9,2024-02-29T13:49:29.390000
CVE-2024-1430,0,0,1f7ad1f1bebbdcb3e1f4fca338921661a7ae2b45ce3f6720731a1be64c4b8668,2024-02-29T01:43:50.420000
@ -238588,7 +238588,7 @@ CVE-2024-1566,0,0,fae18125d42af6480c1fb49e1e6428a52d2bf4f1074f21a5dfe482b2c8d870
CVE-2024-1568,0,0,03adf0f94bdba0662cb278cdaa3b54a5cd3ae08b3ef89a1e89169605096fa6c9,2024-02-28T14:06:45.783000
CVE-2024-1570,0,0,fa96633d08cf4f7a9a083fffefdd325991610013e77e1890328cb3b85d75e300,2024-02-29T13:49:29.390000
CVE-2024-1580,0,0,6b9c71428a5b96b2b7263dbf5be1dd103862465da9af91a11236ffbbfb0157cf,2024-02-20T19:50:53.960000
CVE-2024-1582,0,0,fbb5d0750a639e886b92522c9bac2417ac2ed3fbd0663ea481308fd0414db2a6,2024-03-13T02:15:51
CVE-2024-1582,0,1,5801086f12a7b25e0a24481309300eacfe3989ff6a37128452730610efa279b1,2024-03-13T12:33:51.697000
CVE-2024-1586,0,0,0f7dcaaedeb3b15eee35c0b1fbce415960454d76b6eae4dff9a3ecfad1011e31,2024-02-29T13:49:29.390000
CVE-2024-1590,0,0,8cf7a30592711c236a58c08f65bffca938f2cb5ec79513db7f6cedfa37d0bfed,2024-02-23T16:14:43.447000
CVE-2024-1591,0,0,813b185516fa7310825023c3e019d8a3dad8db3ac6e030a92367a91ad355f320,2024-02-16T19:26:55.393000
@ -238654,7 +238654,7 @@ CVE-2024-1758,0,0,6de6dd43b2bb9af7fe1358bc4934bd64904e9488104279e3470618b288cbda
CVE-2024-1760,0,0,0a20f47041faa81845898be9ba0faa3a27a19a140e382ff1058d2f999acd0fd1,2024-03-06T15:18:08.093000
CVE-2024-1761,0,0,9e36bbb76f5c2b7f4a9f5c6274a1f378aa86f86f618e6f962a515dfe593dc5f7,2024-03-07T13:52:27.110000
CVE-2024-1764,0,0,c434e7eb3867d4e9c121215628110f61b78b54be2a078e3d4abbb0d2595e2437,2024-03-06T15:18:08.093000
CVE-2024-1765,0,0,7a877cf4f90f972955258b9965aca42630d5f3b50c6dbdb061760791f6048c92,2024-03-12T18:15:07.700000
CVE-2024-1765,0,1,9393650a3716a95a879e579180f18ed4907e1cef3b587b0e572b47942072153d,2024-03-13T12:33:51.697000
CVE-2024-1767,0,0,164cfb2f79cabfa462770ec4a455f8e91d058d9fb18bef76ee945606225fec24,2024-03-11T01:32:39.697000
CVE-2024-1769,0,0,4b17a6efe485c004cbf1cc71fd32ae864ff319587ea6998c7a1ad28d6dff65e5,2024-03-05T13:41:01.900000
CVE-2024-1771,0,0,cc7280a085dd6f03eb9687c2eff5425926f2bc0e4a81dde799379b7786c7a87e,2024-03-06T15:18:08.093000
@ -238753,7 +238753,7 @@ CVE-2024-1972,0,0,eefc8aad942642ee69363a18b82d83804ef712617098543dd1ef4e6db76fe7
CVE-2024-1976,0,0,77ae2df323cf6637a14fb06bcb46d711f13422518ce52e9430227e1e91ad53e3,2024-02-29T13:49:29.390000
CVE-2024-1977,0,0,a7692b2da3b0113a60567ddf6634026c09e0a2eeec7666bb0cdf204455073a9e,2024-02-29T13:49:29.390000
CVE-2024-1978,0,0,3ef3e0470f639541e7aa5332764a4fdc0e9cab2190d02bdfffcc246fd4ade338,2024-02-29T13:49:29.390000
CVE-2024-1979,1,1,025d7556be25333e39161a8179dd524d8f2cd62d9a428d0c7f33a15739d83b9a,2024-03-13T10:15:08.153000
CVE-2024-1979,0,1,32edf64c224b12a39425e5b66e1ea360c68d898ece9e593279cba6ece0e6cd69,2024-03-13T12:33:51.697000
CVE-2024-1981,0,0,56a3a9db8d42e012d762fd6941fad1981a0b2b42e5454cd6b5d1b42406dba2ca,2024-02-29T13:49:29.390000
CVE-2024-1982,0,0,ffbc05dfb227c410b4f1143a120edd4d2849f76b514d8ea46cab15f8dbe11320,2024-02-29T13:49:29.390000
CVE-2024-1986,0,0,3573e34f135546ed04633bd0d17cea080212de55551e8ab04d2e00c52e1a5093,2024-03-08T14:02:57.420000
@ -238815,7 +238815,7 @@ CVE-2024-20292,0,0,bd2670c9582b587cdf9a7328c2351789f5b8997cab8f7bfcaca92954507c5
