diff --git a/CVE-2022/CVE-2022-49xx/CVE-2022-4968.json b/CVE-2022/CVE-2022-49xx/CVE-2022-4968.json index 583d6330fcc..1538a5c3641 100644 --- a/CVE-2022/CVE-2022-49xx/CVE-2022-4968.json +++ b/CVE-2022/CVE-2022-49xx/CVE-2022-4968.json @@ -2,12 +2,16 @@ "id": "CVE-2022-4968", "sourceIdentifier": "security@ubuntu.com", "published": "2024-06-07T01:15:49.463", - "lastModified": "2024-06-07T01:15:49.463", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "netplan leaks the private key of wireguard to local users. A security fix will be released soon." + }, + { + "lang": "es", + "value": "netplan filtra la clave privada de wireguard a los usuarios locales. Pronto se publicar\u00e1 una soluci\u00f3n de seguridad." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-324xx/CVE-2023-32475.json b/CVE-2023/CVE-2023-324xx/CVE-2023-32475.json index a06f4110b97..e4b7953de5f 100644 --- a/CVE-2023/CVE-2023-324xx/CVE-2023-32475.json +++ b/CVE-2023/CVE-2023-324xx/CVE-2023-32475.json @@ -2,12 +2,16 @@ "id": "CVE-2023-32475", "sourceIdentifier": "security_alert@emc.com", "published": "2024-06-07T03:15:08.950", - "lastModified": "2024-06-07T03:15:08.950", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Dell BIOS contains a missing support for integrity check vulnerability. An attacker with physical access to the system could potentially bypass security mechanisms to run arbitrary code on the system." + }, + { + "lang": "es", + "value": "El BIOS de Dell contiene una falta de soporte para la vulnerabilidad de verificaci\u00f3n de integridad. Un atacante con acceso f\u00edsico al sistema podr\u00eda potencialmente eludir los mecanismos de seguridad para ejecutar c\u00f3digo arbitrario en el sistema." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json b/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json index d5dbb426d3d..7da449af420 100644 --- a/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json +++ b/CVE-2023/CVE-2023-334xx/CVE-2023-33461.json @@ -2,8 +2,8 @@ "id": "CVE-2023-33461", "sourceIdentifier": "cve@mitre.org", "published": "2023-06-01T03:15:20.547", - "lastModified": "2023-11-07T04:14:55.163", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-06-07T14:11:55.450", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:iniparser_project:iniparser:4.1:*:*:*:*:*:*:*", - "matchCriteriaId": "26DCED98-868B-4A1E-8659-0A4AAD370E89" + "criteria": "cpe:2.3:a:ndevilla:iniparser:4.1:*:*:*:*:*:*:*", + "matchCriteriaId": "90A0D9C2-3EC9-42A8-A01F-1D90B64994EC" } ] } @@ -79,11 +79,19 @@ }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ASV7SEDHGCP63GYAFEW3CTTVQDZM5RIK/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQAIP5AURSTWIQOOP7G4CXYJ5IIGPY3Q/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Mailing List", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37539.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37539.json index 86b79de39cf..22a37d18dbe 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37539.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37539.json @@ -2,12 +2,16 @@ "id": "CVE-2023-37539", "sourceIdentifier": "psirt@hcl.com", "published": "2024-06-06T23:15:48.720", - "lastModified": "2024-06-06T23:15:48.720", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Domino Catalog template is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicking it." + }, + { + "lang": "es", + "value": "The Domino Catalog template es susceptible a una vulnerabilidad de Cross-Site Scripting (XSS) Almacenado. Un atacante con la capacidad de editar documentos en la aplicaci\u00f3n/base de datos del cat\u00e1logo creada a partir de esta plantilla puede incrustar un ataque de Cross-site Scripting. El ataque se activar\u00eda si un usuario final hiciera clic en \u00e9l." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-451xx/CVE-2023-45192.json b/CVE-2023/CVE-2023-451xx/CVE-2023-45192.json index bbe6961d2eb..9f0612c68ed 100644 --- a/CVE-2023/CVE-2023-451xx/CVE-2023-45192.json +++ b/CVE-2023/CVE-2023-451xx/CVE-2023-45192.json @@ -2,12 +2,16 @@ "id": "CVE-2023-45192", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-06-06T19:15:50.730", - "lastModified": "2024-06-06T19:15:50.730", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 268758." + }, + { + "lang": "es", + "value": "IBM Engineering Requisitos Management DOORS Next 7.0.2 y 7.0.3 es vulnerable a un ataque de inyecci\u00f3n de entidad externa XML (XXE) al procesar datos XML. Un atacante remoto podr\u00eda aprovechar esta vulnerabilidad para exponer informaci\u00f3n confidencial o consumir recursos de memoria. ID de IBM X-Force: 268758." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-494xx/CVE-2023-49441.json b/CVE-2023/CVE-2023-494xx/CVE-2023-49441.json index d04d4e8a22f..3e9cfdeb4ee 100644 --- a/CVE-2023/CVE-2023-494xx/CVE-2023-49441.json +++ b/CVE-2023/CVE-2023-494xx/CVE-2023-49441.json @@ -2,12 +2,16 @@ "id": "CVE-2023-49441", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:09.843", - "lastModified": "2024-06-06T22:15:09.843", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query." + }, + { + "lang": "es", + "value": "dnsmasq 2.9 es vulnerable al desbordamiento de enteros a trav\u00e9s de forward_query." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-500xx/CVE-2023-50026.json b/CVE-2023/CVE-2023-500xx/CVE-2023-50026.json index 7e0d5234f9d..58e759f7698 100644 --- a/CVE-2023/CVE-2023-500xx/CVE-2023-50026.json +++ b/CVE-2023/CVE-2023-500xx/CVE-2023-50026.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50026", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-09T08:15:08.460", - "lastModified": "2024-02-15T19:32:40.610", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-06-07T14:12:14.943", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -59,9 +59,9 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:presta_monster:multi_accessories_pro:*:*:*:*:*:prestashop:*:*", + "criteria": "cpe:2.3:a:prestamonster:multi_accessories_pro:*:*:*:*:*:prestashop:*:*", "versionEndExcluding": "5.3.0", - "matchCriteriaId": "2DBE08C3-40E8-45D0-ACDE-D2CB868ABD12" + "matchCriteriaId": "BCD2D724-CE66-49E3-9FBD-81BD076E654C" } ] } diff --git a/CVE-2023/CVE-2023-518xx/CVE-2023-51847.json b/CVE-2023/CVE-2023-518xx/CVE-2023-51847.json index 7c159c040c6..c3da7d911ae 100644 --- a/CVE-2023/CVE-2023-518xx/CVE-2023-51847.json +++ b/CVE-2023/CVE-2023-518xx/CVE-2023-51847.json @@ -2,12 +2,16 @@ "id": "CVE-2023-51847", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:09.950", - "lastModified": "2024-06-06T22:15:09.950", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in obgm and Libcoap v.a3ed466 allows a remote attacker to cause a denial of service via thecoap_context_t function in the src/coap_threadsafe.c:297:3 component." + }, + { + "lang": "es", + "value": "Un problema en obgm y Libcoap v.a3ed466 permite a un atacante remoto provocar una denegaci\u00f3n de servicio a trav\u00e9s de la funci\u00f3n coap_context_t en el componente src/coap_threadsafe.c:297:3." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-54xx/CVE-2023-5424.json b/CVE-2023/CVE-2023-54xx/CVE-2023-5424.json index afa2bf460f1..44c39b6c692 100644 --- a/CVE-2023/CVE-2023-54xx/CVE-2023-5424.json +++ b/CVE-2023/CVE-2023-54xx/CVE-2023-5424.json @@ -2,12 +2,16 @@ "id": "CVE-2023-5424", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T10:15:10.150", - "lastModified": "2024-06-07T10:15:10.150", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration." + }, + { + "lang": "es", + "value": "El complemento WS Form LITE para WordPress es vulnerable a la inyecci\u00f3n CSV en versiones hasta la 1.9.217 incluida. Esto permite a atacantes no autenticados incrustar entradas que no son de confianza en archivos CSV exportados, lo que puede provocar la ejecuci\u00f3n de c\u00f3digo cuando estos archivos se descargan y abren en un sistema local con una configuraci\u00f3n vulnerable." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6199.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6199.json index 7ace192c5d0..187f6ccd850 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6199.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6199.json @@ -2,8 +2,8 @@ "id": "CVE-2023-6199", "sourceIdentifier": "help@fluidattacks.com", "published": "2023-11-20T23:15:06.877", - "lastModified": "2023-11-29T17:28:30.710", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-06-07T14:12:05.897", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -89,8 +89,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:bookstackapp:book_stack:23.10.2:*:*:*:*:*:*:*", - "matchCriteriaId": "A210C8C1-0AAD-47FE-8138-EFBB82D919C8" + "criteria": "cpe:2.3:a:bookstackapp:bookstack:23.10.2:*:*:*:*:*:*:*", + "matchCriteriaId": "BD6112A9-D59F-486E-9551-F5FB1434E4E3" } ] } diff --git a/CVE-2023/CVE-2023-64xx/CVE-2023-6491.json b/CVE-2023/CVE-2023-64xx/CVE-2023-6491.json index 698e2fdc552..3476247fed4 100644 --- a/CVE-2023/CVE-2023-64xx/CVE-2023-6491.json +++ b/CVE-2023/CVE-2023-64xx/CVE-2023-6491.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6491", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T06:15:09.320", - "lastModified": "2024-06-07T06:15:09.320", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views." + }, + { + "lang": "es", + "value": "El complemento Strong Testimonials para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una verificaci\u00f3n de capacidad incorrecta en la funci\u00f3n wpmtst_save_view_sticky en todas las versiones hasta la 3.1.12 incluida. Esto hace posible que los atacantes autenticados, con acceso de colaborador y superior, modifiquen las vistas favoritas." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-68xx/CVE-2023-6876.json b/CVE-2023/CVE-2023-68xx/CVE-2023-6876.json index 348fc6c6f1a..9a75791fdaa 100644 --- a/CVE-2023/CVE-2023-68xx/CVE-2023-6876.json +++ b/CVE-2023/CVE-2023-68xx/CVE-2023-6876.json @@ -2,12 +2,16 @@ "id": "CVE-2023-6876", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T02:15:08.933", - "lastModified": "2024-06-07T02:15:08.933", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Clever Fox \u2013 One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme' function in all versions up to, and including, 25.2.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the active theme, including to an invalid value which can take down the site." + }, + { + "lang": "es", + "value": "El complemento Clever Fox \u2013 One Click Website Importer de Nayra Themes para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'clever-fox-activate-theme' en todas las versiones hasta la 25.2.0 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor y superior, modifiquen el tema activo, incluso a un valor no v\u00e1lido que puede hacer caer el sitio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-05xx/CVE-2024-0520.json b/CVE-2024/CVE-2024-05xx/CVE-2024-0520.json index bc6735f6493..e5ece315c89 100644 --- a/CVE-2024/CVE-2024-05xx/CVE-2024-0520.json +++ b/CVE-2024/CVE-2024-05xx/CVE-2024-0520.json @@ -2,12 +2,16 @@ "id": "CVE-2024-0520", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:51.187", - "lastModified": "2024-06-06T19:15:51.187", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper neutralization of special elements used in an OS command ('Command Injection') within the `mlflow.data.http_dataset_source.py` module. Specifically, when loading a dataset from a source URL with an HTTP scheme, the filename extracted from the `Content-Disposition` header or the URL path is used to generate the final file path without proper sanitization. This flaw enables an attacker to control the file path fully by utilizing path traversal or absolute path techniques, such as '../../tmp/poc.txt' or '/tmp/poc.txt', leading to arbitrary file write. Exploiting this vulnerability could allow a malicious user to execute commands on the vulnerable machine, potentially gaining access to data and model information. The issue is fixed in version 2.9.0." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en mlflow/mlflow versi\u00f3n 8.2.1 permite la ejecuci\u00f3n remota de c\u00f3digo debido a la neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo (\"Inyecci\u00f3n de comandos\") dentro del m\u00f3dulo `mlflow.data.http_dataset_source.py`. Espec\u00edficamente, cuando se carga un conjunto de datos desde una URL de origen con un esquema HTTP, el nombre de archivo extra\u00eddo del encabezado `Content-Disposition` o la ruta URL se utiliza para generar la ruta final del archivo sin una sanitizaci\u00f3n adecuada. Esta falla permite a un atacante controlar completamente la ruta del archivo mediante el uso de t\u00e9cnicas de path traversal o de ruta absoluta, como '../../tmp/poc.txt' o '/tmp/poc.txt', lo que lleva a la escritura arbitraria de archivos. Explotar esta vulnerabilidad podr\u00eda permitir que un usuario malintencionado ejecute comandos en la m\u00e1quina vulnerable, obteniendo potencialmente acceso a datos e informaci\u00f3n del modelo. El problema se solucion\u00f3 en la versi\u00f3n 2.9.0. " } ], "metrics": { diff --git a/CVE-2024/CVE-2024-16xx/CVE-2024-1689.json b/CVE-2024/CVE-2024-16xx/CVE-2024-1689.json index be3861337c0..5a36ca945e5 100644 --- a/CVE-2024/CVE-2024-16xx/CVE-2024-1689.json +++ b/CVE-2024/CVE-2024-16xx/CVE-2024-1689.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1689", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T02:15:09.203", - "lastModified": "2024-06-07T02:15:09.203", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to, and including, 1.2.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to deactivate arbitrary plugin modules." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Tools para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n woocommerce_tool_toggle_module() en todas las versiones hasta la 1.2.9 incluida. Esto hace posible que atacantes autenticados, con acceso a nivel de suscriptor y superior, desactiven m\u00f3dulos de complementos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-17xx/CVE-2024-1768.json b/CVE-2024/CVE-2024-17xx/CVE-2024-1768.json index ca4df787ba4..68c997fa7cd 100644 --- a/CVE-2024/CVE-2024-17xx/CVE-2024-1768.json +++ b/CVE-2024/CVE-2024-17xx/CVE-2024-1768.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1768", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T03:15:09.237", - "lastModified": "2024-06-07T03:15:09.237", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Clever Fox para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del bloque de cuadro de informaci\u00f3n del complemento en todas las versiones hasta la 25.2.0 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados con permisos de nivel de colaborador y superiores inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1873.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1873.json index eb1db665b16..fa83f5c9738 100644 --- a/CVE-2024/CVE-2024-18xx/CVE-2024-1873.json +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1873.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1873", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:51.460", - "lastModified": "2024-06-06T19:15:51.460", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "parisneo/lollms-webui is vulnerable to path traversal and denial of service attacks due to an exposed `/select_database` endpoint in version a9d16b0. The endpoint improperly handles file paths, allowing attackers to specify absolute paths when interacting with the `DiscussionsDB` instance. This flaw enables attackers to create directories anywhere on the system where the application has permissions, potentially leading to denial of service by creating directories with names of critical files, such as HTTPS certificate files, causing server startup failures. Additionally, attackers can manipulate the database path, resulting in the loss of client data by constantly changing the file location to an attacker-controlled location, scattering the data across the filesystem and making recovery difficult." + }, + { + "lang": "es", + "value": "parisneo/lollms-webui es vulnerable a ataques de path traversal y denegaci\u00f3n de servicio debido a un endpoint `/select_database` expuesto en la versi\u00f3n a9d16b0. El endpoint maneja incorrectamente las rutas de los archivos, lo que permite a los atacantes especificar rutas absolutas al interactuar con la instancia `DiscussionsDB`. Esta falla permite a los atacantes crear directorios en cualquier parte del sistema donde la aplicaci\u00f3n tenga permisos, lo que podr\u00eda provocar una denegaci\u00f3n de servicio al crear directorios con nombres de archivos cr\u00edticos, como archivos de certificados HTTPS, lo que provoca fallas en el inicio del servidor. Adem\u00e1s, los atacantes pueden manipular la ruta de la base de datos, lo que resulta en la p\u00e9rdida de datos del cliente al cambiar constantemente la ubicaci\u00f3n del archivo a una ubicaci\u00f3n controlada por el atacante, dispersando los datos por todo el sistema de archivos y dificultando la recuperaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1879.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1879.json index 88fb2e3f6a9..33f48d1a3f7 100644 --- a/CVE-2024/CVE-2024-18xx/CVE-2024-1879.json +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1879.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1879", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:12.827", - "lastModified": "2024-06-06T18:15:12.827", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability in significant-gravitas/autogpt version v0.5.0 allows attackers to execute arbitrary commands on the AutoGPT server. The vulnerability stems from the lack of protections on the API endpoint receiving instructions, enabling an attacker to direct a user running AutoGPT in their local network to a malicious website. This site can then send crafted requests to the AutoGPT server, leading to command execution. The issue is exacerbated by CORS being enabled for arbitrary origins by default, allowing the attacker to read the response of all cross-site queries. This vulnerability was addressed in version 5.1." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la versi\u00f3n v0.5.0 de significant-gravitas/autogpt permite a los atacantes ejecutar comandos arbitrarios en el servidor AutoGPT. La vulnerabilidad se debe a la falta de protecci\u00f3n en el endpoint API que recibe instrucciones, lo que permite a un atacante dirigir a un usuario que ejecuta AutoGPT en su red local a un sitio web malicioso. Luego, este sitio puede enviar solicitudes manipuladas al servidor AutoGPT, lo que lleva a la ejecuci\u00f3n del comando. El problema se ve agravado por el hecho de que CORS est\u00e1 habilitado para or\u00edgenes arbitrarios de forma predeterminada, lo que permite al atacante leer la respuesta de todas las consultas entre sitios. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 5.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1880.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1880.json index c7ff2689063..d8d2cfc8fc9 100644 --- a/CVE-2024/CVE-2024-18xx/CVE-2024-1880.json +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1880.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1880", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:51.703", - "lastModified": "2024-06-06T19:15:51.703", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An OS command injection vulnerability exists in the MacOS Text-To-Speech class MacOSTTS of the significant-gravitas/autogpt project, affecting versions up to v0.5.0. The vulnerability arises from the improper neutralization of special elements used in an OS command within the `_speech` method of the MacOSTTS class. Specifically, the use of `os.system` to execute the `say` command with user-supplied text allows for arbitrary code execution if an attacker can inject shell commands. This issue is triggered when the AutoGPT instance is run with the `--speak` option enabled and configured with `TEXT_TO_SPEECH_PROVIDER=macos`, reflecting back a shell injection snippet. The impact of this vulnerability is the potential execution of arbitrary code on the instance running AutoGPT. The issue was addressed in version 5.1.0." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo en la clase MacOSTTS Text-To-Speech de MacOS del proyecto significant-gravitas/autogpt, que afecta a las versiones hasta la v0.5.0. La vulnerabilidad surge de la neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo dentro del m\u00e9todo `_speech` de la clase MacOSTTS. Espec\u00edficamente, el uso de `os.system` para ejecutar el comando `say` con texto proporcionado por el usuario permite la ejecuci\u00f3n de c\u00f3digo arbitrario si un atacante puede inyectar comandos de shell. Este problema se activa cuando la instancia de AutoGPT se ejecuta con la opci\u00f3n `--speak` habilitada y configurada con `TEXT_TO_SPEECH_PROVIDER=macos`, lo que refleja un fragmento de inyecci\u00f3n de shell. El impacto de esta vulnerabilidad es la posible ejecuci\u00f3n de c\u00f3digo arbitrario en la instancia que ejecuta AutoGPT. El problema se solucion\u00f3 en la versi\u00f3n 5.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-18xx/CVE-2024-1881.json b/CVE-2024/CVE-2024-18xx/CVE-2024-1881.json index 25eb72f93a2..657d3d53746 100644 --- a/CVE-2024/CVE-2024-18xx/CVE-2024-1881.json +++ b/CVE-2024/CVE-2024-18xx/CVE-2024-1881.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1881", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:51.920", - "lastModified": "2024-06-06T19:15:51.920", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "AutoGPT, a component of significant-gravitas/autogpt, is vulnerable to an improper neutralization of special elements used in an OS command ('OS Command Injection') due to a flaw in its shell command validation function. Specifically, the vulnerability exists in versions v0.5.0 up to but not including 5.1.0. The issue arises from the application's method of validating shell commands against an allowlist or denylist, where it only checks the first word of the command. This allows an attacker to bypass the intended restrictions by crafting commands that are executed despite not being on the allowlist or by including malicious commands not present in the denylist. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary shell commands." + }, + { + "lang": "es", + "value": "AutoGPT, un componente de significant-gravitas/autogpt, es vulnerable a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comando del sistema operativo') debido a una falla en su funci\u00f3n de validaci\u00f3n del comando de shell. Espec\u00edficamente, la vulnerabilidad existe en las versiones v0.5.0 hasta la 5.1.0, pero no incluida. El problema surge del m\u00e9todo de la aplicaci\u00f3n para validar los comandos del shell con una lista de permitidos o de denegados, donde solo verifica la primera palabra del comando. Esto permite a un atacante eludir las restricciones previstas creando comandos que se ejecutan a pesar de no estar en la lista de permitidos o incluyendo comandos maliciosos que no est\u00e1n presentes en la lista de prohibidos. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda permitir a un atacante ejecutar comandos de shell arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-19xx/CVE-2024-1988.json b/CVE-2024/CVE-2024-19xx/CVE-2024-1988.json index 4fff8d89c0a..010af5e2e1f 100644 --- a/CVE-2024/CVE-2024-19xx/CVE-2024-1988.json +++ b/CVE-2024/CVE-2024-19xx/CVE-2024-1988.json @@ -2,12 +2,16 @@ "id": "CVE-2024-1988", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T04:15:25.850", - "lastModified": "2024-06-07T04:15:25.850", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute in blocks in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo 'etiqueta' en bloques en todas las versiones hasta la 2.2.80 incluida por insuficiente sanitizaci\u00f3n de insumos y escape de salida. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2032.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2032.json index dccf2c7cbf4..71bad64c04c 100644 --- a/CVE-2024/CVE-2024-20xx/CVE-2024-2032.json +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2032.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2032", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:53.060", - "lastModified": "2024-06-06T19:15:53.060", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to insufficient handling of concurrent user creation requests, leading to data inconsistencies and potential authentication problems. Specifically, concurrent processes may overwrite or corrupt user data, complicating user identification and posing security risks. This issue is particularly concerning for APIs that rely on usernames as input parameters, such as PUT /api/v1/users/test_race, where it could lead to further complications." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n en las versiones de zenml-io/zenml hasta la 0.55.3 incluida, que permite la creaci\u00f3n de m\u00faltiples usuarios con el mismo nombre de usuario cuando las solicitudes se env\u00edan en paralelo. Este problema se solucion\u00f3 en la versi\u00f3n 0.55.5. La vulnerabilidad surge debido al manejo insuficiente de solicitudes simult\u00e1neas de creaci\u00f3n de usuarios, lo que genera inconsistencias en los datos y posibles problemas de autenticaci\u00f3n. Espec\u00edficamente, los procesos simult\u00e1neos pueden sobrescribir o da\u00f1ar los datos del usuario, complicando la identificaci\u00f3n del usuario y planteando riesgos de seguridad. Este problema es particularmente preocupante para las API que dependen de nombres de usuario como par\u00e1metros de entrada, como PUT /api/v1/users/test_race, donde podr\u00eda generar m\u00e1s complicaciones." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-20xx/CVE-2024-2035.json b/CVE-2024/CVE-2024-20xx/CVE-2024-2035.json index e79b4e1388f..0c5faf07ca8 100644 --- a/CVE-2024/CVE-2024-20xx/CVE-2024-2035.json +++ b/CVE-2024/CVE-2024-20xx/CVE-2024-2035.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2035", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:53.313", - "lastModified": "2024-06-06T19:15:53.313", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An improper authorization vulnerability exists in the zenml-io/zenml repository, specifically within the API PUT /api/v1/users/id endpoint. This vulnerability allows any authenticated user to modify the information of other users, including changing the `active` status of user accounts to false, effectively deactivating them. This issue affects version 0.55.3 and was fixed in version 0.56.2. The impact of this vulnerability is significant as it allows for the deactivation of admin accounts, potentially disrupting the functionality and security of the application." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de autorizaci\u00f3n incorrecta en el repositorio zenml-io/zenml, espec\u00edficamente dentro del endpoint API PUT /api/v1/users/id. Esta vulnerabilidad permite que cualquier usuario autenticado modifique la informaci\u00f3n de otros usuarios, incluido cambiar el estado \"activo\" de las cuentas de usuario a falso, desactiv\u00e1ndolas efectivamente. Este problema afecta a la versi\u00f3n 0.55.3 y se solucion\u00f3 en la versi\u00f3n 0.56.2. El impacto de esta vulnerabilidad es significativo ya que permite la desactivaci\u00f3n de cuentas de administrador, lo que potencialmente altera la funcionalidad y seguridad de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-21xx/CVE-2024-2171.json b/CVE-2024/CVE-2024-21xx/CVE-2024-2171.json index 5521c744499..6b80e17f7a1 100644 --- a/CVE-2024/CVE-2024-21xx/CVE-2024-2171.json +++ b/CVE-2024/CVE-2024-21xx/CVE-2024-2171.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2171", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:53.647", - "lastModified": "2024-06-06T19:15:53.647", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability was identified in the zenml-io/zenml repository, specifically within the 'logo_url' field. By injecting malicious payloads into this field, an attacker could send harmful messages to other users, potentially compromising their accounts. The vulnerability affects version 0.55.3 and was fixed in version 0.56.2. The impact of exploiting this vulnerability could lead to user account compromise." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de Cross-Site Scripting (XSS) almacenado en el repositorio zenml-io/zenml, espec\u00edficamente dentro del campo 'logo_url'. Al inyectar cargas maliciosas en este campo, un atacante podr\u00eda enviar mensajes da\u00f1inos a otros usuarios, comprometiendo potencialmente sus cuentas. La vulnerabilidad afecta a la versi\u00f3n 0.55.3 y se solucion\u00f3 en la versi\u00f3n 0.56.2. El impacto de explotar esta vulnerabilidad podr\u00eda comprometer la cuenta del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22074.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22074.json index f183f3afa1b..bd4d6dc8a2b 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22074.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22074.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22074", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T21:15:48.180", - "lastModified": "2024-06-06T21:15:48.180", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Dynamsoft Service 1.8.1025 through 1.8.2013, 1.7.0330 through 1.7.2531, 1.6.0428 through 1.6.1112, 1.5.0625 through 1.5.3116, 1.4.0618 through 1.4.1230, and 1.0.516 through 1.3.0115 has Incorrect Access Control. This is fixed in 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212, and 1.3.3212." + }, + { + "lang": "es", + "value": "Dynamsoft Service 1.8.1025 a 1.8.2013, 1.7.0330 a 1.7.2531, 1.6.0428 a 1.6.1112, 1.5.0625 a 1.5.3116, 1.4.0618 a 1.4.1230 y 1.0.516 a 1.3.0115 tiene control de acceso incorrecto. Esto se solucion\u00f3 en 1.8.2014, 1.7.4212, 1.6.3212, 1.5.31212, 1.4.3212 y 1.3.3212." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-223xx/CVE-2024-22326.json b/CVE-2024/CVE-2024-223xx/CVE-2024-22326.json index e40efb4644e..bced2e54277 100644 --- a/CVE-2024/CVE-2024-223xx/CVE-2024-22326.json +++ b/CVE-2024/CVE-2024-223xx/CVE-2024-22326.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22326", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-06-06T19:15:52.137", - "lastModified": "2024-06-06T19:15:52.137", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0, and 89.40.93.0 could allow a remote user to create an LDAP connection with a valid username and empty password to establish an anonymous connection. \u00a0 IBM X-Force ID: 279518." + }, + { + "lang": "es", + "value": "IBM System Storage DS8900F 89.22.19.0, 89.30.68.0, 89.32.40.0, 89.33.48.0, 89.40.83.0 y 89.40.93.0 podr\u00edan permitir a un usuario remoto crear una conexi\u00f3n LDAP con un nombre de usuario v\u00e1lido y una contrase\u00f1a vac\u00eda para establecer una conexi\u00f3n an\u00f3nima. ID de IBM X-Force: 279518." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22524.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22524.json index 04129c51c65..650fb647463 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22524.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22524.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22524", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.043", - "lastModified": "2024-06-06T22:15:10.043", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "dnspod-sr 0dfbd37 is vulnerable to buffer overflow." + }, + { + "lang": "es", + "value": "dnspod-sr 0dfbd37 es vulnerable al desbordamiento del b\u00fafer." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-225xx/CVE-2024-22525.json b/CVE-2024/CVE-2024-225xx/CVE-2024-22525.json index 28fce73b38f..e31bd17ad4e 100644 --- a/CVE-2024/CVE-2024-225xx/CVE-2024-22525.json +++ b/CVE-2024/CVE-2024-225xx/CVE-2024-22525.json @@ -2,12 +2,16 @@ "id": "CVE-2024-22525", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.127", - "lastModified": "2024-06-06T22:15:10.127", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "dnspod-sr 0dfbd37 contains a SEGV." + }, + { + "lang": "es", + "value": "dnspod-sr 0dfbd37 contiene un SEGV." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2213.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2213.json index fbc1bd92271..dec52b39675 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2213.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2213.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2213", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:53.890", - "lastModified": "2024-06-06T19:15:53.890", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue was discovered in zenml-io/zenml versions up to and including 0.55.4. Due to improper authentication mechanisms, an attacker with access to an active user session can change the account password without needing to know the current password. This vulnerability allows for unauthorized account takeover by bypassing the standard password change verification process. The issue was fixed in version 0.56.3." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en las versiones de zenml-io/zenml hasta la 0.55.4 incluida. Debido a mecanismos de autenticaci\u00f3n inadecuados, un atacante con acceso a una sesi\u00f3n de usuario activa puede cambiar la contrase\u00f1a de la cuenta sin necesidad de conocer la contrase\u00f1a actual. Esta vulnerabilidad permite la apropiaci\u00f3n no autorizada de cuentas al pasar por alto el proceso est\u00e1ndar de verificaci\u00f3n de cambio de contrase\u00f1a. El problema se solucion\u00f3 en la versi\u00f3n 0.56.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-22xx/CVE-2024-2288.json b/CVE-2024/CVE-2024-22xx/CVE-2024-2288.json index 6a59a57e4e8..777f245914e 100644 --- a/CVE-2024/CVE-2024-22xx/CVE-2024-2288.json +++ b/CVE-2024/CVE-2024-22xx/CVE-2024-2288.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2288", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:54.137", - "lastModified": "2024-06-06T19:15:54.137", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in the profile picture upload functionality of the Lollms application, specifically in the parisneo/lollms-webui repository, affecting versions up to 7.3.0. This vulnerability allows attackers to change a victim's profile picture without their consent, potentially leading to a denial of service by overloading the filesystem with files. Additionally, this flaw can be exploited to perform a stored cross-site scripting (XSS) attack, enabling attackers to execute arbitrary JavaScript in the context of the victim's browser session. The issue is resolved in version 9.3." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross-Site Request Forgery (CSRF) en la funcionalidad de carga de im\u00e1genes de perfil de la aplicaci\u00f3n Lollms, espec\u00edficamente en el repositorio parisneo/lollms-webui, que afecta a las versiones hasta 7.3.0. Esta vulnerabilidad permite a los atacantes cambiar la imagen de perfil de una v\u00edctima sin su consentimiento, lo que podr\u00eda provocar una denegaci\u00f3n de servicio al sobrecargar el sistema de archivos con archivos. Adem\u00e1s, esta falla se puede aprovechar para realizar un ataque de Cross-site Scripting (XSS) almacenado, lo que permite a los atacantes ejecutar JavaScript arbitrario en el contexto de la sesi\u00f3n del navegador de la v\u00edctima. El problema se resuelve en la versi\u00f3n 9.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-237xx/CVE-2024-23793.json b/CVE-2024/CVE-2024-237xx/CVE-2024-23793.json index c95b756ed27..8f2c6e00b0d 100644 --- a/CVE-2024/CVE-2024-237xx/CVE-2024-23793.json +++ b/CVE-2024/CVE-2024-237xx/CVE-2024-23793.json @@ -2,12 +2,16 @@ "id": "CVE-2024-23793", "sourceIdentifier": "security@otrs.com", "published": "2024-06-06T19:15:52.373", - "lastModified": "2024-06-06T19:15:52.373", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts.\nThis issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34.\n\n" + }, + { + "lang": "es", + "value": "La funci\u00f3n de carga de archivos en OTRS y ((OTRS)) Community Edition tiene una vulnerabilidad de path traversal. Este problema permite que agentes autenticados o usuarios de clientes carguen archivos potencialmente da\u00f1inos en directorios a los que puede acceder el servidor web, lo que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo local como scripts Perl. Este problema afecta a OTRS: desde 7.0.X hasta 7.0.49, 8.0.X, 2023.X, desde 2024.X hasta 2024.3.2; ((OTRS)) Edici\u00f3n comunitaria: desde 6.0.1 hasta 6.0.34." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2359.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2359.json index 37309ede372..598c2d20a24 100644 --- a/CVE-2024/CVE-2024-23xx/CVE-2024-2359.json +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2359.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2359", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:54.353", - "lastModified": "2024-06-06T19:15:54.353", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability in the parisneo/lollms-webui version 9.3 allows attackers to bypass intended access restrictions and execute arbitrary code. The issue arises from the application's handling of the `/execute_code` endpoint, which is intended to be blocked from external access by default. However, attackers can exploit the `/update_setting` endpoint, which lacks proper access control, to modify the `host` configuration at runtime. By changing the `host` setting to an attacker-controlled value, the restriction on the `/execute_code` endpoint can be bypassed, leading to remote code execution. This vulnerability is due to improper neutralization of special elements used in an OS command (`Improper Neutralization of Special Elements used in an OS Command`)." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la versi\u00f3n 9.3 de parisneo/lollms-webui permite a los atacantes eludir las restricciones de acceso previstas y ejecutar c\u00f3digo arbitrario. El problema surge del manejo por parte de la aplicaci\u00f3n del endpoint `/execute_code`, que est\u00e1 manipulado para bloquear el acceso externo de forma predeterminada. Sin embargo, los atacantes pueden aprovechar el endpoint `/update_setting`, que carece de control de acceso adecuado, para modificar la configuraci\u00f3n del `host` en tiempo de ejecuci\u00f3n. Al cambiar la configuraci\u00f3n de `host` a un valor controlado por el atacante, se puede eludir la restricci\u00f3n en el endpoint `/execute_code`, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad se debe a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo (\"Neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo\")." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2360.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2360.json index c7a3f4e5123..07398f2e00f 100644 --- a/CVE-2024/CVE-2024-23xx/CVE-2024-2360.json +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2360.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2360", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:54.570", - "lastModified": "2024-06-06T19:15:54.570", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "parisneo/lollms-webui is vulnerable to path traversal attacks that can lead to remote code execution due to insufficient sanitization of user-supplied input in the 'Database path' and 'PDF LaTeX path' settings. An attacker can exploit this vulnerability by manipulating these settings to execute arbitrary code on the targeted server. The issue affects the latest version of the software. The vulnerability stems from the application's handling of the 'discussion_db_name' and 'pdf_latex_path' parameters, which do not properly validate file paths, allowing for directory traversal. This vulnerability can also lead to further file exposure and other attack vectors by manipulating the 'discussion_db_name' parameter." + }, + { + "lang": "es", + "value": "parisneo/lollms-webui es vulnerable a ataques de path traversal que pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo debido a una sanitizaci\u00f3n insuficiente de la entrada proporcionada por el usuario en las configuraciones de 'Ruta de la base de datos' y 'Ruta PDF LaTeX'. Un atacante puede aprovechar esta vulnerabilidad manipulando esta configuraci\u00f3n para ejecutar c\u00f3digo arbitrario en el servidor objetivo. El problema afecta a la \u00faltima versi\u00f3n del software. La vulnerabilidad surge del manejo que hace la aplicaci\u00f3n de los par\u00e1metros 'discussion_db_name' y 'pdf_latex_path', que no validan adecuadamente las rutas de los archivos, lo que permite directory traversal. Esta vulnerabilidad tambi\u00e9n puede provocar una mayor exposici\u00f3n de archivos y otros vectores de ataque al manipular el par\u00e1metro 'discussion_db_name'." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2362.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2362.json index 42932a4c5a9..76bb6d402a0 100644 --- a/CVE-2024/CVE-2024-23xx/CVE-2024-2362.json +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2362.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2362", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:54.767", - "lastModified": "2024-06-06T19:15:54.767", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms-webui version 9.3 on the Windows platform. Due to improper validation of file paths between Windows and Linux environments, an attacker can exploit this vulnerability to delete any file on the system. The issue arises from the lack of adequate sanitization of user-supplied input in the 'del_preset' endpoint, where the application fails to prevent the use of absolute paths or directory traversal sequences ('..'). As a result, an attacker can send a specially crafted request to the 'del_preset' endpoint to delete files outside of the intended directory." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en parisneo/lollms-webui versi\u00f3n 9.3 en la plataforma Windows. Debido a una validaci\u00f3n inadecuada de las rutas de los archivos entre los entornos Windows y Linux, un atacante puede aprovechar esta vulnerabilidad para eliminar cualquier archivo del sistema. El problema surge de la falta de una sanitizaci\u00f3n adecuada de la entrada proporcionada por el usuario en el endpoint 'del_preset', donde la aplicaci\u00f3n no logra evitar el uso de rutas absolutas o secuencias de directory traversal ('..'). Como resultado, un atacante puede enviar una solicitud especialmente manipulada al endpoint 'del_preset' para eliminar archivos fuera del directorio deseado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-23xx/CVE-2024-2383.json b/CVE-2024/CVE-2024-23xx/CVE-2024-2383.json index 9224c542129..844ee7d3f1f 100644 --- a/CVE-2024/CVE-2024-23xx/CVE-2024-2383.json +++ b/CVE-2024/CVE-2024-23xx/CVE-2024-2383.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2383", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:54.970", - "lastModified": "2024-06-06T19:15:54.970", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A clickjacking vulnerability exists in zenml-io/zenml versions up to and including 0.55.5 due to the application's failure to set appropriate X-Frame-Options or Content-Security-Policy HTTP headers. This vulnerability allows an attacker to embed the application UI within an iframe on a malicious page, potentially leading to unauthorized actions by tricking users into interacting with the interface under the attacker's control. The issue was addressed in version 0.56.3." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de clickjacking en las versiones de zenml-io/zenml hasta la 0.55.5 incluida debido a que la aplicaci\u00f3n no configura los encabezados HTTP X-Frame-Options o Content-Security-Policy adecuados. Esta vulnerabilidad permite a un atacante incrustar la interfaz de usuario de la aplicaci\u00f3n dentro de un iframe en una p\u00e1gina maliciosa, lo que podr\u00eda provocar acciones no autorizadas al enga\u00f1ar a los usuarios para que interact\u00faen con la interfaz bajo el control del atacante. El problema se solucion\u00f3 en la versi\u00f3n 0.56.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24192.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24192.json index 15feea07af4..00f064988b2 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24192.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24192.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24192", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.213", - "lastModified": "2024-06-06T22:15:10.213", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "robdns commit d76d2e6 was discovered to contain a heap overflow via the component block->filename at /src/zonefile-insertion.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que robdns commit d76d2e6 conten\u00eda un desbordamiento de mont\u00f3n a trav\u00e9s del bloque de componentes->nombre de archivo en /src/zonefile-insertion.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24194.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24194.json index bee24834074..5e2181afb9b 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24194.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24194.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24194", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.303", - "lastModified": "2024-06-06T22:15:10.303", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "robdns commit d76d2e6 was discovered to contain a NULL pointer dereference via the item->tokens component at /src/conf-parse.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que robdns commit d76d2e6 conten\u00eda una desreferencia de puntero NULL a trav\u00e9s del componente item->tokens en /src/conf-parse.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24195.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24195.json index 8aa2bf5fd69..78e0144b932 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24195.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24195.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24195", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.390", - "lastModified": "2024-06-06T22:15:10.390", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "robdns commit d76d2e6 was discovered to contain a misaligned address at /src/zonefile-insertion.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que el commit de robdns d76d2e6 conten\u00eda una direcci\u00f3n desalineada en /src/zonefile-insertion.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24198.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24198.json index a37851f333a..4f4f0c73f2f 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24198.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24198.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24198", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.480", - "lastModified": "2024-06-06T22:15:10.480", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/util.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que el commit de smartdns 54b4dc conten\u00eda una direcci\u00f3n desalineada en smartdns/src/util.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24199.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24199.json index e6264eec16a..9cbeb71a2e1 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24199.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24199.json @@ -2,12 +2,16 @@ "id": "CVE-2024-24199", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.567", - "lastModified": "2024-06-06T22:15:10.567", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "smartdns commit 54b4dc was discovered to contain a misaligned address at smartdns/src/dns.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que el commit 54b4dc de smartdns conten\u00eda una direcci\u00f3n desalineada en smartdns/src/dns.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-243xx/CVE-2024-24393.json b/CVE-2024/CVE-2024-243xx/CVE-2024-24393.json index 36321c7495e..9f7d59963a6 100644 --- a/CVE-2024/CVE-2024-243xx/CVE-2024-24393.json +++ b/CVE-2024/CVE-2024-243xx/CVE-2024-24393.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24393", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-08T22:15:09.130", - "lastModified": "2024-02-15T18:13:59.327", + "lastModified": "2024-06-07T14:11:50.460", "vulnStatus": "Analyzed", "descriptions": [ { @@ -59,8 +59,8 @@ "cpeMatch": [ { "vulnerable": true, - "criteria": "cpe:2.3:a:zyx0814:pichome:1.1.01:*:*:*:*:*:*:*", - "matchCriteriaId": "E01B058F-EABC-472B-AA5C-9D4F940787E6" + "criteria": "cpe:2.3:a:oaooa:pichome:1.1.01:*:*:*:*:*:*:*", + "matchCriteriaId": "D8DCF0D4-601E-4D83-B57A-2C925B6FFA20" } ] } diff --git a/CVE-2024/CVE-2024-245xx/CVE-2024-24520.json b/CVE-2024/CVE-2024-245xx/CVE-2024-24520.json index 60aafd9bec3..cc968985842 100644 --- a/CVE-2024/CVE-2024-245xx/CVE-2024-24520.json +++ b/CVE-2024/CVE-2024-245xx/CVE-2024-24520.json @@ -2,7 +2,7 @@ "id": "CVE-2024-24520", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-21T02:52:10.787", - "lastModified": "2024-03-21T12:58:51.093", + "lastModified": "2024-06-07T15:15:49.760", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -20,9 +20,21 @@ "url": "http://lepton.com", "source": "cve@mitre.org" }, + { + "url": "https://github.com/capture0x/leptoncms", + "source": "cve@mitre.org" + }, { "url": "https://github.com/xF9979/LEPTON-CMS", "source": "cve@mitre.org" + }, + { + "url": "https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html", + "source": "cve@mitre.org" + }, + { + "url": "https://www.exploit-db.com/exploits/51949", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25415.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25415.json index 3dea65385d2..e0e4673aa81 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25415.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25415.json @@ -2,7 +2,7 @@ "id": "CVE-2024-25415", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-16T02:15:51.443", - "lastModified": "2024-02-16T13:37:51.433", + "lastModified": "2024-06-07T15:15:49.860", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -27,6 +27,10 @@ { "url": "https://vulners.com/zdt/1337DAY-ID-39172", "source": "cve@mitre.org" + }, + { + "url": "https://www.exploit-db.com/exploits/51957", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-25xx/CVE-2024-2548.json b/CVE-2024/CVE-2024-25xx/CVE-2024-2548.json index 5119278f92d..bbd15d3a05d 100644 --- a/CVE-2024/CVE-2024-25xx/CVE-2024-2548.json +++ b/CVE-2024/CVE-2024-25xx/CVE-2024-2548.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2548", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:55.217", - "lastModified": "2024-06-06T19:15:55.217", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms-webui application, specifically within the `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` and `lollms_core/lollms/security.py` files. Due to inadequate validation of file paths between Windows and Linux environments using `Path(path).is_absolute()`, attackers can exploit this flaw to read any file on the system. This issue affects the latest version of LoLLMs running on the Windows platform. The vulnerability is triggered when an attacker sends a specially crafted request to the `/user_infos/{path:path}` endpoint, allowing the reading of arbitrary files, as demonstrated with the `win.ini` file. The issue has been addressed in version 9.5 of the software." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en la aplicaci\u00f3n parisneo/lollms-webui, espec\u00edficamente dentro de los archivos `lollms_core/lollms/server/endpoints/lollms_binding_files_server.py` y `lollms_core/lollms/security.py`. Debido a la validaci\u00f3n inadecuada de las rutas de los archivos entre los entornos Windows y Linux utilizando `Path(path).is_absolute()`, los atacantes pueden aprovechar esta falla para leer cualquier archivo en el sistema. Este problema afecta a la \u00faltima versi\u00f3n de LoLLM que se ejecuta en la plataforma Windows. La vulnerabilidad se activa cuando un atacante env\u00eda una solicitud especialmente manipulada al endpoint `/user_infos/{path:path}`, permitiendo la lectura de archivos arbitrarios, como se demuestra con el archivo `win.ini`. El problema se solucion\u00f3 en la versi\u00f3n 9.5 del software." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-26xx/CVE-2024-2624.json b/CVE-2024/CVE-2024-26xx/CVE-2024-2624.json index 0638cc87963..3621f9cae95 100644 --- a/CVE-2024/CVE-2024-26xx/CVE-2024-2624.json +++ b/CVE-2024/CVE-2024-26xx/CVE-2024-2624.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2624", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:55.437", - "lastModified": "2024-06-06T19:15:55.437", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal and arbitrary file upload vulnerability exists in the parisneo/lollms-webui application, specifically within the `@router.get(\"/switch_personal_path\")` endpoint in `./lollms-webui/lollms_core/lollms/server/endpoints/lollms_user.py`. The vulnerability arises due to insufficient sanitization of user-supplied input for the `path` parameter, allowing an attacker to specify arbitrary file system paths. This flaw enables direct arbitrary file uploads, leakage of `personal_data`, and overwriting of configurations in `lollms-webui`->`configs` by exploiting the same named directory in `personal_data`. The issue affects the latest version of the application and is fixed in version 9.4. Successful exploitation could lead to sensitive information disclosure, unauthorized file uploads, and potentially remote code execution by overwriting critical configuration files." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal y carga de archivos arbitrarios en la aplicaci\u00f3n parisneo/lollms-webui, espec\u00edficamente dentro del endpoint `@router.get(\"/switch_personal_path\")` en `./lollms-webui/lollms_core/lollms/server/endpoints/ lollms_user.py`. La vulnerabilidad surge debido a una sanitizaci\u00f3n insuficiente de la entrada proporcionada por el usuario para el par\u00e1metro \"ruta\", lo que permite a un atacante especificar rutas arbitrarias del sistema de archivos. Esta falla permite la carga directa de archivos arbitrarios, la fuga de `personal_data` y la sobrescritura de configuraciones en `lollms-webui`->`configs` al explotar el mismo directorio con el mismo nombre en `personal_data`. El problema afecta a la \u00faltima versi\u00f3n de la aplicaci\u00f3n y se solucion\u00f3 en la versi\u00f3n 9.4. Una explotaci\u00f3n exitosa podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n confidencial, cargas de archivos no autorizadas y ejecuci\u00f3n potencialmente remota de c\u00f3digo al sobrescribir archivos de configuraci\u00f3n cr\u00edticos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-29xx/CVE-2024-2914.json b/CVE-2024/CVE-2024-29xx/CVE-2024-2914.json index 24f2ee5fe23..a3c9e7015a2 100644 --- a/CVE-2024/CVE-2024-29xx/CVE-2024-2914.json +++ b/CVE-2024/CVE-2024-29xx/CVE-2024-2914.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2914", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:13.227", - "lastModified": "2024-06-06T18:15:13.227", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A TarSlip vulnerability exists in the deepjavalibrary/djl, affecting version 0.26.0 and fixed in version 0.27.0. This vulnerability allows an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. Exploitation of this vulnerability could lead to remote code execution, privilege escalation, data theft or manipulation, and denial of service. The vulnerability is due to improper validation of file paths during the extraction of tar files, as demonstrated in multiple occurrences within the library's codebase, including but not limited to the files_util.py and extract_imagenet.py scripts." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad Tarslip en deepjavalibrary/djl, que afecta a la versi\u00f3n 0.26.0 y se corrigi\u00f3 en la versi\u00f3n 0.27.0. Esta vulnerabilidad permite a un atacante manipular rutas de archivos dentro de archivos tar para sobrescribir archivos arbitrarios en el sistema de destino. La explotaci\u00f3n de esta vulnerabilidad podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo, escalada de privilegios, robo o manipulaci\u00f3n de datos y denegaci\u00f3n de servicio. La vulnerabilidad se debe a una validaci\u00f3n inadecuada de las rutas de los archivos durante la extracci\u00f3n de archivos tar, como se demuestra en m\u00faltiples apariciones dentro del c\u00f3digo base de la librer\u00eda, incluidos, entre otros, los scripts files_util.py y extract_imagenet.py." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-29xx/CVE-2024-2928.json b/CVE-2024/CVE-2024-29xx/CVE-2024-2928.json index 549e4fc97bd..307c3d0f42d 100644 --- a/CVE-2024/CVE-2024-29xx/CVE-2024-2928.json +++ b/CVE-2024/CVE-2024-29xx/CVE-2024-2928.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2928", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:55.680", - "lastModified": "2024-06-06T19:15:55.680", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in version 2.9.2, which was fixed in version 2.11.3. This vulnerability arises from the application's failure to properly validate URI fragments for directory traversal sequences such as '../'. An attacker can exploit this flaw by manipulating the fragment part of the URI to read arbitrary files on the local file system, including sensitive files like '/etc/passwd'. The vulnerability is a bypass to a previous patch that only addressed similar manipulation within the URI's query string, highlighting the need for comprehensive validation of all parts of a URI to prevent LFI attacks." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de inclusi\u00f3n de archivos locales (LFI) en mlflow/mlflow, espec\u00edficamente en la versi\u00f3n 2.9.2, que se solucion\u00f3 en la versi\u00f3n 2.11.3. Esta vulnerabilidad surge de la falla de la aplicaci\u00f3n al validar adecuadamente los fragmentos de URI para secuencias de directory traversal como '../'. Un atacante puede aprovechar esta falla manipulando la parte del fragmento del URI para leer archivos arbitrarios en el sistema de archivos local, incluidos archivos confidenciales como '/etc/passwd'. La vulnerabilidad es una omisi\u00f3n de un parche anterior que solo abordaba una manipulaci\u00f3n similar dentro de la cadena de consulta del URI, destacando la necesidad de una validaci\u00f3n integral de todas las partes de un URI para prevenir ataques LFI." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-29xx/CVE-2024-2965.json b/CVE-2024/CVE-2024-29xx/CVE-2024-2965.json index 325d4d71806..e9d2606a5cc 100644 --- a/CVE-2024/CVE-2024-29xx/CVE-2024-2965.json +++ b/CVE-2024/CVE-2024-29xx/CVE-2024-2965.json @@ -2,12 +2,16 @@ "id": "CVE-2024-2965", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:55.897", - "lastModified": "2024-06-06T19:15:55.897", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Denial-of-Service (DoS) vulnerability exists in the `SitemapLoader` class of the `langchain-ai/langchain` repository, affecting all versions. The `parse_sitemap` method, responsible for parsing sitemaps and extracting URLs, lacks a mechanism to prevent infinite recursion when a sitemap URL refers to the current sitemap itself. This oversight allows for the possibility of an infinite loop, leading to a crash by exceeding the maximum recursion depth in Python. This vulnerability can be exploited to occupy server socket/port resources and crash the Python process, impacting the availability of services relying on this functionality." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de denegaci\u00f3n de servicio (DoS) en la clase `SitemapLoader` del repositorio `langchain-ai/langchain`, que afecta a todas las versiones. El m\u00e9todo `parse_sitemap`, responsable de analizar mapas de sitio y extraer URL, carece de un mecanismo para evitar la recursividad infinita cuando la URL de un mapa de sitio hace referencia al propio mapa de sitio actual. Este descuido permite la posibilidad de que se produzca un bucle infinito, lo que provocar\u00e1 un bloqueo al exceder la profundidad m\u00e1xima de recursividad en Python. Esta vulnerabilidad se puede aprovechar para ocupar recursos de puerto/socket del servidor y bloquear el proceso de Python, lo que afecta la disponibilidad de los servicios que dependen de esta funcionalidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30368.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30368.json index fce3fcba7b0..6b0d3ed6103 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30368.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30368.json @@ -2,12 +2,16 @@ "id": "CVE-2024-30368", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:13.443", - "lastModified": "2024-06-06T18:15:13.443", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A10 Thunder ADC CsrRequestView Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the CsrRequestView class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of a10user. Was ZDI-CAN-22517." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de inyecci\u00f3n de comando en A10 Thunder ADC CsrRequestView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de A10 Thunder ADC. Se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la clase CsrRequestView. El problema se debe a la falta de validaci\u00f3n adecuada de una cadena proporcionada por el usuario antes de usarla para ejecutar una llamada al sistema. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de un usuario. Era ZDI-CAN-22517." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30369.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30369.json index 4af7818f427..66fa79b8c74 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30369.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30369.json @@ -2,12 +2,16 @@ "id": "CVE-2024-30369", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:13.720", - "lastModified": "2024-06-06T18:15:13.720", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A10 Thunder ADC Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of A10 Thunder ADC. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.\n\nThe specific flaw exists within the installer. The issue results from incorrect permissions on a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of root. Was ZDI-CAN-22754." + }, + { + "lang": "es", + "value": "Vulnerabilidad de escalada de privilegios locales de asignaci\u00f3n de permisos incorrecta en A10 Thunder ADC. Esta vulnerabilidad permite a atacantes locales escalar privilegios en las instalaciones afectadas de A10 Thunder ADC. Un atacante primero debe obtener la capacidad de ejecutar c\u00f3digo con pocos privilegios en el sistema de destino para poder aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro del instalador. El problema se debe a permisos incorrectos en un archivo. Un atacante puede aprovechar esta vulnerabilidad para escalar privilegios y ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-22754." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30373.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30373.json index 59c03b75d35..b5f8ca35d10 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30373.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30373.json @@ -2,12 +2,16 @@ "id": "CVE-2024-30373", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T19:15:56.167", - "lastModified": "2024-06-06T19:15:56.167", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kofax Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22092." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites en el an\u00e1lisis de archivos JPF de Kofax Power PDF. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Kofax Power PDF. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos JPF. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22092." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30374.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30374.json index 8ef1c0c71e9..a7403a6499a 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30374.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30374.json @@ -2,12 +2,16 @@ "id": "CVE-2024-30374", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:13.953", - "lastModified": "2024-06-06T18:15:13.953", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22449." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de l\u00edmites en el an\u00e1lisis de archivos KSP de Luxion KeyShot Viewer. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Luxion KeyShot Viewer. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos KSP. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22449." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30375.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30375.json index 8b6c8cff6c9..eef8379d925 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30375.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30375.json @@ -2,12 +2,16 @@ "id": "CVE-2024-30375", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:14.153", - "lastModified": "2024-06-06T18:15:14.153", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Luxion KeyShot Viewer KSP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22515." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de uso posterior al an\u00e1lisis de archivos KSP de Luxion KeyShot Viewer. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Luxion KeyShot Viewer. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos KSP. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22515." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3033.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3033.json index d5e7f771cfb..5d7ee03c4e5 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3033.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3033.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3033", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:17.040", - "lastModified": "2024-06-06T18:15:17.040", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An improper authorization vulnerability exists in the mintplex-labs/anything-llm application, specifically within the '/api/v/' endpoint and its sub-routes. This flaw allows unauthenticated users to perform destructive actions on the VectorDB, including resetting the database and deleting specific namespaces, without requiring any authorization or permissions. The issue affects all versions up to and including the latest version, with a fix introduced in version 1.0.0. Exploitation of this vulnerability can lead to complete data loss of document embeddings across all workspaces, rendering workspace chats and embeddable chat widgets non-functional. Additionally, attackers can list all namespaces, potentially exposing private workspace names." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de autorizaci\u00f3n inadecuada en la aplicaci\u00f3n mintplex-labs/anything-llm, espec\u00edficamente dentro del endpoint '/api/v/' y sus subrutas. Esta falla permite a usuarios no autenticados realizar acciones destructivas en VectorDB, incluido restablecer la base de datos y eliminar espacios de nombres espec\u00edficos, sin requerir autorizaci\u00f3n ni permisos. El problema afecta a todas las versiones hasta la \u00faltima versi\u00f3n incluida, con una soluci\u00f3n introducida en la versi\u00f3n 1.0.0. La explotaci\u00f3n de esta vulnerabilidad puede provocar la p\u00e9rdida completa de datos de documentos incrustados en todos los espacios de trabajo, lo que hace que los chats del espacio de trabajo y los widgets de chat incrustados no funcionen. Adem\u00e1s, los atacantes pueden enumerar todos los espacios de nombres, lo que podr\u00eda exponer los nombres de los espacios de trabajo privados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3095.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3095.json index acf2d744a4f..5bc8a25a174 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3095.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3095.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3095", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:59.160", - "lastModified": "2024-06-06T19:15:59.160", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the Web Research Retriever component of langchain-ai/langchain version 0.1.5. The vulnerability arises because the Web Research Retriever does not restrict requests to remote internet addresses, allowing it to reach local addresses. This flaw enables attackers to execute port scans, access local services, and in some scenarios, read instance metadata from cloud environments. The vulnerability is particularly concerning as it can be exploited to abuse the Web Explorer server as a proxy for web attacks on third parties and interact with servers in the local network, including reading their response data. This could potentially lead to arbitrary code execution, depending on the nature of the local services. The vulnerability is limited to GET requests, as POST requests are not possible, but the impact on confidentiality, integrity, and availability is significant due to the potential for stolen credentials and state-changing interactions with internal APIs." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en el componente Web Research Retriever de langchain-ai/langchain versi\u00f3n 0.1.5. La vulnerabilidad surge porque Web Research Retriever no restringe las solicitudes a direcciones de Internet remotas, lo que le permite llegar a direcciones locales. Esta falla permite a los atacantes ejecutar escaneos de puertos, acceder a servicios locales y, en algunos escenarios, leer metadatos de instancias de entornos de nube. La vulnerabilidad es particularmente preocupante ya que puede explotarse para abusar del servidor Web Explorer como proxy para ataques web a terceros e interactuar con servidores en la red local, incluida la lectura de sus datos de respuesta. Esto podr\u00eda conducir potencialmente a la ejecuci\u00f3n de c\u00f3digo arbitrario, dependiendo de la naturaleza de los servicios locales. La vulnerabilidad se limita a las solicitudes GET, ya que las solicitudes POST no son posibles, pero el impacto en la confidencialidad, la integridad y la disponibilidad es significativo debido al potencial de robo de credenciales e interacciones de cambio de estado con las API internas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3099.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3099.json index 5390d5768f3..3c2b6d8e26b 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3099.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3099.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3099", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:59.393", - "lastModified": "2024-06-06T19:15:59.393", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability in mlflow/mlflow version 2.11.1 allows attackers to create multiple models with the same name by exploiting URL encoding. This flaw can lead to Denial of Service (DoS) as an authenticated user might not be able to use the intended model, as it will open a different model each time. Additionally, an attacker can exploit this vulnerability to perform data model poisoning by creating a model with the same name, potentially causing an authenticated user to become a victim by using the poisoned model. The issue stems from inadequate validation of model names, allowing for the creation of models with URL-encoded names that are treated as distinct from their URL-decoded counterparts." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en mlflow/mlflow versi\u00f3n 2.11.1 permite a los atacantes crear m\u00faltiples modelos con el mismo nombre explotando la codificaci\u00f3n URL. Esta falla puede provocar una denegaci\u00f3n de servicio (DoS), ya que es posible que un usuario autenticado no pueda utilizar el modelo deseado, ya que abrir\u00e1 un modelo diferente cada vez. Adem\u00e1s, un atacante puede aprovechar esta vulnerabilidad para envenenar el modelo de datos creando un modelo con el mismo nombre, lo que podr\u00eda provocar que un usuario autenticado se convierta en v\u00edctima al utilizar el modelo envenenado. El problema surge de una validaci\u00f3n inadecuada de los nombres de los modelos, lo que permite la creaci\u00f3n de modelos con nombres codificados en URL que se tratan como distintos de sus hom\u00f3logos decodificados en URL." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31878.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31878.json new file mode 100644 index 00000000000..e1dbb739bb6 --- /dev/null +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31878.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-31878", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-06-07T14:15:10.017", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "IBM i 7.2, 7.3, 7.4, and 7.5 Service Tools Server (SST) is vulnerable to SST user enumeration by a remote attacker. This vulnerability can be used by a malicious actor to gather information about SST users that can be targeted in further attacks. IBM X-Force ID: 287538." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287538", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7156725", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3102.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3102.json index dc1d3ff5962..c26cba4e5e2 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3102.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3102.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3102", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:59.667", - "lastModified": "2024-06-06T19:15:59.667", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A JSON Injection vulnerability exists in the `mintplex-labs/anything-llm` application, specifically within the username parameter during the login process at the `/api/request-token` endpoint. The vulnerability arises from improper handling of values, allowing attackers to perform brute force attacks without prior knowledge of the username. Once the password is known, attackers can conduct blind attacks to ascertain the full username, significantly compromising system security." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n JSON en la aplicaci\u00f3n `mintplex-labs/anything-llm`, espec\u00edficamente dentro del par\u00e1metro de nombre de usuario durante el proceso de inicio de sesi\u00f3n en el endpoint `/api/request-token`. La vulnerabilidad surge del manejo inadecuado de los valores, lo que permite a los atacantes realizar ataques de fuerza bruta sin conocimiento previo del nombre de usuario. Una vez conocida la contrase\u00f1a, los atacantes pueden realizar ataques ciegos para determinar el nombre de usuario completo, comprometiendo significativamente la seguridad del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3104.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3104.json index 311b9c0b461..e1e79ffa6ea 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3104.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3104.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3104", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:17.260", - "lastModified": "2024-06-06T18:15:17.260", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A remote code execution vulnerability exists in mintplex-labs/anything-llm due to improper handling of environment variables. Attackers can exploit this vulnerability by injecting arbitrary environment variables via the `POST /api/system/update-env` endpoint, which allows for the execution of arbitrary code on the host running anything-llm. The vulnerability is present in the latest version of anything-llm, with the latest commit identified as fde905aac1812b84066ff72e5f2f90b56d4c3a59. This issue has been fixed in version 1.0.0. Successful exploitation could lead to code execution on the host, enabling attackers to read and modify data accessible to the user running the service, potentially leading to a denial of service. " + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en mintplex-labs/anything-llm debido al manejo inadecuado de las variables de entorno. Los atacantes pueden explotar esta vulnerabilidad inyectando variables de entorno arbitrarias a trav\u00e9s del endpoint `POST /api/system/update-env`, que permite la ejecuci\u00f3n de c\u00f3digo arbitrario en el host que ejecuta cualquier cosa-llm. La vulnerabilidad est\u00e1 presente en la \u00faltima versi\u00f3n de everything-llm, con el ultimo commit identificada como fde905aac1812b84066ff72e5f2f90b56d4c3a59. Este problema se solucion\u00f3 en la versi\u00f3n 1.0.0. Una explotaci\u00f3n exitosa podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo en el host, lo que permitir\u00eda a los atacantes leer y modificar datos accesibles para el usuario que ejecuta el servicio, lo que podr\u00eda conducir a una denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3110.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3110.json index c663af25e72..f5e8e460bb9 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3110.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3110.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3110", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:15:59.900", - "lastModified": "2024-06-06T19:15:59.900", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability exists in the mintplex-labs/anything-llm application, affecting versions up to and including the latest before 1.0.0. The vulnerability arises from the application's failure to properly sanitize and validate user-supplied URLs before embedding them into the application UI as external links with custom icons. Specifically, the application does not prevent the inclusion of 'javascript:' protocol payloads in URLs, which can be exploited by a user with manager role to execute arbitrary JavaScript code in the context of another user's session. This flaw can be leveraged to steal the admin's authorization token by crafting malicious URLs that, when clicked by the admin, send the token to an attacker-controlled server. The attacker can then use this token to perform unauthorized actions, escalate privileges to admin, or directly take over the admin account. The vulnerability is triggered when the malicious link is opened in a new tab using either the CTRL + left mouse button click or the mouse scroll wheel click, or in some non-updated versions of modern browsers, by directly clicking on the link." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross-site Scripting (XSS) almacenado en la aplicaci\u00f3n mintplex-labs/anything-llm, que afecta a las versiones hasta la \u00faltima anterior a la 1.0.0 incluida. La vulnerabilidad surge de la falla de la aplicaci\u00f3n al sanitizar y validar adecuadamente las URL proporcionadas por el usuario antes de incrustarlas en la interfaz de usuario de la aplicaci\u00f3n como enlaces externos con \u00edconos personalizados. Espec\u00edficamente, la aplicaci\u00f3n no impide la inclusi\u00f3n de payloads del protocolo 'javascript:' en las URL, que pueden ser explotadas por un usuario con rol de administrador para ejecutar c\u00f3digo JavaScript arbitrario en el contexto de la sesi\u00f3n de otro usuario. Esta falla se puede aprovechar para robar el token de autorizaci\u00f3n del administrador mediante la creaci\u00f3n de URL maliciosas que, cuando el administrador hace clic en ellas, env\u00edan el token a un servidor controlado por el atacante. Luego, el atacante puede usar este token para realizar acciones no autorizadas, escalar privilegios al administrador o tomar directamente el control de la cuenta de administrador. La vulnerabilidad se activa cuando el enlace malicioso se abre en una nueva pesta\u00f1a usando CTRL + clic con el bot\u00f3n izquierdo del mouse o clic con la rueda de desplazamiento del mouse, o en algunas versiones no actualizadas de los navegadores modernos, al hacer clic directamente en el enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3149.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3149.json index 43221f3feeb..c89531c0e86 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3149.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3149.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3149", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:00.130", - "lastModified": "2024-06-06T19:16:00.130", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the upload link feature of mintplex-labs/anything-llm. This feature, intended for users with manager or admin roles, processes uploaded links through an internal Collector API using a headless browser. An attacker can exploit this by hosting a malicious website and using it to perform actions such as internal port scanning, accessing internal web applications not exposed externally, and interacting with the Collector API. This interaction can lead to unauthorized actions such as arbitrary file deletion and limited Local File Inclusion (LFI), including accessing NGINX access logs which may contain sensitive information." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en la funci\u00f3n de enlace de carga de mintplex-labs/anything-llm. Esta funci\u00f3n, destinada a usuarios con funciones de administrador o administrador, procesa los enlaces cargados a trav\u00e9s de una API interna de Collector mediante un navegador sin cabeza. Un atacante puede aprovechar esto alojando un sitio web malicioso y us\u00e1ndolo para realizar acciones como escaneo de puertos internos, acceder a aplicaciones web internas no expuestas externamente e interactuar con la API de Collector. Esta interacci\u00f3n puede dar lugar a acciones no autorizadas, como la eliminaci\u00f3n arbitraria de archivos y la inclusi\u00f3n de archivos locales (LFI) limitada, incluido el acceso a los registros de acceso de NGINX que pueden contener informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3150.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3150.json index 9f32feaa115..e676867897b 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3150.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3150.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3150", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:00.350", - "lastModified": "2024-06-06T19:16:00.350", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In mintplex-labs/anything-llm, a vulnerability exists in the thread update process that allows users with Default or Manager roles to escalate their privileges to Administrator. The issue arises from improper input validation when handling HTTP POST requests to the endpoint `/workspace/:slug/thread/:threadSlug/update`. Specifically, the application fails to validate or check user input before passing it to the `workspace_thread` Prisma model for execution. This oversight allows attackers to craft a Prisma relation query operation that manipulates the `users` model to change a user's role to admin. Successful exploitation grants attackers the highest level of user privileges, enabling them to see and perform all actions within the system." + }, + { + "lang": "es", + "value": "En mintplex-labs/anything-llm, existe una vulnerabilidad en el proceso de actualizaci\u00f3n de subprocesos que permite a los usuarios con roles predeterminados o de administrador escalar sus privilegios a administrador. El problema surge de una validaci\u00f3n de entrada incorrecta al manejar solicitudes HTTP POST al endpoint `/workspace/:slug/thread/:threadSlug/update`. Espec\u00edficamente, la aplicaci\u00f3n no puede validar o verificar la entrada del usuario antes de pasarla al modelo Prisma `workspace_thread` para su ejecuci\u00f3n. Esta supervisi\u00f3n permite a los atacantes crear una operaci\u00f3n de consulta de relaci\u00f3n Prisma que manipula el modelo de \"usuarios\" para cambiar la funci\u00f3n de un usuario a administrador. La explotaci\u00f3n exitosa otorga a los atacantes el nivel m\u00e1s alto de privilegios de usuario, permiti\u00e9ndoles ver y realizar todas las acciones dentro del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3152.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3152.json index 4be21a94385..39a46850163 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3152.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3152.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3152", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:17.490", - "lastModified": "2024-06-06T18:15:17.490", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "mintplex-labs/anything-llm is vulnerable to multiple security issues due to improper input validation in several endpoints. An attacker can exploit these vulnerabilities to escalate privileges from a default user role to an admin role, read and delete arbitrary files on the system, and perform Server-Side Request Forgery (SSRF) attacks. The vulnerabilities are present in the `/request-token`, `/workspace/:slug/thread/:threadSlug/update`, `/system/remove-logo`, `/system/logo`, and collector's `/process` endpoints. These issues are due to the application's failure to properly validate user input before passing it to `prisma` functions and other critical operations. Affected versions include the latest version prior to 1.0.0." + }, + { + "lang": "es", + "value": "mintplex-labs/anything-llm es vulnerable a m\u00faltiples problemas de seguridad debido a una validaci\u00f3n de entrada incorrecta en varios endpoints. Un atacante puede aprovechar estas vulnerabilidades para escalar privilegios de una funci\u00f3n de usuario predeterminada a una funci\u00f3n de administrador, leer y eliminar archivos arbitrarios en el sistema y realizar ataques de Server-Side Request Forgery (SSRF). Las vulnerabilidades est\u00e1n presentes en `/request-token`, `/workspace/:slug/thread/:threadSlug/update`, `/system/remove-logo`, `/system/logo`, and collector's `/process` endpoints. Estos problemas se deben a que la aplicaci\u00f3n no valida adecuadamente la entrada del usuario antes de pasarla a las funciones \"prisma\" y otras operaciones cr\u00edticas. Las versiones afectadas incluyen la \u00faltima versi\u00f3n anterior a 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3153.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3153.json index 56eca7acf08..1268c2bcd09 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3153.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3153.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3153", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:00.600", - "lastModified": "2024-06-06T19:16:00.600", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "mintplex-labs/anything-llm is affected by an uncontrolled resource consumption vulnerability in its upload file endpoint, leading to a denial of service (DOS) condition. Specifically, the server can be shut down by sending an invalid upload request. An attacker with the ability to upload documents can exploit this vulnerability to cause a DOS condition by manipulating the upload request." + }, + { + "lang": "es", + "value": "mintplex-labs/anything-llm se ve afectado por una vulnerabilidad de consumo de recursos incontrolado en su endpoint de carga de archivos, lo que genera una condici\u00f3n de denegaci\u00f3n de servicio (DOS). Espec\u00edficamente, el servidor se puede cerrar enviando una solicitud de carga no v\u00e1lida. Un atacante con la capacidad de cargar documentos puede aprovechar esta vulnerabilidad para provocar una condici\u00f3n de DOS manipulando la solicitud de carga." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3166.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3166.json index 4a12e72d5b8..f324a1ca8ea 100644 --- a/CVE-2024/CVE-2024-31xx/CVE-2024-3166.json +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3166.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3166", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:00.817", - "lastModified": "2024-06-06T19:16:00.817", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Cross-Site Scripting (XSS) vulnerability exists in mintplex-labs/anything-llm, affecting both the desktop application version 1.2.0 and the latest version of the web application. The vulnerability arises from the application's feature to fetch and embed content from websites into workspaces, which can be exploited to execute arbitrary JavaScript code. In the desktop application, this flaw can be escalated to Remote Code Execution (RCE) due to insecure application settings, specifically the enabling of 'nodeIntegration' and the disabling of 'contextIsolation' in Electron's webPreferences. The issue has been addressed in version 1.4.2 of the desktop application." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross-site Scripting (XSS) en mintplex-labs/anything-llm, que afecta tanto a la versi\u00f3n 1.2.0 de la aplicaci\u00f3n de escritorio como a la \u00faltima versi\u00f3n de la aplicaci\u00f3n web. La vulnerabilidad surge de la funci\u00f3n de la aplicaci\u00f3n para buscar e incrustar contenido de sitios web en espacios de trabajo, que pueden explotarse para ejecutar c\u00f3digo JavaScript arbitrario. En la aplicaci\u00f3n de escritorio, esta falla se puede escalar a ejecuci\u00f3n remota de c\u00f3digo (RCE) debido a configuraciones inseguras de la aplicaci\u00f3n, espec\u00edficamente la habilitaci\u00f3n de 'nodeIntegration' y la deshabilitaci\u00f3n de 'contextIsolation' en las preferencias web de Electron. El problema se solucion\u00f3 en la versi\u00f3n 1.4.2 de la aplicaci\u00f3n de escritorio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-327xx/CVE-2024-32752.json b/CVE-2024/CVE-2024-327xx/CVE-2024-32752.json index 5c612e922d6..0b8f59fb790 100644 --- a/CVE-2024/CVE-2024-327xx/CVE-2024-32752.json +++ b/CVE-2024/CVE-2024-327xx/CVE-2024-32752.json @@ -2,12 +2,16 @@ "id": "CVE-2024-32752", "sourceIdentifier": "productsecurity@jci.com", "published": "2024-06-06T21:15:48.523", - "lastModified": "2024-06-06T21:15:48.523", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Under certain circumstances communications between the ICU tool and an iSTAR Pro door controller is susceptible to Machine-in-the-Middle attacks which could impact door control and configuration." + }, + { + "lang": "es", + "value": "En determinadas circunstancias, las comunicaciones entre la herramienta ICU y un controlador de puerta iSTAR Pro son susceptibles a ataques Machine-in-the-Middle que podr\u00edan afectar el control y la configuraci\u00f3n de la puerta." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32873.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32873.json index 8836fa4dedd..e4605224f70 100644 --- a/CVE-2024/CVE-2024-328xx/CVE-2024-32873.json +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32873.json @@ -2,12 +2,16 @@ "id": "CVE-2024-32873", "sourceIdentifier": "security-advisories@github.com", "published": "2024-06-06T19:15:56.390", - "lastModified": "2024-06-06T19:15:56.390", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. The spendable balance is not updated properly when delegating vested tokens. The issue allows a clawback vesting account to anticipate the release of unvested tokens. This vulnerability is fixed in 18.0.0." + }, + { + "lang": "es", + "value": "Evmos es el centro de m\u00e1quinas virtuales Ethereum (EVM) en Cosmos Network. El saldo gastable no se actualiza correctamente al delegar tokens adquiridos. El problema permite que una cuenta de recuperaci\u00f3n de derechos anticipe la liberaci\u00f3n de tokens no adquiridos. Esta vulnerabilidad se solucion\u00f3 en 18.