CVE-2024-20294,0,0,1d3a9a3e9164827aaec419fc6a9a7d933913e3a790dc40da7ac082a33393bbf9,2024-02-29T13:49:29.390000
CVE-2024-20301,0,0,5731f674f5ae2bcf96420fc328e70e5146901802d1ab3db25461c019cd20961d,2024-03-07T13:52:27.110000
CVE-2024-20305,0,0,ab61a4ab7882e267880cc2c0e6b3ec1ab9c8b4d0dadf3a4832bdf14ae2ae012d,2024-02-15T19:56:38.910000
CVE-2024-2031,0,0,5bfeb27967b53a767d4f0e66673d96688046f9d3e07a3759d7a758301037d76f,2024-03-12T20:15:08.690000
CVE-2024-2031,0,1,8c1bcd6bbcf916842768e08303dd42fc425614624a1e3216d105b6a1ddb5c8c0,2024-03-13T12:33:51.697000
CVE-2024-20321,0,0,6de34d7d404f536decd9f5a380e1c4f28760edee84d237a9b02d7c6e56d785b7,2024-03-04T22:45:23.647000
CVE-2024-20325,0,0,dfe1f947bf6fc9efa452f1881c4faae47bd9e909bfa416f69baa534db16c5289,2024-02-22T19:07:27.197000
CVE-2024-20328,0,0,f336e809226305b79cd50f26fae203aa1632211d86957dd92abacb2f83d51af6,2024-03-01T22:22:25.913000
@ -239055,11 +239055,11 @@ CVE-2024-20984,0,0,585d056539d5b2a7ec102aa133531262bc58f31d6c087eb30a1c927656ef9
CVE-2024-20985,0,0,1887d4efcd4074083ed6001311349bddeba13ac350578caa9144fb2633e7d1e2,2024-02-02T17:27:12.127000
CVE-2024-20986,0,0,55fd916bbc66a048aba24029df1cdbff6d17cbdc5963bc85efdc3f349c48d99c,2024-02-20T19:50:53.960000
CVE-2024-20987,0,0,e6a4199f934ca8909c51db00ae903048e2b51791ebdf6565c06b10750c7af3ef,2024-01-20T18:30:16.877000
CVE-2024-2107,0,0,10d51b6595aaf59e536b37822b146f4fcc0220ec802d17f13fff42f31c495164,2024-03-12T22:15:07.470000
CVE-2024-2123,1,1,7fbb6f90c0a0c042db31486011c44600984311f50eafa3b36d7a2522e5517a75,2024-03-13T10:15:08.373000
CVE-2024-2107,0,1,b116f601239eee1477d732dcdf4bd402d2ca5c711c20a89df0a8e9dd54cd4cd1,2024-03-13T12:33:51.697000
CVE-2024-2123,0,1,73501544f7a3558963420aa67d952b80e94655e9088396c3288ccd604d8029fd,2024-03-13T12:33:51.697000
CVE-2024-2127,0,0,7e732da9362123c901ed00a29dfcc3ca896b81c43d152f47d3b1708469785552,2024-03-08T14:02:57.420000
CVE-2024-2128,0,0,b758ae1e45bbf3f98be89f21520e72433f96873d6cb56cc91a1f688f1fc159ac,2024-03-08T14:02:57.420000
CVE-2024-2130,0,0,283fcf0cb4a654837bfd93e16223a37a8ecb981b76489657d60e28f66456292b,2024-03-12T20:15:08.853000
CVE-2024-2130,0,1,9fe340e5e07df3d99bdc5083493ea2da904eddf69629b14325c6709a09efc300,2024-03-13T12:33:51.697000
CVE-2024-21304,0,0,2e98a12f2b0e3643480c1614b35417778c5dac15f77eda4338c6776607aa2617,2024-02-27T18:04:06.027000
CVE-2024-21305,0,0,add765edb797e1537c086895a6f6b6be7c9ee2d099bfe2aba1b67029d2679780,2024-01-12T18:48:04.967000
CVE-2024-21306,0,0,416302ae665f6d7405fe0853b1869120a9e90d3549a767ac0c8683038e02649c,2024-01-12T18:47:54.860000
@ -239896,7 +239896,7 @@ CVE-2024-23295,0,0,11339cc0778c5660cfdfde02f62fcb9fc218757d722b581630970bfb87b76
CVE-2024-23296,0,0,40713c04751a3ff20ec43f1ba5d9e1c3448f8a0ef399da497fbf74ec2a3b2647,2024-03-12T17:31:03.837000
CVE-2024-23297,0,0,24ee6fcfdad75d10a074c7f7c8c3078e2c905d064d4f4a83f74c1bc6866f52d0,2024-03-08T14:02:57.420000
CVE-2024-2330,0,0,0a9f9e37587f34158a3bf6f7d53eb1a5e641504fa11cf02eb4524614459dfa8a,2024-03-11T01:32:29.610000
CVE-2024-23300,0,0,98c10e9369784f21fe476273caffc7e094632c37993a86bd197552d4249c5ab1,2024-03-12T21:15:58.077000
CVE-2024-23300,0,1,c9c081ec53cb79bb21c2e342aa57177b705ea874ca1e5e3cbb5a6e2c9f281f81,2024-03-13T12:33:51.697000
CVE-2024-23301,0,0,95f1c4c0d3c3f56beb5ca2f43c481bd416943d89ac106cdf8ea6bddea7fc220a,2024-02-21T03:15:08.950000
CVE-2024-23302,0,0,863344aa30e4660a85cb1dadb5cc739d77d5cca4411a54dffe0a3cc5e6d4c938,2024-02-29T13:49:29.390000
CVE-2024-23304,0,0,f4bc63f089c081f8de89565719320483c4f38e3af47af8e7dc8d4d30748891c3,2024-02-13T22:49:18.687000
@ -240195,14 +240195,14 @@ CVE-2024-2394,0,0,a1808c3e423b31a5f61767caea3e96f7bde3f2a439710708c637f27d2a25cf
CVE-2024-23940,0,0,88f3246b7d729e9740dbc7accb734f511d890171cb976d7dde750494e61216dd,2024-02-06T19:19:33.920000
CVE-2024-23941,0,0,12a475e2ca4f3cbb312854167865e0f548c636a650b921a0048a701032c53d0b,2024-02-06T21:37:12.433000
CVE-2024-23946,0,0,32194d05d3f7a3a80cd0b416a872a66ff74b3120ea9e0897100b1fe32331e71d,2024-03-12T17:29:17.243000
CVE-2024-2395,0,0,3e61f5ea9dfd95d1f92a83bc4c09098f523f65d957c9cf51405d198c92965824,2024-03-12T22:15:07.640000
CVE-2024-2395,0,1,1fdafc69366cd072c6108b6d86410a63c85cce9eeaa62bcac076c3a2bc3a1766,2024-03-13T12:33:51.697000
CVE-2024-23952,0,0,89289c4c1b03193a134cbe14ed609452617a970c4d8ae9dfbad6f91cd36db610,2024-02-14T14:16:07.460000
CVE-2024-23976,0,0,c6327f87e3c19d6c46c6a7ff9e0644c74688322bbd7d7b77f1f15872b56e20b5,2024-02-14T18:04:45.380000
CVE-2024-23978,0,0,dce24325560fbd2c8a4b55826a990c779123e234941d6c9decad894b94e084c1,2024-02-10T04:09:02.587000
CVE-2024-23979,0,0,5e1dc647eec92472a586c7319077fa782b48d632d4a171a926ee19c9f0ee9a24,2024-02-14T18:04:45.380000
CVE-2024-23982,0,0,b14ba0205dd1f33ce2faf143ef8b9750d0c0a19e31571fc2532f719ca5f2eec3,2024-02-14T18:04:45.380000
CVE-2024-23985,0,0,258f4468fe9f37b9a6c2732e57d96bdd80375c2f3603af19ad729cbcccfb8b72,2024-02-01T17:33:41.777000
CVE-2024-2400,0,0,78586c35d843046b4631a0dfcb7c8cabd398234d06b93334dc32249895dadaf4,2024-03-13T04:15:08.040000
CVE-2024-2400,0,1,31291c6cf30feb91ac75c40efc02cddd7fe96feba10715f6c78832f80fb9000c,2024-03-13T12:33:51.697000
CVE-2024-24000,0,0,c0e25ee371e3e2954ce1c31994df30792949134b707de19bf25452c7e2c5373a,2024-02-13T20:30:10.053000
CVE-2024-24001,0,0,ee1c723e23fc182642c00ee71c6c1dbca341b34ff9a2a69da4bee1c4da91e395,2024-02-09T02:10:25.807000
CVE-2024-24002,0,0,9bdb915eced684ff7e6e2357761c75646971413f2fc2285fbb97b632594b2045,2024-02-09T02:10:13.973000
@ -240225,25 +240225,25 @@ CVE-2024-24034,0,0,f4e2cb1ad61decc8759fc1601847f210f2a72bb15bd38e4d1e3133a19621c
CVE-2024-24035,0,0,77bbb29060dad0a4e27b56775f789e0b578831621d3fa9615a4c8def660cc461,2024-03-08T14:02:57.420000
CVE-2024-24041,0,0,f96650c9700d93c943d8efc95d65c599a8e77cc1d7aaa4ba87820d6237153959,2024-02-07T17:14:41.607000
CVE-2024-24059,0,0,3da8cffbcfd869f14b04835347f156c5cf1a6025fa9627a3ec1ec79a41a9d0be,2024-02-03T00:40:43.793000
CVE-2024-2406,0,0,2dc07881b7a7b1d566b702e1421c92da2f7262c3d1879084e587fa3face0d9c6,2024-03-12T21:15:59.713000
CVE-2024-2406,0,1,93c22b844fdd3e9e5d23091d0d4a49fe9aed9112f23dba2ad0e01fb92984ecfa,2024-03-13T12:33:51.697000
CVE-2024-24060,0,0,3a6250076b98d97024da5e52a26f1f0c29807ef38de327e60f431783e4f1deaa,2024-02-03T00:40:48.600000
CVE-2024-24061,0,0,3ae0e78c2ecb0941fa62f48d1dc7792d4436b76ec841f1dbf3bf2317943894c3,2024-02-03T00:40:50.623000
CVE-2024-24062,0,0,ce51fb5fa7f08b3262a47fca149a06dc25ea5ca7c584b3ae7210563fa9fd54c1,2024-02-03T00:40:52.877000