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3234.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3234.json index b39d9f167f0..23cc1b2e9d6 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3234.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3234.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3234", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:01.040", - "lastModified": "2024-06-06T19:16:01.040", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the `web_assets` folder. However, the outdated version of gradio it employs is susceptible to path traversal, as identified in CVE-2023-51449. This vulnerability allows unauthorized users to bypass the intended restrictions and access sensitive files, such as `config.json`, which contains API keys. The issue affects the latest version of chuanhuchatgpt prior to the fixed version released on 20240305." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n gaizhenbiao/chuanhuchatgpt es vulnerable a un ataque de path traversal debido al uso de un componente gradio obsoleto. La aplicaci\u00f3n est\u00e1 manipulada para restringir el acceso de los usuarios a los recursos dentro de la carpeta `web_assets`. Sin embargo, la versi\u00f3n obsoleta de gradio que emplea es susceptible de atravesar rutas, como se identifica en CVE-2023-51449. Esta vulnerabilidad permite a usuarios no autorizados eludir las restricciones previstas y acceder a archivos confidenciales, como `config.json`, que contiene claves API. El problema afecta a la \u00faltima versi\u00f3n de chuanhuchatgpt anterior a la versi\u00f3n corregida publicada el 20240305." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-32xx/CVE-2024-3288.json b/CVE-2024/CVE-2024-32xx/CVE-2024-3288.json index 06ff482690f..264bae35400 100644 --- a/CVE-2024/CVE-2024-32xx/CVE-2024-3288.json +++ b/CVE-2024/CVE-2024-32xx/CVE-2024-3288.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3288", "sourceIdentifier": "contact@wpscan.com", "published": "2024-06-07T06:15:10.837", - "lastModified": "2024-06-07T06:15:10.837", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks" + }, + { + "lang": "es", + "value": "El complemento Logo Slider de WordPress anterior a 4.0.0 no valida ni escapa algunas de sus configuraciones del control deslizante antes de devolverlas en atributos, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-336xx/CVE-2024-33655.json b/CVE-2024/CVE-2024-336xx/CVE-2024-33655.json index 25fd6a46d70..958b163156b 100644 --- a/CVE-2024/CVE-2024-336xx/CVE-2024-33655.json +++ b/CVE-2024/CVE-2024-336xx/CVE-2024-33655.json @@ -2,12 +2,16 @@ "id": "CVE-2024-33655", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T17:15:51.040", - "lastModified": "2024-06-06T17:15:51.040", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The DNS protocol in RFC 1035 and updates allows remote attackers to cause a denial of service (resource consumption) by arranging for DNS queries to be accumulated for seconds, such that responses are later sent in a pulsing burst (which can be considered traffic amplification in some cases), aka the \"DNSBomb\" issue." + }, + { + "lang": "es", + "value": "El protocolo DNS en RFC 1035 y sus actualizaciones permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de recursos) organizando que las consultas DNS se acumulen durante segundos, de modo que las respuestas se env\u00eden posteriormente en una r\u00e1faga pulsante (que puede considerarse amplificaci\u00f3n del tr\u00e1fico en algunos casos), tambi\u00e9n conocido como el problema \"DNSBomb\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3322.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3322.json index 77a52bbcae8..f4fef33e346 100644 --- a/CVE-2024/CVE-2024-33xx/CVE-2024-3322.json +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3322.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3322", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:01.247", - "lastModified": "2024-06-06T19:16:01.247", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the 'cyber_security/codeguard' native personality of the parisneo/lollms-webui, affecting versions up to 9.5. The vulnerability arises from the improper limitation of a pathname to a restricted directory in the 'process_folder' function within 'lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor.py'. Specifically, the function fails to properly sanitize user-supplied input for the 'code_folder_path', allowing an attacker to specify arbitrary paths using '../' or absolute paths. This flaw leads to arbitrary file read and overwrite capabilities in specified directories without limitations, posing a significant risk of sensitive information disclosure and unauthorized file manipulation." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en la personalidad nativa 'cyber_security/codeguard' de parisneo/lollms-webui, que afecta a las versiones hasta la 9.5. La vulnerabilidad surge de la limitaci\u00f3n inadecuada de un nombre de ruta a un directorio restringido en la funci\u00f3n 'process_folder' dentro de 'lollms-webui/zoos/personalities_zoo/cyber_security/codeguard/scripts/processor.py'. Espec\u00edficamente, la funci\u00f3n no sanitiza adecuadamente la entrada proporcionada por el usuario para 'code_folder_path', lo que permite a un atacante especificar rutas arbitrarias usando '../' o rutas absolutas. Esta falla genera capacidades arbitrarias de lectura y sobrescritura de archivos en directorios espec\u00edficos sin limitaciones, lo que plantea un riesgo significativo de divulgaci\u00f3n de informaci\u00f3n confidencial y manipulaci\u00f3n no autorizada de archivos. " } ], "metrics": { diff --git a/CVE-2024/CVE-2024-344xx/CVE-2024-34477.json b/CVE-2024/CVE-2024-344xx/CVE-2024-34477.json index 6bab318402d..d47a5bc8b0b 100644 --- a/CVE-2024/CVE-2024-344xx/CVE-2024-34477.json +++ b/CVE-2024/CVE-2024-344xx/CVE-2024-34477.json @@ -2,7 +2,7 @@ "id": "CVE-2024-34477", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-27T14:15:09.470", - "lastModified": "2024-05-28T12:39:28.377", + "lastModified": "2024-06-07T14:15:10.293", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "https://blog.hackvens.fr/advisories/CVE-2024-34477-Fogproject.html", + "source": "cve@mitre.org" + }, { "url": "https://forums.fogproject.org/topic/17486/fog-1-5-10-and-earlier-nfs-privilege-escalation-vulnerability", "source": "cve@mitre.org" diff --git a/CVE-2024/CVE-2024-348xx/CVE-2024-34832.json b/CVE-2024/CVE-2024-348xx/CVE-2024-34832.json index cec81f887dc..2c47828f962 100644 --- a/CVE-2024/CVE-2024-348xx/CVE-2024-34832.json +++ b/CVE-2024/CVE-2024-348xx/CVE-2024-34832.json @@ -2,12 +2,16 @@ "id": "CVE-2024-34832", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T15:15:44.873", - "lastModified": "2024-06-06T15:15:44.873", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute arbitrary code via a crafted file uploaded to the _g and node parameters." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Directory Traversal en CubeCart v.6.5.5 y anteriores permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s de un archivo manipulado cargado en los par\u00e1metros _g y nodo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-34xx/CVE-2024-3402.json b/CVE-2024/CVE-2024-34xx/CVE-2024-3402.json index ba1fd2f366d..02f6c9f3f5a 100644 --- a/CVE-2024/CVE-2024-34xx/CVE-2024-3402.json +++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3402.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3402", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:01.450", - "lastModified": "2024-06-06T19:16:01.450", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A stored Cross-Site Scripting (XSS) vulnerability existed in version (20240121) of gaizhenbiao/chuanhuchatgpt due to inadequate sanitization and validation of model output data. Despite user-input validation efforts, the application fails to properly sanitize or validate the output from the model, allowing for the injection and execution of malicious JavaScript code within the context of a user's browser. This vulnerability can lead to the execution of arbitrary JavaScript code in the context of other users' browsers, potentially resulting in the hijacking of victims' browsers." + }, + { + "lang": "es", + "value": "Exist\u00eda una vulnerabilidad de Cross-site Scripting (XSS) almacenado en la versi\u00f3n (20240121) de gaizhenbiao/chuanhuchatgpt debido a una sanitizaci\u00f3n y validaci\u00f3n inadecuadas de los datos de salida del modelo. A pesar de los esfuerzos de validaci\u00f3n de las entradas del usuario, la aplicaci\u00f3n no sanitiza ni valida adecuadamente la salida del modelo, lo que permite la inyecci\u00f3n y ejecuci\u00f3n de c\u00f3digo JavaScript malicioso dentro del contexto del navegador de un usuario. Esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo JavaScript arbitrario en el contexto de los navegadores de otros usuarios, lo que podr\u00eda provocar el secuestro de los navegadores de las v\u00edctimas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-34xx/CVE-2024-3404.json b/CVE-2024/CVE-2024-34xx/CVE-2024-3404.json index add769ea1fd..527366a4c89 100644 --- a/CVE-2024/CVE-2024-34xx/CVE-2024-3404.json +++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3404.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3404", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:01.673", - "lastModified": "2024-06-06T19:16:01.673", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In gaizhenbiao/chuanhuchatgpt, specifically the version tagged as 20240121, there exists a vulnerability due to improper access control mechanisms. This flaw allows an authenticated attacker to bypass intended access restrictions and read the `history` files of other users, potentially leading to unauthorized access to sensitive information. The vulnerability is present in the application's handling of access control for the `history` path, where no adequate mechanism is in place to prevent an authenticated user from accessing another user's chat history files. This issue poses a significant risk as it could allow attackers to obtain sensitive information from the chat history of other users." + }, + { + "lang": "es", + "value": "En gaizhenbiao/chuanhuchatgpt, espec\u00edficamente en la versi\u00f3n etiquetada como 20240121, existe una vulnerabilidad debido a mecanismos de control de acceso inadecuados. Esta falla permite a un atacante autenticado eludir las restricciones de acceso previstas y leer los archivos \"historiales\" de otros usuarios, lo que podr\u00eda conducir a un acceso no autorizado a informaci\u00f3n confidencial. La vulnerabilidad est\u00e1 presente en el manejo del control de acceso de la aplicaci\u00f3n para la ruta del \"historial\", donde no existe ning\u00fan mecanismo adecuado para evitar que un usuario autenticado acceda a los archivos del historial de chat de otro usuario. Este problema plantea un riesgo importante, ya que podr\u00eda permitir a los atacantes obtener informaci\u00f3n confidencial del historial de chat de otros usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-34xx/CVE-2024-3408.json b/CVE-2024/CVE-2024-34xx/CVE-2024-3408.json index 34c5d567343..04b4fac0757 100644 --- a/CVE-2024/CVE-2024-34xx/CVE-2024-3408.json +++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3408.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3408", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:01.890", - "lastModified": "2024-06-06T19:16:01.890", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "man-group/dtale version 3.10.0 is vulnerable to an authentication bypass and remote code execution (RCE) due to improper input validation. The vulnerability arises from a hardcoded `SECRET_KEY` in the flask configuration, allowing attackers to forge a session cookie if authentication is enabled. Additionally, the application fails to properly restrict custom filter queries, enabling attackers to execute arbitrary code on the server by bypassing the restriction on the `/update-settings` endpoint, even when `enable_custom_filters` is not enabled. This vulnerability allows attackers to bypass authentication mechanisms and execute remote code on the server." + }, + { + "lang": "es", + "value": "man-group/dtale versi\u00f3n 3.10.0 es vulnerable a una omisi\u00f3n de autenticaci\u00f3n y ejecuci\u00f3n remota de c\u00f3digo (RCE) debido a una validaci\u00f3n de entrada incorrecta. La vulnerabilidad surge de una `SECRET_KEY` codificada en la configuraci\u00f3n del matraz, lo que permite a los atacantes falsificar una cookie de sesi\u00f3n si la autenticaci\u00f3n est\u00e1 habilitada. Adem\u00e1s, la aplicaci\u00f3n no puede restringir adecuadamente las consultas de filtro personalizado, lo que permite a los atacantes ejecutar c\u00f3digo arbitrario en el servidor evitando la restricci\u00f3n en el endpoint `/update-settings`, incluso cuando `enable_custom_filters` no est\u00e1 habilitado. Esta vulnerabilidad permite a los atacantes eludir los mecanismos de autenticaci\u00f3n y ejecutar c\u00f3digo remoto en el servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-34xx/CVE-2024-3429.json b/CVE-2024/CVE-2024-34xx/CVE-2024-3429.json index 28880d5e57b..944b8b77d7f 100644 --- a/CVE-2024/CVE-2024-34xx/CVE-2024-3429.json +++ b/CVE-2024/CVE-2024-34xx/CVE-2024-3429.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3429", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:02.103", - "lastModified": "2024-06-06T19:16:02.103", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms application, specifically within the `sanitize_path_from_endpoint` and `sanitize_path` functions in `lollms_core\\lollms\\security.py`. This vulnerability allows for arbitrary file reading when the application is running on Windows. The issue arises due to insufficient sanitization of user-supplied input, enabling attackers to bypass the path traversal protection mechanisms by crafting malicious input. Successful exploitation could lead to unauthorized access to sensitive files, information disclosure, and potentially a denial of service (DoS) condition by including numerous large or resource-intensive files. This vulnerability affects the latest version prior to 9.6." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en la aplicaci\u00f3n parisneo/lollms, espec\u00edficamente dentro de las funciones `sanitize_path_from_endpoint` y `sanitize_path` en `lollms_core\\lollms\\security.py`. Esta vulnerabilidad permite la lectura arbitraria de archivos cuando la aplicaci\u00f3n se ejecuta en Windows. El problema surge debido a una sanitizaci\u00f3n insuficiente de la entrada proporcionada por el usuario, lo que permite a los atacantes eludir los mecanismos de protecci\u00f3n de path traversal mediante la creaci\u00f3n de entradas maliciosas. Una explotaci\u00f3n exitosa podr\u00eda dar lugar a acceso no autorizado a archivos confidenciales, divulgaci\u00f3n de informaci\u00f3n y, potencialmente, una condici\u00f3n de denegaci\u00f3n de servicio (DoS) al incluir numerosos archivos grandes o que consumen muchos recursos. Esta vulnerabilidad afecta a la \u00faltima versi\u00f3n anterior a la 9.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35178.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35178.json index f178cb93278..5ef52407842 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35178.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35178.json @@ -2,12 +2,16 @@ "id": "CVE-2024-35178", "sourceIdentifier": "security-advisories@github.com", "published": "2024-06-06T16:15:11.937", - "lastModified": "2024-06-06T16:15:11.937", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the NTLMv2 password hash of the Windows user running the Jupyter server. An attacker can crack this password to gain access to the Windows machine hosting the Jupyter server, or access other network-accessible machines or 3rd party services using that credential. Or an attacker perform an NTLM relay attack without cracking the credential to gain access to other network-accessible machines. This vulnerability is fixed in 2.14.1." + }, + { + "lang": "es", + "value": "Jupyter Server proporciona el backend para las aplicaciones web de Jupyter. Jupyter Server en Windows tiene una vulnerabilidad que permite a atacantes no autenticados filtrar el hash de contrase\u00f1a NTLMv2 del usuario de Windows que ejecuta el servidor Jupyter. Un atacante puede descifrar esta contrase\u00f1a para obtener acceso a la m\u00e1quina Windows que aloja el servidor Jupyter, o acceder a otras m\u00e1quinas accesibles en red o servicios de terceros utilizando esa credencial. O un atacante realiza un ataque de retransmisi\u00f3n NTLM sin descifrar la credencial para obtener acceso a otras m\u00e1quinas accesibles en la red. Esta vulnerabilidad se solucion\u00f3 en 2.14.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3504.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3504.json index 20e66f599d4..8afa76343d7 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3504.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3504.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3504", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:17.980", - "lastModified": "2024-06-06T18:15:17.980", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability allows the elevated user to delete projects within the organization. The issue is resolved in version 1.2.7." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de control de acceso inadecuado en las versiones lunary-ai/lunary hasta la 1.2.2 incluida, donde un administrador puede actualizar cualquier usuario de la organizaci\u00f3n al propietario de la organizaci\u00f3n. Esta vulnerabilidad permite al usuario elevado eliminar proyectos dentro de la organizaci\u00f3n. El problema se resuelve en la versi\u00f3n 1.2.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3592.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3592.json index ed9a73bd72a..872d7ff3e75 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3592.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3592.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3592", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T06:15:10.960", - "lastModified": "2024-06-07T06:15:10.960", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Quiz And Survey Master \u2013 Best Quiz, Exam and Survey Plugin for WordPress plugin for WordPress is vulnerable to SQL Injection via the 'question_id' parameter in all versions up to, and including, 9.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento Quiz And Survey Master \u2013 Best Quiz, Exam and Survey para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'question_id' en todas las versiones hasta la 9.0.1 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36082.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36082.json index ff905bad852..854cf18ed44 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36082.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36082.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36082", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-06-07T04:15:30.357", - "lastModified": "2024-06-07T04:15:30.357", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker." + }, + { + "lang": "es", + "value": "Vulnerabilidad de inyecci\u00f3n SQL en Music Store - WordPress eCommerce anteriores a la 1.1.14 permiten que un atacante remoto autenticado con privilegios administrativos ejecute comandos SQL arbitrarios. El atacante puede obtener o modificar la informaci\u00f3n almacenada en la base de datos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-361xx/CVE-2024-36106.json b/CVE-2024/CVE-2024-361xx/CVE-2024-36106.json index b65eb524704..35990c0ece4 100644 --- a/CVE-2024/CVE-2024-361xx/CVE-2024-36106.json +++ b/CVE-2024/CVE-2024-361xx/CVE-2024-36106.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36106", "sourceIdentifier": "security-advisories@github.com", "published": "2024-06-06T15:15:45.023", - "lastModified": "2024-06-06T15:15:45.023", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It\u2019s possible for authenticated users to enumerate clusters by name by inspecting error messages. It\u2019s also possible to enumerate the names of projects with project-scoped clusters if you know the names of the clusters. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17." + }, + { + "lang": "es", + "value": "Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. Es posible que los usuarios autenticados enumeren los cl\u00fasteres por nombre inspeccionando los mensajes de error. Tambi\u00e9n es posible enumerar los nombres de proyectos con cl\u00fasteres con \u00e1mbito de proyecto si conoce los nombres de los cl\u00fasteres. Esta vulnerabilidad se solucion\u00f3 en 2.11.3, 2.10.12 y 2.9.17." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36399.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36399.json index 2e4a7cb4b60..35ada893276 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36399.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36399.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36399", "sourceIdentifier": "security-advisories@github.com", "published": "2024-06-06T16:15:12.573", - "lastModified": "2024-06-06T16:15:12.573", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kanboard is project management software that focuses on the Kanban methodology. The vuln is in app/Controller/ProjectPermissionController.php function addUser(). The users permission to add users to a project only get checked on the URL parameter project_id. If the user is authorized to add users to this project the request gets processed. The users permission for the POST BODY parameter project_id does not get checked again while processing. An attacker with the 'Project Manager' on a single project may take over any other project. The vulnerability is fixed in 1.2.37." + }, + { + "lang": "es", + "value": "Kanboard es un software de gesti\u00f3n de proyectos que se centra en la metodolog\u00eda Kanban. La vulnerabilidad est\u00e1 en la funci\u00f3n addUser() de app/Controller/ProjectPermissionController.php. El permiso de los usuarios para agregar usuarios a un proyecto solo se verifica en el par\u00e1metro de URL project_id. Si el usuario est\u00e1 autorizado a agregar usuarios a este proyecto, la solicitud se procesa. El permiso de los usuarios para el par\u00e1metro POST BODY project_id no se vuelve a verificar durante el procesamiento. Un atacante con el 'Gerente de Proyecto' en un \u00fanico proyecto puede hacerse cargo de cualquier otro proyecto. La vulnerabilidad se solucion\u00f3 en 1.2.37." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-366xx/CVE-2024-36673.json b/CVE-2024/CVE-2024-366xx/CVE-2024-36673.json index 59a5c83d467..a4cb6d76353 100644 --- a/CVE-2024/CVE-2024-366xx/CVE-2024-36673.json +++ b/CVE-2024/CVE-2024-366xx/CVE-2024-36673.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36673", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-07T13:15:49.547", - "lastModified": "2024-06-07T13:15:49.547", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36730.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36730.json index 73b1f05eeb9..45406966a8b 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36730.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36730.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36730", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T19:15:57.840", - "lastModified": "2024-06-06T19:15:57.840", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting negative values into the oneflow.zeros/ones parameter." + }, + { + "lang": "es", + "value": "Validaci\u00f3n de entrada incorrecta en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) ingresando valores negativos en el par\u00e1metro oneflow.zeros/ones. " } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36732.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36732.json index ed1fc2f8ebb..49788ffaa70 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36732.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36732.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36732", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T19:15:57.937", - "lastModified": "2024-06-06T19:15:57.937", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot." + }, + { + "lang": "es", + "value": "Un problema en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) cuando se procesa una matriz vac\u00eda con oneflow.tensordot." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36734.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36734.json index b7cbc71a56b..34ca70eb52e 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36734.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36734.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36734", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T19:15:58.030", - "lastModified": "2024-06-06T19:15:58.030", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter." + }, + { + "lang": "es", + "value": "Validaci\u00f3n de entrada incorrecta en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) ingresando un valor negativo en el par\u00e1metro tenue." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36735.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36735.json index 2b5db765ac5..e71b7571413 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36735.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36735.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36735", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T19:15:58.117", - "lastModified": "2024-06-06T19:15:58.117", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "OneFlow-Inc. Oneflow v0.9.1 does not display an error or warning when the oneflow.eye parameter is floating." + }, + { + "lang": "es", + "value": "OneFlow-Inc. Oneflow v0.9.1 no muestra un error o advertencia cuando el par\u00e1metro oneflow.eye est\u00e1 flotante." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36736.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36736.json index 2758484dfbf..ef4b7bb4b55 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36736.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36736.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36736", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T18:15:16.560", - "lastModified": "2024-06-06T18:15:16.560", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed." + }, + { + "lang": "es", + "value": "Un problema en el componente oneflow.permute de OneFlow-Inc. Oneflow v0.9.1 provoca un c\u00e1lculo incorrecto cuando se realiza la misma operaci\u00f3n de dimensi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36737.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36737.json index 1f4548e686a..2538fdfdca1 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36737.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36737.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36737", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T18:15:16.643", - "lastModified": "2024-06-06T18:15:16.643", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter." + }, + { + "lang": "es", + "value": "Validaci\u00f3n de entrada incorrecta en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) ingresando un valor negativo en el par\u00e1metro oneflow.full." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36740.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36740.json index 181f9e667cf..8501f9ea7a5 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36740.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36740.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36740", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T19:15:58.217", - "lastModified": "2024-06-06T19:15:58.217", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index as a negative number exceeds the range of size." + }, + { + "lang": "es", + "value": "Un problema en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) cuando el \u00edndice como n\u00famero negativo excede el rango de tama\u00f1o." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36742.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36742.json index 7016da3db4b..93f274bcd07 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36742.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36742.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36742", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T17:15:51.157", - "lastModified": "2024-06-06T17:15:51.157", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape." + }, + { + "lang": "es", + "value": "Un problema en el par\u00e1metro oneflow.scatter_nd OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) cuando el par\u00e1metro de \u00edndice excede el rango de forma." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36743.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36743.json index 9d1f25c6b95..d0bbe678f91 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36743.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36743.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36743", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T18:15:16.723", - "lastModified": "2024-06-06T18:15:16.723", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot." + }, + { + "lang": "es", + "value": "Un problema en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) cuando se procesa una matriz vac\u00eda con oneflow.dot." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36745.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36745.json index e8bc260feb5..afb6ed6adbd 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36745.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36745.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36745", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T18:15:16.807", - "lastModified": "2024-06-06T18:15:16.807", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.index_select parameter." + }, + { + "lang": "es", + "value": "Un problema en OneFlow-Inc. Oneflow v0.9.1 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) ingresando un valor negativo en el par\u00e1metro oneflow.index_select." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36773.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36773.json new file mode 100644 index 00000000000..21e91f6d6cd --- /dev/null +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36773.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-36773", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-06-07T15:15:50.063", + "lastModified": "2024-06-07T15:15:50.063", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Themes parameter at index.php." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/OoLs5/VulDiscovery/blob/main/cve-2024-36773.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36774.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36774.json index d4d512c7a77..7122581559c 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36774.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36774.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36774", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.660", - "lastModified": "2024-06-06T22:15:10.660", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An arbitrary file upload vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary code via uploading a crafted PHP file." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de carga de archivos arbitrarios en Monstra CMS v3.0.4 permite a los atacantes ejecutar c\u00f3digo arbitrario cargando un archivo PHP manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36775.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36775.json index 8bd2159783e..14db56d5cfd 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36775.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36775.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36775", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.753", - "lastModified": "2024-06-06T22:15:10.753", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability in Monstra CMS v3.0.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the About Me parameter in the Edit Profile page." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-site Scripting (XSS) en Monstra CMS v3.0.4 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro Acerca de m\u00ed en la p\u00e1gina Editar perfil." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36787.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36787.json new file mode 100644 index 00000000000..4f094b2dfcc --- /dev/null +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36787.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-36787", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-06-07T15:15:50.140", + "lastModified": "2024-06-07T15:15:50.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 allows attackers to bypass authentication and access the administrative interface via unspecified vectors." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36788.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36788.json new file mode 100644 index 00000000000..0278b52118a --- /dev/null +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36788.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-36788", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-06-07T15:15:50.233", + "lastModified": "2024-06-07T15:15:50.233", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Netgear WNR614 JNR1010V2 N300-V1.1.0.54_1.0.1 does not properly set the HTTPOnly flag for cookies. This allows attackers to possibly intercept and access sensitive communications between the router and connected devices." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36789.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36789.json new file mode 100644 index 00000000000..87e61336ccf --- /dev/null +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36789.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-36789", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-06-07T15:15:50.323", + "lastModified": "2024-06-07T15:15:50.323", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to create passwords that do not conform to defined security standards." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36790.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36790.json new file mode 100644 index 00000000000..42d0c80ff9f --- /dev/null +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36790.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-36790", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-06-07T15:15:50.407", + "lastModified": "2024-06-07T15:15:50.407", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 was discovered to store credentials in plaintext." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36792.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36792.json new file mode 100644 index 00000000000..d262f3666ea --- /dev/null +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36792.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-36792", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-06-07T15:15:50.493", + "lastModified": "2024-06-07T15:15:50.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in the implementation of the WPS in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to gain access to the router's pin." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-367xx/CVE-2024-36795.json b/CVE-2024/CVE-2024-367xx/CVE-2024-36795.json index dfa6657c604..0d8fbf41441 100644 --- a/CVE-2024/CVE-2024-367xx/CVE-2024-36795.json +++ b/CVE-2024/CVE-2024-367xx/CVE-2024-36795.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36795", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T21:15:48.687", - "lastModified": "2024-06-06T21:15:48.687", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Insecure permissions in Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 allows attackers to access URLs and directories embedded within the firmware via unspecified vectors." + }, + { + "lang": "es", + "value": "Los permisos inseguros en Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 permiten a los atacantes acceder a URL y directorios integrados en el firmware a trav\u00e9s de vectores no especificados." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-368xx/CVE-2024-36823.json b/CVE-2024/CVE-2024-368xx/CVE-2024-36823.json index 37a4b14df6b..86ed703916b 100644 --- a/CVE-2024/CVE-2024-368xx/CVE-2024-36823.json +++ b/CVE-2024/CVE-2024-368xx/CVE-2024-36823.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36823", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.853", - "lastModified": "2024-06-06T22:15:10.853", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The encrypt() function of Ninja Core v7.0.0 was discovered to use a weak cryptographic algorithm, leading to a possible leakage of sensitive information." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que la funci\u00f3n encrypt() de Ninja Core v7.0.0 utiliza un algoritmo criptogr\u00e1fico d\u00e9bil, lo que provoca una posible fuga de informaci\u00f3n confidencial." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37150.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37150.json index f2305af0245..cd3a1cb1bcd 100644 --- a/CVE-2024/CVE-2024-371xx/CVE-2024-37150.json +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37150.json @@ -2,12 +2,16 @@ "id": "CVE-2024-37150", "sourceIdentifier": "security-advisories@github.com", "published": "2024-06-06T16:15:12.890", - "lastModified": "2024-06-06T16:15:12.890", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An issue in `.npmrc` support in Deno 1.44.0 was discovered where Deno would send `.npmrc` credentials for the scope to the tarball URL when the registry provided URLs for a tarball on a different domain. All users relying on .npmrc are potentially affected by this vulnerability if their private registry references tarball URLs at a different domain. This includes usage of deno install subcommand, auto-install for npm: specifiers and LSP usage. It is recommended to upgrade to Deno 1.44.1 and if your private registry ever serves tarballs at a different domain to rotate your registry credentials." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en el soporte de `.npmrc` en Deno 1.44.0 donde Deno enviaba credenciales `.npmrc` para el alcance a la URL tarball cuando el registro proporcionaba URL para un tarball en un dominio diferente. Todos los usuarios que dependen de .npmrc se ven potencialmente afectados por esta vulnerabilidad si su registro privado hace referencia a URL tarball en un dominio diferente. Esto incluye el uso del subcomando deno install, la instalaci\u00f3n autom\u00e1tica para npm: especificadores y el uso de LSP. Se recomienda actualizar a Deno 1.44.1 y, si su registro privado alguna vez sirve archivos comprimidos en un dominio diferente, rotar sus credenciales de registro." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37152.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37152.json index df718618dfe..b6db27947fc 100644 --- a/CVE-2024/CVE-2024-371xx/CVE-2024-37152.json +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37152.json @@ -2,12 +2,16 @@ "id": "CVE-2024-37152", "sourceIdentifier": "security-advisories@github.com", "published": "2024-06-06T16:15:13.190", - "lastModified": "2024-06-06T16:15:13.190", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by /api/v1/settings endpoint without authentication. All sensitive settings are hidden except passwordPattern. This vulnerability is fixed in 2.11.3, 2.10.12, and 2.9.17." + }, + { + "lang": "es", + "value": "Argo CD es una herramienta declarativa de entrega continua de GitOps para Kubernetes. La vulnerabilidad permite el acceso no autorizado a la configuraci\u00f3n confidencial expuesta por el endpoint /api/v1/settings sin autenticaci\u00f3n. Todas las configuraciones confidenciales est\u00e1n ocultas excepto el patr\u00f3n de contrase\u00f1a. Esta vulnerabilidad se solucion\u00f3 en 2.11.3, 2.10.12 y 2.9.17." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37153.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37153.json index 8d792e0e2e2..8f36d19127b 100644 --- a/CVE-2024/CVE-2024-371xx/CVE-2024-37153.json +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37153.json @@ -2,12 +2,16 @@ "id": "CVE-2024-37153", "sourceIdentifier": "security-advisories@github.com", "published": "2024-06-06T19:15:58.403", - "lastModified": "2024-06-06T19:15:58.403", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. There is an issue with how to liquid stake using Safe which itself is a contract. The bug only appears when there is a local state change together with an ICS20 transfer in the same function and uses the contract's balance, that is using the contract address as the sender parameter in an ICS20 transfer using the ICS20 precompile. This is in essence the \"infinite money glitch\" allowing contracts to double the supply of Evmos after each transaction.The issue has been patched in versions >=V18.1.0. " + }, + { + "lang": "es", + "value": "Evmos es el centro de m\u00e1quinas virtuales Ethereum (EVM) en Cosmos Network. Existe un problema con la forma de realizar apuestas l\u00edquidas utilizando Safe, que en s\u00ed mismo es un contrato. El error solo aparece cuando hay un cambio de estado local junto con una transferencia ICS20 en la misma funci\u00f3n y usa el saldo del contrato, es decir, usa la direcci\u00f3n del contrato como par\u00e1metro del remitente en una transferencia ICS20 usando la precompilaci\u00f3n ICS20. Este es, en esencia, el \"fallo del dinero infinito\" que permite a los contratos duplicar el suministro de Evmos despu\u00e9s de cada transacci\u00f3n. El problema se ha solucionado en las versiones >=V18.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37154.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37154.json index 666da6a7535..e9fc91ff02e 100644 --- a/CVE-2024/CVE-2024-371xx/CVE-2024-37154.json +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37154.json @@ -2,12 +2,16 @@ "id": "CVE-2024-37154", "sourceIdentifier": "security-advisories@github.com", "published": "2024-06-06T19:15:58.683", - "lastModified": "2024-06-06T19:15:58.683", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Users are able to delegate tokens that have not yet been vested. This affects employees and grantees who have funds managed via `ClawbackVestingAccount`. This affects 18.1.0 and earlier." + }, + { + "lang": "es", + "value": "Evmos es el centro de m\u00e1quinas virtuales Ethereum (EVM) en Cosmos Network. Los usuarios pueden delegar tokens que a\u00fan no han sido adquiridos. Esto afecta a los empleados y beneficiarios que tienen fondos administrados a trav\u00e9s de \"ClawbackVestingAccount\". Esto afecta a 18.1.0 y versiones anteriores." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37156.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37156.json index 8b26cb007fb..8880b7913ef 100644 --- a/CVE-2024/CVE-2024-371xx/CVE-2024-37156.json +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37156.json @@ -2,12 +2,16 @@ "id": "CVE-2024-37156", "sourceIdentifier": "security-advisories@github.com", "published": "2024-06-06T16:15:13.493", - "lastModified": "2024-06-06T16:15:13.493", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerability is fixed in 2.5.3." + }, + { + "lang": "es", + "value": "SuluFormBundle agrega soporte para crear formularios din\u00e1micos en Sulu Admin. El par\u00e1metro de obtenci\u00f3n de TokenController formName no se sanitiza en el campo de entrada devuelto, lo que conduce a XSS. Esta vulnerabilidad se solucion\u00f3 en 2.5.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37160.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37160.json new file mode 100644 index 00000000000..4400f1cea86 --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37160.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-37160", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-06-07T14:15:10.440", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", + "descriptions": [ + { + "lang": "en", + "value": "Formwork is a flat file-based Content Management System (CMS). An attackers (requires administrator privilege) to execute arbitrary web scripts by modifying site options via /panel/options/site. This type of attack is suitable for persistence, affecting visitors across all pages (except the dashboard). This vulnerability is fixed in 1.13.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/getformwork/formwork/commit/9d471204f7ebb51c3c27131581c2b834315b5e0b", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/getformwork/formwork/commit/f5312015a5a5e89b95ef2bd07e496f8474d579c5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/getformwork/formwork/security/advisories/GHSA-5pxr-7m4j-jjc6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37162.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37162.json new file mode 100644 index 00000000000..1a3ac0c46bb --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37162.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-37162", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-06-07T15:15:50.617", + "lastModified": "2024-06-07T15:15:50.