CVE-2024-24091,0,0,6258a73a312c8c072d234b916137958d60ec77d8bc24aab7428a6677fc85f73a,2024-02-08T13:44:21.670000
CVE-2024-24092,0,0,eed6a3631e4178460f4f36bc487ccb1e78d316a4b8d685cdaa9d0a74a6b4f388,2024-03-12T21:15:58.217000
CVE-2024-24093,0,0,70dd2fe737fb8fe95e9f34b1d303380461466976aa8e6b7d5215bd00c384e772,2024-03-12T21:15:58.370000
CVE-2024-24092,0,1,d4ab4cc918de723ea385c13013f3b5223c8222e6f58b4c0135bd83322e27d646,2024-03-13T12:33:51.697000
CVE-2024-24093,0,1,c4cdfada949ae68634db1275ba9795642fac145ea93d759cf6b4fd1f64af06a1,2024-03-13T12:33:51.697000
CVE-2024-24095,0,0,d1e50126ccf5fc32a5efb1c5a1b74cfade8c6c5361c56208004f892bd1f9b46e,2024-02-27T14:20:06.637000
CVE-2024-24096,0,0,711acc667f5940cdd09a2785b5f63f7f2c3ede063ebd3b4223e93ee32bf7fb53,2024-02-27T14:20:06.637000
CVE-2024-24097,0,0,1924697167b4b00ad4cb9be51226e06335a886fa1725d099ad5cce05903e8e2e,2024-03-12T21:15:58.497000
CVE-2024-24097,0,1,7d6e55aa24ff971cbda4df0efb56eda9c14843271153c666654e825237496146,2024-03-13T12:33:51.697000
CVE-2024-24098,0,0,278909d70f7cff296783b4b8a548916c6d64b22508219b62d702151781ea252e,2024-03-05T18:50:18.333000
CVE-2024-24099,0,0,e75badf6651a6d84e33aa0d6378d82bf7383b7d186bb27d0ab0f05af5c87836c,2024-02-27T14:20:06.637000
CVE-2024-24100,0,0,a27c32dc14c8987b127be9cd991f37144e95622920d0f3983f740c9f65a1ed81,2024-02-27T14:20:06.637000
CVE-2024-24101,0,0,13476ed8eedd9aa22183297cb5f4ca7dd22cd417d2c9f709411f0c56b13a9fc2,2024-03-12T22:15:07.423000
CVE-2024-24101,0,1,465610d11fbea3a63202ee4b992dde1745c78e4f43267fcf6791260a204c8347,2024-03-13T12:33:51.697000
CVE-2024-24112,0,0,85e73cacfedc53adcf11f5f918fd045bef98237a7befd9901dcc9210924d64d7,2024-02-12T17:36:55.950000
CVE-2024-24113,0,0,9eef336ce15946e031a73b26b3e239a7b6b89883c338eb5418a2161e5a5d4cfc,2024-02-15T03:07:46.013000
CVE-2024-24115,0,0,14551eae0714aa949f3a2722e897b385606f2d79896bdde4df5b423d4061d078,2024-02-15T16:01:23.457000
CVE-2024-2412,0,0,4e3043173dd89511c38469105acfd6c37b22da6f7247ced5942e3bc2f8eab506,2024-03-13T03:15:06.577000
CVE-2024-2413,0,0,10c0b63131d3921b4221b690e0eca4cadcf9b1ac59a56ec89d2cd5e03c222de5,2024-03-13T03:15:06.793000
CVE-2024-2412,0,1,9da3746de04798c774d1548b9fdc14dcbb04c7bd05255497f31c936724c81211,2024-03-13T12:33:51.697000
CVE-2024-2413,0,1,15a38bc7a67008ff14d882f69f22d9cc77ac428652f07f01e61fdc7dde1a3f0f,2024-03-13T12:33:51.697000
CVE-2024-24130,0,0,3510bde1c67a0e43626fd597904310729ef06aef86c568f05d953496a7b78adc,2024-02-14T20:38:39.543000
CVE-2024-24131,0,0,bac167d4b98c744eda2d1fc405ff0c5eb467a5a3a9f2fd6ec2feeb07e7d79ad5,2024-02-12T14:32:43.777000
CVE-2024-24133,0,0,eb4dcf99c68b2a1affe607fdeb3063729ef2a0feaaf3d09ed22696d43838fa20,2024-02-16T20:47:34.403000
@ -240251,6 +240251,7 @@ CVE-2024-24134,0,0,a120337ded6b89894c962001172a8dab1d9544a203ea0b8294e89bbc43add
CVE-2024-24135,0,0,ea9890c5c9509b4af4349dc891af77f280e32e9190dfcc6566985fe299578ab0,2024-02-22T03:39:23.233000
CVE-2024-24136,0,0,3b9c54c57c404bedd62b668a617e456a8677f478dc322f3154fc34fdc8c18936,2024-02-02T23:32:58.107000
CVE-2024-24139,0,0,05c351b81221b5d5c15dcf71f081eedef16ed9d4e424f31397653840e835944d,2024-02-02T23:36:37.603000
CVE-2024-2414,1,1,31216d971d07eae91be6900843f9e9016baa1c56bf833042dac67db7f7011fde,2024-03-13T12:33:51.697000
CVE-2024-24140,0,0,edb6cb4ec986c775b7110ec85e17a0d3630983c68d76dae4ec67a23c27d94ebf,2024-02-02T23:36:15.563000
CVE-2024-24141,0,0,a78f0d290364c4e971462be129e00fe95b6f5f6aadbfff8d226d838529b48698,2024-02-02T23:36:54.307000
CVE-2024-24142,0,0,8ffe4b6f45f62bc8b2280c215293579b6801f0de85603ad6edace5f26dc72e2e,2024-02-14T13:59:35.580000
@ -240258,8 +240259,10 @@ CVE-2024-24146,0,0,598b1c8aebc19c3a5c453e8bbf208ef36d8ba646d413c6e8bc5b26033ce6d
CVE-2024-24147,0,0,c1c7f80a36a8f2f6ccb01c6fc406047422bdfd99cacf5a815059414edfe4fd68,2024-03-12T14:57:28.893000
CVE-2024-24148,0,0,11b50ddcb54d0d0a572a09d7a2c1d154bda6a3e05243ee752db10dd40d04cfaa,2024-02-29T13:49:47.277000
CVE-2024-24149,0,0,14be6d00bae4dcad5218983d589e9e6fa98bad49a68087dda7cd84a1f3d90829,2024-03-12T14:57:32.097000
CVE-2024-2415,1,1,ef9728cb12dc6c140dc75eaac1ea2a8312968673e95581f97cf8ec5cfd81de85,2024-03-13T12:33:51.697000
CVE-2024-24150,0,0,bb25001b58b37c3faaa913f21b26ac84ab72443ce7d6507597696a74e7617fa2,2024-03-12T14:59:55.920000
CVE-2024-24155,0,0,10c171627af94c3bd4daf19b208285b8ec76f14a02b213a0d4d44a43fe851505,2024-02-29T13:49:29.390000
CVE-2024-2416,1,1,e3be1b400874edefbf182e5a8eb61655708b763587ab9c3f889d3eaf18d8a051,2024-03-13T12:33:51.697000
CVE-2024-24160,0,0,cfef8a3cb10ac6cf5fe849694fa5021f72cd98bc85770980c25e5b7851a1891e,2024-02-06T20:59:08.493000
CVE-2024-24161,0,0,4562d973369fe14dca9774df5d40611a7dfeda1d9b2131a90de46c2f4f44765f,2024-02-06T21:21:36.413000
CVE-2024-24186,0,0,6e0497ff8d305ee6fe7901479c9c51c51e6f75aa2965677a84dd5e2f1c097daf,2024-02-10T04:04:40.950000
@ -240989,7 +240992,7 @@ CVE-2024-26490,0,0,b6f6bbce17cb8b3e0d7ffc74af2883f439e6d11d15d184e2f1a2e43e85a99
CVE-2024-26491,0,0,73ef4da115c90ed06a18a1a334653b2533761b4f911c3db9814bd0d18285bcac,2024-02-22T19:07:27.197000
CVE-2024-26492,0,0,223ddadc0c7efe7b0886f487630808be0927541c8864c0a1df96647191c41c4f,2024-03-08T14:02:57.420000
CVE-2024-26521,0,0,0e3dff2f526dd01b3807e889e548f69877c6fbe716f338bf9b68ff7b3cd2a892,2024-03-12T12:40:13.500000
CVE-2024-26529,0,0,0af184ea782176ac95d690f0be194eb057dac8c53b30f761481d667b2672ca66,2024-03-13T08:15:43.410000
CVE-2024-26529,0,1,ceb7dffe95e5cd49d7bba0e418c1f06e328c8386f0796095312ed90a87d2d1b6,2024-03-13T12:33:51.697000
CVE-2024-26542,0,0,84bcc676050237f7706e936cd8d9d490aa0a127cdccddbe7afe739c073267e25,2024-02-28T14:06:45.783000
CVE-2024-26548,0,0,7b31129407d10e539a4174451b23a0f83a48cdb246d6dd13af61036fdc95df1c,2024-03-01T14:04:26.010000
CVE-2024-26559,0,0,3b7b5127dd0e422a83fadfb79310bdd57e4fb71532d47a597a5aa1449637c0ce,2024-02-29T13:49:47.277000
@ -241058,7 +241061,7 @@ CVE-2024-27103,0,0,ba41469ea697f39b66b49d222d300153b0a74c2fb1fbae161829f573b3ab9
CVE-2024-27121,0,0,9ff77f57a33b5e7894f52bbf3c39c57fbfb06ac4fc9de183cada29d2e4e25cb4,2024-03-12T12:40:13.500000
CVE-2024-27132,0,0,3211e33e39363e184b8550fc16d833a0f590c8e4cd3ef270e1d091501b93f80e,2024-02-26T13:42:22.567000
CVE-2024-27133,0,0,1abfe171f722b9df6ead5b24935068c395a52a06c146ec300701d2b7e86523ce,2024-02-26T13:42:22.567000
CVE-2024-27135,0,0,5be2c010535362e0aa81ced8c2532ce28c48502a4bc4b6eaff764aa17ef9f50d,2024-03-12T19:15:47.567000