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "zsa is a library for building typesafe server actions in Next.js. All users are impacted. The zsa application transfers the parse error stack from the server to the client in production build mode. This can potentially reveal sensitive information about the server environment, such as the machine username and directory paths. An attacker could exploit this vulnerability to gain unauthorized access to sensitive server information. This information could be used to plan further attacks or gain a deeper understanding of the server infrastructure. This has been patched on `0.3.3`." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-209" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/IdoPesok/zsa/commit/86b86b282bde6780963f62406cc8bc65f2c86f3a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/IdoPesok/zsa/security/advisories/GHSA-wjmj-h3xc-hxp8", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37364.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37364.json index d059159568e..28634928fa7 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37364.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37364.json @@ -2,12 +2,16 @@ "id": "CVE-2024-37364", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T19:15:58.900", - "lastModified": "2024-06-06T19:15:58.900", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Ariane Allegro Scenario Player through 2024-03-05, when Ariane Duo kiosk mode is used, allows physically proximate attackers to obtain sensitive information (such as hotel invoice content with PII), and potentially create unauthorized room keys, by entering a guest-search quote character and then accessing the underlying Windows OS." + }, + { + "lang": "es", + "value": "Ariane Allegro Scenario Player hasta el 5 de marzo de 2024, cuando se utiliza el modo kiosk Ariane Duo, permite a los atacantes f\u00edsicamente pr\u00f3ximos obtener informaci\u00f3n confidencial (como el contenido de la factura del hotel con PII) y potencialmente crear llaves de habitaciones no autorizadas ingresando un car\u00e1cter de cotizaci\u00f3n de b\u00fasqueda de invitados y luego accediendo al sistema operativo Windows subyacente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37383.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37383.json index b326fbd52d9..06305455bfe 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37383.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37383.json @@ -2,12 +2,16 @@ "id": "CVE-2024-37383", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-07T04:15:30.463", - "lastModified": "2024-06-07T04:15:30.463", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes." + }, + { + "lang": "es", + "value": "Roundcube Webmail anterior a 1.5.7 y 1.6.x anterior a 1.6.7 permite XSS a trav\u00e9s de atributos animados SVG." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37384.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37384.json index 32a3fcbd180..4595c605c89 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37384.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37384.json @@ -2,12 +2,16 @@ "id": "CVE-2024-37384", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-07T04:15:30.597", - "lastModified": "2024-06-07T04:15:30.597", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via list columns from user preferences." + }, + { + "lang": "es", + "value": "Roundcube Webmail anterior a 1.5.7 y 1.6.x anterior a 1.6.7 permite XSS a trav\u00e9s de columnas de lista de las preferencias del usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37385.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37385.json index ebee0f85013..25ee25f085e 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37385.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37385.json @@ -2,12 +2,16 @@ "id": "CVE-2024-37385", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-07T04:15:30.720", - "lastModified": "2024-06-07T04:15:30.720", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 on Windows allows command injection via im_convert_path and im_identify_path. NOTE: this issue exists because of an incomplete fix for CVE-2020-12641." + }, + { + "lang": "es", + "value": "Roundcube Webmail anterior a 1.5.7 y 1.6.x anterior a 1.6.7 en Windows permite la inyecci\u00f3n de comandos a trav\u00e9s de im_convert_path e im_identify_path. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2020-12641." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3987.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3987.json index ad62f612557..cbf8e3f3b78 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3987.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3987.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3987", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T03:15:09.440", - "lastModified": "2024-06-07T03:15:09.440", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alt text in all versions up to, and including, 2.8.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WP Mobile Menu \u2013 The Mobile-Friendly Responsive Menu para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de texto alternativo de imagen en todas las versiones hasta la 2.8.4.2 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso a nivel de autor y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-40xx/CVE-2024-4013.json b/CVE-2024/CVE-2024-40xx/CVE-2024-4013.json index 07ccadc5c56..df2fc5022e8 100644 --- a/CVE-2024/CVE-2024-40xx/CVE-2024-4013.json +++ b/CVE-2024/CVE-2024-40xx/CVE-2024-4013.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4013", "sourceIdentifier": "product-security@silabs.com", "published": "2024-06-06T22:15:10.943", - "lastModified": "2024-06-06T22:15:10.943", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A bug exists in the API, mesh_node_power_off(), which fails to copy the contents of the Replay Protection \nList (RPL) from RAM to NVM before powering down, resulting in the ability to replay unsaved messages. Note that as of June 2024, the Gecko SDK was renamed to the Simplicity SDK, and the versioning scheme \nwas changed from Gecko SDK vX.Y.Z to Simplicity SDK YYYY.MM.Patch#." + }, + { + "lang": "es", + "value": "Existe un error en la API, mesh_node_power_off(), que no puede copiar el contenido de la Lista de protecci\u00f3n de reproducci\u00f3n (RPL) de la RAM a la NVM antes de apagarse, lo que da como resultado la capacidad de reproducir mensajes no guardados. Tenga en cuenta que a partir de junio de 2024, el SDK de Gecko pas\u00f3 a llamarse Simplicity SDK y el esquema de versiones se cambi\u00f3 de Gecko SDK vX.YZ a Simplicity SDK AAAA.MM.Patch#." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-40xx/CVE-2024-4042.json b/CVE-2024/CVE-2024-40xx/CVE-2024-4042.json index 685d96cb931..2ee0c7a5c8b 100644 --- a/CVE-2024/CVE-2024-40xx/CVE-2024-4042.json +++ b/CVE-2024/CVE-2024-40xx/CVE-2024-4042.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4042", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T06:15:11.240", - "lastModified": "2024-06-07T06:15:11.240", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' attribute of the menu-wrap-item block in all versions up to, and including, 2.2.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel \u2013 Combo Blocks para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo 'class' del bloque menu-wrap-item en todas las versiones anteriores y hasta, incluida, 2.2.80 debido a una sanitizaci\u00f3n insuficiente de los insumos y al escape de productos. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-40xx/CVE-2024-4058.json b/CVE-2024/CVE-2024-40xx/CVE-2024-4058.json index 84f3ddfdc90..a96af756a82 100644 --- a/CVE-2024/CVE-2024-40xx/CVE-2024-4058.json +++ b/CVE-2024/CVE-2024-40xx/CVE-2024-4058.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4058", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-05-01T13:15:52.200", - "lastModified": "2024-05-03T03:16:29.387", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-06-07T15:40:49.707", + "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", @@ -14,19 +14,98 @@ "value": "La confusi\u00f3n de tipos en ANGLE en Google Chrome anterior a 124.0.6367.78 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: cr\u00edtica)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", + "versionEndExcluding": "124.0.6367.78", + "matchCriteriaId": "3C052A48-22EC-4839-9065-D47C56599B4C" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*", + "matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59" + } + ] + } + ] + } + ], "references": [ { "url": "https://chromereleases.googleblog.com/2024/04/stable-channel-update-for-desktop_24.html", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Release Notes", + "Vendor Advisory" + ] }, { "url": "https://issues.chromium.org/issues/332546345", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOC3HLIZCGMIJLJ6LME5UWUUIFLXEGRN/", - "source": "chrome-cve-admin@google.com" + "source": "chrome-cve-admin@google.com", + "tags": [ + "Mailing List", + "Release Notes" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4320.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4320.json index d11dfd6e83d..00f67acf659 100644 --- a/CVE-2024/CVE-2024-43xx/CVE-2024-4320.json +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4320.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4320", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:02.453", - "lastModified": "2024-06-06T19:16:02.453", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A remote code execution (RCE) vulnerability exists in the '/install_extension' endpoint of the parisneo/lollms-webui application, specifically within the `@router.post(\"/install_extension\")` route handler. The vulnerability arises due to improper handling of the `name` parameter in the `ExtensionBuilder().build_extension()` method, which allows for local file inclusion (LFI) leading to arbitrary code execution. An attacker can exploit this vulnerability by crafting a malicious `name` parameter that causes the server to load and execute a `__init__.py` file from an arbitrary location, such as the upload directory for discussions. This vulnerability affects the latest version of parisneo/lollms-webui and can lead to remote code execution without requiring user interaction, especially when the application is exposed to an external endpoint or operated in headless mode." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en el endpoint '/install_extension' de la aplicaci\u00f3n parisneo/lollms-webui, espec\u00edficamente dentro del controlador de ruta `@router.post(\"/install_extension\")`. La vulnerabilidad surge debido al manejo inadecuado del par\u00e1metro `name` en el m\u00e9todo `ExtensionBuilder().build_extension()`, que permite la inclusi\u00f3n de archivos locales (LFI) que conducen a la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede aprovechar esta vulnerabilidad creando un par\u00e1metro \"nombre\" malicioso que hace que el servidor cargue y ejecute un archivo \"__init__.py\" desde una ubicaci\u00f3n arbitraria, como el directorio de carga para discusiones. Esta vulnerabilidad afecta a la \u00faltima versi\u00f3n de parisneo/lollms-webui y puede provocar la ejecuci\u00f3n remota de c\u00f3digo sin requerir la interacci\u00f3n del usuario, especialmente cuando la aplicaci\u00f3n est\u00e1 expuesta a un endpoint externo o se opera en modo sin cabeza." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4325.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4325.json index ad3d5608fa6..7f709b8a899 100644 --- a/CVE-2024/CVE-2024-43xx/CVE-2024-4325.json +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4325.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4325", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:18.300", - "lastModified": "2024-06-06T18:15:18.300", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the gradio-app/gradio version 4.21.0, specifically within the `/queue/join` endpoint and the `save_url_to_cache` function. The vulnerability arises when the `path` value, obtained from the user and expected to be a URL, is used to make an HTTP request without sufficient validation checks. This flaw allows an attacker to send crafted requests that could lead to unauthorized access to the local network or the AWS metadata endpoint, thereby compromising the security of internal servers." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en gradio-app/gradio versi\u00f3n 4.21.0, espec\u00edficamente dentro del endpoint `/queue/join` y la funci\u00f3n `save_url_to_cache`. La vulnerabilidad surge cuando el valor de \"ruta\", obtenido del usuario y que se espera que sea una URL, se utiliza para realizar una solicitud HTTP sin suficientes comprobaciones de validaci\u00f3n. Esta falla permite a un atacante enviar solicitudes manipuladas que podr\u00edan conducir a un acceso no autorizado a la red local o al endpoint de metadatos de AWS, comprometiendo as\u00ed la seguridad de los servidores internos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4354.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4354.json index 4c71dfd057f..6fac5ca64cb 100644 --- a/CVE-2024/CVE-2024-43xx/CVE-2024-4354.json +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4354.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4354", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T06:15:11.500", - "lastModified": "2024-06-07T06:15:11.500", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The TablePress \u2013 Tables in WordPress made easy plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.3 via the get_files_to_import() function. This makes it possible for authenticated attackers, with author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. Due to the complex nature of protecting against DNS rebind attacks in WordPress software, we settled on the developer simply restricting the usage of the URL import functionality to just administrators. While this is not optimal, we feel this poses a minimal risk to most site owners and ideally WordPress core would correct this issue in wp_safe_remote_get() and other functions." + }, + { + "lang": "es", + "value": "El complemento TablePress \u2013 Tables in WordPress made easy para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 2.3 incluida a trav\u00e9s de la funci\u00f3n get_files_to_import(). Esto hace posible que atacantes autenticados, con acceso de nivel de autor y superior, realicen solicitudes web a ubicaciones arbitrarias que se originen en la aplicaci\u00f3n web y puedan usarse para consultar y modificar informaci\u00f3n de servicios internos. Debido a la naturaleza compleja de la protecci\u00f3n contra ataques de revinculaci\u00f3n de DNS en el software WordPress, decidimos que el desarrollador simplemente restringiera el uso de la funcionalidad de importaci\u00f3n de URL solo a los administradores. Si bien esto no es \u00f3ptimo, creemos que representa un riesgo m\u00ednimo para la mayor\u00eda de los propietarios de sitios e idealmente el n\u00facleo de WordPress corregir\u00eda este problema en wp_safe_remote_get() y otras funciones." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-44xx/CVE-2024-4451.json b/CVE-2024/CVE-2024-44xx/CVE-2024-4451.json index a260b70ef99..b4a36718cc1 100644 --- a/CVE-2024/CVE-2024-44xx/CVE-2024-4451.json +++ b/CVE-2024/CVE-2024-44xx/CVE-2024-4451.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4451", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T07:15:46.437", - "lastModified": "2024-06-07T07:15:46.437", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The Colibri Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's colibri_video_player shortcode in all versions up to, and including, 1.0.276 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Colibri Page Builder para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto colibri_video_player del complemento en todas las versiones hasta la 1.0.276 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-44xx/CVE-2024-4488.json b/CVE-2024/CVE-2024-44xx/CVE-2024-4488.json index 656933c769f..9b3bb3d711f 100644 --- a/CVE-2024/CVE-2024-44xx/CVE-2024-4488.json +++ b/CVE-2024/CVE-2024-44xx/CVE-2024-4488.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4488", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T07:15:47.707", - "lastModified": "2024-06-07T07:15:47.707", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The Royal Elementor Addons and Templates for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018inline_list\u2019 parameter in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "Los complementos Royal Elementor Addons and Templates para WordPress son vulnerables a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'inline_list' en versiones hasta la 1.3.976 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-44xx/CVE-2024-4489.json b/CVE-2024/CVE-2024-44xx/CVE-2024-4489.json index 6362eade43b..441b1a74cd2 100644 --- a/CVE-2024/CVE-2024-44xx/CVE-2024-4489.json +++ b/CVE-2024/CVE-2024-44xx/CVE-2024-4489.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4489", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T07:15:47.970", - "lastModified": "2024-06-07T07:15:47.970", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018custom_upload_mimes\u2019 function in versions up to, and including, 1.3.976 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Royal Elementor Addons and Templates para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la funci\u00f3n 'custom_upload_mimes' en versiones hasta la 1.3.976 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con permisos de nivel de colaborador y superiores, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-46xx/CVE-2024-4610.json b/CVE-2024/CVE-2024-46xx/CVE-2024-4610.json index b528dc0896f..3aaf345e59a 100644 --- a/CVE-2024/CVE-2024-46xx/CVE-2024-4610.json +++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4610.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4610", "sourceIdentifier": "arm-security@arm.com", "published": "2024-06-07T12:15:09.077", - "lastModified": "2024-06-07T12:15:09.077", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-46xx/CVE-2024-4620.json b/CVE-2024/CVE-2024-46xx/CVE-2024-4620.json index 2ba74bcf8c9..09dc0fd5ae6 100644 --- a/CVE-2024/CVE-2024-46xx/CVE-2024-4620.json +++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4620.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4620", "sourceIdentifier": "contact@wpscan.com", "published": "2024-06-07T06:15:11.763", - "lastModified": "2024-06-07T06:15:11.763", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form" + }, + { + "lang": "es", + "value": "El complemento ARForms - Premium WordPress Form Builder para WordPress anterior a 6.6 permite a los usuarios no autenticados modificar los archivos cargados de tal manera que el c\u00f3digo PHP se pueda cargar cuando se incluye una entrada de archivo de carga en un formulario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-46xx/CVE-2024-4621.json b/CVE-2024/CVE-2024-46xx/CVE-2024-4621.json index 888b0758877..5c6283a9465 100644 --- a/CVE-2024/CVE-2024-46xx/CVE-2024-4621.json +++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4621.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4621", "sourceIdentifier": "contact@wpscan.com", "published": "2024-06-07T06:15:11.840", - "lastModified": "2024-06-07T06:15:11.840", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento ARForms - Premium WordPress Form Builder para WordPress anterior a 6.6 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4703.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4703.json index a28db937c27..7867be0e089 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4703.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4703.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4703", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T08:15:32.413", - "lastModified": "2024-06-07T08:15:32.413", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The One Page Express Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's one_page_express_contact_form shortcode in all versions up to, and including, 1.6.37 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento One Page Express Companion para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del c\u00f3digo corto one_page_express_contact_form del complemento en todas las versiones hasta la 1.6.37 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4756.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4756.json index f10430387d8..f75b1599d34 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4756.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4756.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4756", "sourceIdentifier": "contact@wpscan.com", "published": "2024-06-07T06:15:11.920", - "lastModified": "2024-06-07T06:15:11.920", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP Backpack WordPress plugin through 2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + }, + { + "lang": "es", + "value": "El complemento WP Backpack de WordPress hasta la versi\u00f3n 2.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4851.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4851.json index 0a3dae40274..3f0028ff20f 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4851.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4851.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4851", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:02.800", - "lastModified": "2024-06-06T19:16:02.800", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the stangirard/quivr application, version 0.0.204, which allows attackers to access internal networks. The vulnerability is present in the crawl endpoint where the 'url' parameter can be manipulated to send HTTP requests to arbitrary URLs, thereby facilitating SSRF attacks. The affected code is located in the backend/routes/crawl_routes.py file, specifically within the crawl_endpoint function. This issue could allow attackers to interact with internal services that are accessible from the server hosting the application." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en la aplicaci\u00f3n stangirard/quivr, versi\u00f3n 0.0.204, que permite a los atacantes acceder a redes internas. La vulnerabilidad est\u00e1 presente en el endpoint de rastreo donde el par\u00e1metro 'url' puede manipularse para enviar solicitudes HTTP a URL arbitrarias, facilitando as\u00ed los ataques SSRF. El c\u00f3digo afectado se encuentra en el archivo backend/routes/crawl_routes.py, espec\u00edficamente dentro de la funci\u00f3n crawl_endpoint. Este problema podr\u00eda permitir a los atacantes interactuar con servicios internos a los que se puede acceder desde el servidor que aloja la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4881.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4881.json index 6cb6cfe4779..84256554fb8 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4881.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4881.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4881", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:03.063", - "lastModified": "2024-06-06T19:16:03.063", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A path traversal vulnerability exists in the parisneo/lollms application, affecting version 9.4.0 and potentially earlier versions, but fixed in version 5.9.0. The vulnerability arises due to improper validation of file paths between Windows and Linux environments, allowing attackers to traverse beyond the intended directory and read any file on the Windows system. Specifically, the application fails to adequately sanitize file paths containing backslashes (`\\`), which can be exploited to access the root directory and read, or even delete, sensitive files. This issue was discovered in the context of the `/user_infos` endpoint, where a crafted request using backslashes to reference a file (e.g., `\\windows\\win.ini`) could result in unauthorized file access. The impact of this vulnerability includes the potential for attackers to access sensitive information such as environment variables, database files, and configuration files, which could lead to further compromise of the system." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de path traversal en la aplicaci\u00f3n parisneo/lollms, que afecta a la versi\u00f3n 9.4.0 y potencialmente a versiones anteriores, pero se solucion\u00f3 en la versi\u00f3n 5.9.0. La vulnerabilidad surge debido a una validaci\u00f3n inadecuada de las rutas de archivos entre los entornos Windows y Linux, lo que permite a los atacantes ir m\u00e1s all\u00e1 del directorio deseado y leer cualquier archivo en el sistema Windows. Espec\u00edficamente, la aplicaci\u00f3n no sanitiza adecuadamente las rutas de archivos que contienen barras invertidas (`\\`), que pueden aprovecharse para acceder al directorio ra\u00edz y leer, o incluso eliminar, archivos confidenciales. Este problema se descubri\u00f3 en el contexto del endpoint `/user_infos`, donde una solicitud manipulada que utiliza barras invertidas para hacer referencia a un archivo (por ejemplo, `\\windows\\win.ini`) podr\u00eda resultar en un acceso no autorizado al archivo. El impacto de esta vulnerabilidad incluye la posibilidad de que los atacantes accedan a informaci\u00f3n confidencial, como variables de entorno, archivos de bases de datos y archivos de configuraci\u00f3n, lo que podr\u00eda comprometer a\u00fan m\u00e1s el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4887.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4887.json index 9676a28b742..631a59f3d81 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4887.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4887.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4887", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T04:15:31.777", - "lastModified": "2024-06-07T04:15:31.777", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all versions up to, and including, 1.7.2 via the 'behavior' attributes found in the qi_addons_for_elementor_blog_list shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include remote files on the server, resulting in code execution. Please note that this requires an attacker to create a non-existent directory or target an instance where file_exists won't return false with a non-existent directory in the path, in order to successfully exploit." + }, + { + "lang": "es", + "value": "El complemento Qi Addons For Elementor para WordPress es vulnerable a la inclusi\u00f3n remota de archivos en todas las versiones hasta la 1.7.2 incluida a trav\u00e9s de los atributos de 'comportamiento' que se encuentran en el c\u00f3digo corto qi_addons_for_elementor_blog_list. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, incluyan archivos remotos en el servidor, lo que resulta en la ejecuci\u00f3n de c\u00f3digo. Tenga en cuenta que esto requiere que un atacante cree un directorio inexistente o apunte a una instancia donde file_exists no devuelva false con un directorio inexistente en la ruta, para poder explotar con \u00e9xito." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4888.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4888.json index 0604b98854e..04abf1987fd 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4888.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4888.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4888", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:03.397", - "lastModified": "2024-06-06T19:16:03.397", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request that includes a file path to the server, which then deletes the specified file without proper authorization or validation. This vulnerability is present in the code where `os.remove(file.filename)` is used to delete a file, allowing any user to delete critical files on the server such as SSH keys, SQLite databases, or configuration files. " + }, + { + "lang": "es", + "value": "Litellm de BerriAI, en su \u00faltima versi\u00f3n, es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a una validaci\u00f3n de entrada incorrecta en el endpoint `/audio/transcriptions`. Un atacante puede aprovechar esta vulnerabilidad enviando una solicitud especialmente manipulada que incluya una ruta de archivo al servidor, que luego elimina el archivo especificado sin la autorizaci\u00f3n o validaci\u00f3n adecuada. Esta vulnerabilidad est\u00e1 presente en el c\u00f3digo donde se usa `os.remove(file.filename)` para eliminar un archivo, lo que permite a cualquier usuario eliminar archivos cr\u00edticos en el servidor, como claves SSH, bases de datos SQLite o archivos de configuraci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4889.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4889.json index 7130175911a..a7280b49989 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4889.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4889.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4889", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:18.577", - "lastModified": "2024-06-06T18:15:18.577", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file to be exploitable. Specifically, by setting the `UI_LOGO_PATH` variable to a remote server address in the `get_image` function, an attacker can write a malicious Google KMS configuration file to the `cached_logo.jpg` file. This file can then be used to execute arbitrary code by assigning malicious code to the `SAVE_CONFIG_TO_DB` environment variable, leading to full system control. The vulnerability is contingent upon the use of the Google KMS feature." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n de c\u00f3digo en la aplicaci\u00f3n berriai/litellm, versi\u00f3n 1.34.6, debido al uso de entradas no validadas en la funci\u00f3n de evaluaci\u00f3n dentro del sistema de gesti\u00f3n de secretos. Esta vulnerabilidad requiere un archivo de configuraci\u00f3n de Google KMS v\u00e1lido para ser explotable. Espec\u00edficamente, al configurar la variable `UI_LOGO_PATH` en una direcci\u00f3n de servidor remoto en la funci\u00f3n `get_image`, un atacante puede escribir un archivo de configuraci\u00f3n malicioso de Google KMS en el archivo `cached_logo.jpg`. Este archivo luego se puede usar para ejecutar c\u00f3digo arbitrario asignando c\u00f3digo malicioso a la variable de entorno `SAVE_CONFIG_TO_DB`, lo que lleva al control total del sistema. La vulnerabilidad depende del uso de la funci\u00f3n Google KMS." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4890.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4890.json index c374ff985dd..23994799ac0 100644 --- a/CVE-2024/CVE-2024-48xx/CVE-2024-4890.json +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4890.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4890", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:03.630", - "lastModified": "2024-06-06T19:16:03.630", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A blind SQL injection vulnerability exists in the berriai/litellm application, specifically within the '/team/update' process. The vulnerability arises due to the improper handling of the 'user_id' parameter in the raw SQL query used for deleting users. An attacker can exploit this vulnerability by injecting malicious SQL commands through the 'user_id' parameter, leading to potential unauthorized access to sensitive information such as API keys, user information, and tokens stored in the database. The affected version is 1.27.14." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL ciega en la aplicaci\u00f3n berriai/litellm, espec\u00edficamente dentro del proceso '/team/update'. La vulnerabilidad surge debido al manejo inadecuado del par\u00e1metro 'user_id' en la consulta SQL sin formato utilizada para eliminar usuarios. Un atacante puede aprovechar esta vulnerabilidad inyectando comandos SQL maliciosos a trav\u00e9s del par\u00e1metro 'user_id', lo que lleva a un posible acceso no autorizado a informaci\u00f3n confidencial como claves API, informaci\u00f3n de usuario y tokens almacenados en la base de datos. La versi\u00f3n afectada es la 1.27.14." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4902.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4902.json index 60e77a1d8b1..c302dec8599 100644 --- a/CVE-2024/CVE-2024-49xx/CVE-2024-4902.json +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4902.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4902", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T05:15:49.740", - "lastModified": "2024-06-07T05:15:49.740", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018course_id\u2019 parameter in all versions up to, and including, 2.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with admin access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento Tutor LMS \u2013 eLearning and online course solution para WordPress es vulnerable a la inyecci\u00f3n SQL basada en tiempo a trav\u00e9s del par\u00e1metro 'course_id' en todas las versiones hasta la 2.7.1 incluida debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de suficiente preparaci\u00f3n en la consulta SQL existente. Esto hace posible que atacantes autenticados, con acceso de administrador y superior, agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4941.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4941.json index dd8b1fcb763..0050aa173c8 100644 --- a/CVE-2024/CVE-2024-49xx/CVE-2024-4941.json +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4941.json @@ -2,12 +2,16 @@ "id": "CVE-2024-4941", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:18.783", - "lastModified": "2024-06-06T18:15:18.783", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A local file inclusion vulnerability exists in the JSON component of gradio-app/gradio version 4.25. The vulnerability arises from improper input validation in the `postprocess()` function within `gradio/components/json_component.py`, where a user-controlled string is parsed as JSON. If the parsed JSON object contains a `path` key, the specified file is moved to a temporary directory, making it possible to retrieve it later via the `/file=..` endpoint. This issue is due to the `processing_utils.move_files_to_cache()` function traversing any object passed to it, looking for a dictionary with a `path` key, and then copying the specified file to a temporary directory. The vulnerability can be exploited by an attacker to read files on the remote system, posing a significant security risk." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inclusi\u00f3n de archivos locales en el componente JSON de gradio-app/gradio versi\u00f3n 4.25. La vulnerabilidad surge de una validaci\u00f3n de entrada incorrecta en la funci\u00f3n `postprocess()` dentro de `gradio/components/json_component.py`, donde una cadena controlada por el usuario se analiza como JSON. Si el objeto JSON analizado contiene una clave `ruta`, el archivo especificado se mueve a un directorio temporal, lo que permite recuperarlo m\u00e1s tarde a trav\u00e9s del endpoint `/file=..`. Este problema se debe a que la funci\u00f3n `processing_utils.move_files_to_cache()` atraviesa cualquier objeto que se le pasa, busca un diccionario con una clave `path` y luego copia el archivo especificado en un directorio temporal. Un atacante puede aprovechar la vulnerabilidad para leer archivos en el sistema remoto, lo que representa un riesgo de seguridad significativo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-50xx/CVE-2024-5003.json b/CVE-2024/CVE-2024-50xx/CVE-2024-5003.json index 5045bc0841a..8a6900978be 100644 --- a/CVE-2024/CVE-2024-50xx/CVE-2024-5003.json +++ b/CVE-2024/CVE-2024-50xx/CVE-2024-5003.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5003", "sourceIdentifier": "contact@wpscan.com", "published": "2024-06-07T06:15:12.000", - "lastModified": "2024-06-07T06:15:12.000", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP Stacker WordPress plugin through 1.8.5 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack" + }, + { + "lang": "es", + "value": "El complemento WP Stacker de WordPress hasta la versi\u00f3n 1.8.5 no tiene verificaci\u00f3n CSRF en algunos lugares y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador registrado agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5124.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5124.json index cf516ab83ab..b1eb3c9d541 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5124.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5124.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5124", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:03.863", - "lastModified": "2024-06-06T19:16:03.863", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A timing attack vulnerability exists in the gaizhenbiao/chuanhuchatgpt repository, specifically within the password comparison logic. The vulnerability is present in version 20240310 of the software, where passwords are compared using the '=' operator in Python. This method of comparison allows an attacker to guess passwords based on the timing of each character's comparison. The issue arises from the code segment that checks a password for a particular username, which can lead to the exposure of sensitive information to an unauthorized actor. An attacker exploiting this vulnerability could potentially guess user passwords, compromising the security of the system." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de ataque sincronizado en el repositorio gaizhenbiao/chuanhuchatgpt, espec\u00edficamente dentro de la l\u00f3gica de comparaci\u00f3n de contrase\u00f1as. La vulnerabilidad est\u00e1 presente en la versi\u00f3n 20240310 del software, donde las contrase\u00f1as se comparan utilizando el operador '=\" en Python. Este m\u00e9todo de comparaci\u00f3n permite a un atacante adivinar contrase\u00f1as bas\u00e1ndose en el momento de la comparaci\u00f3n de cada car\u00e1cter. El problema surge del segmento de c\u00f3digo que verifica una contrase\u00f1a para un nombre de usuario en particular, lo que puede llevar a la exposici\u00f3n de informaci\u00f3n confidencial a un actor no autorizado. Un atacante que aproveche esta vulnerabilidad podr\u00eda adivinar las contrase\u00f1as de los usuarios, comprometiendo la seguridad del sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5126.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5126.json index c64f89e3a11..6976aec9692 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5126.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5126.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5126", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:04.090", - "lastModified": "2024-06-06T19:16:04.090", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An improper access control vulnerability exists in the lunary-ai/lunary repository, specifically within the versions.patch functionality for updating prompts. Affected versions include 1.2.2 up to but not including 1.2.25. The vulnerability allows unauthorized users to update prompt details due to insufficient access control checks. This issue was addressed and fixed in version 1.2.25." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de control de acceso inadecuado en el repositorio lunary-ai/lunary, espec\u00edficamente dentro de la funcionalidad versions.patch para mensajes de actualizaci\u00f3n. Las versiones afectadas incluyen la 1.2.2 hasta la 1.2.25, pero no incluida. La vulnerabilidad permite a usuarios no autorizados actualizar los detalles del mensaje debido a controles de control de acceso insuficientes. Este problema se solucion\u00f3 y solucion\u00f3 en la versi\u00f3n 1.2.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5127.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5127.json index 54cbd503c0e..5d4e1dc0471 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5127.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5127.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5127", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:19.000", - "lastModified": "2024-06-06T18:15:19.000", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In lunary-ai/lunary versions 1.2.2 through 1.2.25, an improper access control vulnerability allows users on the Free plan to invite other members and assign them any role, including those intended for Paid and Enterprise plans only. This issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not intended for their use. The vulnerability specifically affects the Team feature, where the backend fails to validate whether a user has paid for a plan before allowing them to send invite links with any role assigned. This could lead to unauthorized access and manipulation of project settings or data." + }, + { + "lang": "es", + "value": "En las versiones lunary-ai/lunary 1.2.2 a 1.2.25, una vulnerabilidad de control de acceso inadecuado permite a los usuarios del plan gratuito invitar a otros miembros y asignarles cualquier rol, incluidos aquellos destinados \u00fanicamente a los planes Pagado y Empresarial. Este problema surge debido a una validaci\u00f3n de backend insuficiente de roles y permisos, lo que permite a usuarios no autorizados unirse a un proyecto y potencialmente explotar roles y permisos que no est\u00e1n destinados a su uso. La vulnerabilidad afecta espec\u00edficamente a la funci\u00f3n Equipo, donde el backend no valida si un usuario ha pagado un plan antes de permitirle enviar enlaces de invitaci\u00f3n con cualquier funci\u00f3n asignada. Esto podr\u00eda dar lugar a acceso no autorizado y manipulaci\u00f3n de la configuraci\u00f3n o los datos del proyecto." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5128.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5128.json index d698dacc7d6..2f9ada38e0f 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5128.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5128.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5128", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:04.323", - "lastModified": "2024-06-06T19:16:04.323", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any dataset_prompt or dataset_prompt_variation within any dataset or project. The issue stems from improper access control checks in the dataset management endpoints, where direct references to object IDs are not adequately secured against unauthorized access. This vulnerability was fixed in version 1.2.25." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de referencia directa de objetos inseguros (IDOR) en lunary-ai/lunary, que afecta a las versiones hasta la 1.2.2 incluida. Esta vulnerabilidad permite a usuarios no autorizados ver, actualizar o eliminar cualquier dataset_prompt o dataset_prompt_variation dentro de cualquier conjunto de datos o proyecto. El problema surge de controles de acceso inadecuados en los endpoints de gesti\u00f3n de conjuntos de datos, donde las referencias directas a los ID de objetos no est\u00e1n adecuadamente protegidas contra el acceso no autorizado. Esta vulnerabilidad se solucion\u00f3 en la versi\u00f3n 1.2.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5129.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5129.json index ecfe667e249..bdd06173ec1 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5129.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5129.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5129", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:04.583", - "lastModified": "2024-06-06T19:16:04.583", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Privilege Escalation Vulnerability exists in lunary-ai/lunary version 1.2.2, where any user can delete any datasets due to missing authorization checks. The vulnerability is present in the dataset deletion functionality, where the application fails to verify if the user requesting the deletion has the appropriate permissions. This allows unauthorized users to send a DELETE request to the server and delete any dataset by specifying its ID. The issue is located in the datasets.delete function within the datasets index file." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de escalada de privilegios en lunary-ai/lunary versi\u00f3n 1.2.2, donde cualquier usuario puede eliminar cualquier conjunto de datos debido a que faltan verificaciones de autorizaci\u00f3n. La vulnerabilidad est\u00e1 presente en la funcionalidad de eliminaci\u00f3n del conjunto de datos, donde la aplicaci\u00f3n no puede verificar si el usuario que solicita la eliminaci\u00f3n tiene los permisos adecuados. Esto permite a usuarios no autorizados enviar una solicitud DELETE al servidor y eliminar cualquier conjunto de datos especificando su ID. El problema se encuentra en la funci\u00f3n datasets.delete dentro del archivo de \u00edndice de conjuntos de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5130.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5130.json index 6b139a49820..fa224b4fd54 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5130.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5130.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5130", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:04.813", - "lastModified": "2024-06-06T19:16:04.813", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack of proper authorization checks in the dataset deletion endpoint. Specifically, the endpoint does not verify if the provided project ID belongs to the current user, thereby allowing any dataset to be deleted without proper authentication. This issue was fixed in version 1.2.8." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de autorizaci\u00f3n incorrecta en las versiones lunary-ai/lunary hasta la 1.2.2 incluida, que permite a los usuarios no autenticados eliminar cualquier conjunto de datos. La vulnerabilidad se debe a la falta de comprobaciones de autorizaci\u00f3n adecuadas en el endpoint de eliminaci\u00f3n del conjunto de datos. Espec\u00edficamente, el endpoint no verifica si el ID del proyecto proporcionado pertenece al usuario actual, lo que permite que se elimine cualquier conjunto de datos sin la autenticaci\u00f3n adecuada. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5131.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5131.json index 72d57f922f3..76fba6c721c 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5131.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5131.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5131", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:05.060", - "lastModified": "2024-06-06T19:16:05.060", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting versions up to and including 1.2.2. The vulnerability allows unauthorized users to view any prompts in any projects by supplying a specific prompt ID to an endpoint that does not adequately verify the ownership of the prompt ID. This issue was fixed in version 1.2.25." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de control de acceso inadecuado en el repositorio lunary-ai/lunary, que afecta a las versiones hasta la 1.2.2 incluida. La vulnerabilidad permite a usuarios no autorizados ver cualquier mensaje en cualquier proyecto al proporcionar un ID de mensaje espec\u00edfico a un endpoint que no verifica adecuadamente la propiedad del ID de mensaje. Este problema se solucion\u00f3 en la versi\u00f3n 1.2.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5132.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5132.json index 8d2ab5baea7..bcf147dfdf3 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5132.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5132.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5132", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:05.300", - "lastModified": "2024-06-06T19:16:05.300", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In lunary-ai/lunary version 1.2.2, a business logic error allows users to bypass the intended limitations on team member invitations and additions, regardless of their subscription plan. The vulnerability arises due to the lack of validation against the predefined member limits in the SEAT_ALLOWANCE constants during the invitation and joining processes. This issue enables users on any plan, including the free plan, to invite and add more members to a team than allowed, effectively circumventing the system's subscription model. The flaw is located in the backend's handling of user invitations and additions, specifically in the /api/v1/auth/index.ts and /api/v1/users.ts endpoints, where the system fails to check the current number of team members against the allowed limits before proceeding with the invitation and addition operations." + }, + { + "lang": "es", + "value": "En lunary-ai/lunary versi\u00f3n 1.2.2, un error de l\u00f3gica empresarial permite a los usuarios eludir las limitaciones previstas en las invitaciones y adiciones de miembros del equipo, independientemente de su plan de suscripci\u00f3n. La vulnerabilidad surge debido a la falta de validaci\u00f3n de los l\u00edmites de miembros predefinidos en las constantes SEAT_ALLOWANCE durante los procesos de invitaci\u00f3n y uni\u00f3n. Este problema permite a los usuarios de cualquier plan, incluido el plan gratuito, invitar y agregar a un equipo m\u00e1s miembros de los permitidos, eludiendo efectivamente el modelo de suscripci\u00f3n del sistema. La falla se encuentra en el manejo por parte del backend de las invitaciones y adiciones de usuarios, espec\u00edficamente en los endpoints /api/v1/auth/index.ts y /api/v1/users.ts, donde el sistema no puede verificar el n\u00famero actual de miembros del equipo. contra los l\u00edmites permitidos antes de proceder con las operaciones de invitaci\u00f3n y adici\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5133.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5133.json index 0c3cb91de0e..b5c65d36227 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5133.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5133.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5133", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:05.557", - "lastModified": "2024-06-06T19:16:05.557", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In lunary-ai/lunary version 1.2.4, an account takeover vulnerability exists due to the exposure of password recovery tokens in API responses. Specifically, when a user initiates the password reset process, the recovery token is included in the response of the `GET /v1/users/me/org` endpoint, which lists all users in a team. This allows any authenticated user to capture the recovery token of another user and subsequently change that user's password without consent, effectively taking over the account. The issue lies in the inclusion of the `recovery_token` attribute in the users object returned by the API." + }, + { + "lang": "es", + "value": "En lunary-ai/lunary versi\u00f3n 1.2.4, existe una vulnerabilidad de apropiaci\u00f3n de cuenta debido a la exposici\u00f3n de tokens de recuperaci\u00f3n de contrase\u00f1a en las respuestas de API. Espec\u00edficamente, cuando un usuario inicia el proceso de restablecimiento de contrase\u00f1a, el token de recuperaci\u00f3n se incluye en la respuesta del endpoint `GET /v1/users/me/org`, que enumera todos los usuarios de un equipo. Esto permite que cualquier usuario autenticado capture el token de recuperaci\u00f3n de otro usuario y posteriormente cambie la contrase\u00f1a de ese usuario sin consentimiento, asumiendo efectivamente el control de la cuenta. El problema radica en la inclusi\u00f3n del atributo `recovery_token` en el objeto de usuario devuelto por la API." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5186.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5186.json index 1d5f747f5d3..4319864a93c 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5186.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5186.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5186", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:05.860", - "lastModified": "2024-06-06T19:16:05.860", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the file upload section of imartinez/privategpt version 0.5.0. This vulnerability allows attackers to send crafted requests that could result in unauthorized access to the local network and potentially sensitive information. Specifically, by manipulating the 'path' parameter in a file upload request, an attacker can cause the application to make arbitrary requests to internal services, including the AWS metadata endpoint. This issue could lead to the exposure of internal servers and sensitive data." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en la secci\u00f3n de carga de archivos de imartinez/privategpt versi\u00f3n 0.5.0. Esta vulnerabilidad permite a los atacantes enviar solicitudes manipuladas que podr\u00edan resultar en acceso no autorizado a la red local e informaci\u00f3n potencialmente confidencial. Espec\u00edficamente, al manipular el par\u00e1metro 'ruta' en una solicitud de carga de archivos, un atacante puede hacer que la aplicaci\u00f3n realice solicitudes arbitrarias a servicios internos, incluido el endpoint de metadatos de AWS. Este problema podr\u00eda provocar la exposici\u00f3n de servidores internos y datos confidenciales." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5187.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5187.json index ba68afefd43..8bc2a8ef88b 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5187.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5187.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5187", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:06.100", - "lastModified": "2024-06-06T19:16:06.100", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability in the `download_model_with_test_data` function of the onnx/onnx framework, version 1.16.0, allows for arbitrary file overwrite due to inadequate prevention of path traversal attacks in malicious tar files. This vulnerability enables attackers to overwrite any file on the system, potentially leading to remote code execution, deletion of system, personal, or application files, thus impacting the integrity and availability of the system. The issue arises from the function's handling of tar file extraction without performing security checks on the paths within the tar file, as demonstrated by the ability to overwrite the `/home/kali/.ssh/authorized_keys` file by specifying an absolute path in the malicious tar file." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la funci\u00f3n `download_model_with_test_data` del framework onnx/onnx, versi\u00f3n 1.16.0, permite la sobrescritura arbitraria de archivos debido a una prevenci\u00f3n inadecuada de ataques de path traversal en archivos tar maliciosos. Esta vulnerabilidad permite a los atacantes sobrescribir cualquier archivo en el sistema, lo que podr\u00eda provocar la ejecuci\u00f3n remota de c\u00f3digo y la eliminaci\u00f3n de archivos del sistema, personales o de aplicaciones, lo que afecta la integridad y disponibilidad del sistema. El problema surge del manejo de la funci\u00f3n de extracci\u00f3n de archivos tar sin realizar controles de seguridad en las rutas dentro del archivo tar, como lo demuestra la capacidad de sobrescribir el archivo `/home/kali/.ssh/authorized_keys` especificando una ruta absoluta en el archivo tar. archivo tar malicioso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5206.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5206.json index 7735c19e8c9..f66fca9009d 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5206.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5206.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5206", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:06.363", - "lastModified": "2024-06-06T19:16:06.363", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A sensitive data leakage vulnerability was identified in scikit-learn's TfidfVectorizer, specifically in versions up to and including 1.4.1.post1, which was fixed in version 1.5.0. The vulnerability arises from the unexpected storage of all tokens present in the training data within the `stop_words_` attribute, rather than only storing the subset of tokens required for the TF-IDF technique to function. This behavior leads to the potential leakage of sensitive information, as the `stop_words_` attribute could contain tokens that were meant to be discarded and not stored, such as passwords or keys. The impact of this vulnerability varies based on the nature of the data being processed by the vectorizer." + }, + { + "lang": "es", + "value": "Se identific\u00f3 una vulnerabilidad de fuga de datos confidenciales en TfidfVectorizer de scikit-learn, espec\u00edficamente en versiones hasta la 1.4.1.post1 incluida, que se solucion\u00f3 en la versi\u00f3n 1.5.0. La vulnerabilidad surge del almacenamiento inesperado de todos los tokens presentes en los datos de entrenamiento dentro del atributo `stop_words_`, en lugar de almacenar solo el subconjunto de tokens necesarios para que funcione la t\u00e9cnica TF-IDF. Este comportamiento conduce a una posible fuga de informaci\u00f3n confidencial, ya que el atributo `stop_words_` podr\u00eda contener tokens que deb\u00edan descartarse y no almacenarse, como contrase\u00f1as o claves. El impacto de esta vulnerabilidad var\u00eda seg\u00fan la naturaleza de los datos que procesa el vectorizador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5225.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5225.json index 16c389b89eb..8d1d8eafa5a 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5225.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5225.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5225", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:06.673", - "lastModified": "2024-06-06T19:16:06.673", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "An SQL Injection vulnerability exists in the berriai/litellm repository, specifically within the `/global/spend/logs` endpoint. The vulnerability arises due to improper neutralization of special elements used in an SQL command. The affected code constructs an SQL query by concatenating an unvalidated `api_key` parameter directly into the query, making it susceptible to SQL Injection if the `api_key` contains malicious data. This issue affects the latest version of the repository. Successful exploitation of this vulnerability could lead to unauthorized access, data manipulation, exposure of confidential information, and denial of service (DoS)." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en el repositorio berriai/litellm, espec\u00edficamente dentro del endpoint `/global/spend/logs`. La vulnerabilidad surge debido a una neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando SQL. El c\u00f3digo afectado construye una consulta SQL concatenando un par\u00e1metro `api_key` no validado directamente en la consulta, lo que la hace susceptible a la inyecci\u00f3n SQL si `api_key` contiene datos maliciosos. Este problema afecta a la \u00faltima versi\u00f3n del repositorio. La explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar acceso no autorizado, manipulaci\u00f3n de datos, exposici\u00f3n de informaci\u00f3n confidencial y denegaci\u00f3n de servicio (DoS)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5248.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5248.json index b3b22d27fe1..cfea942efde 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5248.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5248.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5248", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:06.917", - "lastModified": "2024-06-06T19:16:06.917", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In lunary-ai/lunary version 1.2.5, an improper access control vulnerability exists due to a missing permission check in the `GET /v1/users/me/org` endpoint. The platform's role definitions restrict the `Prompt Editor` role to prompt management and project viewing/listing capabilities, explicitly excluding access to user information. However, the endpoint fails to enforce this restriction, allowing users with the `Prompt Editor` role to access the full list of users in the organization. This vulnerability allows unauthorized access to sensitive user information, violating the intended access controls." + }, + { + "lang": "es", + "value": "En lunary-ai/lunary versi\u00f3n 1.2.5, existe una vulnerabilidad de control de acceso inadecuado debido a una falta de verificaci\u00f3n de permiso en el endpoint `GET /v1/users/me/org`. Las definiciones de funciones de la plataforma restringen la funci\u00f3n \"Editor de mensajes\" a la gesti\u00f3n de mensajes y las capacidades de visualizaci\u00f3n/enumeraci\u00f3n de proyectos, excluyendo expl\u00edcitamente el acceso a la informaci\u00f3n del usuario. Sin embargo, el endpoint no aplica esta restricci\u00f3n, lo que permite a los usuarios con la funci\u00f3n \"Editor de mensajes\" acceder a la lista completa de usuarios de la organizaci\u00f3n. Esta vulnerabilidad permite el acceso no autorizado a informaci\u00f3n confidencial del usuario, violando los controles de acceso previstos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5256.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5256.json index ffdaf7b405d..bb1dedbc70a 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5256.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5256.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5256", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:19.220", - "lastModified": "2024-06-06T18:15:19.220", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Sonos Era 100 SMB2 Message Handling Integer Underflow Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before reading from memory. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22336." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de desbordamiento de enteros en el manejo de mensajes de Sonos Era 100 SMB2. Esta vulnerabilidad permite a atacantes adyacentes a la red revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de los altavoces inteligentes Sonos Era 100. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe en el manejo de mensajes SMB2. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar un desbordamiento insuficiente de enteros antes de leerlos de la memoria. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-22336." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5267.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5267.json index c272ea8d295..0d8c5604c92 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5267.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5267.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5267", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:19.477", - "lastModified": "2024-06-06T18:15:19.477", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22384." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites en el manejo de mensajes de Sonos Era 100 SMB2. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los altavoces inteligentes Sonos Era 100. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe en el manejo de mensajes SMB2. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la ra\u00edz. Era ZDI-CAN-22384." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5268.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5268.json index eb0295918d6..020abe8df6c 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5268.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5268.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5268", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:19.680", - "lastModified": "2024-06-06T18:15:19.680", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Sonos Era 100 SMB2 Message Handling Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of SMB2 messages. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22428." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el manejo de mensajes SMB2 de Sonos Era 100. Esta vulnerabilidad permite a atacantes adyacentes a la red revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de los altavoces inteligentes Sonos Era 100. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe en el manejo de mensajes SMB2. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto de la ra\u00edz. Era ZDI-CAN-22428." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5269.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5269.json index 7ce37e93a3d..a1d6c7bc1ff 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5269.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5269.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5269", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:19.880", - "lastModified": "2024-06-06T18:15:19.880", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Sonos Era 100 SMB2 Message Handling Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Sonos Era 100 smart speakers. Authentication is not required to exploit this vulnerability.\n\nThe specific flaw exists within the handling of SMB2 messages. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22459." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Use-After-Free en el manejo de mensajes de Sonos Era 100 SMB2. Esta vulnerabilidad permite a atacantes adyacentes a la red ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de los altavoces inteligentes Sonos Era 100. No se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe en el manejo de mensajes SMB2. El problema surge de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones sobre \u00e9l. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de la ra\u00edz. Era ZDI-CAN-22459." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5277.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5277.json index d9721e1f542..8de28d100a0 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5277.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5277.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5277", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:20.087", - "lastModified": "2024-06-06T18:15:20.087", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In lunary-ai/lunary version 1.2.4, a vulnerability exists in the password recovery mechanism where the reset password token is not invalidated after use. This allows an attacker who compromises the recovery token to repeatedly change the password of a victim's account. The issue lies in the backend's handling of the reset password process, where the token, once used, is not discarded or invalidated, enabling its reuse. This vulnerability could lead to unauthorized account access if an attacker obtains the recovery token." + }, + { + "lang": "es", + "value": "En lunary-ai/lunary versi\u00f3n 1.2.4, existe una vulnerabilidad en el mecanismo de recuperaci\u00f3n de contrase\u00f1a donde el token de restablecimiento de contrase\u00f1a no se invalida despu\u00e9s de su uso. Esto permite que un atacante que comprometa el token de recuperaci\u00f3n cambie repetidamente la contrase\u00f1a de la cuenta de la v\u00edctima. El problema radica en el manejo del backend del proceso de restablecimiento de contrase\u00f1a, donde el token, una vez utilizado, no se descarta ni se invalida, lo que permite su reutilizaci\u00f3n. Esta vulnerabilidad podr\u00eda provocar un acceso no autorizado a la cuenta si un atacante obtiene el token de recuperaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-52xx/CVE-2024-5278.json b/CVE-2024/CVE-2024-52xx/CVE-2024-5278.json index 34e3dfb0576..524598ec56c 100644 --- a/CVE-2024/CVE-2024-52xx/CVE-2024-5278.json +++ b/CVE-2024/CVE-2024-52xx/CVE-2024-5278.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5278", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:07.310", - "lastModified": "2024-06-06T19:16:07.310", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its `/upload` endpoint. Specifically, the `handle_file_upload` function does not sanitize or validate the file extension or content type of uploaded files, allowing attackers to upload files with arbitrary extensions, including HTML files containing XSS payloads and Python files. This vulnerability, present in the latest version as of 20240310, could lead to stored XSS attacks and potentially result in remote code execution (RCE) on the server hosting the application." + }, + { + "lang": "es", + "value": "gaizhenbiao/chuanhuchatgpt es afectado por una vulnerabilidad de carga de archivos sin restricciones debido a una validaci\u00f3n insuficiente de los tipos de archivos cargados en su endpoint `/upload`. Espec\u00edficamente, la funci\u00f3n `handle_file_upload` no sanitiza ni valida la extensi\u00f3n del archivo o el tipo de contenido de los archivos cargados, lo que permite a los atacantes cargar archivos con extensiones arbitrarias, incluidos archivos HTML que contienen payloads XSS y archivos Python. Esta vulnerabilidad, presente en la \u00faltima versi\u00f3n 20240310, podr\u00eda provocar ataques XSS almacenados y potencialmente provocar la ejecuci\u00f3n remota de c\u00f3digo (RCE) en el servidor que aloja la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5301.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5301.json index 199aaa8f5d9..fe318b7ee01 100644 --- a/CVE-2024/CVE-2024-53xx/CVE-2024-5301.json +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5301.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5301", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:20.307", - "lastModified": "2024-06-06T18:15:20.307", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kofax Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22917." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de desbordamiento de b\u00fafer basado en mont\u00f3n en el an\u00e1lisis de archivos PSD de Kofax Power PDF. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Kofax Power PDF. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PSD. El problema se debe a la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos en un b\u00fafer basado en mont\u00f3n de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22917." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5302.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5302.json index 17dc5b0db7c..d0c58ebbf1b 100644 --- a/CVE-2024/CVE-2024-53xx/CVE-2024-5302.json +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5302.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5302", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:20.530", - "lastModified": "2024-06-06T18:15:20.530", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kofax Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22918." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites en el an\u00e1lisis de archivos PDF de Kofax Power PDF. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Kofax Power PDF. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PDF. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22918." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5303.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5303.json index cf20d6a9493..57c47928ec6 100644 --- a/CVE-2024/CVE-2024-53xx/CVE-2024-5303.json +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5303.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5303", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:20.750", - "lastModified": "2024-06-06T18:15:20.750", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kofax Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22919." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites en el an\u00e1lisis de archivos PSD de Kofax Power PDF. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Kofax Power PDF. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PSD. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22919." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5304.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5304.json index eb4088701ad..68e976ef33c 100644 --- a/CVE-2024/CVE-2024-53xx/CVE-2024-5304.json +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5304.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5304", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T19:16:07.540", - "lastModified": "2024-06-06T19:16:07.540", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kofax Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22920." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites en el an\u00e1lisis de archivos Kofax Power PDF TGA. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Kofax Power PDF. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos TGA. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22920." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5305.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5305.json index 87b628331d4..3c54a77dc09 100644 --- a/CVE-2024/CVE-2024-53xx/CVE-2024-5305.json +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5305.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5305", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T19:16:07.863", - "lastModified": "2024-06-06T19:16:07.863", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22921." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de desbordamiento de b\u00fafer basado en pila de an\u00e1lisis de archivos PDF de Kofax Power PDF. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Kofax Power PDF. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PDF. El problema se debe a la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos en un b\u00fafer basado en pila de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22921." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5306.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5306.json index 9317b5b37e4..47a54c99e59 100644 --- a/CVE-2024/CVE-2024-53xx/CVE-2024-5306.json +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5306.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5306", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T19:16:08.097", - "lastModified": "2024-06-06T19:16:08.097", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kofax Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22930." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en Kofax Power PDF An\u00e1lisis de archivos PDF Corrupci\u00f3n de la memoria. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Kofax Power PDF. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PDF. El problema se debe a la falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de la memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22930." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5307.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5307.json index 4b61a4dc9b2..2e6da97208e 100644 --- a/CVE-2024/CVE-2024-53xx/CVE-2024-5307.json +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5307.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5307", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T19:16:08.350", - "lastModified": "2024-06-06T19:16:08.350", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Kofax Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the handling of Annotation objects in AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22933." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de l\u00edmites de anotaci\u00f3n AcroForm de Kofax Power PDF. Esta vulnerabilidad permite a atacantes remotos revelar informaci\u00f3n confidencial sobre las instalaciones afectadas de Kofax Power PDF. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el manejo de objetos de anotaci\u00f3n en AcroForms. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-22933." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5328.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5328.json index 980be09157c..6a80ac68fbd 100644 --- a/CVE-2024/CVE-2024-53xx/CVE-2024-5328.json +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5328.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5328", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:08.627", - "lastModified": "2024-06-06T19:16:08.627", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the lunary-ai/lunary application, specifically within the endpoint '/auth/saml/tto/download-idp-xml'. The vulnerability arises due to the application's failure to validate user-supplied URLs before using them in server-side requests. An attacker can exploit this vulnerability by sending a specially crafted request to the affected endpoint, allowing them to make unauthorized requests to internal or external resources. This could lead to the disclosure of sensitive information, service disruption, or further attacks against the network infrastructure. The issue affects the latest version of the application as of the report." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en la aplicaci\u00f3n lunary-ai/lunary, espec\u00edficamente dentro del endpoint '/auth/saml/tto/download-idp-xml'. La vulnerabilidad surge debido a que la aplicaci\u00f3n no valida las URL proporcionadas por el usuario antes de usarlas en solicitudes del lado del servidor. Un atacante puede aprovechar esta vulnerabilidad enviando una solicitud especialmente manipulada al endpoint afectado, lo que le permite realizar solicitudes no autorizadas a recursos internos o externos. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n confidencial, la interrupci\u00f3n del servicio o nuevos ataques contra la infraestructura de la red. El problema afecta a la \u00faltima versi\u00f3n de la aplicaci\u00f3n en el momento del informe." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5382.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5382.json index 8bcd6c65a14..6646e2d9226 100644 --- a/CVE-2024/CVE-2024-53xx/CVE-2024-5382.json +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5382.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5382", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T13:15:50.273", - "lastModified": "2024-06-07T13:15:50.273", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5425.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5425.json index 6622c3d7307..7540651539a 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5425.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5425.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5425", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T04:15:32.597", - "lastModified": "2024-06-07T04:15:32.597", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018title\u2019 attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento WP jQuery Lightbox para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del atributo 'title' en todas las versiones hasta la 1.5.4 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de Colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5426.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5426.json index 0c652ab8b65..e059e5a1b09 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5426.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5426.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5426", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T10:15:11.627", - "lastModified": "2024-06-07T10:15:11.627", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018svg\u2019 parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default, this can only be exploited by administrators, but the ability to use and configure Photo Gallery can be extended to contributors on pro versions of the plugin." + }, + { + "lang": "es", + "value": "El complemento Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'svg' en todas las versiones hasta la 1.8.23 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. De forma predeterminada, esto solo puede ser aprovechado por los administradores, pero la capacidad de usar y configurar la Galer\u00eda fotogr\u00e1fica se puede extender a los contribuyentes en las versiones profesionales del complemento." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5438.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5438.json index b965595adaa..1ee36a1c3fa 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5438.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5438.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5438", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T13:15:50.500", - "lastModified": "2024-06-07T13:15:50.500", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5452.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5452.json index 491d74182e8..ed1ee1bbf5e 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5452.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5452.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5452", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:20.970", - "lastModified": "2024-06-06T18:15:20.970", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the `deepdiff` library. The library uses `deepdiff.Delta` objects to modify application state based on frontend actions. However, it is possible to bypass the intended restrictions on modifying dunder attributes, allowing an attacker to construct a serialized delta that passes the deserializer whitelist and contains dunder attributes. When processed, this can be exploited to access other modules, classes, and instances, leading to arbitrary attribute write and total RCE on any self-hosted pytorch-lightning application in its default configuration, as the delta endpoint is enabled by default." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) en la versi\u00f3n 2.2.1 de la librer\u00eda Lightning-ai/pytorch-lightning debido al manejo inadecuado de la entrada del usuario deserializada y a la mala administraci\u00f3n de los atributos dunder por parte de la librer\u00eda \"deepdiff\". La librer\u00eda utiliza objetos `deepdiff.Delta` para modificar el estado de la aplicaci\u00f3n en funci\u00f3n de las acciones del frontend. Sin embargo, es posible eludir las restricciones previstas sobre la modificaci\u00f3n de los atributos de dunder, lo que permite a un atacante construir un delta serializado que pasa la lista blanca de deserializadores y contiene atributos de dunder. Cuando se procesa, esto se puede aprovechar para acceder a otros m\u00f3dulos, clases e instancias, lo que lleva a una escritura de atributos arbitraria y un RCE total en cualquier aplicaci\u00f3n pytorch-lightning autohospedada en su configuraci\u00f3n predeterminada, ya que el endpoint delta est\u00e1 habilitado de forma predeterminada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5478.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5478.json index 959d021cd13..a5e94277d42 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5478.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5478.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5478", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:08.933", - "lastModified": "2024-06-06T19:16:08.933", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Cross-site Scripting (XSS) vulnerability exists in the SAML metadata endpoint `/auth/saml/${org?.id}/metadata` of lunary-ai/lunary version 1.2.7. The vulnerability arises due to the application's failure to escape or validate the `orgId` parameter supplied by the user before incorporating it into the generated response. Specifically, the endpoint generates XML responses for SAML metadata, where the `orgId` parameter is directly embedded into the XML structure without proper sanitization or validation. This flaw allows an attacker to inject arbitrary JavaScript code into the generated SAML metadata page, leading to potential theft of user cookies or authentication tokens." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Cross-site Scripting (XSS) en el endpoint de metadatos SAML `/auth/saml/${org?.id}/metadata` de lunary-ai/lunary versi\u00f3n 1.2.7. La vulnerabilidad surge debido a que la aplicaci\u00f3n no logra escapar o validar el par\u00e1metro `orgId` proporcionado por el usuario antes de incorporarlo a la respuesta generada. Espec\u00edficamente, el endpoint genera respuestas XML para metadatos SAML, donde el par\u00e1metro `orgId` est\u00e1 directamente incrustado en la estructura XML sin una sanitizaci\u00f3n o validaci\u00f3n adecuada. Esta falla permite a un atacante inyectar c\u00f3digo JavaScript arbitrario en la p\u00e1gina de metadatos SAML generada, lo que lleva a un posible robo de cookies o tokens de autenticaci\u00f3n del usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5480.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5480.json index 9c68bf393d8..a5e6baf1b88 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5480.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5480.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5480", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:09.177", - "lastModified": "2024-06-06T19:16:09.177", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability in the PyTorch's torch.distributed.rpc framework, specifically in versions prior to 2.2.2, allows for remote code execution (RCE). The framework, which is used in distributed training scenarios, does not properly verify the functions being called during RPC (Remote Procedure Call) operations. This oversight permits attackers to execute arbitrary commands by leveraging built-in Python functions such as eval during multi-cpu RPC communication. The vulnerability arises from the lack of restriction on function calls when a worker node serializes and sends a PythonUDF (User Defined Function) to the master node, which then deserializes and executes the function without validation. This flaw can be exploited to compromise master nodes initiating distributed training, potentially leading to the theft of sensitive AI-related data." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en el framework torch.distributed.rpc de PyTorch, espec\u00edficamente en versiones anteriores a la 2.2.2, permite la ejecuci\u00f3n remota de c\u00f3digo (RCE). El framework, que se utiliza en escenarios de capacitaci\u00f3n distribuida, no verifica adecuadamente las funciones que se llaman durante las operaciones RPC (llamada a procedimiento remoto). Esta supervisi\u00f3n permite a los atacantes ejecutar comandos arbitrarios aprovechando las funciones integradas de Python, como la evaluaci\u00f3n, durante la comunicaci\u00f3n RPC entre m\u00faltiples CPU. La vulnerabilidad surge de la falta de restricci\u00f3n en las llamadas a funciones cuando un nodo trabajador serializa y env\u00eda una PythonUDF (funci\u00f3n definida por el usuario) al nodo maestro, que luego deserializa y ejecuta la funci\u00f3n sin validaci\u00f3n. Esta falla puede explotarse para comprometer los nodos maestros que inician el entrenamiento distribuido, lo que podr\u00eda conducir al robo de datos confidenciales relacionados con la IA." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5481.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5481.json index 9b16fdc7c5e..52d5c92ea4a 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5481.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5481.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5481", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T10:15:11.827", - "lastModified": "2024-06-07T10:15:11.827", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the server, which can contain sensitive information, and to cut (delete) arbitrary directories, including the root WordPress directory. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery edit permissions to lower level users, which might make this exploitable by users as low as contributors." + }, + { + "lang": "es", + "value": "El complemento Photo Gallery by 10Web \u2013 Mobile-Friendly Image Gallery para WordPress es vulnerable a Path Traversal en todas las versiones hasta la 1.8.23 incluida a trav\u00e9s de la funci\u00f3n esc_dir. Esto hace posible que atacantes autenticados corten y peguen (copien) el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial, y corten (eliminen) directorios arbitrarios, incluido el directorio ra\u00edz de WordPress. De forma predeterminada, esto s\u00f3lo puede ser aprovechado por los administradores. En la versi\u00f3n premium del complemento, los administradores pueden otorgar permisos de edici\u00f3n de la galer\u00eda a usuarios de niveles inferiores, lo que podr\u00eda hacer que esto sea explotable por usuarios tan bajos como contribuyentes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5482.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5482.json index eaccc0871b4..6a1d78f40f0 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5482.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5482.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5482", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T18:15:21.207", - "lastModified": "2024-06-06T18:15:21.207", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "A Server-Side Request Forgery (SSRF) vulnerability exists in the 'add_webpage' endpoint of the parisneo/lollms-webui application, affecting the latest version. The vulnerability arises because the application does not adequately validate URLs entered by users, allowing them to input arbitrary URLs, including those that target internal resources such as 'localhost' or '127.0.0.1'. This flaw enables attackers to make unauthorized requests to internal or external systems, potentially leading to access to sensitive data, service disruption, network integrity compromise, business logic manipulation, and abuse of third-party resources. The issue is critical and requires immediate attention to maintain the application's security and integrity." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de Server-Side Request Forgery (SSRF) en el endpoint 'add_webpage' de la aplicaci\u00f3n parisneo/lollms-webui, que afecta a la \u00faltima versi\u00f3n. La vulnerabilidad surge porque la aplicaci\u00f3n no valida adecuadamente las URL ingresadas por los usuarios, permiti\u00e9ndoles ingresar URL arbitrarias, incluidas aquellas que apuntan a recursos internos como 'localhost' o '127.0.0.1'. Esta falla permite a los atacantes realizar solicitudes no autorizadas a sistemas internos o externos, lo que potencialmente conduce al acceso a datos confidenciales, interrupci\u00f3n del servicio, compromiso de la integridad de la red, manipulaci\u00f3n de la l\u00f3gica empresarial y abuso de recursos de terceros. El problema es cr\u00edtico y requiere atenci\u00f3n inmediata para mantener la seguridad e integridad de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5505.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5505.json index a47e678ce1e..bc5dc932e83 100644 --- a/CVE-2024/CVE-2024-55xx/CVE-2024-5505.json +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5505.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5505", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:21.423", - "lastModified": "2024-06-06T18:15:21.423", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "NETGEAR ProSAFE Network Management System UpLoadServlet Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability.\n\nThe specific flaw exists within the UpLoadServlet class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-22724." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo transversal de directorio UpLoadServlet del sistema de gesti\u00f3n de red NETGEAR ProSAFE. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de NETGEAR ProSAFE Network Management System. Se requiere autenticaci\u00f3n para aprovechar esta vulnerabilidad. La falla espec\u00edfica existe dentro de la clase UpLoadServlet. El problema se debe a la falta de validaci\u00f3n adecuada de una ruta proporcionada por el usuario antes de usarla en operaciones de archivos. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto de SYSTEM. Era ZDI-CAN-22724." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5506.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5506.json index a75f75e496d..d0b9c37cf5c 100644 --- a/CVE-2024/CVE-2024-55xx/CVE-2024-5506.json +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5506.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5506", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:21.640", - "lastModified": "2024-06-06T18:15:21.640", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22514." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites en el an\u00e1lisis de archivos KSP de Luxion KeyShot Viewer. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Luxion KeyShot Viewer. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos KSP. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22514." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5507.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5507.json index 26a36ff4ae7..68e3be7327b 100644 --- a/CVE-2024/CVE-2024-55xx/CVE-2024-5507.json +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5507.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5507", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:21.853", - "lastModified": "2024-06-06T18:15:21.853", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Luxion KeyShot Viewer KSP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22266." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de desbordamiento de b\u00fafer basado en pila de an\u00e1lisis de archivos KSP de Luxion KeyShot Viewer. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Luxion KeyShot Viewer. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos KSP. El problema se debe a la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos en un b\u00fafer basado en pila. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22266." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5508.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5508.json index 767e2c064d0..957fd6bf0ba 100644 --- a/CVE-2024/CVE-2024-55xx/CVE-2024-5508.json +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5508.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5508", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:22.053", - "lastModified": "2024-06-06T18:15:22.053", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Luxion KeyShot Viewer KSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22267." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de escritura fuera de los l\u00edmites en el an\u00e1lisis de archivos KSP de Luxion KeyShot Viewer. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en instalaciones afectadas de Luxion KeyShot Viewer. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos KSP. El problema se debe a la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22267." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5509.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5509.json index a92d8a73638..63f2ddce222 100644 --- a/CVE-2024/CVE-2024-55xx/CVE-2024-5509.json +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5509.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5509", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-06-06T18:15:22.270", - "lastModified": "2024-06-06T18:15:22.270", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "Luxion KeyShot BIP File Parsing Uncontrolled Search Path Element Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of BIP files. The issue results from loading a library from an unsecured location. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22738." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo del elemento de ruta de b\u00fasqueda no controlada del an\u00e1lisis de archivos BIP de Luxion KeyShot. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de Luxion KeyShot. Se requiere la interacci\u00f3n del usuario para aprovechar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos BIP. El problema se debe a la carga de una librer\u00eda desde una ubicaci\u00f3n no segura. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-22738." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5542.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5542.json index aeefbf1010e..2035ecc5edc 100644 --- a/CVE-2024/CVE-2024-55xx/CVE-2024-5542.json +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5542.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5542", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T13:15:50.730", - "lastModified": "2024-06-07T13:15:50.730", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5550.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5550.json index 8ca622aa725..fed04173f6b 100644 --- a/CVE-2024/CVE-2024-55xx/CVE-2024-5550.json +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5550.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5550", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:09.473", - "lastModified": "2024-06-06T19:16:09.473", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In h2oai/h2o-3 version 3.40.0.4, an exposure of sensitive information vulnerability exists due to an arbitrary system path lookup feature. This vulnerability allows any remote user to view full paths in the entire file system where h2o-3 is hosted. Specifically, the issue resides in the Typeahead API call, which when requested with a typeahead lookup of '/', exposes the root filesystem including directories such as /home, /usr, /bin, among others. This vulnerability could allow attackers to explore the entire filesystem, and when combined with a Local File Inclusion (LFI) vulnerability, could make exploitation of the server trivial." + }, + { + "lang": "es", + "value": "En h2oai/h2o-3 versi\u00f3n 3.40.0.4, existe una vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial debido a una funci\u00f3n de b\u00fasqueda de ruta arbitraria del sistema. Esta vulnerabilidad permite a cualquier usuario remoto ver las rutas completas en todo el sistema de archivos donde est\u00e1 alojado h2o-3. Espec\u00edficamente, el problema reside en la llamada API Typeahead, que cuando se solicita con una b\u00fasqueda anticipada de '/', expone el sistema de archivos ra\u00edz, incluidos directorios como /home, /usr, /bin, entre otros. Esta vulnerabilidad podr\u00eda permitir a los atacantes explorar todo el sistema de archivos y, cuando se combina con una vulnerabilidad de inclusi\u00f3n de archivos locales (LFI), podr\u00eda hacer que la explotaci\u00f3n del servidor sea trivial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5552.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5552.json index f2d25e1396b..1fa1f4f69ea 100644 --- a/CVE-2024/CVE-2024-55xx/CVE-2024-5552.json +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5552.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5552", "sourceIdentifier": "security@huntr.dev", "published": "2024-06-06T19:16:09.697", - "lastModified": "2024-06-06T19:16:09.697", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes the application to consume an excessive amount of CPU resources. This vulnerability affects the latest version of kubeflow/kubeflow, specifically within the centraldashboard-angular backend component. The impact of exploiting this vulnerability includes resource exhaustion, and service disruption." + }, + { + "lang": "es", + "value": "kubeflow/kubeflow es vulnerable a un ataque de denegaci\u00f3n de servicio de expresi\u00f3n regular (ReDoS) debido a la complejidad ineficiente de la expresi\u00f3n regular en su mecanismo de validaci\u00f3n de correo electr\u00f3nico. Un atacante puede explotar esta vulnerabilidad de forma remota sin autenticaci\u00f3n proporcionando una entrada especialmente manipulada que hace que la aplicaci\u00f3n consuma una cantidad excesiva de recursos de CPU. Esta vulnerabilidad afecta a la \u00faltima versi\u00f3n de kubeflow/kubeflow, espec\u00edficamente dentro del componente backend centraldashboard-angular. El impacto de explotar esta vulnerabilidad incluye el agotamiento de los recursos y la interrupci\u00f3n del servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5599.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5599.json index 0b7ac565644..7e6ea3e55f8 100644 --- a/CVE-2024/CVE-2024-55xx/CVE-2024-5599.json +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5599.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5599", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T13:15:50.943", - "lastModified": "2024-06-07T13:15:50.943", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5607.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5607.json index 555e3d233d7..cbcd220cf1a 100644 --- a/CVE-2024/CVE-2024-56xx/CVE-2024-5607.json +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5607.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5607", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T03:15:09.630", - "lastModified": "2024-06-07T03:15:09.630", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The GDPR CCPA Compliance & Cookie Consent Banner plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions named ajaxUpdateSettings() in all versions up to, and including, 2.7.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify the plugin's settings, update page content, send arbitrary emails and inject malicious web scripts." + }, + { + "lang": "es", + "value": "El complemento GDPR CCPA Compliance & Cookie Consent Banner para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en varias funciones denominadas ajaxUpdateSettings() en todas las versiones hasta la 2.7.0 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, modifiquen la configuraci\u00f3n del complemento, actualicen el contenido de la p\u00e1gina, env\u00eden correos electr\u00f3nicos arbitrarios e inyecten scripts web maliciosos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5612.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5612.json index 1dbd4b322f5..0fc648a9841 100644 --- a/CVE-2024/CVE-2024-56xx/CVE-2024-5612.json +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5612.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5612", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T05:15:50.523", - "lastModified": "2024-06-07T05:15:50.523", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Essential Addons for Elementor Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018eael_lightbox_open_btn_icon\u2019 parameter within the Lightbox & Modal widget in all versions up to, and including, 5.8.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Essential Addons for Elementor Pro para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'eael_lightbox_open_btn_icon' dentro del widget Lightbox & Modal en todas las versiones hasta la 5.8.15 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de Colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5637.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5637.json index 2ce1afdb116..74f33d92325 100644 --- a/CVE-2024/CVE-2024-56xx/CVE-2024-5637.json +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5637.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5637", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T11:15:53.353", - "lastModified": "2024-06-07T11:15:53.353", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5640.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5640.json index e191f51dfa1..1b58ad437b2 100644 --- a/CVE-2024/CVE-2024-56xx/CVE-2024-5640.json +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5640.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5640", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T05:15:50.730", - "lastModified": "2024-06-07T05:15:50.730", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "The Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018id\u2019 attribute within the Pacific widget in all versions up to, and including, 3.14.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Prime Slider \u2013 Addons For Elementor (Revolution of a slider, Hero Slider, Ecommerce Slider) para WordPress es vulnerable a las Cross-Site Scripting Almacenado a trav\u00e9s del atributo 'id' dentro del widget Pacific en todas las versiones hasta la 3.14.7 incluida debido a una sanitizaci\u00f3n insuficiente de los insumos y a fugas de productos. Esto hace posible que atacantes autenticados, con acceso de nivel de Colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5645.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5645.json index a5575a50318..7ae29031f87 100644 --- a/CVE-2024/CVE-2024-56xx/CVE-2024-5645.json +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5645.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5645", "sourceIdentifier": "security@wordfence.com", "published": "2024-06-07T10:15:12.090", - "lastModified": "2024-06-07T10:15:12.090", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "The Envo Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018button_css_id\u2019 parameter within the Button widget in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Envo Extra para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s del par\u00e1metro 'button_css_id' dentro del widget de bot\u00f3n en todas las versiones hasta la 1.8.23 incluida debido a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de Colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5732.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5732.json index 25225db982a..d8e557072db 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5732.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5732.json @@ -2,12 +2,16 @@ "id": "CVE-2024-5732", "sourceIdentifier": "cna@vuldb.com", "published": "2024-06-07T10:15:12.293", - "lastModified": "2024-06-07T10:15:12.293", - "vulnStatus": "Received", + "lastModified": "2024-06-07T15:15:51.007", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Clash up to 0.20.1 on Windows. It has been declared as critical. This vulnerability affects unknown code of the component Proxy Port. The manipulation leads to improper authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-267406 is the identifier assigned to this vulnerability." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Clash hasta 0.20.1 en Windows. Ha sido declarada cr\u00edtica. Esta vulnerabilidad afecta a un c\u00f3digo desconocido del componente Proxy Port. La manipulaci\u00f3n conduce a una autenticaci\u00f3n incorrecta. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. Se recomienda cambiar los ajustes de configuraci\u00f3n. VDB-267406 es el identificador asignado a esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5733.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5733.json index 75e24af273e..d85a516e9b7 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5733.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5733.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5733", "sourceIdentifier": "cna@vuldb.com", "published": "2024-06-07T12:15:09.190", - "lastModified": "2024-06-07T12:15:09.190", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/CVE-2024/CVE-2024-57xx/CVE-2024-5734.json b/CVE-2024/CVE-2024-57xx/CVE-2024-5734.json index c31d9444a63..4c5f624e58a 100644 --- a/CVE-2024/CVE-2024-57xx/CVE-2024-5734.json +++ b/CVE-2024/CVE-2024-57xx/CVE-2024-5734.json @@ -2,8 +2,8 @@ "id": "CVE-2024-5734", "sourceIdentifier": "cna@vuldb.com", "published": "2024-06-07T12:15:09.463", - "lastModified": "2024-06-07T12:15:09.463", - "vulnStatus": "Received", + "lastModified": "2024-06-07T14:56:05.647", + "vulnStatus": "Undergoing Analysis", "descriptions": [ { "lang": "en", diff --git a/README.md b/README.md index 3a137fe11a7..394f2641ed2 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-07T14:02:37.976272+00:00 +2024-06-07T16:00:18.905202+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-07T13:55:43.110000+00:00 +2024-06-07T15:40:49.707000+00:00 ``` ### Last Data Feed Release @@ -33,30 +33,53 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -252986 +252995 ``` ### CVEs added in the last Commit -Recently added CVEs: `8` +Recently added CVEs: `9` -- [CVE-2024-36673](CVE-2024/CVE-2024-366xx/CVE-2024-36673.json) (`2024-06-07T13:15:49.547`) -- [CVE-2024-4610](CVE-2024/CVE-2024-46xx/CVE-2024-4610.json) (`2024-06-07T12:15:09.077`) -- [CVE-2024-5382](CVE-2024/CVE-2024-53xx/CVE-2024-5382.json) (`2024-06-07T13:15:50.273`) -- [CVE-2024-5438](CVE-2024/CVE-2024-54xx/CVE-2024-5438.json) (`2024-06-07T13:15:50.500`) -- [CVE-2024-5542](CVE-2024/CVE-2024-55xx/CVE-2024-5542.json) (`2024-06-07T13:15:50.730`) -- [CVE-2024-5599](CVE-2024/CVE-2024-55xx/CVE-2024-5599.json) (`2024-06-07T13:15:50.943`) -- [CVE-2024-5733](CVE-2024/CVE-2024-57xx/CVE-2024-5733.json) (`2024-06-07T12:15:09.190`) -- [CVE-2024-5734](CVE-2024/CVE-2024-57xx/CVE-2024-5734.json) (`2024-06-07T12:15:09.463`) +- [CVE-2024-31878](CVE-2024/CVE-2024-318xx/CVE-2024-31878.json) (`2024-06-07T14:15:10.017`) +- [CVE-2024-36773](CVE-2024/CVE-2024-367xx/CVE-2024-36773.json) (`2024-06-07T15:15:50.063`) +- [CVE-2024-36787](CVE-2024/CVE-2024-367xx/CVE-2024-36787.json) (`2024-06-07T15:15:50.140`) +- [CVE-2024-36788](CVE-2024/CVE-2024-367xx/CVE-2024-36788.json) (`2024-06-07T15:15:50.233`) +- [CVE-2024-36789](CVE-2024/CVE-2024-367xx/CVE-2024-36789.json) (`2024-06-07T15:15:50.323`) +- [CVE-2024-36790](CVE-2024/CVE-2024-367xx/CVE-2024-36790.json) (`2024-06-07T15:15:50.407`) +- [CVE-2024-36792](CVE-2024/CVE-2024-367xx/CVE-2024-36792.json) (`2024-06-07T15:15:50.493`) +- [CVE-2024-37160](CVE-2024/CVE-2024-371xx/CVE-2024-37160.json) (`2024-06-07T14:15:10.440`) +- [CVE-2024-37162](CVE-2024/CVE-2024-371xx/CVE-2024-37162.json) (`2024-06-07T15:15:50.617`) ### CVEs modified in the last Commit -Recently modified CVEs: `3` +Recently modified CVEs: `183` -- [CVE-2019-18683](CVE-2019/CVE-2019-186xx/CVE-2019-18683.json) (`2024-06-07T13:55:43.110`) -- [CVE-2024-1086](CVE-2024/CVE-2024-10xx/CVE-2024-1086.json) (`2024-06-07T13:25:37.403`) -- [CVE-2024-5637](CVE-2024/CVE-2024-56xx/CVE-2024-5637.json) (`2024-06-07T11:15:53.353`) +- [CVE-2024-5425](CVE-2024/CVE-2024-54xx/CVE-2024-5425.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5426](CVE-2024/CVE-2024-54xx/CVE-2024-5426.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5438](CVE-2024/CVE-2024-54xx/CVE-2024-5438.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5452](CVE-2024/CVE-2024-54xx/CVE-2024-5452.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5478](CVE-2024/CVE-2024-54xx/CVE-2024-5478.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5480](CVE-2024/CVE-2024-54xx/CVE-2024-5480.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5481](CVE-2024/CVE-2024-54xx/CVE-2024-5481.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5482](CVE-2024/CVE-2024-54xx/CVE-2024-5482.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5505](CVE-2024/CVE-2024-55xx/CVE-2024-5505.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5506](CVE-2024/CVE-2024-55xx/CVE-2024-5506.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5507](CVE-2024/CVE-2024-55xx/CVE-2024-5507.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5508](CVE-2024/CVE-2024-55xx/CVE-2024-5508.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5509](CVE-2024/CVE-2024-55xx/CVE-2024-5509.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5542](CVE-2024/CVE-2024-55xx/CVE-2024-5542.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5550](CVE-2024/CVE-2024-55xx/CVE-2024-5550.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5552](CVE-2024/CVE-2024-55xx/CVE-2024-5552.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5599](CVE-2024/CVE-2024-55xx/CVE-2024-5599.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5607](CVE-2024/CVE-2024-56xx/CVE-2024-5607.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5612](CVE-2024/CVE-2024-56xx/CVE-2024-5612.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5637](CVE-2024/CVE-2024-56xx/CVE-2024-5637.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5640](CVE-2024/CVE-2024-56xx/CVE-2024-5640.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5645](CVE-2024/CVE-2024-56xx/CVE-2024-5645.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5732](CVE-2024/CVE-2024-57xx/CVE-2024-5732.json) (`2024-06-07T15:15:51.007`) +- [CVE-2024-5733](CVE-2024/CVE-2024-57xx/CVE-2024-5733.json) (`2024-06-07T14:56:05.647`) +- [CVE-2024-5734](CVE-2024/CVE-2024-57xx/CVE-2024-5734.json) (`2024-06-07T14:56:05.647`) ## Download and Usage diff --git a/_state.csv b/_state.csv index af265f9bfe2..82e1b223217 100644 --- a/_state.csv +++ b/_state.csv @@ -135767,7 +135767,7 @@ CVE-2019-18678,0,0,17d3de8c8bd1c29e32c6db8723ab20030387d7c07ca1fdaf8f5215cd7589d CVE-2019-18679,0,0,b4c7902811b8c0929d875af61a74ecedd2959a938958ea852713271ff847a1ca,2023-11-07T03:06:53.993000 CVE-2019-1868,0,0,4f29d0de2525a6ce4a496c0b3e418729c93c799512953daa0894340eb9c531d0,2020-10-16T15:44:36.860000 CVE-2019-18680,0,0,56fd3ec9181edcf364e91ba559b768467bbd61986f8996a340db49b6b812366a,2023-01-17T21:31:48.287000 -CVE-2019-18683,0,1,233bcb1bec40e8a805ce1469218a35c133ac7ca7b68f8af79f2884515dbaa91d,2024-06-07T13:55:43.110000 +CVE-2019-18683,0,0,233bcb1bec40e8a805ce1469218a35c133ac7ca7b68f8af79f2884515dbaa91d,2024-06-07T13:55:43.110000 CVE-2019-18684,0,0,54e10d1c903892be869124b563c0ef59003a123b61ea9206958802a141ee71e3,2024-05-17T01:34:59.120000 CVE-2019-18685,0,0,c0b9719f881a2e108b17ef982267a517d24a217274b51be7d7258a65a57defa7,2023-11-07T03:06:54.240000 CVE-2019-18686,0,0,43f4c70d30bb3a286787a7454d02bd854a536bd9d135de407587c5cc2ebfe9be,2023-11-07T03:06:54.560000 @@ -212127,7 +212127,7 @@ CVE-2022-4964,0,0,1e33f52f21e6461cc018675c2148aa96cac948ebdf6307b4d3746f8773a9bf CVE-2022-4965,0,0,db99caae0cb2de43133818216d728b6e383517fb71f67f622369387ae341b961,2024-04-10T13:24:00.070000 CVE-2022-4966,0,0,4b6a071e73471757fc55bd168cdc3f57ac339cd73c0d56a405fd8ea19bcfc79e,2024-05-17T02:17:05.713000 CVE-2022-4967,0,0,f64d6e9936967085c3ea26693ea59316b1fba31fa88426c80de2b587efa09fa8,2024-05-14T16:13:02.773000 -CVE-2022-4968,0,0,5ea835291645f8398a051a9401d8997a90ebb36002c3199d6fc4a223139116cf,2024-06-07T01:15:49.463000 +CVE-2022-4968,0,1,3f434ce45c701f864a051198ac36c2facd5bde0ec5d73f6bd1388b6f5bbe63de,2024-06-07T14:56:05.647000 CVE-2022-4969,0,0,e7667ad9e831fd9b2022455eeca9e7c590310d1520e21bc7482689ef0e3d9055,2024-06-06T16:15:10.250000 CVE-2023-0001,0,0,6ba5d6c17cbd7ec9fa4676d0367d715dae6604f51d9cfe28b728a892d018af19,2024-01-12T22:10:50.817000 CVE-2023-0002,0,0,1b2ceaca2ad4aa0f50a972375612dbbc2aec389d54ffce2da41cd327ee68ab86,2023-11-07T03:59:26.433000 @@ -223960,7 +223960,7 @@ CVE-2023-32469,0,0,c64f718d771da097b11fa482f724641a50f58bd141ecdac8ef1bd9ca3a93b CVE-2023-3247,0,0,944c7a9512d0302f40ba18a4d82c1511a534aceb1c4dea9f4a52b787f5bc6104,2023-08-01T16:38:09.033000 CVE-2023-32470,0,0,cf1fb93bb33344b250fa425962be9282d4e9421bfa05744d38e6fb334ebf28ff,2023-09-13T14:37:24.530000 CVE-2023-32474,0,0,14a7699c96745d2416031df6a87cf303ba86dd81dec884626035282f55099052,2024-02-12T21:37:18.687000 -CVE-2023-32475,0,0,f865531aabb7a749b97b40a09c1fabc6b408138b7171f1063f2c9735185792f5,2024-06-07T03:15:08.950000 +CVE-2023-32475,0,1,8c9b75a20cacd369537034b8fdc6625a4373f1930eb22b83c7d55f78ffd4aa79,2024-06-07T14:56:05.647000 CVE-2023-32476,0,0,f67bfea26297a4cf8c38d5da9786d71b4b8bf1feb4789219a97bb09d5d395732,2023-07-31T17:05:59.917000 CVE-2023-32477,0,0,c6c53e53bb15cc4bb1e010bc91b9bd9b6aeeeac451ae42307ec3c88df745781c,2023-10-03T15:57:15.073000 CVE-2023-32478,0,0,0a9e3e2ada95dec3b888569322d70937b16477be7b01831c757a4021ed4b299f,2023-07-31T15:08:44.263000 @@ -224800,7 +224800,7 @@ CVE-2023-3345,0,0,2a6b79761f1967c3b2164ab432f2f84ff5f9f4efe9855ab8e206076e8316ce CVE-2023-33457,0,0,ff542e82ff55fa61b0659f6c6288b47cc7432a6960e5834f8857d4feb64e88a6,2023-06-12T15:57:18.677000 CVE-2023-3346,0,0,880c44798cf4d86811cbd9727f666b940d24061652982f1e6f891ff163dee72a,2023-08-11T21:01:53.977000 CVE-2023-33460,0,0,6be67e2f054fe02d5e498cb812e81d7b0ade8b9a0b6f9f71b2615e6fabebf571,2023-11-07T04:14:54.257000 -CVE-2023-33461,0,0,d6500e4033454e87d8aacd2e91265d3ec9a417a4079858a2fceba0452f863a44,2023-11-07T04:14:55.163000 +CVE-2023-33461,0,1,7a2b014463bbd34f475410ed0ac5de990384aae621e78afc444dffec48dfa4bf,2024-06-07T14:11:55.450000 CVE-2023-33466,0,0,edb400e1765c8e049d90fabaabe681d7a3f1799525c77d9b7167542116dbab9c,2023-09-12T11:15:07.650000 CVE-2023-33468,0,0,d9e4dab7978126c8da945b9754e1c87cd2541aea620924504d1a3e6d84fa8f27,2023-08-16T18:03:44.977000 CVE-2023-33469,0,0,387b19c0d50f438ab4dc1ed606512c9de33f04198989847c56b1073a99f44fdf,2023-08-17T01:40:13.813000 @@ -227642,7 +227642,7 @@ CVE-2023-37533,0,0,9cf91dce4fef590bc27629e5832526c0874403571bc941e5d657e76dbd97a CVE-2023-37536,0,0,3ff1f9d8f5a0e16d1efee86cd1df3d09a3d3a6a2334a658987a562e16cd7d036,2023-12-31T14:15:42.080000 CVE-2023-37537,0,0,8eafbea6746639724054855d621df4693cca632a9d88e58d0aeae7d16af3eae6,2023-10-24T20:39:25.043000 CVE-2023-37538,0,0,2e3ab908ded045f3cb71d752e478696df3532097f747245caae75e491c7579cf,2023-10-18T16:40:26.580000 -CVE-2023-37539,0,0,6ed297b9c68844419cf3dc89eedc9b0f2c28ec3d3f095f4fcd0e7e87c9c0d01a,2024-06-06T23:15:48.720000 +CVE-2023-37539,0,1,fe4406511a2092f04bafa14f10aee93f6b4ca7a9de1b6733953234a6b61a132e,2024-06-07T14:56:05.647000 CVE-2023-3754,0,0,5f6b8f96d4590040aa350c1dd3ab2738d4b82887085506b845deafcec4c19e00,2024-05-17T02:27:45.643000 CVE-2023-37540,0,0,12f3689b3ddb4d201c51279c60534122a2f05c59ebf7083151345550669320dc,2024-02-23T16:14:43.447000 CVE-2023-37543,0,0,3d96eefef3971bb20f74a508435ca4222398e4a6d5bf603850624625cb29632e,2023-11-07T04:16:58.957000 @@ -233153,7 +233153,7 @@ CVE-2023-45187,0,0,50fe3917bef6f155de7c2ef7d4d38b62123ce4c23e74e434f5c6a36d50e03 CVE-2023-45189,0,0,df153b6d1053e0ec8ad7a75797868a0b23f8c9deecf4676d70e63dec9cc0990b,2023-11-09T20:27:56.003000 CVE-2023-45190,0,0,ee5cdff23ea1c9c51b85b56e05c245a9158fa23b5938ef53dd8353ecb5eef64c,2024-02-15T04:41:35.763000 CVE-2023-45191,0,0,0471d71b4e832eeadfce865b6a4a3f21dfa7a9078549997d149920fc7d734d05,2024-02-15T04:43:16.217000 -CVE-2023-45192,0,0,c79b756cdcdb338ddd4de710bea54f5d2e45cdbb11ae7a8eff8ebfee47850aed,2024-06-06T19:15:50.730000 +CVE-2023-45192,0,1,9b3331ad67e9e1a89b019f9431a09b60b39c9c9dc236135dc341290555b6f6d8,2024-06-07T14:56:05.647000 CVE-2023-45193,0,0,74568a9a8ac5466cce17b97fc2aa48957015444a92e43d7710c1164db296930b,2024-03-07T17:15:09.880000 CVE-2023-45194,0,0,d5c89e53cbf9029912da4482ada08495c9f99ebbbb14329dd33526185af3bf8f,2023-10-31T18:08:52.140000 CVE-2023-45198,0,0,e83575150f55c9693ecaa3d3d8ecc28b28389ef4c4551e169f843e36cfbc4ca1,2023-10-11T17:15:31.923000 @@ -236194,7 +236194,7 @@ CVE-2023-49436,0,0,c343cc9f56d8aeaaf098f8550cc7f1b67791aff35841346eecb1651864fdf CVE-2023-49437,0,0,b601c272f6b218b512cb483571f3902414ae3ccda32c59fbe7f0b6618f38003d,2023-12-09T04:44:23.637000 CVE-2023-49438,0,0,986305b71065fe2b774d5c740622a3b15d89f6ea5b2d46009e736e16cef02207,2024-01-14T02:15:46.610000 CVE-2023-4944,0,0,0aeb4ed2520428fe8daf2b307677448a2d1555ce5630f1ea2da794a5cacab2c2,2023-11-07T04:23:12.343000 -CVE-2023-49441,0,0,d483f64f206fcd346bf7d33b47e5a9207cbdd6bccb4ee3e85fcc31a0ed10f622,2024-06-06T22:15:09.843000 +CVE-2023-49441,0,1,f260d737179d0c3b6d60705d9492ac539d8d1756d1b29e971140b12cd63cf1bd,2024-06-07T14:56:05.647000 CVE-2023-49442,0,0,4ea5bd9fd5bd518195d9ec278ff53b900b99b4b7a362979bc3f5c76abf09143a,2024-01-10T20:26:06.417000 CVE-2023-49443,0,0,0059444303570397a5e97ce867b81abde55cd125bca08994a3148e8bb87dfd9d,2023-12-11T19:12:46.117000 CVE-2023-49444,0,0,6eb35bcc5fdcb6b8279da76c9104df3de54e9ed14bcaae2b425fa3cf2ed70efb,2023-12-11T19:11:35.700000 @@ -236571,7 +236571,7 @@ CVE-2023-50017,0,0,94a085d3b9a01b673efd08f3fd6d1c5bd5fec950ce7fd1026d076a4011d3d CVE-2023-50019,0,0,a40ef52011e4db27daaf0069b6fee08a9e027c75c96c570f8b4358261c22b37a,2024-01-11T17:28:54.257000 CVE-2023-5002,0,0,caa8854d9b3cb2453dfa75d4f887b688a0e622350b5a70176ff50129702eebe2,2023-11-07T04:23:17.827000 CVE-2023-50020,0,0,0420bf44f3192678835af5943c71c435d383debc14787f6862dfd11873466abb,2024-01-11T17:35:56.750000 -CVE-2023-50026,0,0,adbac1181343d7421a6deea5d5ad931657ea9fbc52f3578ee6dfb37ee74a98f9,2024-02-15T19:32:40.610000 +CVE-2023-50026,0,1,ddb63f64ad9db005831a0adfbb131b3f4a80d06c694a28549975d090519ef096,2024-06-07T14:12:14.943000 CVE-2023-50027,0,0,cc6332349beda48de311c789172519792bf0e1d73915b299358aaf3ebbfbd533,2024-01-11T14:26:14.217000 CVE-2023-50028,0,0,c4dec5d92b9d7082f423a44ec040b850ebf7d261529103270f04a2098eaade81,2024-01-25T19:55:05.850000 CVE-2023-5003,0,0,2849233ffe4afb30b72aadd62309b165bd2ceffb201a5ac14f68b09d02b2ba14,2023-11-07T04:23:17.990000 @@ -237685,7 +237685,7 @@ CVE-2023-5184,0,0,bf9550067b063a44f5e2c60f84a5dc2e3934ba6dac9ad3d3d8dec394ee076a CVE-2023-51840,0,0,2e2dc4e56206ef09b07482626c518e6fe03125bc73805e6245582857f1472ad5,2024-02-03T00:29:48.223000 CVE-2023-51842,0,0,e0369b9a49f0cf84587338e1939b6265330f9f97b2fd01f93784be60255c10c5,2024-02-06T17:00:29.330000 CVE-2023-51843,0,0,273c52920383b16344817eb583cc56df030df52ace9d49f8039a41ceed8a76f6,2024-02-05T18:54:19.030000 -CVE-2023-51847,0,0,2665d25125cb97520bb429a4fb0d62673ae7a0aecca91fc627c22b4f6c35e2bc,2024-06-06T22:15:09.950000 +CVE-2023-51847,0,1,efc52785b94fd1e80eb9516df1c4906acfbaa52940aecb07a4d870bd4c16b0f7,2024-06-07T14:56:05.647000 CVE-2023-5185,0,0,386042611b3c261d0b3f5e9b3745929d3ada33035e3086a1e80d8399eec7c66a,2023-09-29T18:54:59.730000 CVE-2023-5186,0,0,36263dcb3f06333f123a325e436cd03c03cbb31f2674173ec0bcfae3d9ef14b5,2024-01-31T17:15:17.980000 CVE-2023-5187,0,0,9dd87329dc229e5fe70944a1f9ce7b1568c1b908fe74eefae61702f0410ac112,2024-01-31T17:15:18.097000 @@ -238666,7 +238666,7 @@ CVE-2023-5419,0,0,10a57f40b7aa09ec8fee8e0290b35dcaeabec556901f48cd7c53cde048a9a4 CVE-2023-5421,0,0,9bb4dab1dacd00462260a3ab6642406f066d48e0d197022fde21a9cdd703b6da,2023-10-19T20:19:21.313000 CVE-2023-5422,0,0,a7118324d22c6136fa62d39d957abd68310aa0bb8b0f6398b0e7e6d41dfb2bf3,2023-10-20T18:30:38.187000 CVE-2023-5423,0,0,a7079f98fb4c6da8a0096f14e04a54b73b6abccf8b590fe8b0580e02c1d7dbd2,2024-06-04T19:18:10.780000 -CVE-2023-5424,0,0,adfe567e12f9b728db734539b11fd6df037f4db1a3c33e173c5fa6dc5b372d62,2024-06-07T10:15:10.150000 +CVE-2023-5424,0,1,54dfa4457a7d9f01d62506676686ab3bb39af40f01bfdd35c52c687f3094b7c5,2024-06-07T14:56:05.647000 CVE-2023-5425,0,0,f81796d8b9e07f2eefee9bd5546198d643d8c9f01af0f76e9f36bbcaae9c2b38,2023-11-07T21:05:34.097000 CVE-2023-5426,0,0,0da4f609138f14c3a07954c76ddd311b67fd914e8a361e4e4a87642b36ebc0b0,2023-11-08T00:48:02.973000 CVE-2023-5427,0,0,67f98f3d95537ffc7229ab21eff0bcfb85ceb61e0bccfc759c24879683352ef7,2023-12-06T20:56:58.567000 @@ -239372,7 +239372,7 @@ CVE-2023-6193,0,0,b9900119542cd00ca545fa465375df17aaa2236304c15239a12e8730d3c671 CVE-2023-6194,0,0,adca1836721719b5860e52cb41398c44be6db56a1fe0603258d70cab514c2618,2023-12-13T22:02:56.613000 CVE-2023-6196,0,0,f56d61f9e2bd859b9d4b61f6a34e06caffb31a0f56e7eb46b17c194be4b8ce85,2023-11-25T02:20:08.637000 CVE-2023-6197,0,0,c4382b52f534913e65ee4b1feb523e73025e33dfe7d74d8aade2f3fac6e8f295,2023-11-25T02:19:51.733000 -CVE-2023-6199,0,0,3cc1f86350a1c3b5f220a9a751902094b48780116f8bf5279b7fdef871685fb3,2023-11-29T17:28:30.710000 +CVE-2023-6199,0,1,12541221a80e0f3a78050b48fb01f9ad223a7ac2b781b75a0ff9d1a5e3de1cb1,2024-06-07T14:12:05.897000 CVE-2023-6200,0,0,6ad93b2827d0905ddada23ed9c26c8cd7cbada143bc86cea06b89b646e3f7634,2024-02-02T15:38:42.870000 CVE-2023-6201,0,0,e641a830aa857fff950829529f9d4b150c6030d683c3c3799f55892ea8553251,2023-12-05T07:15:11.860000 CVE-2023-6202,0,0,ce3205337a5e0608177bcc22ccce0163dc536e949834521ae89ade0780fcd9f9,2023-12-01T21:40:49.863000 @@ -239622,7 +239622,7 @@ CVE-2023-6486,0,0,c81210cab8dc9e396502360bc8e7405406f09e8235326da2aa05788514a550 CVE-2023-6487,0,0,558ab6bea6c82c03f825b7e35129bc25422ba8df0fed36970139750e652983db,2024-05-22T12:46:53.887000 CVE-2023-6488,0,0,a2d2155218f4cd12cbd7cf86a1d373ca9d8739c736f0c67e222296ebea42699d,2023-12-22T19:30:36.993000 CVE-2023-6489,0,0,8be5137422e44d9e775f7530defb6286a84af9abdf8da8a38a11072ad60f9cbc,2024-04-12T12:43:57.400000 -CVE-2023-6491,0,0,fd3f44e542146312e0cded420d92caedc58376ca67b07269007c4405afdc9517,2024-06-07T06:15:09.320000 +CVE-2023-6491,0,1,cdf7c06784d4d39eba71b6fb1604eda595538e62c28add78cc43a71a5a4b75fd,2024-06-07T14:56:05.647000 CVE-2023-6493,0,0,f1b44774d19dee2dde0db6057c1c8da6a9052c466b0c843005cf7e84e74e5bad,2024-01-10T15:10:40.807000 CVE-2023-6494,0,0,e84577867db064082c4fbb5b749302fb02213f52d6d8e07c0caef285009cb8e8,2024-04-15T13:15:31.997000 CVE-2023-6496,0,0,87b56518aaf4afd4545cd371dac346e93b19b056714958fa1a42154914cf88c5,2024-01-17T20:24:42.663000 @@ -239939,7 +239939,7 @@ CVE-2023-6872,0,0,d1c5b3fc1b3bfefd87d9dad8a9622927485875cb234fe331fefad2ca7b68f5 CVE-2023-6873,0,0,8c787d6e899bda0014371f2611891a291dd7e798bedb926309aeaa78c7003d1a,2024-02-02T02:29:27.507000 CVE-2023-6874,0,0,20d55c881c8740c1c9c245c80d2419e8fd6fe7a8ac50e023c72f933e5bdbc8a7,2024-02-10T04:08:53.127000 CVE-2023-6875,0,0,fa50f826ef562493657259922f0d672e1042b5b70e3533a566fc049edbe41c1f,2024-01-18T16:11:25.827000 -CVE-2023-6876,0,0,e659290321848fd1c3ee46b510935c7093662cece1b15a68bc6881338c3d07bf,2024-06-07T02:15:08.933000 +CVE-2023-6876,0,1,124da95b4f1401f98ecf772dc64ea27c5a534345c9c9c1d66a3801784d3510a4,2024-06-07T14:56:05.647000 CVE-2023-6877,0,0,584d67ded4d169f0ddd54eb7b0729da99776ef4f5bf8697e2f8dfbb6685f9320,2024-04-08T18:48:40.217000 CVE-2023-6878,0,0,c06c28c6ac809dd95b68d213aef696c4411990fd4045334f25f507941978e9dc,2024-01-18T16:34:53.617000 CVE-2023-6879,0,0,c08e575832036ecb7220ddc25f6a81feccb5763236592178949cea3294fefa99,2024-02-02T02:27:15.863000 @@ -240673,7 +240673,7 @@ CVE-2024-0516,0,0,6605c01ec045f9e3984e5335f409aa9cf2a09075470f6a0d6ae284b8968263 CVE-2024-0517,0,0,7d90617c43ba0962c9c0ad896660a79f4481906adb156795af4a7156524b1b73,2024-01-22T19:53:16.533000 CVE-2024-0518,0,0,0f3284bac6f19c8dc31de38d0e284e3cdc0c8b2e00c849c3904ea81ca5797e60,2024-01-22T19:53:24.690000 CVE-2024-0519,0,0,55b82021be1bcaf7198e737c935bd5ddf353a98cab3e69da28816ed30ec74f05,2024-01-22T19:53:33.937000 -CVE-2024-0520,0,0,2979bd6594b8235f305651edd2b2a8410a2c9d79e4b496cdd8227e7b56fcdb9d,2024-06-06T19:15:51.187000 +CVE-2024-0520,0,1,533588e621d38dd5f7bc0fd1260b41d0b819c833a04365c06209f8439da47c4f,2024-06-07T14:56:05.647000 CVE-2024-0521,0,0,972e3ac07457bb0a501956009e9ab1f31349232a7f575875539533e34d112aef,2024-01-29T15:26:35.300000 CVE-2024-0522,0,0,24ca48a88658b103b93d5731ee46dcb614dfdfdf4fc0486a46b71011716e0971,2024-05-17T02:34:43.397000 CVE-2024-0523,0,0,e4ac459a581347189eb45e63f628e34d6528fa38e7e147ce2dab27e6e69e3900,2024-05-17T02:34:43.537000 @@ -241189,7 +241189,7 @@ CVE-2024-1082,0,0,5d2917cbc0ebe1d44667869da021a3fe152a9311cc75cb6f51732f94daecc6 CVE-2024-1083,0,0,12f71ff8092607030cf18bf8a64ce08dcbfadccd528aaaf70c8824b0476991c9,2024-03-13T18:16:18.563000 CVE-2024-1084,0,0,034d85bf39978c9573e4dbc412f1867f9df271e85d3cd30f25c6648ff5a9703b,2024-02-13T19:45:42.327000 CVE-2024-1085,0,0,649a4a278db01305790c1d25d5fb8d26a8b328f3c410af99f7747f493230845c,2024-02-05T20:41:40.513000 -CVE-2024-1086,0,1,ae39489a541e2eb9009b89566031e627938a3323a752d08bad1c04d0e1279623,2024-06-07T13:25:37.403000 +CVE-2024-1086,0,0,ae39489a541e2eb9009b89566031e627938a3323a752d08bad1c04d0e1279623,2024-06-07T13:25:37.403000 CVE-2024-1087,0,0,bfb73beeec450e6da5995b5f21712b59848b559e03cbbae3eab10a626379de00,2024-01-31T13:15:11.030000 CVE-2024-1088,0,0,9e4fcd4d80be5fd2d14ec6d1eed4646f24ed688d5f028fb9bbb59da4f601b1b1,2024-03-05T13:41:01.900000 CVE-2024-1089,0,0,c420c84f1c9ea1e3f949226f3064a7cb757fb25c8f460e9f69a5f8ab62483f91,2024-02-29T13:49:29.390000 @@ -241713,7 +241713,7 @@ CVE-2024-1685,0,0,8445feed0f23c24c027406dbf274ee8e68366861af592aeb58da42b6e55054 CVE-2024-1686,0,0,513b8933def64d694b65e22b1395645ba43c1774153040be97c24d03679a5263,2024-02-27T14:20:06.637000 CVE-2024-1687,0,0,2c139dd7a4cd5eb96b19cf20743fdcf2a4372838670ad53c30ef28a6668ce9e0,2024-02-27T14:20:06.637000 CVE-2024-1688,0,0,00b4663231fd4363af58c5c1074d228a7c964744d2f38e0ca153752afc0e6216,2024-05-02T18:00:37.360000 -CVE-2024-1689,0,0,d07a3205c6ad81eb865662554c83592e9b340bde5cfc192dc0028c959970fb03,2024-06-07T02:15:09.203000 +CVE-2024-1689,0,1,cbc6da89b5669891834a54e09f5c8ed6ba4c79061e549755381efff9f4dfd011,2024-06-07T14:56:05.647000 CVE-2024-1690,0,0,f64df43faf81ef2a8a790a9c7a5603e22ee6007009a611d7b1688df810896620,2024-03-13T18:15:58.530000 CVE-2024-1691,0,0,f122d989b2d57485de350b354a899ca74c01df04d45a49a682097dfa29b4d980,2024-03-13T18:15:58.530000 CVE-2024-1692,0,0,ef8c2f206aee0606f4bca6d6f966b02bdbb84047340b5cc369611d2c6473005f,2024-04-01T01:12:59.077000 @@ -241781,7 +241781,7 @@ CVE-2024-1763,0,0,405c885dcc4adbf16a17f7b66d8be03ca446d597a243846c9d27588a2fd0ac CVE-2024-1764,0,0,c434e7eb3867d4e9c121215628110f61b78b54be2a078e3d4abbb0d2595e2437,2024-03-06T15:18:08.093000 CVE-2024-1765,0,0,9393650a3716a95a879e579180f18ed4907e1cef3b587b0e572b47942072153d,2024-03-13T12:33:51.697000 CVE-2024-1767,0,0,44a1b3e1abe3115036290e03cd73084f6f589982886166b1120c38962e210b6c,2024-03-11T01:32:39.697000 -CVE-2024-1768,0,0,800943f9c3d42539592b2145e9277b4b49b75eb62044406ca874414c13d9fd7f,2024-06-07T03:15:09.237000 +CVE-2024-1768,0,1,b797290744d5ed3a9a205b26fbd0571b37ae4cf9fa306241f4c383285258793a,2024-06-07T14:56:05.647000 CVE-2024-1769,0,0,c8ffc3f95047b836c5cc91dc3d0971a1ad3cd68218c48289a6e49b8c5f51f807,2024-03-05T13:41:01.900000 CVE-2024-1770,0,0,333904774d9a4f3dfdb80debed66f75e1822143539d08bcc59c6ad7076c3f64d,2024-03-28T12:42:56.150000 CVE-2024-1771,0,0,cc7280a085dd6f03eb9687c2eff5425926f2bc0e4a81dde799379b7786c7a87e,2024-03-06T15:18:08.093000 @@ -241875,15 +241875,15 @@ CVE-2024-1869,0,0,ac853c90604d921515fb75a7a9d547bf372e5cec01a80f310b2670cc5a1922 CVE-2024-1870,0,0,f4fb5b22985880167f6ef7e58ca026ed8b40cb096cd98407286dd4dcc1e6fab1,2024-03-11T01:32:29.610000 CVE-2024-1871,0,0,53466521d88a948aacc643bc41f4155f985a2f1b644fc39c2381029fe9759369,2024-05-17T02:35:39.620000 CVE-2024-1872,0,0,0e36724fd278d3b5ba1bf1780a959b96e873b9d84e6ffb5da1fec563cf60ff60,2024-03-29T12:45:02.937000 -CVE-2024-1873,0,0,5770a5fd298dca92f549b936c3957df3476b1ca3ad29a4dcff75e7f4e85c9b8a,2024-06-06T19:15:51.460000 +CVE-2024-1873,0,1,bedbe01f19b602d7cdf2e548fba4b990948268079925c584ccf0629e4ff1322b,2024-06-07T14:56:05.647000 CVE-2024-1874,0,0,58e54ee440a4d2b1e08ff6aa0c27295333d22ac49cfe0b65d1b0d9ccb764f7ad,2024-05-01T17:15:28.067000 CVE-2024-1875,0,0,4d3dd4a4b8c370f12680c169de0cf289ca26eb275c51e88da74196c390492423,2024-05-17T02:35:39.780000 CVE-2024-1876,0,0,5b215f1340b9ed6a783f4bc946ebecc40ae85a621beffc0ee7306f825a5ce99a,2024-05-17T02:35:39.867000 CVE-2024-1877,0,0,5b58ff06d31067b71d9b7b79ca992bd4ab9ee2c6c00dfbd7a45b3b55df28700a,2024-05-17T02:35:39.957000 CVE-2024-1878,0,0,c69e27c276648ab88f1b9e8aadd6990838f5bf4c9808ba0c8df4bbc189195a52,2024-05-17T02:35:40.047000 -CVE-2024-1879,0,0,e5722fe913d3b3a39c79e150c6745b76b766e14c795bbe0b00bd068af9d943d5,2024-06-06T18:15:12.827000 -CVE-2024-1880,0,0,05a0726bf79c00360771adb9bd78094815daefe77608e3777daf3fdc48669d36,2024-06-06T19:15:51.703000 -CVE-2024-1881,0,0,eb62f2c9978514b107afb85da6fbcaa574e4c1453126f789ac4d6be376b9a870,2024-06-06T19:15:51.920000 +CVE-2024-1879,0,1,cf29c8213fd2b7f388d6e88b97578809a95b8ff64d032ff71926e17811a0e4c8,2024-06-07T14:56:05.647000 +CVE-2024-1880,0,1,29ae1054bd62d609c88ea4977b211f9c99e6f9470bb848cb790fe82110ae4af1,2024-06-07T14:56:05.647000 +CVE-2024-1881,0,1,0d11d47965895e604b15a61082e207be133a13764e39f0a3882b231be18f6877,2024-06-07T14:56:05.647000 CVE-2024-1882,0,0,aeb905a29987238b4424e7bfee44ea0d93c9a02b3ee6d8ca3e49c684e047ea97,2024-03-14T12:52:09.877000 CVE-2024-1883,0,0,c77228776fd55cde6dfc16b83ba0d9fb7a9693c2070a30afbd7518c7b6e4279f,2024-03-14T12:52:09.877000 CVE-2024-1884,0,0,c9b905126c740fd7fbdc7d98fff1351769f4948f3bc925d4e21a6cf008a45676,2024-03-14T12:52:09.877000 @@ -241979,7 +241979,7 @@ CVE-2024-1984,0,0,465cc0e2e1f58fc8492061094a8536c47636769a8f8e9054141eb83f9d971f CVE-2024-1985,0,0,f4d22aa67ab0779a241527c882b8b9cfdde337f2865b4bc4e809350f7d4a661e,2024-03-13T18:15:58.530000 CVE-2024-1986,0,0,3573e34f135546ed04633bd0d17cea080212de55551e8ab04d2e00c52e1a5093,2024-03-08T14:02:57.420000 CVE-2024-1987,0,0,51b6353c7487197fcf85dba32dd0017998b1425a36ba707e32269bf4afb531af,2024-03-08T14:02:57.420000 -CVE-2024-1988,0,0,feb9fd92c0aef8888f13b4fbd3bf7701aa3333e64857f9199318b419fa5cc462,2024-06-07T04:15:25.850000 +CVE-2024-1988,0,1,6d67699d258cd0a89cf6dcc4c6eca0f62a460fa8b8983164db680c376acfe28d,2024-06-07T14:56:05.647000 CVE-2024-1989,0,0,e603d4bdfbac73448a418c09b573178507e96a797a5be54fa1a78504bbf887da,2024-03-06T15:18:08.093000 CVE-2024-1990,0,0,18962fc675767ec36941dde216e2cdde20628da130363efb991b1aaf982f61a8,2024-04-10T13:23:38.787000 CVE-2024-1991,0,0,6ed6543aa2fe028ae9875088171a10ff91252f94ba37ee2f5600210d331d8c90,2024-04-10T13:23:38.787000 @@ -242133,7 +242133,7 @@ CVE-2024-20315,0,0,cc5f052b85f01e5b8b99c802451f4a904e1997153dbe803f28e4631c17ccb CVE-2024-20316,0,0,7046665adddf7a8dcb77eb77db75d9c5f72854c85b4d1b07cfb567b164026249,2024-03-27T17:48:21.140000 CVE-2024-20318,0,0,b7a683db20aa31c83c16622ce604b755ffb783068d8b9b54fa6a793873067583,2024-03-13T18:15:58.530000 CVE-2024-20319,0,0,b1a3244c9d79219c61fbd7a94d016ce796718f07233473b4ea620d84cfd87bfc,2024-03-13T18:15:58.530000 -CVE-2024-2032,0,0,41aada7ef69b51175919c5d9512c943f615513c99e2933e9d53bf0672df2a8f2,2024-06-06T19:15:53.060000 +CVE-2024-2032,0,1,370e340dfd30fadc32e24f1da5069e583d2f492455bad78449a1f1312ecb61e7,2024-06-07T14:56:05.647000 CVE-2024-20320,0,0,186f773d8964e4040511b1a49c23aa095cc69e011eed3d11420250f370f0f9f4,2024-03-13T18:15:58.530000 CVE-2024-20321,0,0,6de34d7d404f536decd9f5a380e1c4f28760edee84d237a9b02d7c6e56d785b7,2024-03-04T22:45:23.647000 CVE-2024-20322,0,0,505d656abd2ee0d10812405b8fc5e64f58335921bda14716ed43aa4bb4075f75,2024-03-13T18:15:58.530000 @@ -242155,7 +242155,7 @@ CVE-2024-20345,0,0,38dedc5c6d9cdd89a173dd9c18296a6c803829ab3fb08491cd36662f1fc92 CVE-2024-20346,0,0,7cbf0b83f9bb2bdcb086a9566e1d6ccb4ce634322567f78b855a9091783c0fc4,2024-03-06T21:42:54.697000 CVE-2024-20347,0,0,bbf7dceb15f33c7e89bafb93e5c9caebf128eaab0d28184454366bd8439d3cf0,2024-04-03T17:24:18.150000 CVE-2024-20348,0,0,0302f1e9485b44e49fee557bce04f55ca5d1a83abb8a531d325f6a707ff9d836,2024-04-03T17:24:18.150000 -CVE-2024-2035,0,0,ccc4c75f5a2ea61835fdd5e5ccd415c790b47e612a9da61d5981530a9b23e310,2024-06-06T19:15:53.313000 +CVE-2024-2035,0,1,37c4ce28808b0f305e74d0a097586cdd418163df064fe7374f48295bfca32ba5,2024-06-07T14:56:05.647000 CVE-2024-20352,0,0,0a21aaf855f5e2dfa6cf8a0de7df15d8d9ce0063ea679dcbc607b17583312064,2024-04-03T17:24:18.150000 CVE-2024-20353,0,0,0ad32ee557f52a7b8ada270f35945efb8e6756e485c22be736fc9eb0d9c4e4e0,2024-04-26T15:22:27.803000 CVE-2024-20354,0,0,77dad3524fb09cfda3488dd6cb6801d1cbef489cb4a9c5ad1ce0cd080b146730,2024-03-27T17:48:21.140000 @@ -242977,7 +242977,7 @@ CVE-2024-21682,0,0,6b4858b4700d4b6ec3ad8145ec0ece417db20d31f4042e4246bb7ce7db07a CVE-2024-21683,0,0,495d9364fe2621465600aa6d82beda8c320b89dbaee7fe261421897959fae6d6,2024-06-04T14:30:30.870000 CVE-2024-2169,0,0,151ccb2c8e1a2ae0c1ec7f646f803cafe134a2f43c3cebd718a131296f39d84d,2024-03-20T13:00:16.367000 CVE-2024-2170,0,0,ecb9a4c8858b9f58e40341aa169d3b7c37f3c5e40f6e92367b411525d123f7bf,2024-03-26T12:55:05.010000 -CVE-2024-2171,0,0,5288a188cc4b1abeeb633c423cc1eb39e4b37a30ff8592adf744feed5aa85cf8,2024-06-06T19:15:53.647000 +CVE-2024-2171,0,1,97513686f796b3a7e6724a3e799700f71cc4419429b47ff47103ef11ceb3a9b5,2024-06-07T14:56:05.647000 CVE-2024-2172,0,0,067e6adb1b1aa9b2eb664189abed7be18045e46cc8cc2013ed636a7714a246a2,2024-03-13T18:15:58.530000 CVE-2024-21722,0,0,7215cf8fb01f255ca85ebb6e3d406ad1554fe306260dec566566d12f67812195,2024-02-29T13:49:29.390000 CVE-2024-21723,0,0,93ca3c22246747dc85e7ca29cf0bdc581b1b8de5fbe6ae1d18a99fcc754b1b07,2024-02-29T13:49:29.390000 @@ -243177,7 +243177,7 @@ CVE-2024-2206,0,0,89bb78f285eca92521ddf90479f409077fb3db3aa39188b40e35723bcbb7e9 CVE-2024-22060,0,0,37a68923072fe3f4f0215f125faca2d9729e3dde5dd0b622d0335fc31ac7112a,2024-05-31T19:14:47.793000 CVE-2024-22061,0,0,7e6b9bd07913a675f2f822ab70679b29ef286665a0e4e28b5039260be9545249,2024-04-19T13:10:25.637000 CVE-2024-22064,0,0,c629ceda13b1d36f0f60a6ea95a2c77f87751465f007aa3a59355e800a89dfe9,2024-05-14T16:13:02.773000 -CVE-2024-22074,0,0,b86541c199f310af85ed766ae580763b44fb50268791108710db8c040fd1de4f,2024-06-06T21:15:48.180000 +CVE-2024-22074,0,1,959aaae231895ad1dab22cc5268e854f7f776fc321d5804e91f78b08ec2f5391,2024-06-07T14:56:05.647000 CVE-2024-22075,0,0,e134c94ca50cfff14da7c6327f518dbd409e37e86810fc1b2a583012e3bdb9ef,2024-01-10T15:06:42.563000 CVE-2024-22076,0,0,07315b2e9c67887db1f24ee7d086d2a66716d3e4f66007058ad41d66ed9f1af5,2024-02-22T02:15:49.207000 CVE-2024-22077,0,0,c010b475c096f83047fe91548c8adb99de7b2e98732b452c87e82aaa319a4fd8,2024-03-20T13:00:16.367000 @@ -243216,7 +243216,7 @@ CVE-2024-22126,0,0,21fbc349f898f1250de5f7f39ca68cc7afccec8ff42d81c72dbf786571fc9 CVE-2024-22127,0,0,2c9b376a3ef316ad07becbd257aadc53995111acac2684bbba2b6bb8f646c835,2024-03-12T12:40:13.500000 CVE-2024-22128,0,0,0c5c439d18342819d7315b4a32a2bc4f41f858a1b21ef0fe06f84b34bb1db3d7,2024-02-13T14:01:40.577000 CVE-2024-22129,0,0,1464fd5d3308b792309b3cf96e4bac49b075b6a9da557a03d691691205ee62e4,2024-02-13T14:01:40.577000 -CVE-2024-2213,0,0,4df28395b8fa4a26c9133744bef80bdaadbc3598fe3fa1bb82323e011c22d2f7,2024-06-06T19:15:53.890000 +CVE-2024-2213,0,1,0d70694aa6b21c865fab3c5c1201a244f376cd5a753ef605eeec88feadcb3c8b,2024-06-07T14:56:05.647000 CVE-2024-22130,0,0,ffff0cd5d2c7e1f26e5d22605c42aef119a3c1241fbbfb15485c0a6afd37c199,2024-02-13T14:01:40.577000 CVE-2024-22131,0,0,9eecd7b9a60271346c23c546cd86562dda5496cea369ce333688ec53c9899639,2024-02-13T14:01:40.577000 CVE-2024-22132,0,0,189c6c67b188cde4f4668ee97447e9e45ee679904d7ce8e743444e6ffa1377ac,2024-02-13T14:01:40.577000 @@ -243378,7 +243378,7 @@ CVE-2024-22317,0,0,0a3ac55ff5c06ef346851be23d60948af7af4d1952d43ddd2a3df902d975a CVE-2024-22318,0,0,100c4f0b091f3b0bcc3eb6d3f49d2a28edfd96102189fe61311c980894929351,2024-04-03T02:15:07.823000 CVE-2024-22319,0,0,e104c53fbd37dcf57dd7b986f44940b21582653be9af6e4b78efef7b6a64e2fc,2024-03-21T02:52:02.483000 CVE-2024-22320,0,0,b7e6bc5c871bb2a076b1c4d217e351ebb443d568b1fdbb86f9513f16f0da183a,2024-03-21T02:52:02.607000 -CVE-2024-22326,0,0,6c67e0c266a72da4446528ff94423f65274a4fade8d4e7116449e95d22375076,2024-06-06T19:15:52.137000 +CVE-2024-22326,0,1,611aa89f02e2c1b3e79c0d2da37798e3e77fccc4ee223e6b80d6313dd22973d4,2024-06-07T14:56:05.647000 CVE-2024-22328,0,0,1d3eba54d3dcb9850fbd9a86e1475d83621830be3d74777232b85acf89e88234,2024-04-08T18:48:40.217000 CVE-2024-22329,0,0,6b484ef8d82a649c0162bc9be85600528b13c1a759ed8ec79e69e3b10b67e2d3,2024-04-17T12:48:07.510000 CVE-2024-22331,0,0,79325856c8baa9082651d9383783f7a4198ba299d30e2c67010ba88c7f1776a4,2024-02-13T20:26:23.780000 @@ -243512,8 +243512,8 @@ CVE-2024-22519,0,0,a5bc3aa0e73310fa9a4268379339f3da554a6494977cad025014751f4ad6f CVE-2024-2252,0,0,37ac619667f81b22f16c870b5b0c2a4bdc27cec39619d01ca7a5e1ac769fee01,2024-03-13T18:15:58.530000 CVE-2024-22520,0,0,9b6223a53e180c3295f59e3aa1be5500dd113bead8df3efd63052e10ac314b3b,2024-02-14T19:45:35.337000 CVE-2024-22523,0,0,c46fa576c9efc04bfa68e9b9b048feb02140ef1745b4ca662893a1dcd1fc7e20,2024-02-05T18:45:22.323000 -CVE-2024-22524,0,0,44c26d533a86f02605a92669f6e2050525f2d19dada382c062f3d990ebef7d15,2024-06-06T22:15:10.043000 -CVE-2024-22525,0,0,590b18ab9f9c54492160d951dd8cf078d5cd4008d5182ff27b93fbd0472614e3,2024-06-06T22:15:10.127000 +CVE-2024-22524,0,1,f4e850b4a2bb671eb72ef6d741da4766ca10733e2d3547e18ae6cfbfd27e47ff,2024-06-07T14:56:05.647000 +CVE-2024-22525,0,1,da9715e33eda656a49714afad4f6519f04695099dc0c4b6f56d921fa71e16d9d,2024-06-07T14:56:05.647000 CVE-2024-22526,0,0,75ace6c927ced5f7ea482234fce681438e4968b2221e8e0044ae8bc44e2d2849,2024-04-12T12:43:46.210000 CVE-2024-22529,0,0,f41d09d708d73657afdb982e616544d0858f64a9413ba7f1cfbd6a4f36b177fc,2024-01-31T18:42:44.573000 CVE-2024-2253,0,0,ba7b66b62df4adb9b35c000420eb1ac487907b1a071644a40bd4268a0382963c,2024-05-30T13:15:41.297000 @@ -243654,7 +243654,7 @@ CVE-2024-22871,0,0,e9ecd82d56ec3247868ab1a712ec2b02bb22b83148693677e1b066f1f92ad CVE-2024-22873,0,0,2a33a0b832ddf4aee4047ef1581dd0b404351988770abd350bc232fc7a919eaf,2024-02-26T16:32:25.577000 CVE-2024-22876,0,0,ab3e7325225f85fec74512859181d3694c521af354c51fd0a6e35209ffc9a561,2024-01-25T18:19:25.647000 CVE-2024-22877,0,0,642d7085683e3f73b5dacc06a16c4d9d3eb82f5021c869a0fbd04c810dffe02a,2024-01-25T17:45:50.770000 -CVE-2024-2288,0,0,75bdfebe84d326b74d2e41f47a765d3aaeaaee89b13dcfd6195d088a1951a2e7,2024-06-06T19:15:54.137000 +CVE-2024-2288,0,1,e3b577b9cf1e03621b7745e2060cab72cded51e06bc1d0d668c53255d4308197,2024-06-07T14:56:05.647000 CVE-2024-22889,0,0,3ce8cf8d0a106aecfadf497a37eb6fe4b8112fb322509ae8146be604489ba3b1,2024-03-06T15:18:08.093000 CVE-2024-2289,0,0,9589c60d9e556c1a19069c42597a9efc90bf8a31f64793a3f0ab413e7ed78380,2024-04-10T13:23:38.787000 CVE-2024-22891,0,0,fe729f8b9ffa3e07095f19f53905c64a69c09d6b32564d519c8a0193de35f420,2024-03-01T14:04:26.010000 @@ -244044,13 +244044,13 @@ CVE-2024-2358,0,0,a1b0ff86c10dcc0cc90254078c2507c7f215f808024299c95ae7b33a0c1059 CVE-2024-23580,0,0,d2f59df9c644e03bb550a63f6698b713682259ef7c86320b2ff20348599f9308,2024-05-29T13:02:09.280000 CVE-2024-23583,0,0,8045b8b55a9fb922e451a3cdb9c3e44b27bb0ff91f2a1c66c35720ad6820d03a,2024-05-20T13:00:34.807000 CVE-2024-23584,0,0,0a74df816091d3b0eb89fda75cd2dbdfa4a27fc3d1fc7171d6cfed2608adfd53,2024-04-11T01:24:48.327000 -CVE-2024-2359,0,0,2eb66462524eba90c50ff111c1b36129a9e63c5fcaae09e973463764f036dc23,2024-06-06T19:15:54.353000 +CVE-2024-2359,0,1,33fa70e58cb138f001f137996158cf53baff2fc647d26dc120be368c2b10ed74,2024-06-07T14:56:05.647000 CVE-2024-23591,0,0,f4c08614f6a162f49ecc99f020c088036b0b565e06b57796e1304b45ae78e59d,2024-02-20T22:15:08.353000 CVE-2024-23592,0,0,8410729adf8ea2140a95009744b2dfc023c8f0c5b5843d18404a4118ed1b693b,2024-04-08T18:49:25.863000 CVE-2024-23593,0,0,e43cd79f2df730f0b9c8ef9c7ef8b007f3d9ef85731bb4145522b4b6df0d2413,2024-04-15T19:12:25.887000 CVE-2024-23594,0,0,4ee287fb2806b084145e389a1db24a17ecf815a9228bb0d30b732f16b4247731,2024-04-15T19:12:25.887000 CVE-2024-23597,0,0,1f7da20ec47e4baf8e3a4c4dda0c43af706a55b4c2bfe1a8a393b2307952ee96,2024-05-01T19:50:25.633000 -CVE-2024-2360,0,0,8e2a7b9d4817e7654cef3f87e990aeb9ecc40f1af7f7d39636478ffbffc6e55d,2024-06-06T19:15:54.570000 +CVE-2024-2360,0,1,d251135115836cbfe30cd2566048479149a1ed2531d2356c2655e3e0c0acbe65,2024-06-07T14:56:05.647000 CVE-2024-23601,0,0,f0c3d332b60d448d3683a14c7313f3ef9fdd013e76c14e195d13088ccf9b16c9,2024-05-29T13:15:49.307000 CVE-2024-23603,0,0,2b536971fe4d260603348583e5e85d59f5debd4cec090f729c87a6dbde3a5ce7,2024-02-14T18:04:45.380000 CVE-2024-23604,0,0,760bd2ccdc3dff1dab3cc8af2bcb4408e0ff89553b2b7d9d0cb5ed9c08f6a616,2024-03-18T12:38:25.490000 @@ -244070,7 +244070,7 @@ CVE-2024-23616,0,0,5892c73b1b265332289c3483dddd099d2da167f3b71ac9893b162bad4d669 CVE-2024-23617,0,0,152bffee8190e45dd6e4d32ca0df3091596de192b2e22d841c576447b7601258,2024-01-31T20:29:19.920000 CVE-2024-23618,0,0,1545c06acbd738a0a9d5545117135c674813568d0989399277f5c733b8421b29,2024-01-31T21:05:01.817000 CVE-2024-23619,0,0,38368df3904ce91d58b15b76965c7fdbb514a6b4758ce0b11e8686460908c049,2024-01-31T20:29:34.730000 -CVE-2024-2362,0,0,46300feec43e5c84032cac8dcd844af4237f506d0c09461a880d05e41898bdf9,2024-06-06T19:15:54.767000 +CVE-2024-2362,0,1,88dbea0485cf460f6c243a3291bbc4c45f00be83de7611fe597149977a3214c7,2024-06-07T14:56:05.647000 CVE-2024-23620,0,0,7170007cd713f22319384e12514f94d3340f9d8d5b2e1056d7fc46c0ac38a16f,2024-01-31T20:29:50.697000 CVE-2024-23621,0,0,2d1b3ef376126d9cdb5bc7b736ad8b96afa1d18fdcae798c9bebfa78d52820e7,2024-01-31T20:30:17.927000 CVE-2024-23622,0,0,33218d1e757efe3625c6354a5f20a31e4429aff8a59f467878f3f46efa40741f,2024-01-31T20:30:40.207000 @@ -244209,7 +244209,7 @@ CVE-2024-2379,0,0,efbf3b3fa321a0ff6ea2dd6655fafd59bfef741907874df7e5fc934edfc249 CVE-2024-23790,0,0,7ba3f3405b9715b21075870dd17edc1b272dd4e87222d425504db7f4a99e95bf,2024-02-02T02:07:58.653000 CVE-2024-23791,0,0,c711bd16bc2b93f8129a30e7c99fc43bfcabcb8a5551dfbc3ff83e50af57cbe1,2024-02-02T02:07:28.850000 CVE-2024-23792,0,0,823333c5891a061b077a4f3d40e902cf5f11b40107f758ca80ff5a2ef6d8876f,2024-02-02T02:07:40.577000 -CVE-2024-23793,0,0,61a1c407d6b925f2feb05c4659fda9d334c26931541c13aa4e695e90517be911,2024-06-06T19:15:52.373000 +CVE-2024-23793,0,1,6304b0bec4b2b8ffa6390d8ca64460cc203471106031f37760173d5ab8f2f062,2024-06-07T14:56:05.647000 CVE-2024-23795,0,0,9ae50ce045e00ca24723785a7578765291f099339cad84c391e7110b8357045f,2024-02-13T19:21:23.593000 CVE-2024-23796,0,0,68b49052815222361e392dae7427245991f98ccb54551665c676eabfa56f89bf,2024-02-13T19:21:35.680000 CVE-2024-23797,0,0,88296fcabd0c62d23d6dc4d83f31f348234c406224d771d8c186bba7ca31c7dc,2024-02-13T19:21:42.603000 @@ -244245,7 +244245,7 @@ CVE-2024-23826,0,0,a1fb22dbd44ac7e3ef4aaa0208a31a95d4f168aff767b351ee50e7d675ba1 CVE-2024-23827,0,0,c0a1ec4b002b9a97e6be40799af4285e77465abc1b8e8611e8a94ab418269ea0,2024-02-08T16:42:39.110000 CVE-2024-23828,0,0,4b57d81f6a397d3f13af1393c0928798113a336777c587fe2f3a18f0fc302013,2024-02-08T01:52:59.010000 CVE-2024-23829,0,0,b9017a33817daf906678f32c349c5ee8dcbd94bf3cc48b03a4b9e895ba7c9f3b,2024-02-09T03:15:09.727000 -CVE-2024-2383,0,0,4976bcd6b0e33f3b286a6a3de0e70a69e84d07f1da276144c87ce45d864f26b9,2024-06-06T19:15:54.970000 +CVE-2024-2383,0,1,b843333fe40bba2e068b297dfda4b09e85d200e7e2c19d6992a70031cb257682,2024-06-07T14:56:05.647000 CVE-2024-23830,0,0,19d52b26f30e920d2fbebcd754112c8efa6183a6293d923490e29f7262fb653f,2024-02-22T19:07:37.840000 CVE-2024-23831,0,0,34880c99197b1e70b5305df610dabfbb08b329ae38d5d8c831a3a7e5ec05d3a0,2024-02-10T01:43:51.527000 CVE-2024-23832,0,0,4a5bf66d37d466cb833bd20f4b43b73816443630b817613ee60a6ad2b9202abd,2024-02-09T20:21:45.317000 @@ -244437,11 +244437,11 @@ CVE-2024-24186,0,0,6e0497ff8d305ee6fe7901479c9c51c51e6f75aa2965677a84dd5e2f1c097 CVE-2024-24188,0,0,6cdb4783a32c44dc67d5c2be9bff935b635191c795fe8375a52a73ba2b622486,2024-02-10T04:04:38.810000 CVE-2024-24189,0,0,fd54a2bb0f6c6ffe4e64557ba245b7ad2d78ca42b41ffcb319439bb2df3492fb,2024-02-10T04:04:19.630000 CVE-2024-2419,0,0,247ecb3e663e312d7fd6654fb0f7ec368fb27383cb020c540a8cad47b2bab950,2024-04-17T16:15:08.470000 -CVE-2024-24192,0,0,a35671f7578217e294ed48fe072166d75950f0395c57de83b0af10dd37372f8f,2024-06-06T22:15:10.213000 -CVE-2024-24194,0,0,42c83358d178d39e2ff4131109f225048284dc74cad66f1a5fc5fe56552ebce8,2024-06-06T22:15:10.303000 -CVE-2024-24195,0,0,6cc28477172e61f1bc0150cc928e44deb94c125a7aebfaebf4b395f10b34cddd,2024-06-06T22:15:10.390000 -CVE-2024-24198,0,0,56b6e419fb5d144b20f12f20bb45afa9f7b2fc3e8b503cf44100da0a31339e69,2024-06-06T22:15:10.480000 -CVE-2024-24199,0,0,f212d2aafb8f1e3b15f330da03804f17b30ceafcb2fc78797862268707f58b08,2024-06-06T22:15:10.567000 +CVE-2024-24192,0,1,3682abcde457f5fa1ce0ae6fbc31cd3f33c02b35cbaaaa014b172f725c3cd68f,2024-06-07T14:56:05.647000 +CVE-2024-24194,0,1,ec1a41bb5eb56b6b209cddf749d7f70f05da5c2f036cce548b1a3f71365fc870,2024-06-07T14:56:05.647000 +CVE-2024-24195,0,1,0a01b2f54e0c46115c683d2206e17b1e7481c60784dec1e888d40c17da2de7aa,2024-06-07T14:56:05.647000 +CVE-2024-24198,0,1,140c774862beb3465df5f88f0dce7e598334ce91592bc877f6e258159bb10331,2024-06-07T14:56:05.647000 +CVE-2024-24199,0,1,85a119b7b9446238edebe3a734d4f60bc05a4062eea9fa9d64766a9109a767ca,2024-06-07T14:56:05.647000 CVE-2024-2420,0,0,6765aa3a8b4f02ea287fec18a3e0ba4c2e9bfe8eced49b168d0300e846e63679,2024-05-30T18:18:58.870000 CVE-2024-24202,0,0,1d105bed1b9a63d735bee37efd6d6c425165a2cc4b28137df80d69159f445572,2024-02-15T15:24:30.247000 CVE-2024-2421,0,0,f3fc9797a1093eca26887e3ddc053eee166d4c2a802903459972bf8ce0019ead,2024-05-30T18:18:58.870000 @@ -244521,7 +244521,7 @@ CVE-2024-24386,0,0,7f40633635579a6e57b93f4e362e7ec6b3a2af9b3c5c8050723583bf6d085 CVE-2024-24388,0,0,3f3d5731a0be4e881fd82d2a190d75a64cc3a7cfd8c995358dcecccf32a929bb,2024-02-08T20:04:04.027000 CVE-2024-24389,0,0,fc2f959521db6beb1a64904c90b55c43557e2fa9885e5140ef9962701e570aba,2024-03-07T13:52:27.110000 CVE-2024-2439,0,0,28093e2bd02ce5d31d42226d7e23377531b041fec592e0566fe2be9195776a97,2024-04-26T12:58:17.720000 -CVE-2024-24393,0,0,90dfcf43d684735b8235a3326fe419899f2f2a761b862d82b04f2c974933d9fe,2024-02-15T18:13:59.327000 +CVE-2024-24393,0,1,236f98b836e4b0eddacbe45552272680ac9d552037e051742a8e2e47fe2b2fdc,2024-06-07T14:11:50.460000 CVE-2024-24396,0,0,490bf819c482001abd1dcba25c4c319f8da0b154dd54e7da19b5736b32d31753,2024-02-14T17:58:05.850000 CVE-2024-24397,0,0,c42f6e3d95ec1079046817a9a19cbab9b7268b0d74721cd48822bbfd3065325f,2024-02-22T03:39:02.803000 CVE-2024-24398,0,0,f4bfb9d92cdfc220b232a85deeb8216b709f2d184cff7e693fbf714bca45d499,2024-02-13T16:06:17.117000 @@ -244565,7 +244565,7 @@ CVE-2024-2451,0,0,853c51caa971f14a57f8fab9dbe4cada883118d2f62e8bf781564989c931a9 CVE-2024-24511,0,0,c6be1b7dc4e4419b5c47cd96597e4f754600544541a0f3ad8bce7c662831be50,2024-03-04T13:58:23.447000 CVE-2024-24512,0,0,dc7bbd1e8e3d7fb704deaaad5bd8d5c7e92cb755f835a8b4f37b0a5fb3a90d40,2024-03-04T13:58:23.447000 CVE-2024-2452,0,0,046b3a68a70aa2111a834735e1e368946b5dc2c4f38b131fd892fe0376fecb3b,2024-03-26T17:09:53.043000 -CVE-2024-24520,0,0,986f25419580d618bc813a5dd7a48aaafd0a0eb13740dfd0942aa61a18c6fe47,2024-03-21T12:58:51.093000 +CVE-2024-24520,0,1,30252fb47f9758f2d7901a536fe54e320899c83e8a336904c96fd6e092fb48ce,2024-06-07T15:15:49.760000 CVE-2024-24524,0,0,40ecb02cd326bdc34833c61cf5eb3e9f45f526d45502f51591361c36d1938c63,2024-02-09T16:30:43.830000 CVE-2024-24525,0,0,13b50b322b70c1ba78c523473a9882b44cc13b59455e3e47dd336806a91a1148,2024-02-29T13:49:29.390000 CVE-2024-24528,0,0,184f3e16e059f6b990b79bbe85c13104f1b7059f71d8a1713060531c24aa2c42,2024-02-26T19:15:07.247000 @@ -245122,7 +245122,7 @@ CVE-2024-25407,0,0,b3301e47b280c10676203095ecea4066c4ca125fec7f3e126e0b91f8374bc CVE-2024-25410,0,0,c90ad082186d86feb4dd161bc930ce23ffd673a1aa6eb35fdd0d75b53b27288a,2024-04-03T21:15:31.220000 CVE-2024-25413,0,0,e13a361b61a6f20d27483f2d386e7add2771e4fa0c0e81fa5650d69b02349d4a,2024-02-16T13:37:51.433000 CVE-2024-25414,0,0,853669afabafdb615f3f771509532a2d66d06d6df0fed87f78b60d52fdaf08be,2024-02-16T13:37:51.433000 -CVE-2024-25415,0,0,bbea7e03f98d3ff090986796c578947b874b9a857b6b9b0efb421dfb81e37c22,2024-02-16T13:37:51.433000 +CVE-2024-25415,0,1,7b88a7ac7332748e977334a2d347dcf01da05a8b01d954461dacd7f528aec432,2024-06-07T15:15:49.860000 CVE-2024-25417,0,0,ce0d2fee8c5d9d7e51d76e43f6a312ae4efb9da0c42980a6b1e85c18318f17f3,2024-02-12T21:39:48.423000 CVE-2024-25418,0,0,35d59f7ff89650ff446db0ea3767d5b73417e01c12581b05b798d1e230ed55f5,2024-02-12T21:39:57.963000 CVE-2024-25419,0,0,401cee772789e651c957846e5c67785cb38697dc7bb6f05ffb07d4d6143c7033,2024-02-12T21:40:04.610000 @@ -245156,7 +245156,7 @@ CVE-2024-25466,0,0,c4ed87974de177e036ba4c046a8b808bfb2e5d37116e1f3dbea09f35fe2ae CVE-2024-25468,0,0,689cbd3de116ed2f097be6892186e0dd30daa2bde9afea2c256b5d624b13afab,2024-02-20T19:50:53.960000 CVE-2024-25469,0,0,b1c7de3d868ef20a4a3903a52b0516b30bcc5e77374670c74cfca0a07f772310,2024-02-26T13:42:22.567000 CVE-2024-2547,0,0,7c10776553a15532c60f8ca19dda3f8cbe62235215c97d444ca334a5d7d59397,2024-05-17T02:38:18.377000 -CVE-2024-2548,0,0,2e3b7a7e52af44e08e25f07bae8a39ca78b0d59fb6eb6e7d1c98072c02df32dd,2024-06-06T19:15:55.217000 +CVE-2024-2548,0,1,8412ef553b8defba943b753e6703859488a5a6a854c8075366209d31808d2b01,2024-06-07T14:56:05.647000 CVE-2024-25501,0,0,bf285c0d0f063e749fd3088de6d5fd4b5fa405fe4b880c9267b8673a654574f4,2024-03-11T01:32:29.610000 CVE-2024-25502,0,0,50331b6b298e51ff1fb5155b43730c3887534f74eacaa5eabfebdbefa930be85,2024-02-16T13:38:00.047000 CVE-2024-25503,0,0,90dfcc14a3c7a010a114348a2bfe63fa0b75dea73044dfc564baa777268ada75,2024-04-04T12:48:41.700000 @@ -245688,7 +245688,7 @@ CVE-2024-26236,0,0,b6e84295a01ab38c004343cf5326a05bf37fa5cb0c9e77f3502b9892ded41 CVE-2024-26237,0,0,d7b5edb2c455a2163554b4d3a9f835dbd5fee74ce2e8c6b8d5886a8c0cdd7659,2024-04-10T13:24:00.070000 CVE-2024-26238,0,0,b76c0538832eb2a2a3eec2c25d3736e0af24e9de58ffb98b85733be895b6ed1f,2024-05-14T19:17:55.627000 CVE-2024-26239,0,0,8ef455d21d9ec30218697a33a1866485503072933ee890517574c48be2ea10d9,2024-04-10T13:24:00.070000 -CVE-2024-2624,0,0,21d44ac8637601ddf24507f4977cec31c83b148c37629ee017fd62d21c22a899,2024-06-06T19:15:55.437000 +CVE-2024-2624,0,1,081981a29559e0da90e74b5ebcf1d786a9b240d499e5ce9ebc970f242b305aef,2024-06-07T14:56:05.647000 CVE-2024-26240,0,0,4ea8777adc7b14bce710a14bd53bad9590a2f13a5004ddf3b269a9fcbc4b4c4f,2024-04-10T13:24:00.070000 CVE-2024-26241,0,0,772beff964b10aabb07e187685d203cd6b32b788fead119e5930e95a3ff995ef,2024-04-10T13:24:00.070000 CVE-2024-26242,0,0,7b46b68ffb6bd3037fda8a1661ba25f0b24271ae089c085bad211104dd85c11d,2024-04-10T13:24:00.070000 @@ -247590,7 +247590,7 @@ CVE-2024-29136,0,0,e41cf76d7e9474b14be8e4427580da2337cbfd46d746f42152734a82c3b12 CVE-2024-29137,0,0,aeee339992a4e53de5ac4ed791df0c3eb018714c2ab0f97ffa59e0b8316b58b0,2024-03-19T14:31:27.883000 CVE-2024-29138,0,0,6bbeedf63cf1f8faea105bf9a008eafad7d0f3855e04a59755512a41ff5d43a8,2024-03-19T14:31:27.883000 CVE-2024-29139,0,0,8444f55eea1f5955783acef48ef7658a0faef4bd71dffdce7c13fab117604101,2024-03-19T14:31:27.883000 -CVE-2024-2914,0,0,f3b3be1087db7e6d9485e07383e5e7ebb26bb5bd5c7ed2f293df999cb12603eb,2024-06-06T18:15:13.227000 +CVE-2024-2914,0,1,7533b80257c246bc99e1eaf5167f2969da789af793495855d1f3db2d86a4d34a,2024-06-07T14:56:05.647000 CVE-2024-29140,0,0,fbbad9e86dfcc78cc94b85fbd86b27c7285a2d9bf81924339dc3ebd393f12881,2024-03-19T14:31:27.883000 CVE-2024-29141,0,0,5bce998d90032a0cf23871bca36c54861b809480f587cd5eb60caa1b7e514a33,2024-03-19T14:31:27.883000 CVE-2024-29142,0,0,3d99176f4d85d148ee233148c993a17a366c303789d941cc36575f5a634b4f81,2024-03-19T14:31:27.883000 @@ -247688,7 +247688,7 @@ CVE-2024-29273,0,0,5734858efc895a99d71a292d9b9fd87dc375f872fc9b4f17b1a24399e248c CVE-2024-29275,0,0,402f5150501d1ad43199a2c93810407cb4bc9ca968149bb7f55410637d08465b,2024-03-22T12:45:36.130000 CVE-2024-29276,0,0,aca23a437429c144243dafb6e7ab7580683c55fe67f055697aafa1a11e9b270d,2024-04-02T12:50:42.233000 CVE-2024-29278,0,0,68d9b61e6ce874f8948705ce3cdb92754b448114cb863479c2e17e0909039bb0,2024-04-01T01:12:59.077000 -CVE-2024-2928,0,0,3c20400ddb59216c59b59d9b38f7831c43a8940b24f7629b65fb1b79ddb2ffe9,2024-06-06T19:15:55.680000 +CVE-2024-2928,0,1,52e75761419c8c2112a911614151e115b2003c195d62a406dbe9457ddc16786b,2024-06-07T14:56:05.647000 CVE-2024-2929,0,0,259a475f54199dd846f57ff088582fd42af9991bb7e5a0933d4c675cb91ec78a,2024-03-26T17:09:53.043000 CVE-2024-29291,0,0,a5af85600bf8f10cd2f36db1ab16b2ebc1c6de446e84431419b2522daafbec86,2024-06-04T19:19:08.753000 CVE-2024-29296,0,0,9df6519fa8f3cc846555f57a851c9ca9c85b64bc0579ecca8b9610940400afaa,2024-04-10T19:49:51.183000 @@ -247790,7 +247790,7 @@ CVE-2024-2963,0,0,fd3dfe2484fa8fbcf32b1e1713c092eebd2b546a8fe9a7f583270172bb703a CVE-2024-2964,0,0,491ec5f2811a24301edaa3e4cd378090bf610cd2f1b9a50cd7e0dcb254704174,2024-03-29T12:45:02.937000 CVE-2024-29640,0,0,87923c5f8022466da2d8ef6f4760770a9b5d77108f7ca786dd890e142c1a64f2,2024-04-01T01:12:59.077000 CVE-2024-29644,0,0,39829980cc0c3cec42e83f1a7d1e74f651bed504f90005be4e46042a91527a65,2024-03-26T12:55:05.010000 -CVE-2024-2965,0,0,64e639f8859d3d28b4a94289840a5e2bf5da671102fc7f205099bf1e1f88f249,2024-06-06T19:15:55.897000 +CVE-2024-2965,0,1,1ec58398cb69e76a7bbbcfddddf050bca23781a3fb842732dc4fb30f19d61d8b,2024-06-07T14:56:05.647000 CVE-2024-29650,0,0,8ad374bfabee755625e57dff59b85656db535734df280985070b11f8f0b8c3b6,2024-03-25T16:43:06.137000 CVE-2024-29651,0,0,64d9a8930ee4398a03fcd3e224f1e639eea2a6cdeff56b4b739c9ec75d30844a,2024-05-20T19:34:58.277000 CVE-2024-2966,0,0,474ae2e5b1d6c6447ca9bee38c5e4dafcb7b2c2503070dea1f4351179cfe9798,2024-04-11T12:47:44.137000 @@ -248292,7 +248292,7 @@ CVE-2024-30326,0,0,7f61e2617c7a89cada475a3afa439c6f882daf3b0d9ebf1333232c8eea22b CVE-2024-30327,0,0,5e934647021ac47c3da5e134d104bd66003c41668f5e7550ee960a3ad022d5fb,2024-04-03T17:24:18.150000 CVE-2024-30328,0,0,2865be39d3e8a430608b6000a0e6a5672a48c8ae3e39c0a67d07f892369d2115,2024-04-03T17:24:18.150000 CVE-2024-30329,0,0,caac579439ccc6d21541b8d27c99750146dda8b7038bf6eb07ebb04ada357f5b,2024-04-03T17:24:18.150000 -CVE-2024-3033,0,0,a10190f6ee33ad4ad36480a5ae5dc26c239e2e30f7eef73b1cca100f014fc7da,2024-06-06T18:15:17.040000 +CVE-2024-3033,0,1,578964f0c3fcb0e9935ec36ce8a84bed5582ec5245abe1afa6c9c6af05913d0e,2024-06-07T14:56:05.647000 CVE-2024-30330,0,0,0e9d113b48ba5170c62aad1661e4145278b8111338712dd3bc7f108ec164727b,2024-04-03T17:24:18.150000 CVE-2024-30331,0,0,3fe7b08631ec4711564b45f890e6c12a29463a5d69b5fd4ef19d96d7ab8d2686,2024-04-03T17:24:18.150000 CVE-2024-30332,0,0,b3a050ec4421f86a94adad73d4ff5f43139943213c242b8081b38ff907c5adfc,2024-04-03T17:24:18.150000 @@ -248332,14 +248332,14 @@ CVE-2024-30364,0,0,510899e3ecba71d096b404b02c98b4b3e3d0afcbd2457b7d4336fb6c1da0b CVE-2024-30365,0,0,8d8a5efd96412c7324fe23e0515deeca0b6ea605ee15bf7de07d85db987cca0f,2024-04-03T12:38:04.840000 CVE-2024-30366,0,0,20837e89d03fae3723d55fae431100502ce2f90ed93f7c89739d7faef9644cf8,2024-04-03T17:24:18.150000 CVE-2024-30367,0,0,a902af43f2971ddd47d7eebd60d52a9673dc37a2dcdcf1f5ecafc349085ea3e6,2024-04-03T12:38:04.840000 -CVE-2024-30368,0,0,6df4239e6e29cb844cd9dea8680074935334fbe55c827b720de68de5db9ad4fe,2024-06-06T18:15:13.443000 -CVE-2024-30369,0,0,741d22e10c7c179545c775549ea2f43f0dc825e6e3099bca9599f25e4b9c8c40,2024-06-06T18:15:13.720000 +CVE-2024-30368,0,1,2dde056bf9621803430edb616c732a35a4c834efc55ccf819d75606e8e89bfb7,2024-06-07T14:56:05.647000 +CVE-2024-30369,0,1,e55e68597fb1c62654ea344774685f0e4cf9e9d867be31f8bcca8ed65b87236e,2024-06-07T14:56:05.647000 CVE-2024-3037,0,0,d6a1d4e1bf4e5e80aa647f9502f516f353a1b80a815948f58da62f167f1baa03,2024-05-14T16:11:39.510000 CVE-2024-30370,0,0,0b843daff5c28582cf7b13f2850b1d8c607c4ae5b045b88facad224f99e19e5b,2024-04-03T12:38:04.840000 CVE-2024-30371,0,0,b1d655f20dce1a124d87b962baf334d2a249a3ceff7f094651f12c5849e1f6ee,2024-04-03T12:38:04.840000 -CVE-2024-30373,0,0,d7a036e8225a807a3884154f2811932ab9c29b59458b33495799b0ff478c3cc9,2024-06-06T19:15:56.167000 -CVE-2024-30374,0,0,68a265a8afbc3c05d1a22bb184b1ae81ed484598ca86e7f51f9c9832c84dc4f4,2024-06-06T18:15:13.953000 -CVE-2024-30375,0,0,5291d3570c73817844a9aa3dfa10201bfe32fe17e7b6caf90bca762792c6fe60,2024-06-06T18:15:14.153000 +CVE-2024-30373,0,1,0722f566a5c66a1614c57cd8d6537b2401c0c22df073ae3bc054ea6b3985cbfc,2024-06-07T14:56:05.647000 +CVE-2024-30374,0,1,345bbfbe1d7aca1d5f09b0b0e33189ce274943541876db7f03647a6e68ed3ddb,2024-06-07T14:56:05.647000 +CVE-2024-30375,0,1,226f4e7c20d6166f277b3a025523ffd763a0edd4ae0333c0d5131dcb0481c8aa,2024-06-07T14:56:05.647000 CVE-2024-30378,0,0,6a2df0ffc2e39e504a6eb932e6155e70d20f8f56a067248345d9f07adcc92703,2024-05-16T18:15:09.407000 CVE-2024-30380,0,0,f36c5c63d2f6a0948f7d0edb193f57e29db82ec18d8624d1b5089431fbe240a4,2024-05-16T18:15:09.620000 CVE-2024-30381,0,0,f05175ee210738dcd3427c2dae818ff4d9dcdcf16455cc6221aec08ac0244fb4,2024-05-16T18:15:09.820000 @@ -248702,7 +248702,7 @@ CVE-2024-30938,0,0,bb3c87898373ca38f4e6504fd7f34baf274fe16334abf7626317b091c9072 CVE-2024-30939,0,0,2c9741729607a2e80601d31a316dfe5a77e488a194c61c09d029bf2778d383d7,2024-04-26T12:58:17.720000 CVE-2024-3094,0,0,8ed23f1232ed36fe384d7a52f468b21b74026ccef3e50e7fa1460af68654fd3b,2024-05-01T19:15:27.340000 CVE-2024-30946,0,0,0dff329aaece035fc82f00595012379643bd5a0edb89ee3a7369d6609e13a4d1,2024-04-02T18:12:16.283000 -CVE-2024-3095,0,0,f7510b58478970fb19f98d160d1deb9566011200b4bf169a44503fcf8711ff3c,2024-06-06T19:15:59.160000 +CVE-2024-3095,0,1,61d55fb0c9c8809327d85ad5dd4ab89ba9cf11921e765f0ffa52b8d4497f2fdb,2024-06-07T14:56:05.647000 CVE-2024-30950,0,0,992550aa16b7b69040c27b7eadb42b4babd9ce9c185610db0008bbada9865896,2024-04-17T20:08:21.887000 CVE-2024-30951,0,0,64c319e5130efe1148872b6efd54e0b74d19e18724bc83608b600a523ab1d0cb,2024-04-17T20:08:21.887000 CVE-2024-30952,0,0,45f3818300706503aa11d9788e132ab06eaeaa5db69128a0c2116be2f61adacf,2024-04-17T15:31:50.160000 @@ -248724,7 +248724,7 @@ CVE-2024-30986,0,0,69160755613857276587b8b1f60e6694734dd914ee3a7792655db531f176e CVE-2024-30987,0,0,468cef77884a1b0247108985323c0f3c5634ef332631a4474a5705346708e7f7,2024-04-17T20:08:21.887000 CVE-2024-30988,0,0,0c1fba373369486acbe7abf7a68090de377b02d5f1663773aa31862718661b2e,2024-04-17T20:08:21.887000 CVE-2024-30989,0,0,abfc1381013fe6bdf19bda4b713c3adec36443d13f21f1e69286d68a6c98069f,2024-04-17T20:08:21.887000 -CVE-2024-3099,0,0,f94969c85e3dc23cbdd0f16bcea45cb22b51589286ddf3dcb839cee48a78000c,2024-06-06T19:15:59.393000 +CVE-2024-3099,0,1,e7f0b923e112854028361ac6f6b5d6713757ab017ebdab6dfd1cd863c07fe47d,2024-06-07T14:56:05.647000 CVE-2024-30990,0,0,d814580f329e12e99304963af29ee0361a06c58694e19a32d33d2edbadb55df4,2024-04-17T20:08:21.887000 CVE-2024-30998,0,0,179abd0db8095df44a7d1fc224d4f504797395ef6ca242b590dce2e234dbd0de,2024-04-03T12:38:04.840000 CVE-2024-31002,0,0,96e076f675a43d72347dc0c980a987d7f8bd37cac2f635917b77c618d7fb5159,2024-04-02T12:50:42.233000 @@ -248738,7 +248738,7 @@ CVE-2024-31010,0,0,22d3a5a8802df0899a91f29c1da59c9756b041e238b139f6c5446937f944e CVE-2024-31011,0,0,e280dc2325f8c749d256893287e9934a0b438d76a624897891275e16b92e2305,2024-04-03T12:38:04.840000 CVE-2024-31012,0,0,59265fe10316d43a2acb459ea9de60f6a264c8b6d13bc4dae0d363d3b5d71397,2024-04-03T12:38:04.840000 CVE-2024-31013,0,0,137ba39b03bbaab20823954557195167ac08df3fa32a6782dd4080f1d723f338,2024-04-03T12:38:04.840000 -CVE-2024-3102,0,0,71ef50636808e132005d1659674fa5479fa543002fa35e965d674d3033c9a64b,2024-06-06T19:15:59.667000 +CVE-2024-3102,0,1,a4611cb42951d405d0279fa5f0d1a6d6a718442772eea2fe1d9a5cfbe9ea1709,2024-06-07T14:56:05.647000 CVE-2024-31022,0,0,a14e43455f8667f5b08643f4accc0ded65ef08c98d3d4f6b069b1542bbf69336,2024-04-08T18:48:40.217000 CVE-2024-31025,0,0,049c3aee715c9c75f255eea2ba7d71aee620ad97e93ef3b0e0a948ae51dd0b57,2024-04-04T12:48:41.700000 CVE-2024-31030,0,0,b17002288aa05abca79327b012be4280f7a02a0b97bc696e400d659fdf247947,2024-05-31T19:14:47.793000 @@ -248746,7 +248746,7 @@ CVE-2024-31031,0,0,10bc7caba6a65e01bc9ea074e7bedfc063099ea11411b0d4a72c811b144cd CVE-2024-31032,0,0,2f308f228deb76e92177e5f96ebfbe834c95bdfff6cc9b10092e4afc0a7c1465,2024-04-24T03:15:05.933000 CVE-2024-31033,0,0,c7a6cbfb5d238335f35ef47bba4fa3a92246db284515ca8db031f344b12dfa7a,2024-05-17T02:38:58.313000 CVE-2024-31036,0,0,909c6e2eb879d6c5010d6c5c1d0b605640db140d047e5e64355a95d48cb1e70f,2024-04-23T12:52:26.253000 -CVE-2024-3104,0,0,236a9795716d562fb90198ff08fa3dbcc3e6446314f1a0b955df1f28cf70f3d0,2024-06-06T18:15:17.260000 +CVE-2024-3104,0,1,927f515490606efe20907a2973fd062d79840e7c07fa0e36064aa10b549f022c,2024-06-07T14:56:05.647000 CVE-2024-31040,0,0,58d694e98ef6e322b940345b4415e080b141132f654a38c35a41dac24f1e6dc0,2024-04-17T20:08:21.887000 CVE-2024-31041,0,0,55cb17ccb9a4ccc47749a0a1f025025c536447c530ceaeb2d7f75919ad09c350,2024-04-17T20:08:21.887000 CVE-2024-31047,0,0,ed6b998d2efbbc258ad744f538162378aa1b702ac5e17462e2e5f42d9945fb08,2024-04-09T12:48:04.090000 @@ -248780,7 +248780,7 @@ CVE-2024-31095,0,0,1d14ad118dbc5bd845ece70c84c008e9141b3dab5e45eee13156e9529c020 CVE-2024-31096,0,0,13378816ee39cd668cfabb3d0026dd951106eddbb455545416d7a9928ee922e3,2024-04-01T01:12:59.077000 CVE-2024-31097,0,0,31f68e0dbefeb0a9ceef4f02934fc228ed8dda21ede5ecd48d87d25620e089ce,2024-04-01T01:12:59.077000 CVE-2024-31099,0,0,652e2931976c620c3c3252bc93158bbdd9f5fd91e4aaa8cbd8b6559ef6df5f82,2024-06-05T14:15:13.310000 -CVE-2024-3110,0,0,0aac5d21c25e6fd03291801df1c6a031f709f14d28eccc38137933098bcc3c4e,2024-06-06T19:15:59.900000 +CVE-2024-3110,0,1,b0d92cf18547129722f65f660fb77c88cd079eabf44be0be50c5ba31b00dcbc8,2024-06-07T14:56:05.647000 CVE-2024-31100,0,0,bb90890800c593ff32b3af632f936b4946ef3ea16c0390d004eb7fe5d4508046,2024-04-01T01:12:59.077000 CVE-2024-31101,0,0,2fd56d890739d0337abb15c42ca5e47ee915addc9f6fa2e167bf2a559a1189d1,2024-04-01T01:12:59.077000 CVE-2024-31102,0,0,291ce8ec006435aeb73c97acee04d8a1091d73f10a83a042c010d95c6fc41d83,2024-04-01T01:12:59.077000 @@ -249042,21 +249042,21 @@ CVE-2024-31485,0,0,f3e6908479193c3f86110b70fe87436c53146cd6148ab9b1ea0fb0bf89ac6 CVE-2024-31486,0,0,fd0a6410406f8dd594f72fa4052d6d735717172015c41bed12ad0b2fb5213bc5,2024-05-14T19:18:31.490000 CVE-2024-31487,0,0,ffef7fcdc05bb476a1f2c02c71de4a76075ea7f0301d6a8889db629ce9b194c6,2024-04-10T13:24:22.187000 CVE-2024-31488,0,0,8fd4ea2d7a10d03e6cc8df9fdf21315abd98246cc112d9626a2dc74747d004e0,2024-05-14T19:17:55.627000 -CVE-2024-3149,0,0,80f2c0e5a17793f7ae75c555490f88a629cd88b9b8908ad9fdded78cbeef6a3b,2024-06-06T19:16:00.130000 +CVE-2024-3149,0,1,1cacbb29f9ddcc59e6c60c0392e5807353110e97934b561ed3eff00ed3bff641,2024-06-07T14:56:05.647000 CVE-2024-31491,0,0,5f002356f8390a8ec883fdc05cbd199fbc913871302dee308e6ee0aa04c7ac67,2024-05-14T19:17:55.627000 CVE-2024-31492,0,0,a251126d380ad734bdcae40155276c0c8cd0f78c057d6c232814179759c90bf9,2024-04-10T19:49:51.183000 CVE-2024-31493,0,0,eb75479adef565517a6f58901095a4369c3b19ffe56c2adb7b05f607202960e9,2024-06-03T14:46:24.250000 CVE-2024-31497,0,0,4e1eafb2dcb4144981ef085a5b8158282c3a0977a083d73fc04d3f981acbd1e7,2024-05-10T14:33:55.323000 CVE-2024-31498,0,0,db3c4e2337e3fccc66e084ef6016d8532925f451bef4124b0c2782f0c54d90b6,2024-04-08T00:15:08 -CVE-2024-3150,0,0,be79b49112cdbff2fa806d01a30a9221662335aaf55e129286bc1e87eceb8537,2024-06-06T19:16:00.350000 +CVE-2024-3150,0,1,04068d35bd188e4cc82c8fa2f28c620f46e70084f017d1c4b8736ac9a757cf54,2024-06-07T14:56:05.647000 CVE-2024-31502,0,0,52fc3984aab146fd5296bbc2584fa31ec06529d852df83c020a3abdb54510354,2024-04-29T12:42:03.667000 CVE-2024-31503,0,0,a2a7c8d9eaf4775895950c76302a02326a8d6e67bb7d5ec85d9e8a8516e17053,2024-04-17T12:48:07.510000 CVE-2024-31506,0,0,8be7ef5b3e9d65e4bba9dd63e2b7475f0658a4b183369094a98038d4eee40099,2024-04-10T13:24:00.070000 CVE-2024-31507,0,0,8a4d05957463fb55563022c4622a2463374ff774a0631f4c63214875a7c78bee,2024-04-10T13:24:00.070000 CVE-2024-3151,0,0,9347bf7ac28e84ca877a361b1eac7ef280766a4b0b29aa18ee59e0ed7a4dbbe2,2024-05-17T02:39:45.290000 CVE-2024-31510,0,0,8d6d1b08dc90629221e7efff30d565dc4bf05f2cb7171984414e6e02bb2bf54f,2024-05-24T18:09:20.027000 -CVE-2024-3152,0,0,216eb11e5c659890b2daf344ba4be883d66c562168d9fbfb0ae3f37c06f4b26d,2024-06-06T18:15:17.490000 -CVE-2024-3153,0,0,1cfd633b0708da629e293a3651e3b5764bcb1dbe71897ba71e590158e1907126,2024-06-06T19:16:00.600000 +CVE-2024-3152,0,1,c35837c0aa31c949cf43dc6f979549eef143fbb0ccdbd0806b1482fca09a5466,2024-06-07T14:56:05.647000 +CVE-2024-3153,0,1,71f9925c0b9c95802717e9ea3df72b541910d5a49c38656ce24e7b7ced61efb4,2024-06-07T14:56:05.647000 CVE-2024-3154,0,0,41e99f572a77ebdee6e8e47ee9e18a446acb6753ba44d660260064ab4ee43c62,2024-06-05T17:15:13.777000 CVE-2024-31544,0,0,bc835e0f71240df22cec22617fbfab2cab4d97b1f555eabe4ef7c23231d6357c,2024-04-10T13:24:22.187000 CVE-2024-31545,0,0,58f9284e649db693b69f38b498c09bbce1aa6659c4895ca2c4510e9e4f359bf5,2024-04-22T19:24:06.727000 @@ -249109,7 +249109,7 @@ CVE-2024-3165,0,0,de9c55d425cf1712b174cf5953c3fab2e18950a6202399f31519128938dc30 CVE-2024-31650,0,0,93c237f92a0565f29a186681c2be8c18bcc984e57115648f885447500f241b13,2024-04-16T13:24:07.103000 CVE-2024-31651,0,0,449580f383ba06b10b890173ddf2d62af7a188eb69db82466ee9152e4b087212,2024-04-16T13:24:07.103000 CVE-2024-31652,0,0,208b4f263a9a44614b423f2ea1b775ae64777df67f6e60b98c2159dddb5c4a0b,2024-04-16T13:24:07.103000 -CVE-2024-3166,0,0,ad16f98dd84ce8c4e8e6419a4f932e44a16bc52670ca93fc2b0b6531f4028c8e,2024-06-06T19:16:00.817000 +CVE-2024-3166,0,1,c81e3e68f1adddc19d75d351634155c3d0e9e8ee00fc86bb432f2a7f3495b309,2024-06-07T14:56:05.647000 CVE-2024-31666,0,0,f5853a825a281146da4c1503d720f8c501ae057dbc958a3e9979ea428f9d6828,2024-04-22T19:24:06.727000 CVE-2024-3167,0,0,d4d0cf5c76ec6cdbb273213113ea664bf90661030b60b58ff4c0d4ae3475608a,2024-04-26T15:55:58.810000 CVE-2024-31673,0,0,0b8916c5145f64233db03bbf2ba3efc75200b697a1803c84382b31b9c3949f39,2024-05-06T12:44:56.377000 @@ -249193,6 +249193,7 @@ CVE-2024-31871,0,0,2e9cb20a8839296f42d6bc6aa4eee6ec286fed065eef42e4971f116c0f81a CVE-2024-31872,0,0,7d09da772d85c1598253bebf81c543077ef995af0f84d1cf088132605a2400f9,2024-04-10T19:49:51.183000 CVE-2024-31873,0,0,30397559953deb34a9ae192149473632dc6b2334245e920787a4c5e14fc76375,2024-04-10T19:49:51.183000 CVE-2024-31874,0,0,1770e58d0ae5591eb931a8cdfdb054fb4d854f81849d14af250c71db6caf553c,2024-04-10T19:49:51.183000 +CVE-2024-31878,1,1,0b73115ac73b84788fa99cf25f46539784602ed48c1993fb5a883c28e0ff9855,2024-06-07T14:56:05.647000 CVE-2024-31879,0,0,9e400de08d7e3b57ea9b7110f44ae1b22a7e387f9dc2f33f777f519f045dfc82,2024-05-20T13:00:34.807000 CVE-2024-3188,0,0,5d70d4884e37e1862c5503e8662fdd8be316d1df7ecad77f44114699c1426b8a,2024-04-26T12:58:17.720000 CVE-2024-31887,0,0,e951c215b0e12b882bcc7244c98d7631ee4f4b7a3271b5f24e369f1a635cd3e5,2024-04-17T12:48:07.510000 @@ -249456,7 +249457,7 @@ CVE-2024-32335,0,0,a18eecfae003f3755ca9788ae824f8ae11c862ee21bc8d2d8a24b68bc33a3 CVE-2024-32337,0,0,dc2a2a172fc7aa8fe691537543cfdcef733d9805fdad8204cdb15cb784f9f055,2024-04-18T13:04:28.900000 CVE-2024-32338,0,0,5c39bd4988329d7ca44a2054334cbe64def16d95c15637e731a812da665625a6,2024-04-18T13:04:28.900000 CVE-2024-32339,0,0,afe7433969155378d9f53eb585665f431668449ec7b8a1871dfc6bd28402185b,2024-04-18T13:04:28.900000 -CVE-2024-3234,0,0,1d31325e3bba01b01af2f39d82e42ef7a37c121df1e72c72aea376df4ae04d21,2024-06-06T19:16:01.040000 +CVE-2024-3234,0,1,621ff486fe67b005aafa4d077f43b44f73e9ffae621feda6c5ee33965813c116,2024-06-07T14:56:05.647000 CVE-2024-32340,0,0,ed4dc49e1d39da0a286df8b47ebcf315cd49853b7dd6112c802ea07e59d5ed41,2024-04-18T13:04:28.900000 CVE-2024-32341,0,0,71f1f455bcc77ba4bdae7357bc360322947a986c89138ad9c73bd315f3ef516b,2024-04-18T13:04:28.900000 CVE-2024-32342,0,0,5ed8776d52ca78ebc18330cc82402250f424106e5b861cb93d248ff58681f335,2024-04-18T13:04:28.900000 @@ -249786,7 +249787,7 @@ CVE-2024-32744,0,0,1b7d2f5284e3100bac5a22aa75dd41934cf75bbb03b5daf27a5bf3a3b911d CVE-2024-32745,0,0,7c7ddc449e8c742cc889f2211c73cf5b3fd566001a852588319e29620ec0008a,2024-04-18T13:04:28.900000 CVE-2024-32746,0,0,15529f833c25b7b5b5022877593c49d5afec10018bbf65b56334a694e0bc455a,2024-04-18T13:04:28.900000 CVE-2024-3275,0,0,911ea91aef7f88befc82f4227a09867c3c1d7c5e1f1eaf9e7dcf15d1eb26a443,2024-05-02T18:00:37.360000 -CVE-2024-32752,0,0,f3e264f1654a74cb5d6db5c309581053b928c059905de46a51fa837d33d0c91c,2024-06-06T21:15:48.523000 +CVE-2024-32752,0,1,397ccf54ed3571b7d395be8ff9092e3859eac6f23898bbdd1a86af941d776e4c,2024-06-07T14:56:05.647000 CVE-2024-32760,0,0,ddc31ee26c499fad688d0877d937cc38c7b1f5ceae4bf07b89a5d3c56f9c2902,2024-05-29T19:50:25.303000 CVE-2024-32761,0,0,ce6e18957362490cfabf91767930741349195476d374863f1eaf0c6108afcfd0,2024-05-08T17:05:24.083000 CVE-2024-32764,0,0,bc3d072b957e003e653de0b420ab306da82665736b4d7b512b364e6134049d7c,2024-04-26T15:32:22.523000 @@ -249850,14 +249851,14 @@ CVE-2024-32869,0,0,0e473f01ce255dcdc5f11b871766f1c1758b18f6cf26ba19adbc6c7e41a0e CVE-2024-3287,0,0,2931e418698389557efec190f461462acdf2a1c0b7ebc46c55a5a74f6f678a7b,2024-05-02T18:00:37.360000 CVE-2024-32871,0,0,9f85d471b4bad454c7ad9f642cba508683357f53ebb7db98678a3b7a2b4b733c,2024-06-04T16:57:41.053000 CVE-2024-32872,0,0,e7fbe9b5c004b4e66a6239579379e0485139e5514ad8aac38bed4bc1fa97e05e,2024-04-24T17:16:50.397000 -CVE-2024-32873,0,0,4fc2ee3a77733476e6518eb21b7b6dfbb160b4a069614807c47e17e9bb5adb7b,2024-06-06T19:15:56.390000 +CVE-2024-32873,0,1,433c1d3f3ffa382212043931c61eca7b980e2a6110164251ef66377aef1d0eef,2024-06-07T14:56:05.647000 CVE-2024-32874,0,0,850bb9c013ee72937fb8bbb2d122f43af87799d3ef929c58542ee7f3b7f754e9,2024-05-14T16:12:23.490000 CVE-2024-32875,0,0,1d3ae071c5976cb38c56d9063a1b2dc7d3c3dd7317932ef76fe9cbd393a3f40f,2024-04-24T13:39:42.883000 CVE-2024-32876,0,0,c51720e08df793268c8491a202557c242e904799fd1b8730970b223daed02916,2024-04-24T19:58:40.710000 CVE-2024-32877,0,0,13f5020f551bae5d14609ce1c5cc9045330b07b54a09f287074495be0ab161bf,2024-05-31T13:01:46.727000 CVE-2024-32878,0,0,9824e8ca4092e36a8f9cb2ce3a2b816a546e1a8f5d394979f2c31fd3e27c353e,2024-04-29T12:42:03.667000 CVE-2024-32879,0,0,0b0046e51a12ad5b1f4492d6cff2d6482480cc94626283d2a6f79bd97479ab0a,2024-04-25T13:18:20.370000 -CVE-2024-3288,0,0,203b1ff644ef8142f5156e08f9dcf2d7e879e2168ec0a1eb3c3895b23fc23d11,2024-06-07T06:15:10.837000 +CVE-2024-3288,0,1,5e4f12788561d5b0fea40a0fe92987df5b8673e2e84950bd6c60ba3035b47ec3,2024-06-07T14:56:05.647000 CVE-2024-32880,0,0,4e2d702b579ea68026e2f0825502a7a98e59935dc9a1b24f36b660439ba2f348,2024-04-26T19:59:19.793000 CVE-2024-32881,0,0,a69d7f9beb676365acef6aaf3810d23c9ee7ac916fc4e9b8b59f337998d4f5a5,2024-04-29T12:42:03.667000 CVE-2024-32882,0,0,5274fa89ec3421b5c11bab925ea13ca1712a5851453fd229685e139cad05710c,2024-05-02T13:27:25.103000 @@ -249980,7 +249981,7 @@ CVE-2024-33215,0,0,c8be43358325b8e905d28304a9339956d17f1418e85498fcb8a7134416d39 CVE-2024-33217,0,0,4e1e2d2adceccdbe12f057aebeef0a19faff919f64d3f29d52997e302777a311,2024-04-24T13:39:42.883000 CVE-2024-33218,0,0,8fb813323ddb2eccbc35a036c2c8ad5959ce48973ef0d1e129c52465ed4133a5,2024-05-22T18:59:20.240000 CVE-2024-33219,0,0,4aa16dcbbd12c78070360ec152f9d696965613ce0542d0703865df89e3db6bb9,2024-05-22T18:59:20.240000 -CVE-2024-3322,0,0,b6081c9bef5796bc2ccf1259f788c5f39ccfeb0b044af28c691e7f6f02862934,2024-06-06T19:16:01.247000 +CVE-2024-3322,0,1,8a5bcd30f3caf1b222c5914d9e7fe84bd2705dac24215b127b490cd74c366824,2024-06-07T14:56:05.647000 CVE-2024-33220,0,0,c41561e073978761894dcbb696b5aaff8f8a6608e3ec701f44cf295812522a35,2024-05-22T18:59:20.240000 CVE-2024-33221,0,0,b65e84a65a9fe4fefd4ada16d4f184b1f6f0f3c47af67bea531095a4ef55ed0b,2024-05-22T18:59:20.240000 CVE-2024-33222,0,0,3c14e3abb72d990fef8472915dfd0b9a35b55dea0b9258575a360253dd0c5e93,2024-05-22T18:59:20.240000 @@ -250211,7 +250212,7 @@ CVE-2024-3365,0,0,72815092a8c597fcb65b9f4966eb0474a56b71117ba0af8f5274e1b80bbf93 CVE-2024-33650,0,0,19d8d8a0b27cf4dde85e5f92d8bf04c572aaff417d777c3294978343c2e4f677,2024-04-26T12:58:17.720000 CVE-2024-33651,0,0,1cefad65f2bec7e29ec0f3af20b45cba9167a66152171d6da2043875d9e6dcf1,2024-04-26T12:58:17.720000 CVE-2024-33652,0,0,f10385ddf63819e6bfc4cfd1af98d21aa48a5904778b552fb96e778ca7071131,2024-04-29T12:42:03.667000 -CVE-2024-33655,0,0,019b6ed4a937b0f581ec4b3bd55a79581ba5d3d9afb52137414622276292ccb8,2024-06-06T17:15:51.040000 +CVE-2024-33655,0,1,1a06ba71aa0310fd39c21c550fd7aaea27f80b3e9299f75cb7e7094d86f835bc,2024-06-07T14:56:05.647000 CVE-2024-3366,0,0,cee4987ed8ff1f296ec0608c2f2a4293250401226181ff89b21a21c72172c537,2024-05-17T02:39:53.090000 CVE-2024-33661,0,0,335b3962b8b35021f7d1525fb53b5e1ed72d069375d3f8ee59966d5db4f26d91,2024-04-26T12:58:17.720000 CVE-2024-33663,0,0,ec8e93da37d2d2637b8f6a349ca26f3f71e8cd5e6cb10be23a57d50df0caa826,2024-04-26T12:58:17.720000 @@ -250398,7 +250399,7 @@ CVE-2024-34008,0,0,edc66ba59c24fe86c5737696ef5e1beb12d9c8c54bd644a71789cd3b77a01 CVE-2024-34009,0,0,6ddbdcd2f8161372a9bcdefda9c8b3e3050867c707ff64c3c31650ed3f1f8522,2024-06-03T14:46:24.250000 CVE-2024-34010,0,0,c31f2f180475c1f3f2204c1feb2010c5ada948eb1b4d37517c54f97316341f08,2024-04-30T13:11:16.690000 CVE-2024-34011,0,0,4e2e0fb5d64e6e75da5ff3561c6f86ff1f891a3646e890e015512c561d328a58,2024-04-30T13:11:16.690000 -CVE-2024-3402,0,0,6c248bb5279fb033780420107770a754dadc97102cc9052af33a8f3677212a51,2024-06-06T19:16:01.450000 +CVE-2024-3402,0,1,e994f4abb2ec0efc27de74bd789f4b69dd0341c920e8e4136eb625b5fd69d8ce,2024-06-07T14:56:05.647000 CVE-2024-34020,0,0,9d9b11f4db84c3770acd92b1150bad9b802c58de4fce781bba37a89c232e029f,2024-04-30T13:11:16.690000 CVE-2024-34025,0,0,7910ed3f49f27cc3d6e29efd0456c14b8fa97ed1ac57b4183c41d497d3215ba0,2024-05-16T13:03:05.353000 CVE-2024-34029,0,0,4169ae74794d01d0e86a2d5b95da9173d7cd134e14e2c2e7fdcc6668ef8aab4e,2024-05-28T12:39:28.377000 @@ -250406,7 +250407,7 @@ CVE-2024-3403,0,0,351b7361a62b75fa01065ca2b4d00dead5236a2356f9f11be8885ee6cd8288 CVE-2024-34031,0,0,32832cbb1e8c12d82b1b4f0b17dd8da5298483e844da3b9dfde76f943f816f64,2024-05-03T12:50:34.250000 CVE-2024-34032,0,0,5a4c84545c086e02a753cbdc2a69955417aff416961e34fcc07fc6e9fddc4770,2024-05-03T12:50:34.250000 CVE-2024-34033,0,0,719a8ff9b4eb14602d2888920177741310f8b0330069ca799cf076b91625a4df,2024-05-03T12:50:34.250000 -CVE-2024-3404,0,0,d78e4e9577126ae59417fe195e775335d5d7e4c8499f8ed9c7d79720e449cfe4,2024-06-06T19:16:01.673000 +CVE-2024-3404,0,1,6e17c41fd2ac1693dde4618a5f61498fd7ee98f9bce0873b88bd7dd4dfede7da,2024-06-07T14:56:05.647000 CVE-2024-34043,0,0,7ca1282f168b2382fda735851194a0d4cf0b96b9e0efe68d472278215068d68e,2024-04-30T13:11:16.690000 CVE-2024-34044,0,0,1b80936b6f5ff7a9f74aadc7ee541de569f6d2545da0250429d475e804224350,2024-04-30T13:11:16.690000 CVE-2024-34045,0,0,d9f65a975a467a35e54719953a77085842c3e12162c6a7fa01465023f7b2709c,2024-04-30T13:11:16.690000 @@ -250439,7 +250440,7 @@ CVE-2024-34075,0,0,ff3af4ab60f965ab2de2b47da1575d6e4328683ac09cd88f8b024e445836f CVE-2024-34077,0,0,b00a32fb744b1f8d8f39ba9f479d9883acaa488c1f8569d97c3fb350fec58930,2024-05-14T16:12:23.490000 CVE-2024-34078,0,0,82828053870f4925c57756113c35390ae666a52c7685f7de8391ec7c16f1a26f,2024-05-06T16:00:59.253000 CVE-2024-34079,0,0,6572038357f505e44f92d8f669e5daf0b3d778b5d39dc5f61f9e5e10a30631a9,2024-05-14T16:12:23.490000 -CVE-2024-3408,0,0,f79533d36fb0af7895d42877d34e5dfd2edbba91235d2c94439e80a3d3bfd6c7,2024-06-06T19:16:01.890000 +CVE-2024-3408,0,1,9ef5e4a2f323293da0da52da00a03e5e54d6e9b5934fe1aacbcd760e304c4ab5,2024-06-07T14:56:05.647000 CVE-2024-34080,0,0,e890dc8f85a5b0ce07052f149d9ec64b8fd7c7f0d9e83e22062a2310e484cf25,2024-05-14T16:12:23.490000 CVE-2024-34081,0,0,f2f9048f3d99a0c526f81090582bf6c8eb55dc9f0a781896f113edce1c062f0e,2024-05-14T16:12:23.490000 CVE-2024-34082,0,0,5031917250a6777eae74186c259cfc86681556ae8919d051843a71cfa70a8f75,2024-05-15T18:35:11.453000 @@ -250533,7 +250534,7 @@ CVE-2024-3427,0,0,8ec8e862f797bb81b9d4ca614d2eae08e844bf2eeab6da619bcde489396cea CVE-2024-34273,0,0,9a2fb0e3f02cab13377b15bc3ebeb83f8916934fba1719cf7e91c12ce4f829c2,2024-05-17T18:36:31.297000 CVE-2024-34274,0,0,ed7cc27ce0add2cec6f0eb075d72d9bc499f3881642a46a4b175be29efe29f5a,2024-05-22T12:46:53.887000 CVE-2024-3428,0,0,6bd12c0e792d3206173879dbc2d07d17480b1dc620de60ecd99e55318e421784,2024-05-17T02:39:55.420000 -CVE-2024-3429,0,0,8e87467a7aa1bfefe22ee36140fb332664c1995819d475e3e6dc8fb27bc42bf3,2024-06-06T19:16:02.103000 +CVE-2024-3429,0,1,142a702623e51f7167cd4d2dfb301671577283ae70e145eca4d03920b0a9bcc1,2024-06-07T14:56:05.647000 CVE-2024-3430,0,0,26511d7640da51b7d570c3e3e64dcd51a1ae1a874f887e17d041871761404897,2024-05-17T02:39:55.503000 CVE-2024-34308,0,0,a9106d3038ea0861ae87e336ed29b09bed158322011782013165b4fda14eb836,2024-05-14T16:12:23.490000 CVE-2024-3431,0,0,455a9b01059963fcb0a3456cd2358856e44f5db237eb4ee1c03f1b9fc99bc502,2024-05-17T02:39:55.597000 @@ -250665,7 +250666,7 @@ CVE-2024-34473,0,0,a0e81d4e65e4f59fc6788a67ab9abe6ae8169dfe1411246b36c4680fde1af CVE-2024-34474,0,0,3df656c76dccd5c0b812eaec7b5241dc606cf859dfb7b55dfdb0e2ac6d92fbbf,2024-05-06T12:44:56.377000 CVE-2024-34475,0,0,bc3b000674e2f5e5d8987a5a03c7029744124543abeafbfeb540e90342057172,2024-05-06T12:44:56.377000 CVE-2024-34476,0,0,f460d7b07cd8e1102230047a90895024b7118c0a722ec4264bd02b84a90ba448,2024-05-06T12:44:56.377000 -CVE-2024-34477,0,0,805be4e13aa4efd2a647d3f065818e199145b64e0cfebcf660ee8d2965701d6c,2024-05-28T12:39:28.377000 +CVE-2024-34477,0,1,1582bb27a51733ef5d8216b768cf631f7623fa6704a59528ef32a8f5c53cec81,2024-06-07T14:15:10.293000 CVE-2024-34478,0,0,e041b25b36e3062d0ab338fb8a5bf2a23de65e7f383d14a7d54f9bd405368aa0,2024-05-06T12:44:56.377000 CVE-2024-3448,0,0,38511310080ef6cbfb33c1721e41ad41c6df0877e6ffcdbf14f478fa1ea7a673,2024-04-10T19:49:51.183000 CVE-2024-34483,0,0,df92e60b2a063249d7c7eb5d2fcb2d7b0c92f9a83d882b5d628cf9e21e289c65,2024-05-06T12:44:56.377000 @@ -250816,7 +250817,7 @@ CVE-2024-34825,0,0,da4c9ce510f00e0a854bf235f0a803bebe7336aa5abd8cd7cbf31f6e4dc54 CVE-2024-34827,0,0,967f2d32afb0b2dfaa20d1f45e0df3e21389d96466bc0e3abad227fc206b40cd,2024-05-14T16:12:23.490000 CVE-2024-34828,0,0,7605aa3bedb5fc5d707a6b481c1cc91c79f17545427a53b88cbe66a14822c076,2024-05-14T16:12:23.490000 CVE-2024-3483,0,0,f497cc0f9f7ed97ac693fa9f9e6ee9a3d8c1c00c57913a6c4140ae3ca9834d87,2024-05-15T18:35:11.453000 -CVE-2024-34832,0,0,442c1fbf0bc603328a0a57cbf648d0a0d68f02e82c6b87be4014b5ad8bbdee38,2024-06-06T15:15:44.873000 +CVE-2024-34832,0,1,5450d25a8a2a2c18ec1f13cea90692cbdaa88c98ad37b2d242e0d647addbb9b2,2024-06-07T14:56:05.647000 CVE-2024-3484,0,0,77b96fc6faa401f39469e2fe8fb49203604ce091be4caf53c785afcea370dbf3,2024-05-15T18:35:11.453000 CVE-2024-3485,0,0,e8641b5678d7bfcdabd6408cac9c77af492485e4b29f63fc9dc56af18234e19a,2024-05-15T18:35:11.453000 CVE-2024-34852,0,0,a2b46166918037a96ec96511b7428ab937c28a5b7c34beca90d286eb089cfe06,2024-05-29T13:02:09.280000 @@ -250877,7 +250878,7 @@ CVE-2024-35010,0,0,6784a947df2e9deefe9757ceafde92b1b4ea5ac58202274413dd6808bde18 CVE-2024-35011,0,0,f2661dd77acfffb252c04e1320c267716aea3744ac85c0060c0d7422270083d6,2024-05-14T19:17:55.627000 CVE-2024-35012,0,0,c50fcf2a5579f8393bc9e4a23a36901c21717650b7441366632fff1c32da860d,2024-05-14T19:17:55.627000 CVE-2024-35039,0,0,549aab3001465c18f7558af8e5e45f167595616c9a7bca77c96ced50314baa21,2024-05-16T15:44:44.683000 -CVE-2024-3504,0,0,559f6e3501c6d95ba827b8138b63a512f4dedb73e8d940cbed306f96e6b253c1,2024-06-06T18:15:17.980000 +CVE-2024-3504,0,1,79cce84e6f753803ee042004779287d4dc9d06a39c69bee145ee31cd2e79f692,2024-06-07T14:56:05.647000 CVE-2024-35048,0,0,ed871a8ade99e0617809ff904ac4a8fd285ba197cac8822e996ab2fb9852d715,2024-05-14T16:12:23.490000 CVE-2024-35049,0,0,ee71153645e9403440b243e3a73667394924bc5f87710f5682c39713babcc96d,2024-05-14T16:11:39.510000 CVE-2024-3505,0,0,d46d6b7d35449c168e9ff66f3c93f973f2e1e579109b94b88c63ad7baac2b7b8,2024-04-15T13:15:31.997000 @@ -250924,7 +250925,7 @@ CVE-2024-35173,0,0,c8b630034cf3b1bc330e71b72b5f56e98c26129f928dcf9116520c177544d CVE-2024-35174,0,0,8006c388ce7f40c47517b2ce45db1539a314885c56e9f6cf958456802b7f9ce8,2024-05-17T18:35:35.070000 CVE-2024-35175,0,0,9e25ae925e31973a2b67a8977610ae2bb87bb633e1a1caceea1eca0e2e2fe971,2024-05-15T16:40:19.330000 CVE-2024-35176,0,0,4b60ac698f0409c3d5afd3135a012e527abd899b09b05eec72c22bf6c64bb106,2024-05-17T18:36:31.297000 -CVE-2024-35178,0,0,10198c57a860a2d19f8d2d65a9ebbf6a0b33221ccd4dfbf4eac06528a4779160,2024-06-06T16:15:11.937000 +CVE-2024-35178,0,1,10e3c405c5070336a9576e09f993658c665a2ba462c280393c71d601d33ee636,2024-06-07T14:56:05.647000 CVE-2024-35179,0,0,4433fc22ade8274a4e17f50ac56484b62a8701a589dbfa040c3c094fd870b93d,2024-05-15T16:40:19.330000 CVE-2024-3518,0,0,eaf2303b214171cc846a9c1e1f5b5c9bbf3d3c0b489c261d40c49ffc3b73ea7d,2024-05-22T12:46:53.887000 CVE-2024-35180,0,0,80c407dbbb9cc728599339da6dd4aafc61d867bae9c46c13901781bc50f4a229,2024-05-21T16:54:35.880000 @@ -251287,7 +251288,7 @@ CVE-2024-35916,0,0,eef0a98f14bc85cfcc41c2c9dbcad427449f316ed211b491f369093e02e70 CVE-2024-35917,0,0,b89394b74c7a8c75aec1871ad444a1de3b356465b990a17e25fbca62313f01c7,2024-05-20T13:00:04.957000 CVE-2024-35918,0,0,b2be0a765e82477c2ac9db950f51995c31889c3002199373637759e7724e2e90,2024-05-20T13:00:04.957000 CVE-2024-35919,0,0,27d82e9c37f0ef8108c9a890221a4e4df4c581ae1c83c8f84d3878b062b56455,2024-05-20T13:00:04.957000 -CVE-2024-3592,0,0,f47a8159346289d13a00c85300e0e13713d8283dfff6f48a4d46e87c03c14c03,2024-06-07T06:15:10.960000 +CVE-2024-3592,0,1,5ddffb53103cba52c327a0e0a594969ceb3b00a08fcd0f03d03c6161b46a1bb5,2024-06-07T14:56:05.647000 