CVE-2024-27135,0,1,dc76c2c208b53579d0bb7d97b6b2e7e902c0fb1c8b5922e51dabb309b530b2bd,2024-03-13T12:33:51.697000
CVE-2024-27138,0,0,1ec0ded3b41c12b07651e921188be783731716c54fb55c30f65f5b3e8197e8cc,2024-03-01T22:22:25.913000
CVE-2024-27139,0,0,66ddd9efc34252e5e972ac0e5a31e042faa3995b86c5ae6f0f108c10e1d7b562,2024-03-01T22:22:25.913000
CVE-2024-27140,0,0,34daddef6e0d13f2bea16bc1184887cdd01053137a36a3bc5699d2875c449127,2024-03-01T22:22:25.913000
@ -241110,11 +241113,11 @@ CVE-2024-27298,0,0,1aaf802a3586818726ce977e3c4d8b52b79c9b45f43876bfaeae085dddddd
CVE-2024-27302,0,0,f49f7cb8056f6127ae14fec0cfff2d0bf177dfba1318b206d31d7b548bf3e9f5,2024-03-06T21:42:48.053000
CVE-2024-27303,0,0,5bf58561ed507a70ca73108a11218e0be9a2a377c18b42118ebe9af756d8ec79,2024-03-06T21:42:48.053000
CVE-2024-27304,0,0,a58fd7f36bc322ab36f59f23fc0b881917cc0b6bb38909a990d60361c28f67b2,2024-03-06T21:42:48.053000
CVE-2024-27305,0,0,b6c0d454d3ef629ab59b3ab481527c72c12308d3a6ae187431beed16c875a863,2024-03-12T21:15:58.630000
CVE-2024-27305,0,1,b3f2edbf169d953c39bcc940e16d0680bda3e4c24593a205df513ed3ad926817,2024-03-13T12:33:51.697000
CVE-2024-27307,0,0,b3e5647d01e692e99d0628de858f80e073a681ef610b737f1cd9e2cbd19d0a87,2024-03-06T21:42:48.053000
CVE-2024-27308,0,0,49dd978921f33ae11ae51b9b406f93a1a4cbfa329fe8c55041f5f46036ef5baf,2024-03-06T21:42:48.053000
CVE-2024-27315,0,0,1b06bd54abb4ee7969c3aca53e6bed402762ed42c4492d0ee8674e3fa0b42312,2024-02-28T15:15:09.670000
CVE-2024-27317,0,0,89ab3da74e976306890048f4b6ea554dbd24e8ca4de3fa3edc17a0fa32902169,2024-03-12T19:15:47.777000
CVE-2024-27317,0,1,4c274cf3230c0a934555f5c84dc2c211701c44c03ccbc45b4514969783da0dab,2024-03-13T12:33:51.697000
CVE-2024-27318,0,0,31cd351dfd297129ad7eaad5463f641941f9f095dfce65183a940040c8e71a76,2024-02-23T19:31:25.817000
CVE-2024-27319,0,0,bae163f4fbb8c727a5f96d6a2e9fade6279e85a3e2f58bd6b58e78425790acb1,2024-02-23T19:31:25.817000
CVE-2024-27350,0,0,dcd7c665f1de1305fedd66ae5b35ce18719811fd40fe202fcd475df4fa80bd9e,2024-02-26T16:32:25.577000
@ -241122,7 +241125,7 @@ CVE-2024-27354,0,0,3316a11ae03e51007e09710a76a22632e619f5d31d833e6569bcace78ce3c
CVE-2024-27355,0,0,0b9031e2eb548ad12d2d9e0065d270364951139eb9b910f1e5678f52ec43857a,2024-03-04T13:58:23.447000
CVE-2024-27356,0,0,2464f4bdc7cd759969915038df7055199f0bd02c6d9b1a8ceb85c7588507e9ba,2024-02-27T14:20:06.637000
CVE-2024-27359,0,0,45c452c4a5013555c154282328f794ae0e5bd9c68f52a53f3747792eec7b2661,2024-02-26T16:32:25.577000
CVE-2024-27440,0,0,6e294c502025b0bf49f91f6fc4cbf5e66e4ac059f9ae65341b9f951c5cfccaa5,2024-03-13T06:15:52.273000
CVE-2024-27440,0,1,f656cf3f867b554b4acbc17eee670f16835e4e41b3c8da203b1b487ef7d6f2b3,2024-03-13T12:33:51.697000
CVE-2024-27444,0,0,a237f36c45a82911cb697384887c7b89bc1c2ea038ffd45f33470a0acaad42ea,2024-02-26T16:32:25.577000
CVE-2024-27447,0,0,cb57e8d03df573cd861f28c33cc0f260471c72de24ec7e9c3037c0509931fb18,2024-02-26T16:32:25.577000
CVE-2024-27454,0,0,420cb9ec3b08ac5a96e141e933952328f4cf525758241b7fd36981eea8d7ea27,2024-02-26T16:32:25.577000
@ -241180,7 +241183,7 @@ CVE-2024-27758,0,0,6abe87e0a8905ac150ade2fec85250ff5e7fbf580c101c16b193b98f7d581
CVE-2024-27764,0,0,a6da085213081f41482d74001d5b27250ddae1567bc465fa0f4b1023f8322f06,2024-03-06T15:18:08.093000
CVE-2024-27765,0,0,c9283b485df441e5cf44e98a2bcaa6921e6b7ae7825314dc1fd3bb862197fb6e,2024-03-06T15:18:08.093000
CVE-2024-27889,0,0,a24eb09c70fc8e243900497cf84a2002dc9fb9fdcf0cc7381ab2bee2e01200d8,2024-03-05T13:41:01.900000
CVE-2024-27894,0,0,0e6c0963b0fcfa2d9f368e7425c9fc6bdbf3b68d454d8eef6739402db46e5f55,2024-03-12T19:15:47.970000
CVE-2024-27894,0,1,249999fc9487c1b63574e09bae3fbcbcdf7b20ef335df69d9151a0f5ea4d74a1,2024-03-13T12:33:51.697000
CVE-2024-27900,0,0,00f9885d5a06fec36b56a14fdc3be21ddc255c1561a408e91e09aee1b7ac8b37,2024-03-12T12:40:13.500000
CVE-2024-27902,0,0,7aa835c5c3cccf2434107e43a6dd21c3ee48d8e6664a62d49734964bcc016141,2024-03-12T12:40:13.500000
CVE-2024-27905,0,0,c7138ee734428b73e57ef70bc0c3a87d66350c09e2b81d6d3c89882bb51a7608,2024-02-28T14:07:00.563000
@ -241202,15 +241205,15 @@ CVE-2024-28094,0,0,45821c38270b8552e50f50b73436d99164a20d22d9b4b8876276d92b2a0a8
CVE-2024-28095,0,0,cc359d20cf58cf4c4e6a4bc345ac1d1135a557dfb7920f405bfe639456bcfe46,2024-03-07T13:52:27.110000
CVE-2024-28096,0,0,bd233bb77c2105c8f9ae41f3196895f407f421cf037a91cc0eb753e3f00e4372,2024-03-07T13:52:27.110000
CVE-2024-28097,0,0,ad0a3d7a6b96970687d28d32c41921c3200422c4265f25f269de512c4cb8079e,2024-03-07T13:52:27.110000
CVE-2024-28098,0,0,998118abb5151f2ca216c3416e6f1293d4b616825a40a48d114e25eb304f865b,2024-03-12T19:15:48.177000
CVE-2024-28098,0,1,e6bafc5c1852b134e115137ad3427dd38b064af4ce40b8aa45bfc1cdd7573337,2024-03-13T12:33:51.697000
CVE-2024-28110,0,0,0aa63c709bee34101fee09332c67840fa8b7d5aea01ed58b7f238cd7f26f2f87,2024-03-07T13:52:27.110000
CVE-2024-28111,0,0,ef109000cb681b8950a504435d888106cd334990070bd9ca1f33bba165c1974a,2024-03-07T13:52:27.110000
CVE-2024-28112,0,0,c4745b7e1d25cb6cfc2c3729faa00eb215df73dfcfd0f87bb60f0feb6ed07e38,2024-03-12T20:15:07.730000
CVE-2024-28113,0,0,e83bedfa5a1024a70fc3bac4baca17cfe73c68f5bee109cc54ebad50acd4c74c,2024-03-12T20:15:07.933000
CVE-2024-28114,0,0,9cc712d5a4c4e6d8e7eaeb3f658683a2bb9cbf6b27cd7f0f8737b3aa3a5a174b,2024-03-12T20:15:08.113000
CVE-2024-28112,0,1,13394bf321439a7b80b31ae63012fb69faf271f01573bdf4d69e6f1d90267eaa,2024-03-13T12:33:51.697000
CVE-2024-28113,0,1,4285de229101312bf59190b9237f9b0ffa56ca0930f139097955359a41ebcab5,2024-03-13T12:33:51.697000
CVE-2024-28114,0,1,7da8b099613e387d1a8ac16fa6023879524d5796fc9bbb4a91069a4438dcd4dc,2024-03-13T12:33:51.697000
CVE-2024-28115,0,0,3e0e705412ec4ecfb9fabefcb95634cd838a6bf7c9c03087d677ba199986f693,2024-03-08T14:02:57.420000
CVE-2024-28120,0,0,1945ab744b479cd2a55b16e82913f94d84bcc236918a39e22cfe06aca7010c4c,2024-03-12T12:40:13.500000
CVE-2024-28121,0,0,cd609f282f9eb616d165f98d953bd55546f26070be0dec9d4ea80dde264eafde,2024-03-12T20:15:08.313000
CVE-2024-28121,0,1,f1cf1d47a6a34d721265f474d56f496f73f1b18aa0dff962201194604d44cfbe,2024-03-13T12:33:51.697000
CVE-2024-28122,0,0,3209f9a611aea4804720e8e5b4eeb3a02772982f302e787ac8040299af464092,2024-03-11T01:32:39.697000
CVE-2024-28149,0,0,bb1327eb2ceb44ae2cc8e952fde2f54b109f1740591e1ece1b912c644025402b,2024-03-06T21:42:54.697000
CVE-2024-28150,0,0,bd9c785686979f74fc956d3a9d80b65ba208ec849a10e17a7f0c9226761980a2,2024-03-06T21:42:54.697000
@ -241232,7 +241235,7 @@ CVE-2024-28174,0,0,fa1674b985861bddf4d0ff5ab075ec0e4328a9665c668bfe339f9f0de580d
CVE-2024-28176,0,0,5bb6d329167995170bd276a45554624691bdda8cbb6c83c2d08f42eba9f617aa,2024-03-11T01:32:39.697000
CVE-2024-28180,0,0,1e73ce45496cde15ab7710e8895a9f7d4caf4d2dcdb0d6de4d94afa753e9a64b,2024-03-11T01:32:39.697000
CVE-2024-28184,0,0,043b0bc7533d0fc96bb6df4be7b21b8477ffe807b0ac6ed0c4b06cf7d8241c3c,2024-03-11T01:32:39.697000
CVE-2024-28186,0,0,d09f5b367130ceb8ffca34e045c486310511570fff5782478a7ab9680fd86e0e,2024-03-12T20:15:08.503000
CVE-2024-28186,0,1,bd19020fb98c7e49f4ae9534406a8116ce29f7f2cd9253fb5db74e8880c2331b,2024-03-13T12:33:51.697000
CVE-2024-28187,0,0,ac9aee9b90f5e80eaf35f8c7ff9228de1d46fc7e7981b3ae0d130073676ebc09,2024-03-12T12:40:13.500000
CVE-2024-28197,0,0,e70c7d0bb2a78854377299eb50fe7994eaf82f7d86398ed826c936d249a753e2,2024-03-12T12:40:13.500000
CVE-2024-28198,0,0,8816bcf1852d0abd4f85184964ff047a5ee5921e29485ae07c6ebc27fd66ef45,2024-03-12T12:40:13.500000
@ -241247,15 +241250,15 @@ CVE-2024-28222,0,0,fc2bb6625872999de46c3fec787964c81811fbafba85fd6aa0a9c0c190c12
CVE-2024-28228,0,0,fafeac90b4103ecc037c0d15d4376f652ba43048a680a73a3c13807568e40859,2024-03-07T13:52:27.110000
CVE-2024-28229,0,0,7bfc3b59e790a5126732ec4d8d480f9938166a41475488b32e066c1e064ccb9f,2024-03-07T13:52:27.110000
CVE-2024-28230,0,0,3036aa70102b53b9cc695265dc4a11e5a4f5b8d26f6120835dbd1a9c3d93e7ec,2024-03-07T13:52:27.110000
CVE-2024-28236,0,0,66388b84425c967b6086cd0e49b7fcb7722f8634684e8523b513de2540418adb,2024-03-12T21:15:59.027000
CVE-2024-28238,0,0,392026f8d9c6964893634222ffe2dae70ae08f5ebc7afc8158b32c816c78c5fb,2024-03-12T21:15:59.297000
CVE-2024-28239,0,0,200bf1ec0e96c73e0229c8588ffb32cc105d174ecb8c5382f1a77b80bf09a819,2024-03-12T21:15:59.513000
CVE-2024-28236,0,1,ea7d34bffb060eb0191757ceb4c446ee8bfa4166cb7d1e0d8e67e75c651ba966,2024-03-13T12:33:51.697000
CVE-2024-28238,0,1,38219e010007b7fe5426826144cd2eabd2e22d36d31c50aa8471901674b524b3,2024-03-13T12:33:51.697000
CVE-2024-28239,0,1,faccbe471f1ae24e1ff85c8426d7d0f8447bb8e496567a24af19b5962ca5e940,2024-03-13T12:33:51.697000
CVE-2024-28338,0,0,9985a0b99abb928b9c829cb29ecce6039c07964aad6d9841c1477c6680f4f9b5,2024-03-12T17:46:17.273000
CVE-2024-28339,0,0,06a7f15d55f22a965683bef17c82587bc073ddf9fa5edb33c38c4cd82d5f37f7,2024-03-12T17:46:17.273000
CVE-2024-28340,0,0,89775fa07d73d115a7392603111ecb04f65799be74b8d41063e67ed0eb97d0cf,2024-03-12T17:46:17.273000
CVE-2024-28535,0,0,05b59fc574e3ec1a67ffae1023c5999e94849ce19d6ee2f539dda71a994d8b6c,2024-03-12T16:02:33.900000
CVE-2024-28553,0,0,805b633f3af1b0b015d2f8e90520174ed99391ad33f4ee744bfc3e783d7c9257,2024-03-12T16:02:33.900000
CVE-2024-28623,0,0,c5116971097b2daf370624fbe36959f90f8af4f952090d2ba8645b66a04904e4,2024-03-13T08:15:43.497000
CVE-2024-28623,0,1,81bda7f177219bd08e3dc69b11f4157e89434624cca7692be3ee54e609ec67e1,2024-03-13T12:33:51.697000
CVE-2024-28753,0,0,73ca850c1b6879daba607bc61d7d16457b56173a47004b8bff799b514a526c36,2024-03-11T01:32:39.697000
CVE-2024-28754,0,0,9281349f951cf3fa92b3f484f1e5f3e3b9f20229dcabe6872ba34e9bebaf3b2c,2024-03-11T01:32:39.697000
CVE-2024-28757,0,0,2ea8a9bd701b62a4c7d927e860f5361b09b4376e3bc3bbb014ff5d4ca725cec6,2024-03-11T01:32:29.610000

Can't render this file because it is too large.