CVE-2024-35920,0,0,8a2843ee95e70c40090dfa8d23a18e67b6b0ca26e4c73366bc47c210b89fb0f9,2024-05-20T13:00:04.957000 CVE-2024-35921,0,0,84ce50a3d1bc0a485a80ec84c27ac1436f96be4789b7f8d91c7dd5db63d60278,2024-05-20T13:00:04.957000 CVE-2024-35922,0,0,c0262e365d228a168016ee16200d6f663423e9ed53093ea5f55b1b1fe3e37587,2024-05-20T13:00:04.957000 @@ -251430,11 +251431,11 @@ CVE-2024-36078,0,0,c51f0267c8f676ff86e885fc858add33b498be4bce4ced499be9c0d55f68f CVE-2024-36079,0,0,fdb9a00040976f09fbaf93ec1c9cec0113756b033e4d68b6334fa44aebe9f8d5,2024-05-28T12:39:42.673000 CVE-2024-36080,0,0,de5551202af1794b77e1032fd6ee35ba7df3ef2929b44077b5dc18aee0b886df,2024-05-20T13:00:04.957000 CVE-2024-36081,0,0,d4f0cf242ca757b4f303ae5368ae2b4579e3452ad04759648a40396f5d2c3712,2024-05-20T13:00:04.957000 -CVE-2024-36082,0,0,3b3a14fb7adc835c096bd48dcbbcf73aad4370c235f3bf04b1feeb19026a9ae2,2024-06-07T04:15:30.357000 +CVE-2024-36082,0,1,ec05e6fee429e8ce759a7c1458dcc4d6897daf721318becd9b0e86af84bd511f,2024-06-07T14:56:05.647000 CVE-2024-3609,0,0,ed7edf68142e8387ad834c19a7338682e57310d52666dd6c703556dcd2e4f649,2024-05-17T18:36:05.263000 CVE-2024-36104,0,0,d791090d63e65d841ba8ee5d3ad2141bb986481787582de2f23200ce4780a74f,2024-06-04T16:57:41.053000 CVE-2024-36105,0,0,4b0fed9ed2485549411fb1c0dd5b530df11ef2b63c1b154f3cb43f2c66dea72a,2024-05-28T12:39:28.377000 -CVE-2024-36106,0,0,c85ddb4d7775f0329c0634c88aaccae0158c08f5ddf89531bfeafaa54770278a,2024-06-06T15:15:45.023000 +CVE-2024-36106,0,1,c68c312ee2bc6ec7a30477c97b5c82d947d4a1b2653da093413e96421d465f20,2024-06-07T14:56:05.647000 CVE-2024-36107,0,0,3822d3240549b49c3e2603142bff0a390b754055e04abd1375217acc3ea4ac02,2024-05-29T13:02:09.280000 CVE-2024-36108,0,0,1712acab6fb5bcc0e89c140fd4bc7f953ab5cd6a3b2df721c59b01e1212e5edf,2024-05-31T19:14:47.793000 CVE-2024-36109,0,0,8442e3c76593510de83882ecc41707b0c4728f640a49fe701ed403b144ef7ca0,2024-05-29T13:02:09.280000 @@ -251503,7 +251504,7 @@ CVE-2024-36391,0,0,912b7ffb7dfb6dfb15f70d7bea2f2a5105573bbf43d36923ced033abcc265 CVE-2024-36392,0,0,7b41af317d30bf0386ed81503024aa5664470441af94b00ab8ae6362055ee697,2024-06-03T14:46:24.250000 CVE-2024-36393,0,0,dad9a318c2494ff47436b4a590250d168d0c818dc3eda817c0e3ba447f985b67,2024-06-06T14:17:35.017000 CVE-2024-36394,0,0,0836b42c2ed8b0b26ece5429f06f273f62ad8b7051c36ce9a182ada775da7277,2024-06-06T14:17:35.017000 -CVE-2024-36399,0,0,c3e1cf0cc9bb37d56008b782700f8b9c13323329ff2168b3d44b4d48d0080a31,2024-06-06T16:15:12.573000 +CVE-2024-36399,0,1,32a084399fffaab7b007a4925030bc8dfc9c8bbd3d7f25f567b275cd72694397,2024-06-07T14:56:05.647000 CVE-2024-3640,0,0,abbf5a33cbca708fe19710dda7a796491ae1d1614e9cd03f43d6cddef8b09500,2024-05-17T18:36:31.297000 CVE-2024-36400,0,0,adfa37aa9ee5bdbeb119043e05eb6c3cae4bca70563f93beec768283d523dfe5,2024-06-04T16:57:41.053000 CVE-2024-3641,0,0,c281de95cce057acff2793609e8f843aad579a2f0257c0c2e0b6442733e87b14,2024-05-16T13:03:05.353000 @@ -251544,7 +251545,7 @@ CVE-2024-36668,0,0,4cedc166eb0bd391c040c5196589bbd754cdd7e90f4a579e8e01dedf42e83 CVE-2024-36669,0,0,c31d1b743dee91f6b455e92a9273f2707d1346a2a80737e220c6a9249b386f62,2024-06-06T14:17:35.017000 CVE-2024-3667,0,0,b8aaa7837b9708a00cf0b0659c0d909767a8ae9572c9d0bb67e828adada10c4b,2024-06-06T14:07:44.473000 CVE-2024-36670,0,0,fdafe9c66140e5a2018ce6b3a330b135107007226ee1c746bda0de7803753e50,2024-06-06T14:17:35.017000 -CVE-2024-36673,1,1,c242cd7aeb708e267aa15ed810b55f4dc2dd802c6d5d23098512c9eb1667faf4,2024-06-07T13:15:49.547000 +CVE-2024-36673,0,1,0bdedcf3cd9e0ddf0f56dd3b2d8e8284bb34474f2aa544a628d0d470af49742d,2024-06-07T14:56:05.647000 CVE-2024-36674,0,0,64a41fc68368d9bae481254f7aef4332736d337353346af2d18107a9908d2826,2024-06-03T19:23:17.807000 CVE-2024-36675,0,0,5c3f7593516cde09c4cffe5f588ba2d6bd558d4e765f212515d844554079cc61,2024-06-05T12:53:50.240000 CVE-2024-3670,0,0,c82d0130c8edc16344a78447d1514c5ffe18d421cd344e5799606a7730bedf8c,2024-05-02T18:00:37.360000 @@ -251552,33 +251553,39 @@ CVE-2024-3671,0,0,d4c07d059b6fad473ffadbf866eab2d0161459cafd3d5843ab40df0df4e33f CVE-2024-3672,0,0,b7de207aaf40bb160711ae23312b83bd4f3d950fbf99cf282ee38b1e3854739f,2024-04-16T13:24:07.103000 CVE-2024-36728,0,0,c2be0d961babece611e6ef331669b97310e3200e5b725ef7082af06fa5b1b229,2024-06-03T14:46:24.250000 CVE-2024-36729,0,0,932b1f58b1a09b0188e5d6600471eb6364a687fd2ef712c615b505ef114eedd3,2024-06-03T14:46:24.250000 -CVE-2024-36730,0,0,25473babf74b4d158639fb32d53e8100279f0b11769936f82762edfbb056e552,2024-06-06T19:15:57.840000 -CVE-2024-36732,0,0,ec6839bee7c3a300c8cdb36744a383a60939bf473d1a49029780c127a830f7f3,2024-06-06T19:15:57.937000 -CVE-2024-36734,0,0,b13e6d3cdee1bb9c59fc70605c408a660e6eda1a7586e5d646837855d5a6c7c0,2024-06-06T19:15:58.030000 -CVE-2024-36735,0,0,2c6eb65fc9bb036409bde0747d4bbee7325f5dae937df7c982ef62b70512594c,2024-06-06T19:15:58.117000 -CVE-2024-36736,0,0,a9802ab834ce808d7160880fbd3ee151d287a03b2898f4d875eb4500b0ba4a12,2024-06-06T18:15:16.560000 -CVE-2024-36737,0,0,32730637359ddac8c28df292fbc77aa6ffb0daad8c001d770ac832d9c6f84b29,2024-06-06T18:15:16.643000 +CVE-2024-36730,0,1,9dda72b0002f8a905b914a8cd36ff962846bc847eb5c21d1bd86d0b7cecb8586,2024-06-07T14:56:05.647000 +CVE-2024-36732,0,1,d2047b08a8fc9347417a01d7e12d415f90cadfdb990e6471de1f6c3bf71b340e,2024-06-07T14:56:05.647000 +CVE-2024-36734,0,1,d69484de6d95841b2668a312f78840454d9d5fea259be344a7e37c00f91278e5,2024-06-07T14:56:05.647000 +CVE-2024-36735,0,1,a6eccd5bf4a5d1c68a7f68e5124594b65cf5ea9037aab21753ad323be088244f,2024-06-07T14:56:05.647000 +CVE-2024-36736,0,1,d37d65697cf48a4c0cb9fd19097850c1863171e816be78616d4a3989c196737e,2024-06-07T14:56:05.647000 +CVE-2024-36737,0,1,ed3abada6b42917ea7f9f032fa5e9c6eaeb8eff7fb60e2f6d790a0d7c02e42c2,2024-06-07T14:56:05.647000 CVE-2024-3674,0,0,f0fad7a5bda9e15945dde9432e31b1e267affdedcf2e230210a842bcd40fa4e1,2024-05-02T18:00:37.360000 -CVE-2024-36740,0,0,16e5214ed842cadee1b0c074b34abb09fc93203dba1a7f371b4bb7c67255ab90,2024-06-06T19:15:58.217000 -CVE-2024-36742,0,0,bcf4f58ec27b4bb6df0e58bd10b149ac0419fb5eaf450a7c78d61599527c5f09,2024-06-06T17:15:51.157000 -CVE-2024-36743,0,0,c367f5761ccaf7b7eafa39d7269d5269f807f01e98311622f45afc2f57a4d299,2024-06-06T18:15:16.723000 -CVE-2024-36745,0,0,e15cc5a537583aee5250bbad8c66a9ff54b46813efeed62ee1e93495391bddd9,2024-06-06T18:15:16.807000 +CVE-2024-36740,0,1,aae82699ee7e0aeefcea8ddf838caf624c3999d81e4756b1ea8205a87e01a7a8,2024-06-07T14:56:05.647000 +CVE-2024-36742,0,1,2941ab796d29923e5003ba921e34147b367638496ca61de6313da56f2bc0d8af,2024-06-07T14:56:05.647000 +CVE-2024-36743,0,1,947029ef079964db2f975300f543b502c98bef02b4c5f9f3d5de943b90d777a7,2024-06-07T14:56:05.647000 +CVE-2024-36745,0,1,c21f6d498139c367702b2a5b310b830e45905feb661fd13e2ada12120c92ab59,2024-06-07T14:56:05.647000 CVE-2024-3675,0,0,00d1234baac079cf413c516618dd0fc3e7ad5eadaec0ab200df9e28f23d3ebe2,2024-05-02T18:00:37.360000 CVE-2024-3676,0,0,afffaa433a0219105ab8db2fc3cac72e262ac997e8b5329e1239c5388df90382,2024-05-14T19:17:55.627000 CVE-2024-3677,0,0,822256c91d31044a13b27ee319c8c0a4bbd148e7653d3ef44cb1c97299aa9fe7,2024-05-02T18:00:37.360000 -CVE-2024-36774,0,0,c52a7d440526ec1c5b5dd8f79b05861813295ebd9b5c8bb364d051592833b661,2024-06-06T22:15:10.660000 -CVE-2024-36775,0,0,cf7ea9fb1132952f5ce9b9a96bde9cbc141e3622bc6c890b6a70d79058ca032c,2024-06-06T22:15:10.753000 +CVE-2024-36773,1,1,1dde0f54693c444486f15e16f3a6f8c7bc954ca17a934505d2c9508feb080f07,2024-06-07T15:15:50.063000 +CVE-2024-36774,0,1,2df072beaff79bc30583e2884ff43f38048f215ce893570cbe619b2c4b3ea848,2024-06-07T14:56:05.647000 +CVE-2024-36775,0,1,4b375f407da92147ec03b418aa34ecf2eb865c48a39c0ec7b6825445f826777a,2024-06-07T14:56:05.647000 CVE-2024-36779,0,0,8c7e83df3afae13bc8d33f62f8b15e49a81040b0a6b2ddb11061136937a55355,2024-06-06T14:17:35.017000 CVE-2024-3678,0,0,d720397e0ff5aed34935621b66252dd502ae3dd7e987e20f2aefa29510c09059,2024-04-26T12:58:17.720000 CVE-2024-36782,0,0,e7ea68c65c5ca104712b302d02b4ac394c2f9961920c167363ea2d5cb5f8492d,2024-06-04T16:57:41.057000 CVE-2024-36783,0,0,836a2ceb0d98b8a700028ad4ff916db5f51e7a924e1a9f84d5d28e5cfa23ba3e,2024-06-04T16:57:41.057000 -CVE-2024-36795,0,0,3951dbc9e8c31bc54060c0f35e7deac4ca73e15b190641e6b289c06b74edd598,2024-06-06T21:15:48.687000 +CVE-2024-36787,1,1,2726585948050855556cfade25f89635ec24fc2e256e4a0474f5818f68a1c871,2024-06-07T15:15:50.140000 +CVE-2024-36788,1,1,a7e86bc9d4b433f6704e92dd495156a9791ee79210bc009fe9355f0b7627abf7,2024-06-07T15:15:50.233000 +CVE-2024-36789,1,1,b805f25ce409d71c901713b74f3ab0f294b97843dafdd4b739bd2c6595ad9992,2024-06-07T15:15:50.323000 +CVE-2024-36790,1,1,062daf995def61973560f7428e36e884d4f2e2648bb11b2b6f2bc0a920f3ee32,2024-06-07T15:15:50.407000 +CVE-2024-36792,1,1,db737b96d11442f6fcf3082f5313ae04afe6e1e6e693283b0822e8487c8cf3fd,2024-06-07T15:15:50.493000 +CVE-2024-36795,0,1,85e3975032f158649d202197d4f3d1d367782eb9719b5cf4299505053a485fcf,2024-06-07T14:56:05.647000 CVE-2024-3680,0,0,b1ed78ba2c31e060c65591b1b4aa0e0cdd627bc790583f352919e473d1394bc8,2024-05-14T16:11:39.510000 CVE-2024-36800,0,0,967d3236939728405f0bc2636be420e66aaebd51f71e3cb4a6ae3a4ede9ef472,2024-06-04T16:57:41.053000 CVE-2024-36801,0,0,cb5a003a5410a18732b1906d50ac09307cc6038359a69f635327e6d9be7df9a7,2024-06-04T16:57:41.053000 CVE-2024-3681,0,0,4cc6e1e77320458af0f4beee59a38c9a663fe20b962b28f234c099bc7c23ab32,2024-05-02T18:00:37.360000 CVE-2024-3682,0,0,a140f5eb71acf183c1e80e0d2f5a14a5c7d8a92c7cf9dd3ea5250a20e3cb490f,2024-04-26T12:58:17.720000 -CVE-2024-36823,0,0,18c9ec141a4f3f360f3b47387b0ed8ac2ebaff31650c6557d5d08b0788cd4084,2024-06-06T22:15:10.853000 +CVE-2024-36823,0,1,aad699347c3b05ee3cd9abd97cd2dd91acd777507ac0def145495f15e3829674,2024-06-07T14:56:05.647000 CVE-2024-36837,0,0,47ca3391700f1c8fe38372397571450c964664f9edef8a6b063febfb6bda26de,2024-06-06T14:17:35.017000 CVE-2024-3684,0,0,e7edf7d6bce31b480b46d692afd4304c988268ba4618e87da8566dc118f2be92,2024-04-19T16:19:49.043000 CVE-2024-36843,0,0,dffd8a9db459cea7141db065370811228354e9ed0a00ef7accb6e04cac03982c,2024-06-03T14:46:24.250000 @@ -251712,12 +251719,14 @@ CVE-2024-3708,0,0,09132fb1644ebf0c808002aa8ac15b19f13ae71d0beb378f7a9664a5ae685f CVE-2024-3711,0,0,00ee502ae0ae8bdc802cd38eb1ec1e1356c10e1c18d766a4effd20297a066f55,2024-05-24T01:15:30.977000 CVE-2024-3714,0,0,29d3de80cc1f6e0ff07b09e17d8d58f6e17e5f0164ed94da7b2235ed17131c18,2024-05-20T13:00:34.807000 CVE-2024-3715,0,0,902861be5261e2c029ed83a5c6920fde180817c53e05bb93208dc31c820658c5,2024-05-02T18:00:37.360000 -CVE-2024-37150,0,0,356413a4ac5d1c90535d18336d6df31c23963b41565b45b4c548335ded4d7e96,2024-06-06T16:15:12.890000 -CVE-2024-37152,0,0,1bfbe0f0a8c127156adc51e1ba59302d9870743a5fa30e0119869694af3bbce3,2024-06-06T16:15:13.190000 -CVE-2024-37153,0,0,30493d1b40b833e16bd66d6175f199fd97118cbff37e2fd33e1abc70b1e8bfe0,2024-06-06T19:15:58.403000 -CVE-2024-37154,0,0,1635873646f2701561d1bf4888d4435b4d88c05bf12b57868624c8dccd2df36a,2024-06-06T19:15:58.683000 -CVE-2024-37156,0,0,8f1609389144b7609e0108a5761a55c69e9bff1f9a79c3df6416fa1a6b292705,2024-06-06T16:15:13.493000 +CVE-2024-37150,0,1,97cf533630a2e81b430f11fe12ccc7be397791e2299035e9f7d7a243e494791c,2024-06-07T14:56:05.647000 +CVE-2024-37152,0,1,d5beb8b2bc90de99efc40fac5a89948f3b2a0d50610a65220e35a91d41ce9369,2024-06-07T14:56:05.647000 +CVE-2024-37153,0,1,61a2831c55890f9a410cc075d806b38e60c3b9609259f6ca16f7a060d646905b,2024-06-07T14:56:05.647000 +CVE-2024-37154,0,1,58669c60bd370ee58122b9f7af67de36a61a42702559484c7a8e000321217599,2024-06-07T14:56:05.647000 +CVE-2024-37156,0,1,7e333f2d85e8aebcd8a0c3a0c10b32f6169582c9ae7ef770c4979e919256c1f4,2024-06-07T14:56:05.647000 CVE-2024-3716,0,0,bdf7b94eaf3a61f5d833423267272b016419fd984cbc8abd8ff807268a3875f7,2024-06-06T14:17:35.017000 +CVE-2024-37160,1,1,fcce8714fd6eb9d5cfcd3a6766aa7f897f876324a339916bfcf72210a29f3e95,2024-06-07T14:56:05.647000 +CVE-2024-37162,1,1,4ababcf4d75b03d4df0fcaa37e26a16ea66e1c1a55978ba6a72af8e5f482ad67,2024-06-07T15:15:50.617000 CVE-2024-3717,0,0,f925293668cd733410cea58d8de3d8ac1f08ce4fec8b5812651df64ea2fd428a,2024-05-02T18:00:37.360000 CVE-2024-3718,0,0,a740a1633905d284711162c33f52150d8f35c5a9e41e141a82d07851d64c55d1,2024-05-24T13:03:05.093000 CVE-2024-3719,0,0,d2320674d04cefde56a0b36b463f74328d6f18494803030bdfe9b0b1b4374afd,2024-06-04T19:20:23.553000 @@ -251738,12 +251747,12 @@ CVE-2024-3733,0,0,a4296992076c9e80c22dc80bc25acdd9a6af961376871659e0386f3449f486 CVE-2024-3734,0,0,b86ed30811a3326be0f0dac4d727bf041d17d1a4d696b5825133800b3e1e6da3,2024-05-02T18:00:37.360000 CVE-2024-3735,0,0,5ddf2e7f4a48d9adc915c53e5374d23792eebb62d6ec39c5c6eab645f0c5ac5e,2024-05-17T02:40:05.693000 CVE-2024-3736,0,0,8212a13db4363d6279d1d8c19924659c1f0cf224cf46584ea7e82cad3d6da340,2024-06-04T19:20:23.987000 -CVE-2024-37364,0,0,3eb7ac1ae1d4ccfc84dd9fb416453798b3e571372669c090d9ca048f78636528,2024-06-06T19:15:58.900000 +CVE-2024-37364,0,1,070f30cc4e6616b0f0ef3a023c4cee97eb2b6bdbb7bd742359fc5c6826335718,2024-06-07T14:56:05.647000 CVE-2024-3737,0,0,e288f29127240d626de190f33aa5cc85cc615dc26f102a0c00221aa9708716e3,2024-05-17T02:40:05.887000 CVE-2024-3738,0,0,0968d9618a10c036b25eaa390531466819e491a5c992bcf4c715af4b591b9121,2024-05-17T02:40:05.977000 -CVE-2024-37383,0,0,db495e12281b46654ea3c15d28602c931d728295a758b8489765c1057a45ec06,2024-06-07T04:15:30.463000 -CVE-2024-37384,0,0,5dac19b22ce324d995735a0a8cc7982c6b5de909be174974cde5275245626f89,2024-06-07T04:15:30.597000 -CVE-2024-37385,0,0,bc9150caa0bb6a3a2c953194330140f9505dbf1f8d7ab275b9fc8362638f2c31,2024-06-07T04:15:30.720000 +CVE-2024-37383,0,1,a4552d5388f4eb8540f324d9c8fd40911a5bf6ed7b6e276832d253c19bdd0c3a,2024-06-07T14:56:05.647000 +CVE-2024-37384,0,1,60b664762f9333df5975c65ab9b722a03bcb9e931609f92fdae7cd1cf2f9fa1f,2024-06-07T14:56:05.647000 +CVE-2024-37385,0,1,ab67b8a0f073ce7f5c28ca11584627dbf70b59e11b1337a1068ce1887aeb0943,2024-06-07T14:56:05.647000 CVE-2024-3739,0,0,18ca969c974b63c6d16494fbcc2d63756747cacc5947332fefb20d9c592537e4,2024-05-17T02:40:06.067000 CVE-2024-3740,0,0,1025f598f3437296a5a18526d2723c88eb3b5b46ea06c50b765dc694c6a0bd1a,2024-05-17T02:40:06.170000 CVE-2024-3741,0,0,a12bddc029cd8ca7f24831417695630babe629dc15b981c15e3d0a9ffa405fdc,2024-05-28T17:15:11.327000 @@ -251926,7 +251935,7 @@ CVE-2024-3970,0,0,a6d2ad116e736372d8ee0cd28cd0cbfef25f3ce953ea92bdb2b1ac922e65ee CVE-2024-3974,0,0,30b94b89b01dd2c6057362330f67dc78937f3f3edffa0c5a57e7602f711f919a,2024-05-14T16:11:39.510000 CVE-2024-3979,0,0,4ac2126fe63098861061c1ed3772b0712449f42e64a5481492de94fd61a5b947,2024-06-06T20:15:14.127000 CVE-2024-3985,0,0,73586f1cedc99952324792e19f078c055584e6e606f6222ac3907090ad395ced,2024-05-02T18:00:37.360000 -CVE-2024-3987,0,0,2ba800c075c8898e9535a892de09f9f8e1c9994e81e8f9dea003439ba3a3320b,2024-06-07T03:15:09.440000 +CVE-2024-3987,0,1,05499205f937534ee026fd5a41dcafd44deae059117eea743b5e3e3c53eaee01,2024-06-07T14:56:05.647000 CVE-2024-3988,0,0,ed49ad0e503298ba2fe40c90a665a86dcb918b5087ac61c1edfd746c2ca95d24,2024-04-25T13:18:13.537000 CVE-2024-3989,0,0,41a6b1dcae0354fb8cba40366dc7ed1eeb84d6a6a33689c35123198fe63c8f01,2024-05-14T16:11:39.510000 CVE-2024-3990,0,0,7879115af68e1891db08bd2dafc44fb55db15680f59885de2ed87fd5c16d9492,2024-05-14T16:11:39.510000 @@ -251940,7 +251949,7 @@ CVE-2024-4006,0,0,cea97555ee62217aaca46943155964ba917aa17a210befae3806ab46c66060 CVE-2024-4008,0,0,ab88da5f03295a5c82b2b02d767da89d9d5f6b64be017927f79b2a477f07ce81,2024-06-06T14:17:35.017000 CVE-2024-4009,0,0,1efc6fffaaf5a87d264faa44168af33f94d0754350a147286e05077495885670,2024-06-06T14:17:35.017000 CVE-2024-4010,0,0,b0efc140530d7080bd135b9c9b54b60a51a2a7dd68cfd5652cea86eef30822c4,2024-05-15T16:40:19.330000 -CVE-2024-4013,0,0,bae95507a3cde87e04e3895efe74110f94bf9ef3cc0770fb8739bba97f5afa68,2024-06-06T22:15:10.943000 +CVE-2024-4013,0,1,0bcb784021209931ac496a163310ba1a6e977841cc5a1bcc570cbfa4732ae6ef,2024-06-07T14:56:05.647000 CVE-2024-4014,0,0,321273114f78ac117c4f7a805b62a62926b23a5461c74b2705504b7b2e21d158,2024-04-22T13:28:43.747000 CVE-2024-4017,0,0,9cc899b07e49c20d1d42511c9c41a533c695fd74b1701843b26490566c6e33e3,2024-04-22T13:28:50.310000 CVE-2024-4018,0,0,b534838241485b84911a40a305fab0f06a9a1281f09d3d1140d27d7f52b1a84d,2024-04-22T13:28:50.310000 @@ -251962,14 +251971,14 @@ CVE-2024-4038,0,0,bcee2fa5b2489836af4ab9c65caafd6eced0b2bbd0ce06913efc5e02957c74 CVE-2024-4039,0,0,cfdce9a10bb12a92a3dc5b97194d2925027fafc434caeab17aac25e26b57811c,2024-05-14T16:11:39.510000 CVE-2024-4040,0,0,aaa64890b494cdcdee2557c76769096315107a08c599010f9c12f5edc2e86037,2024-04-26T15:25:47.270000 CVE-2024-4041,0,0,eb91b240ef125b96ca72e19c4e4b4f0865365edd07fdbe934106504507637e12,2024-05-14T16:11:39.510000 -CVE-2024-4042,0,0,63201e8d75441fb298bf37eb8590f81e39113bbda1dfbe847e6fc2f1e2a7098c,2024-06-07T06:15:11.240000 +CVE-2024-4042,0,1,0e138f60785a8eea473d0d945af61b2ea42931feecdaf6ebd49f8dd479a2b25a,2024-06-07T14:56:05.647000 CVE-2024-4043,0,0,6af9720af6118fb183f8125f22f9123aff9cbd64639b4a3b02a251bb0a5a463e,2024-05-24T01:15:30.977000 CVE-2024-4044,0,0,24332ace72d4390c16ec3b8977440043e797db2d7d42445b64fa06b462f42633,2024-05-14T16:11:39.510000 CVE-2024-4045,0,0,2973487eda1b15ccbfcf50557eac1a48f731099aa75396cca0be0624bea7de1b,2024-05-28T12:39:42.673000 CVE-2024-4046,0,0,a540b586e4490c5aa35243f10fb42fe8c42d9288228be6b989b109661bfcf7e0,2024-05-14T16:11:39.510000 CVE-2024-4056,0,0,8d2872a63b61af99b314442fa34c585e616ec707e8d3b58da8a6d93a2f4a4848,2024-04-26T12:58:17.720000 CVE-2024-4057,0,0,c68a82f9733094861d7eb38c56bca3878f1a3c824e551cdb4c90c0679c9344fc,2024-06-04T16:57:41.053000 -CVE-2024-4058,0,0,89d601f0a6556a83c3f1ddb11302d59200b53d35574245a735ec02b677ca6a2a,2024-05-03T03:16:29.387000 +CVE-2024-4058,0,1,c4c95455d6e76cbbdb3e2ad2bd6d39a0a74b9da8ef4ac622e44ffc5e8b4fb2cc,2024-06-07T15:40:49.707000 CVE-2024-4059,0,0,f7356d83fe5fccf2c54f421bb90f2c15bd9bf33edb756392f4236a5836d7af45,2024-05-03T03:16:29.430000 CVE-2024-4060,0,0,e73d48dba8d4867b445df561ca35c4a253ea1abc6b1746f05e1e8b87e0d0ee8e,2024-05-03T04:15:09.620000 CVE-2024-4061,0,0,731822e6f24cd811e7f06812f39ade81c9a66c6b1046f4d45903066a1f181f99,2024-05-21T12:37:59.687000 @@ -252156,12 +252165,12 @@ CVE-2024-4314,0,0,917e44d69c76fb7381314145ce5012ff94d63258309b3ec3d14bdf6a76c85d CVE-2024-4316,0,0,5a945ac0a4e5139fc35505b0ad29ed6f4f78dc21cf82c5a713e2fc10353001af,2024-05-14T16:11:39.510000 CVE-2024-4317,0,0,1cfa82abc1d175e3780dda1cd435053fb9f133c668ec60968879d020da51382a,2024-05-14T16:11:39.510000 CVE-2024-4318,0,0,239860e6603bb5bfa00e4ee1537bbc84372d89871f96aaff86d4c34891350e3a,2024-05-16T13:03:05.353000 -CVE-2024-4320,0,0,4f1a8ce92e1d2d054958eb8b8a2f7ef5ab117b1a94ce1ec777a004373fa9c3af,2024-06-06T19:16:02.453000 +CVE-2024-4320,0,1,e47f6067fb0d170ab8dbc0733b163211a60f027ef1254b440e10fe81fe453718,2024-06-07T14:56:05.647000 CVE-2024-4321,0,0,52291df02a369d9bb947287933b2cb70cdba5b6bd48fddb1c2e0073aed4231c4,2024-05-16T13:03:05.353000 CVE-2024-4322,0,0,26c76f88e5d4d6383f99407dee54ae56585f3dcb15c99e63b32362e726df8b5e,2024-05-16T13:03:05.353000 CVE-2024-4323,0,0,ea381588e782a2786384b7ae7d78c698ce22b9a6fe5650a570bafee8c1174530,2024-05-20T13:00:04.957000 CVE-2024-4324,0,0,7ffaeab065d0c9a1857569b7bf1dcf908cb9c5c673c6c887858b7e3bb59f5daf,2024-05-02T18:00:37.360000 -CVE-2024-4325,0,0,0db4c375eedf7fca3a4ee1f419adc1959275f358b86af38196e66c156cb1f3d1,2024-06-06T18:15:18.300000 +CVE-2024-4325,0,1,9bdbfeadfcfe04a30cd4b788d23f4d3e0d4d7ac5ca53497b4f8e137c6cc841b9,2024-06-07T14:56:05.647000 CVE-2024-4326,0,0,8dbb64b51f21b806e292a7e05ea5c1051e35374391354831c3514fc08d15ec8e,2024-05-16T13:03:05.353000 CVE-2024-4327,0,0,4d82dd4709e731be065c0bf0ae9ef6780542dd816512537c908eaf4d566d4272,2024-05-17T02:40:22.673000 CVE-2024-4329,0,0,b4ac7e4961d4eb2bf8d3a768969ba81a7ecc8f8fe7d1f63dcc17b43bdf703463,2024-05-14T16:11:39.510000 @@ -252184,7 +252193,7 @@ CVE-2024-4348,0,0,a14414a3181bc375d5436d2953c2764c9169e29e299a300bde58b776485f8e CVE-2024-4349,0,0,638591efb62157d29fb4098c1fa599793c842a2c784378b78b41101a61478057,2024-06-04T19:20:36.340000 CVE-2024-4351,0,0,84a993fcb461a8c61255d21736701361dc3f453bf42043de26320f65ada00121,2024-05-16T13:03:05.353000 CVE-2024-4352,0,0,ec2049b13794d7b7eea90d377463d8f5c3179de2c6e69d57554c5eced6269751,2024-05-16T13:03:05.353000 -CVE-2024-4354,0,0,79676823a0a1ebc8e72fd87cd48ad155f792eb02b978aa7e5c7ebbe1fa3c4cb5,2024-06-07T06:15:11.500000 +CVE-2024-4354,0,1,27d960d644c92d61d0d9e89105be589f22d4c15041c9b66ebd262debb10aea10,2024-06-07T14:56:05.647000 CVE-2024-4355,0,0,3de336fc369bf51c3859d982619f8ebb357e0d7227b3dc4949c8a7981fdc524e,2024-05-30T13:15:41.297000 CVE-2024-4356,0,0,c1f48aced0f7eb8c7cd8dcf0330d605a6d5e376358212460a9e157795442734d,2024-05-30T13:15:41.297000 CVE-2024-4357,0,0,15f39a23a70c5acc3d08c2f81b16ef69b06f28ee37422807405e1ad546411072,2024-05-15T18:35:11.453000 @@ -252251,7 +252260,7 @@ CVE-2024-4445,0,0,42f5f65e0ec1a0527ed0ebe136ff3e505384e30728c0f33fdcc95acd928f2f CVE-2024-4446,0,0,c1a78a1d4c0d05d17b6cead174a683289ca018fac3b1c104ff2e5b23dbf06e48,2024-05-14T16:11:39.510000 CVE-2024-4448,0,0,c0706d1927abee0ebde095d1bd8c9375ae579980372e3f8e4e4c3b77a255c913,2024-05-14T16:11:39.510000 CVE-2024-4449,0,0,5f461a2e161ed0d547590d7983036c434e3239f67f76e9397bc8163418dcb335,2024-05-14T16:11:39.510000 -CVE-2024-4451,0,0,4cc423a88e3b88fceb25cf5a2d1cabbe2c70fea43455c0888e6fd44229dc6894,2024-06-07T07:15:46.437000 +CVE-2024-4451,0,1,e64232108bb49e40ea2c0820a744d56a1520056b41c4d85a24d3f6df541d41d9,2024-06-07T14:56:05.647000 CVE-2024-4452,0,0,3d66d1a1960a575e299177a954e31a59092574d107ebd8033a3f44850e26c060,2024-05-21T16:54:26.047000 CVE-2024-4453,0,0,839eb0feb1010733ba000fd27e8db769e9a1bbb03e913a1271e40ed1ca3d8211,2024-05-24T01:15:30.977000 CVE-2024-4454,0,0,914a7b9e833666c0b110fe9be947f5b60542326fbbcbbd52692d581f0fc5648b,2024-05-24T01:15:30.977000 @@ -252273,8 +252282,8 @@ CVE-2024-4484,0,0,72c4859b8727b60eeb9f8012483883c0571b4cb8b1cb2ce9a8b1f5e495641e CVE-2024-4485,0,0,856a7368e5f121163f839e4b6c92a8e77de213c5eccf98592455e970e028d37d,2024-05-24T13:03:05.093000 CVE-2024-4486,0,0,da9bfd47ef59b3a57d52a6c66bb31a65c305ed47bc1cc335b2b3ca5ab24769e0,2024-05-24T01:15:30.977000 CVE-2024-4487,0,0,50c826d9a63ca2cf478652fe406866ee1f801cabb050eb8635e58a006f7805c7,2024-05-14T16:11:39.510000 -CVE-2024-4488,0,0,8fc45b4033394b541298d2e3089e83b1907e47973804b0f3ea86d218e96985a1,2024-06-07T07:15:47.707000 -CVE-2024-4489,0,0,d55626c1df6a3f9ce70382c6f35136d6ee3e2be163a4b68cd301a99307c05f66,2024-06-07T07:15:47.970000 +CVE-2024-4488,0,1,a99bf584a5321668d1fce5bf83c76d08e86610aa9f176beddd31b4f1d4bc7bc3,2024-06-07T14:56:05.647000 +CVE-2024-4489,0,1,20bbb32f94bfd4ae92f7fa5a4da23478a17e47228abbe447a8049e2a09648079,2024-06-07T14:56:05.647000 CVE-2024-4490,0,0,e9307362c9e30effa78a675ee98be99c8b3d9c66fa0a2fa85d2752ca1d5cbd01,2024-05-14T16:11:39.510000 CVE-2024-4491,0,0,6520e9c967bc59f2d53298ade0191bd776085dbd4b5abfb049e7df29ac89ed41,2024-06-04T19:20:38.950000 CVE-2024-4492,0,0,704e1a21b82bc4549693b0d7ad0b2f4f56ee0af92fdf15e72504325a92d55c59,2024-06-04T19:20:39.047000 @@ -252373,14 +252382,14 @@ CVE-2024-4605,0,0,953638d724b858b3af29d2158adc8bf0b3f03be99b297e319002baf558be51 CVE-2024-4606,0,0,6a0f9aa1de71c84cf915c091fa2bebebead3ebb4c4bdbaf5b5bc091e1c955edc,2024-05-14T16:11:39.510000 CVE-2024-4608,0,0,66fd8dbc7b1c172bc789c4876374c82bfd54c48e5902295fa28145d061770319,2024-06-06T14:17:35.017000 CVE-2024-4609,0,0,c23c3de39dc98d86dc6853d31c2bc52148fecec26ec42d14e3cca3645de4f823,2024-05-17T18:36:31.297000 -CVE-2024-4610,1,1,3e3ab2b3521cb20fa59ce7d04b7394018fe00afce31acbaf8ae277165f3bb64e,2024-06-07T12:15:09.077000 +CVE-2024-4610,0,1,0e583ee1a8e53983c3d050fd662e4e4f5d3c7b1231e8ed01ffa8cf9e53da6e40,2024-06-07T14:56:05.647000 CVE-2024-4611,0,0,0152495de6f2454e6b1280dd3d20184c586b399950947591d94dfb5475ea0272,2024-05-29T13:02:09.280000 CVE-2024-4614,0,0,beb5630ff5db8a415fa4bf6f109dad49279ea5965bb91a1d7f892cd406978f05,2024-05-14T15:44:12.883000 CVE-2024-4617,0,0,a9ac6f97f78093fda60c756da599c06372e99e21d7b1347de185ba0119cb6cca,2024-05-16T13:03:05.353000 CVE-2024-4618,0,0,60eca777456ce5379ff16ab59d0e8db1fff28f58a76fe14d606e7a27666b586b,2024-05-15T16:40:19.330000 CVE-2024-4619,0,0,e5a9884a731cd527eccadb69d8fea8c7f9c7a04a1fc119314f14a8f7a5fe1b15,2024-05-21T12:37:59.687000 -CVE-2024-4620,0,0,66f8fd14d13271ede96f14a3ce7840142ee2c996656c7d1b032be93e0729811d,2024-06-07T06:15:11.763000 -CVE-2024-4621,0,0,ef5fd84db8d866e1af5884e67323ac48a4c1f9c33a7c618c56fe02a41191466b,2024-06-07T06:15:11.840000 +CVE-2024-4620,0,1,aca290e81a01c9aa0297c2a2a6f363e13c691584f35f3993ff959e5f7ab27226,2024-06-07T14:56:05.647000 +CVE-2024-4621,0,1,0dcad97674134d7acc0f6a3b23542c7c7b4811503a20f42bfd18c3bed8fb5fba,2024-06-07T14:56:05.647000 CVE-2024-4622,0,0,4b1992fe33b227c66e64bdd4cf1c71e31b73a98abda6bdd8e7687e0db4e86196,2024-05-15T18:35:11.453000 CVE-2024-4624,0,0,2a601b2b9934f4e4184c90fc3ba9cbddeec712a59701e0372ed6d18cfcc3b7c7,2024-05-14T19:17:55.627000 CVE-2024-4630,0,0,f5808b44be131bdae6b6920228d425b0dd235ef4afe8685cc2ea30d538a619f5,2024-05-14T16:11:39.510000 @@ -252431,7 +252440,7 @@ CVE-2024-4699,0,0,21634a770b960d22aa24dc1f0ea343763012f9507287610a68f53780612049 CVE-2024-4700,0,0,fd7d4a078191a1c31b5f2cfdfc5bd65709b727d250ddf2b831fd6aa84ec620ac,2024-05-21T12:37:59.687000 CVE-2024-4701,0,0,31c0f40927cc6a1a9aece611ec4491a5435df4e5c3a9daffc9dfb7710658ca96,2024-05-14T16:11:39.510000 CVE-2024-4702,0,0,391d02c5718dd442c026ca8f3973c4fe10894f8eeb54175158dc44cd7ef50d4a,2024-05-15T16:40:19.330000 -CVE-2024-4703,0,0,ebf51d66342e973b0c5ded35fed37f77effd58dce944f9ec823f31879f8ec0e4,2024-06-07T08:15:32.413000 +CVE-2024-4703,0,1,461c87b84d4df55224b2605ccd7358ff4f5af1491fe1fe941b33365e532606ec,2024-06-07T14:56:05.647000 CVE-2024-4705,0,0,b45f335ad46575e30510e82573f02b490faa16d9b6ee89b66a9844ff390b53aa,2024-06-06T14:17:35.017000 CVE-2024-4706,0,0,a959e13293b1a5966007eb60c79cb973f34e4d1d8bd1c12986cac54d81ac9a3d,2024-05-24T01:15:30.977000 CVE-2024-4707,0,0,d6a01a1a459dfd9ab21945d56af40919cce44b311e282118c993194b130db955,2024-06-06T14:17:35.017000 @@ -252469,7 +252478,7 @@ CVE-2024-4743,0,0,ca5ac146013ec9c5ade9488d4cfcf6d89cbed0fe780989436eef36b2f30572 CVE-2024-4747,0,0,99152f6494a1192f3bae59b436abcc51d11f811ed1e0a72c2e65c8381fda6054,2024-05-14T16:11:39.510000 CVE-2024-4749,0,0,676e331864bc41907c4c80c44886e7dac480ef6dea2c29bc22838d992753d4da,2024-06-04T16:57:41.053000 CVE-2024-4750,0,0,423585a3e250903ac62d761ecb0e0e6dc6b4649ccd4411b90275a4e6d2f87495,2024-06-04T16:57:41.053000 -CVE-2024-4756,0,0,9623c4e6f0a1311484b291c029afba063bfdbc95988989c001e501c63c785991,2024-06-07T06:15:11.920000 +CVE-2024-4756,0,1,b303493fc627eee25a3b39c986ea25472e7aab1866612b83c9a7c14522d2c360,2024-06-07T14:56:05.647000 CVE-2024-4760,0,0,8b9593f0d88cbd24a061db082c8cd5c20f19b8a61431542d1ce576639ef3bdc0,2024-05-16T15:44:44.683000 CVE-2024-4761,0,0,0bedb1c1472ecce0f990c4c56e3721a514c96a1f9ece8da9e0c811ef6689eeb4,2024-05-20T14:08:51.747000 CVE-2024-4764,0,0,9a13ff0309ce1e5420716f8085db95df94fd2bab38dc643251ec74d75f275fe3,2024-05-14T19:17:55.627000 @@ -252536,7 +252545,7 @@ CVE-2024-4843,0,0,58cfe808f738fd9393d526b6ae9c349063459aa7046a90d478177ce3db0c98 CVE-2024-4844,0,0,9cc52c71da3e5a51bc8bac3549d843df2f9b393e878f774cc4555ff01bf8c6f2,2024-05-16T13:03:05.353000 CVE-2024-4847,0,0,32ddfef9f80253c5a21bc72781721681ecd0f980bfe2a62002a407f007722d53,2024-05-15T16:40:19.330000 CVE-2024-4849,0,0,4cca6bf882fb6160af4b1080a2e76a5af3ab9a12c0263aee0523e12c17c0bace,2024-05-20T13:00:34.807000 -CVE-2024-4851,0,0,9e4d53f7f18c6e612f9bd2bd240555faf01a7aace47514ecaa4aacadbcf1bbce,2024-06-06T19:16:02.800000 +CVE-2024-4851,0,1,1f8e5e94c777c1818792dda00d9eb1239c51f6ea5c6da1418188a32e5d023203,2024-06-07T14:56:05.647000 CVE-2024-4853,0,0,ba76998b2322009a736dfabc746ba873162af9769c26f75eb36eb2d2f5455f10,2024-05-14T16:11:39.510000 CVE-2024-4854,0,0,1544f1fe7b518c3058bbfd199032e2a1672e1211474fa012cf98161e9eb1b9cb,2024-05-14T16:11:39.510000 CVE-2024-4855,0,0,853db3435d2b017e6592b5c0a241408d5ffcf3daf060fdd7c76e2352d5ddd617,2024-05-14T16:11:39.510000 @@ -252550,18 +252559,18 @@ CVE-2024-4870,0,0,789ccad79b53f3162faaa4d0c14e00ab550e7e413c46a4332529e5d35d1d04 CVE-2024-4871,0,0,089a89f3309c27433f20e3be4ef9a00379f9f19601c1c8029649846113aed43a,2024-05-14T19:17:55.627000 CVE-2024-4875,0,0,aa35cb89fee530b58aa987ffc67ea97738c0ba567903bf01429a1a1259923db8,2024-05-21T12:37:59.687000 CVE-2024-4876,0,0,02aac8d1be489833aa2e07f8be8ce083249ac7dc2fcc33fd144386b8d365fef2,2024-05-21T12:37:59.687000 -CVE-2024-4881,0,0,e94ef2b7a30de46b5b085946210161ddf96a8fad133990a564855b6e96560941,2024-06-06T19:16:03.063000 +CVE-2024-4881,0,1,4f17be95dbf63ebb1e221e9270b941e4838c9b4d4b1f7c998cfbd25da7153e04,2024-06-07T14:56:05.647000 CVE-2024-4886,0,0,85721324d8c885a233247da6b42e2a33cd86be9ab4caebe3f5bcde7804348df2,2024-06-05T12:53:50.240000 -CVE-2024-4887,0,0,a389078118311f926c5968043d435de83d09b7eefbfaf5f3fa89b6f3ecbc8a21,2024-06-07T04:15:31.777000 -CVE-2024-4888,0,0,0f9ee5c823f93b1822181f266acae334db882fefffed9faa78d8a4f6efa4c493,2024-06-06T19:16:03.397000 -CVE-2024-4889,0,0,9252b1f295e1c91a6ad913b56379218937d10764f340f97a691fc0c5103aa211,2024-06-06T18:15:18.577000 -CVE-2024-4890,0,0,0b482ebf975063cb8be0c21e015578642277be48392b6a7c06b7ab0e86f7b4bc,2024-06-06T19:16:03.630000 +CVE-2024-4887,0,1,7853500fd866e5198bb0d09f7fd788dadd2992f92f7258c295ddbf77fcf1dda2,2024-06-07T14:56:05.647000 +CVE-2024-4888,0,1,82b52d1bb0607490ca6395bb78af4ea4a91988192867806f2568c515e849d6fa,2024-06-07T14:56:05.647000 +CVE-2024-4889,0,1,870a2a9781b3ef15fc72db76ff0dd5c2eae6b9a04e5f14b509163b640aac98bd,2024-06-07T14:56:05.647000 +CVE-2024-4890,0,1,9b95f6280f522e5d687e624075f24c288b5c1c4191ad11816cee799c0363c5ce,2024-06-07T14:56:05.647000 CVE-2024-4891,0,0,10c2ed4e0db3df7fca9d6075befed08f57db6578dbf3546fd28a3b8b6a103a31,2024-05-20T13:00:34.807000 CVE-2024-4893,0,0,d5ebc2dfcb13b74b4f1951a124d2e638a95f79aa05d19e6fadfe65b7ad1c4f46,2024-05-15T16:40:19.330000 CVE-2024-4894,0,0,d68130303d356c053d0f6768d0ee08506e206d16216142c952b9b56af8835d24,2024-05-15T16:40:19.330000 CVE-2024-4895,0,0,be42ef886a64c01ec9437b4cfbce4dfdf0b902fbee0c6083bfc71de776f15b0e,2024-05-24T01:15:30.977000 CVE-2024-4896,0,0,6456cc9b22aff68532bfeeb7637d5235216630d84771d1ec52d84fa467e4b7a6,2024-05-22T12:46:53.887000 -CVE-2024-4902,0,0,b9c0f0a1aa54e5da971ac72706b59b8f32f93c778b6bfceb521dd1ce6c3d6fc1,2024-06-07T05:15:49.740000 +CVE-2024-4902,0,1,190ae6556b466a5228ce6680f8d8f4ba4789cfafa6765b2e868dc7feb28ee1e3,2024-06-07T14:56:05.647000 CVE-2024-4903,0,0,422702316cad5ffa3b808ee432ae74ee6cfe10ab31dd2fa04b70f5cce86e3c3a,2024-05-17T02:40:40.423000 CVE-2024-4904,0,0,44558a4b32290e2f940be10d0a83b859aa6fae2c01ef1c881d37a435bb46f91d,2024-06-04T19:20:52.380000 CVE-2024-4905,0,0,4d48951e7b7cf79f9190550a03c32ee936be1c12de421cb217aeb522ad401862,2024-06-04T19:20:52.480000 @@ -252593,7 +252602,7 @@ CVE-2024-4931,0,0,83efd803f055d34e0373b998807732a66d1be28ff93405fe1ae45ba9ee6af2 CVE-2024-4932,0,0,2da4bffdf4d6e38ae009aae9065c7b2f8049c53fc8beaf73dfbb4354175c5b68,2024-05-17T02:40:43.357000 CVE-2024-4933,0,0,9fe90c4f8856bf6bdad48e78d639ea10366bef215c1d0d507cc52649860ab1b1,2024-06-04T19:20:54.643000 CVE-2024-4939,0,0,9b3d9056d0ef1d9ece33bf387a55f6ff5207b427eb3d8aa6eb326ad7a1f5fa3f,2024-06-05T12:53:50.240000 -CVE-2024-4941,0,0,3a3ae5698b4e34946a8ac932bb0dc9db40786215fad0d2f61562792e7a333cbb,2024-06-06T18:15:18.783000 +CVE-2024-4941,0,1,04ed79d9b1e3032260e31cb6cd2ea8a25db6821440182f4cb50592b145bee1e2,2024-06-07T14:56:05.647000 CVE-2024-4942,0,0,157240698edb46a5deca9943c90e89d5c268795c03f1dadbb4d2f6e28d77068b,2024-06-06T14:17:35.017000 CVE-2024-4943,0,0,d9b88319a5992961df806c2aff168607709c5e19495e72269f7fd7790830e1d9,2024-05-21T12:37:59.687000 CVE-2024-4945,0,0,862ec6002e9c3369e40f6935606e597aac95fb1ef3a2f5a2c72d02ef723dafd2,2024-06-04T19:20:54.767000 @@ -252632,7 +252641,7 @@ CVE-2024-4998,0,0,e12f9512d41da053bcfd5626dd0ee21afd4da3e61146c4f0c8f9da42ca3dff CVE-2024-4999,0,0,1bac5cc77e7ceb1bce6c078fbd59e76f5556984ef2124d365e8638bfa6b6fdfa,2024-05-16T15:44:44.683000 CVE-2024-5000,0,0,21f44bae275ca5e7f3a45da963612f2fb705c74e44c15e2681f54ff4506e6afb,2024-06-04T16:57:41.053000 CVE-2024-5001,0,0,bac0073c23ed28e836068e8632acf1110bc49b73246f9cff53f5a706acc4a57d,2024-06-06T14:17:35.017000 -CVE-2024-5003,0,0,352b5639ebbf56cad5a110414cfacad1eed078f26b565d40a3053006514a00b1,2024-06-07T06:15:12 +CVE-2024-5003,0,1,d7f0fc1b6b7797a26bbde28f3345c21309ee3aa5cb19350abdc4f1d0ca9ec31a,2024-06-07T14:56:05.647000 CVE-2024-5006,0,0,dd22c8e58768fd94bd48e3be3a4dc52cd3210392642ba6489895072643348644,2024-06-05T12:53:50.240000 CVE-2024-5022,0,0,106355f86b530d1586a5d339031de27a1a2312467a76eb449e8e9901150235d8,2024-05-20T13:00:34.807000 CVE-2024-5023,0,0,974704283893df4cc9d8e0bcce8bb65ebf635268235f75f47c922033893214ce,2024-05-17T18:36:31.297000 @@ -252700,15 +252709,15 @@ CVE-2024-5120,0,0,59632434f31efc48e1ed14682e1afc1e2a31ac64c76651a00191829ee8e1fb CVE-2024-5121,0,0,35932aed85afc5591beabab2629a640a81bbb256435b01ef1e1237781a0c7fb6,2024-06-04T19:21:00.860000 CVE-2024-5122,0,0,f8c35054f3f0f9c19f0e57794f6d0f41cc3bd2d125cd253c9c9f5d58584ba7e1,2024-06-04T19:21:00.963000 CVE-2024-5123,0,0,8b473ecb982b10bf334c27fd590aab1095068084dba7d7dbc10dacaae0600f8b,2024-06-04T19:21:01.063000 -CVE-2024-5124,0,0,1dae79e0b5ce6c59d896d7db068e2f200e6243aba32a9cbfc43e9116f67b374b,2024-06-06T19:16:03.863000 -CVE-2024-5126,0,0,d633c2119492e1eb70c7bfabdb182e2e1eec47b0ec3bd3958f5bac125852e68f,2024-06-06T19:16:04.090000 -CVE-2024-5127,0,0,bdc7de9810299299446b470eafe7a173a36aa50a259f1881fd78810422f218fd,2024-06-06T18:15:19 -CVE-2024-5128,0,0,efbef1e09adb03e258ccc34d99d8016c8a498c44db611c9bae970175958b3233,2024-06-06T19:16:04.323000 -CVE-2024-5129,0,0,d31c9114cf430f299e1f4fa913f00f37979914289c17eb2ff71bc328fbbad8d2,2024-06-06T19:16:04.583000 -CVE-2024-5130,0,0,6b4f941580bea76834e803d77447e314235a542a49d5ded86872e36e4f0e5d5e,2024-06-06T19:16:04.813000 -CVE-2024-5131,0,0,fc58775aaab8062b73d6b3457d3a96976ddb0a86c8b940249a86725ee6f73be3,2024-06-06T19:16:05.060000 -CVE-2024-5132,0,0,9ad18205ae964a15f0a1c4db1657556a3a0cec5648bd1cf3bacfcd0064c105cd,2024-06-06T19:16:05.300000 -CVE-2024-5133,0,0,57500952b0ed9b410c0a7340c3a15285f391a9c658ba8899beeeac043f1cc7ff,2024-06-06T19:16:05.557000 +CVE-2024-5124,0,1,b0fcdc3ed6b1b5ed4049d6d42613038701165dbfd5a3aec94d516490244407fd,2024-06-07T14:56:05.647000 +CVE-2024-5126,0,1,f10afb024ff18f90416ddc15604ec85f784d3e0bf0c635521d5e622b9232ea4e,2024-06-07T14:56:05.647000 +CVE-2024-5127,0,1,1e819576ca4f70cb907a87bc7e602c5f12d60bf90fdb374d6a033d959fd1e37d,2024-06-07T14:56:05.647000 +CVE-2024-5128,0,1,b1361823eb24d956f111645a8dc535618965a38705b438627417e85fb8167724,2024-06-07T14:56:05.647000 +CVE-2024-5129,0,1,a712e0f9b661e2b9fdb5e5f29b0f1ea4d9261d8e723921852b8bb0adc42b98a0,2024-06-07T14:56:05.647000 +CVE-2024-5130,0,1,c3d657cbed89e9f4bcf0ee29d6ea6ee25c4708835e9f11d6598065dc99501d9e,2024-06-07T14:56:05.647000 +CVE-2024-5131,0,1,50a8f15c658417a67b29c3caf484a37947652d3d222b9583830f0ff08ba04a84,2024-06-07T14:56:05.647000 +CVE-2024-5132,0,1,ed60f510c39301cc57a016644da99604f53f2da3db62337c9d5968d4ea658d74,2024-06-07T14:56:05.647000 +CVE-2024-5133,0,1,11e69b70961d5f0ddfcfae18986e97aee39724f4fbacfad35b6fed58ca5f3ac7,2024-06-07T14:56:05.647000 CVE-2024-5134,0,0,6861ef250d7670779e6ffd1e1ff9aaf1960a5220cadf25770a931e097e672225,2024-06-04T19:21:01.167000 CVE-2024-5135,0,0,a74f6a753fe0dfdbe9ef14fb62e3c1e241b2d21757276b9c7925f9871c2f3420,2024-05-20T13:00:04.957000 CVE-2024-5136,0,0,54496e679f22e87b39775a5e450097ff5331534eeddd241fc9a4272c74b45ed9,2024-06-04T19:21:01.267000 @@ -252739,8 +252748,8 @@ CVE-2024-5177,0,0,754731e9b12ab9d5b8190add19111b94a5e340744a68664c6a765c48e93c42 CVE-2024-5179,0,0,54358caa6e0360966d6f1b65f621cdbf9937e802ed8f2b5c2ee31999cdede484,2024-06-06T14:17:35.017000 CVE-2024-5184,0,0,469ae4b4101ce70838982062b92b16e6c320dc3a978486babbbd116acc562e40,2024-06-06T14:17:35.017000 CVE-2024-5185,0,0,b5caf3da810dd6351b96bbd5e231331a05f92e8956c63f18c155c13a8af19485,2024-05-29T15:18:26.427000 -CVE-2024-5186,0,0,93e6fe610ce42a2a2639d616240cca659e9a1910eb10d10860036c760b0d029c,2024-06-06T19:16:05.860000 -CVE-2024-5187,0,0,f6517f169d00c923d9fe9c14fceebcc35e0cf6a6f44b49a7bfb74922061ab310,2024-06-06T19:16:06.100000 +CVE-2024-5186,0,1,c6b2efdad9b4d04477e8bc0a562c3aef2ed32ffb2bffbc88ea5624073db9f4b8,2024-06-07T14:56:05.647000 +CVE-2024-5187,0,1,1fe873e60b2e6adcd0abe3ac4869c60f90268e921debc1e658e1b84cf932fa3f,2024-06-07T14:56:05.647000 CVE-2024-5188,0,0,1462875bcfd86c2862b0d5dac7469b05c2d6e4a9326d1a71fe8f5b451e2a9a78,2024-06-06T14:17:35.017000 CVE-2024-5190,0,0,e11755e15485ad7d65ed59ac9abe5cac7f4b4c3e2591d1a6c69b4386ed9dea65,2024-05-22T03:15:08.273000 CVE-2024-5193,0,0,4619a3332fd1de828c7e949279cabe4a2b063d71a4e227126d8bf6d303fb6eb4,2024-06-04T19:21:01.867000 @@ -252752,7 +252761,7 @@ CVE-2024-5201,0,0,bf1f4d37f88403bb38854e126758e4f0ff9b7f5c32e7a6f763dbd9ae66e356 CVE-2024-5202,0,0,b978a5507939d8449bc120b0c8b4b839304f46efdad98898b1b0c13e65a259b1,2024-05-24T01:15:30.977000 CVE-2024-5204,0,0,f5f46d30f5f5fcefc4a351787eb0bfde8706d10be20e1d771d5abcd1008399a0,2024-05-29T13:02:09.280000 CVE-2024-5205,0,0,cb36ec671fed104039900e6835467ad487e54c052bb39844cd3bc6979a6fc551,2024-05-24T13:03:11.993000 -CVE-2024-5206,0,0,ab4ba59d6e0ff3ef05f0fba0acf5d155b01ad5ddadf7e08a23eea0cc3921511c,2024-06-06T19:16:06.363000 +CVE-2024-5206,0,1,73dc1557678ce087f5c1e63776734ddb4d7a6705a0a233c56c02c986ee49a3f2,2024-06-07T14:56:05.647000 CVE-2024-5207,0,0,837facf8fac5843bbf7aea1ce36fa00287f1ba077f8fbca1302b0ab4087ec522,2024-05-30T13:15:41.297000 CVE-2024-5214,0,0,77a86526714522a20940695733fe46b4562089752d3c663cf289b583b7c6bbda,2024-06-03T19:15:09.360000 CVE-2024-5218,0,0,928b5f8d4e08afc285c0cf6e370373ec87899b716b1cb4db68027907b01d2a82,2024-05-28T12:39:42.673000 @@ -252761,7 +252770,7 @@ CVE-2024-5221,0,0,8f497cca9e988f4e32c0119e26090a2c609a1a09b8f068ea2ade2b28f6d270 CVE-2024-5222,0,0,e769bb480236b36cbba7fdebb79adf1189e90d39aec093b6e4e34002be122181,2024-06-05T12:53:50.240000 CVE-2024-5223,0,0,8366f6c6b4592ec30854ea2204a3ebdc0b5f6592483a6a57d3251ddc4233fcd1,2024-05-30T13:15:41.297000 CVE-2024-5224,0,0,60b1bcb89040b5c3e85ac5131fd112ccc87db84d011046ada6bfcb3cc04495bd,2024-06-06T14:17:35.017000 -CVE-2024-5225,0,0,11842d76a4cd474551c76e7113abd60f8e44b212b0801844abbd88117760c975,2024-06-06T19:16:06.673000 +CVE-2024-5225,0,1,7881c429f87388fcca6782bea681345deddb79fb7655466f82539aaf4c1c91ef,2024-06-07T14:56:05.647000 CVE-2024-5227,0,0,9d34b575e4c4193bf3b7e2c70f772c52e473e90eee580d6cd20ca38df9886e09,2024-05-24T01:15:30.977000 CVE-2024-5228,0,0,0a0ae3d586a473bc70cb0721078887f2918e42e82919d39880ecf7432c31100c,2024-05-24T01:15:30.977000 CVE-2024-5229,0,0,5591fcb6917655cbf3944dcd6615ff3ff9ee2f54b68a25aab97dceee478c25ea,2024-05-28T12:39:42.673000 @@ -252783,22 +252792,22 @@ CVE-2024-5244,0,0,4e043148ef278646bb1dc2908b9b052cca7e51976f437390cc5a6a5dc2a196 CVE-2024-5245,0,0,885af784a1c7b3c68788b03806b782abc316cb75da65e88871ee466ba1a204bf,2024-05-24T01:15:30.977000 CVE-2024-5246,0,0,a3caa78128bac4a72615dccb481ff335052f3377ab67fd694d7f5fc053234984,2024-05-24T01:15:30.977000 CVE-2024-5247,0,0,1e269e58ef46756e33578f4c5df34dcec3de646d04312bef41a8353e3fc1fce7,2024-05-24T01:15:30.977000 -CVE-2024-5248,0,0,92e4a1f8379a7568165c157d53b73815ff638c08485add0d4e80e9985bcec94f,2024-06-06T19:16:06.917000 -CVE-2024-5256,0,0,17502d20389502069fb01ee2779dc48c96293e3a28762cd12ec11d6c5cde8079,2024-06-06T18:15:19.220000 +CVE-2024-5248,0,1,b78352407aadb212f93e70af46347d9b26fbbca7606ce8cffa82c8de6328191e,2024-06-07T14:56:05.647000 +CVE-2024-5256,0,1,aef556d8e7eef39a9e473d71cb0baaf9ddd8441bfdba9b715777a96b312eec3d,2024-06-07T14:56:05.647000 CVE-2024-5258,0,0,44dc29bb0ed4f47fbd56a17c4d4592048fc8f73fd8d93b1b1d7d82e5e8477ede,2024-05-24T01:15:30.977000 CVE-2024-5259,0,0,08e48dc4b198d6c1c014170574c3eefd22e9d7f4fec81c569fda7e92033ecbe4,2024-06-06T14:17:35.017000 CVE-2024-5262,0,0,d3d11be98b1db30aa602921aa94b60a718be9a0bc4ccd1e4ef634546f525f9dd,2024-06-05T12:53:50.240000 CVE-2024-5264,0,0,8231398a0715961af60c236587d7e9f037c5bc092ccd3f5680c73ce92c6726b7,2024-05-24T01:15:30.977000 -CVE-2024-5267,0,0,c93126f20ae91b48f2cb473e9b3c3075b26b349b3fb23451f981afe8b2af1657,2024-06-06T18:15:19.477000 -CVE-2024-5268,0,0,8cc9dc285b4eb14f6ca87dfdcecb170516cd192f2c3e67e733d0dbb91eacfb39,2024-06-06T18:15:19.680000 -CVE-2024-5269,0,0,07475acdf0f478f23b0945a3abc8d28993b1980e599f66f57723ddf2cc5de454,2024-06-06T18:15:19.880000 +CVE-2024-5267,0,1,56a46198c3e1065879dc87513ff3136ec5650c767fa2a117d737d28ecae53cf4,2024-06-07T14:56:05.647000 +CVE-2024-5268,0,1,6c62d2c4f5ec7f076ad3a77daef4a605562ab9ff106410d5ae35773de78d45b5,2024-06-07T14:56:05.647000 +CVE-2024-5269,0,1,4a08846de0200ac5bc7ecdb4e38193a936f46e27a6d5cc9e3b1934ed234a3ab2,2024-06-07T14:56:05.647000 CVE-2024-5270,0,0,e200d6ed6ebdb84a917f949dcb40f0d98c76339d55f3b191cf4ff77238c630ff,2024-05-28T12:39:28.377000 CVE-2024-5271,0,0,d3f4377983bdb14b36061f7826a2769c4b74dac3ab0fd218e99cb4bdcc673a12,2024-05-31T13:01:46.727000 CVE-2024-5272,0,0,485554be89aaf429d625f742d41620b7105b55f3f82c1bd7e7c2afb7e9a676c6,2024-05-28T12:39:28.377000 CVE-2024-5273,0,0,81c4749d98b900f07126b206ec023c431428c2a6dacb5177c987a6d3ae70ce59,2024-05-24T18:09:20.027000 CVE-2024-5274,0,0,6eb2be0be63ef967a72466d368cb6cf35f7e3a067e5d943174233c9572b4fb78,2024-05-29T01:00:04.140000 -CVE-2024-5277,0,0,af19c33e117294b861bcbec42d948f08e330be038d82bea261fc020b6c6d911f,2024-06-06T18:15:20.087000 -CVE-2024-5278,0,0,e0e189fb97f58e9577149b0586ed8450e854d0edc90859a28fa52cb269ab5d6a,2024-06-06T19:16:07.310000 +CVE-2024-5277,0,1,08c2f56d5f9c6263336a67bd47c4fa52288bb09bcb2d8aeff245d6d39899edcf,2024-06-07T14:56:05.647000 +CVE-2024-5278,0,1,ba4b6329b00a48ecb03cef9d2f0cd09adc7cfa79e9cd9e8eb891a1136335fb69,2024-06-07T14:56:05.647000 CVE-2024-5279,0,0,1f630d4d53c39cf2174e2a1edce8e1a5ead56a314739580d23644f8e4fedef07,2024-06-04T19:21:04.240000 CVE-2024-5291,0,0,e2fc6f2196c0b027b818fde218df99cf43b38b5676cf49b77deeb1aa303d7e78,2024-05-24T01:15:30.977000 CVE-2024-5292,0,0,07f972c0f93c6f07c6e8e023cab22706ed8252620d55ba7ae2411117029231e5,2024-05-24T01:15:30.977000 @@ -252809,13 +252818,13 @@ CVE-2024-5296,0,0,e14cd9dcb41db52fce04b2800adcbf88f3103500240fb785de38b220339988 CVE-2024-5297,0,0,00a87902d7cb688c5f453a52360105eb024acff7ed2743a841cec085f6c70dfd,2024-05-24T01:15:30.977000 CVE-2024-5298,0,0,06eb32cfed51faae03040e262c135cd2456565f192a3fa9c39d1028a133d926f,2024-05-24T01:15:30.977000 CVE-2024-5299,0,0,ae65325eb08b6dc79f15a33a7800bb0b9af221d170dea70dbcb229fe698b5075,2024-05-24T01:15:30.977000 -CVE-2024-5301,0,0,c696101fc6fb53e4944671eab4bbbd57091bee637c98e896bf63ccb4ed9dca91,2024-06-06T18:15:20.307000 -CVE-2024-5302,0,0,346821346efb7bdae373ee8516b9b2f198e2025bb5bdaa82f8496f79a334d588,2024-06-06T18:15:20.530000 -CVE-2024-5303,0,0,edfedd7ab5dec86958437e0fce80042b62ed4b28ce6c57985d437b95d2d252f8,2024-06-06T18:15:20.750000 -CVE-2024-5304,0,0,2d635e9a308478937be120eefb8a094293ab50ab43ac1ef578e0ba72142785c9,2024-06-06T19:16:07.540000 -CVE-2024-5305,0,0,a5fdb5f0162b831273e595cda751ce02f402d2c181cafed36b44e534426a8f2b,2024-06-06T19:16:07.863000 -CVE-2024-5306,0,0,e0dc10f28c8e40c2d40d0c3edec5d032a06ac009f1290a5c1c7c12c8a7144427,2024-06-06T19:16:08.097000 -CVE-2024-5307,0,0,da5e5210b199d73836ccdd86726bb4abc81fdf6ffbbb626f8a3163bf5ae8193e,2024-06-06T19:16:08.350000 +CVE-2024-5301,0,1,797d1e691c844e7cd1d81107d9be297154454b20beb1942ad8f245b744a41f1a,2024-06-07T14:56:05.647000 +CVE-2024-5302,0,1,e09331843b433ac754b2717fbffbecd73a99664a225fb55e1339344faa53a7fa,2024-06-07T14:56:05.647000 +CVE-2024-5303,0,1,5c8c630a169544391241e3fe39ed6b08bffe3e94bed6722ea7d841bfaa131245,2024-06-07T14:56:05.647000 +CVE-2024-5304,0,1,2302788532bcc15f6a4bd18d49c317364dc8ea0d791721f52c5fa208cff91f04,2024-06-07T14:56:05.647000 +CVE-2024-5305,0,1,93dd8b4a174a648e4ea79ec695a00b5c6c1d34f0fc76bf9af7398ec8e15fdc1c,2024-06-07T14:56:05.647000 +CVE-2024-5306,0,1,bf168c042620aa9ae083b547256eb79d7e474c90c8505ab4596c062b03f96529,2024-06-07T14:56:05.647000 +CVE-2024-5307,0,1,bf079c5bc939bbb26b0c5d1e4d9dcc9cab785537fe2df7589f85aeccf756bc5a,2024-06-07T14:56:05.647000 CVE-2024-5310,0,0,6ba5d05842e3f37245c181a27bccfe6d1e121d4f34920c2a1c24afd458a3f102,2024-06-04T19:21:04.583000 CVE-2024-5311,0,0,254582b6f9bf67f7974ecb2d947c8ea8261db1fbcce62f651ad1dbc864d7bce4,2024-06-03T14:46:24.250000 CVE-2024-5312,0,0,3a9d8301087c1d7edb8976207e286d0d247ebf6ccf4b5edb4137e81b02e5ec2b,2024-05-24T13:03:05.093000 @@ -252826,7 +252835,7 @@ CVE-2024-5318,0,0,812431b83287688611dc496217ea25ba5560744235da04dca7a35239cac1fe CVE-2024-5324,0,0,239b526476b291cf58ac1a7ce87454c70f83a8964e6e304d358d59b9fc037786,2024-06-06T14:17:35.017000 CVE-2024-5326,0,0,9beaa1147d54b3ae536a6eb0023672ae377946ef8aec317bd58c5324df5850c7,2024-05-30T13:15:41.297000 CVE-2024-5327,0,0,84b1605ed9f8fbbcd152a70275bed021ec8172a393ec025e57c9733c6898763a,2024-05-30T13:15:41.297000 -CVE-2024-5328,0,0,cd69a04848deea05b7d8614b34d963cf305ef69fbf2e958cfd2fdff5885b1484,2024-06-06T19:16:08.627000 +CVE-2024-5328,0,1,eccd57558969f598d341de2d66a168d40aa825b298603b31d124c5c65bd99501,2024-06-07T14:56:05.647000 CVE-2024-5329,0,0,c257130c45a1d3db05de46f1dc5423be58d1e475a56e84fae142bce7bd7c36bc,2024-06-06T14:17:35.017000 CVE-2024-5336,0,0,c369166950e96ac23803f815e7b4d2b11cfe953eea9e75568f6bd3a698e57d70,2024-06-04T19:21:04.947000 CVE-2024-5337,0,0,c248444f5c3efb36aad99df75367002d79331c50b5d3f0b33d4749de26828e2b,2024-06-04T19:21:05.063000 @@ -252870,7 +252879,7 @@ CVE-2024-5378,0,0,c238ec3473564271d466344ec23602855e89c90452938e793d5d4e91644a50 CVE-2024-5379,0,0,277bc909bff1a068e1c48fc1ef4b1615918e5d8487d80bd58ecd8d35c658e8d7,2024-06-04T19:21:07.600000 CVE-2024-5380,0,0,56b659096d0cadc3ed42194acfc455a2eddb616212e0b2f1ca97c16d5fb6cf3f,2024-06-04T19:21:07.720000 CVE-2024-5381,0,0,0ef6ed2792ff355a165fe99f9fd0fc42b814ce55af6ee2eb1b953b6060d4abd6,2024-06-04T19:21:07.820000 -CVE-2024-5382,1,1,43fbb203632953eef6fac4f2520c3eac3fcab82d4a6b09598a8269ca118c26f0,2024-06-07T13:15:50.273000 +CVE-2024-5382,0,1,4980bbc0c260001813dca4f1495a39eae6346f98b9a30510b8fb61b4c220f24e,2024-06-07T14:56:05.647000 CVE-2024-5383,0,0,657534217ec79dc371338973573f8ea7719a154480e1f6b27ee2ec24a869d216,2024-05-28T12:39:28.377000 CVE-2024-5384,0,0,fc8a760c5f8c6533d32783fcf44bb063e589b4e165b4e3e16391c3aeb9ec5ef0,2024-06-04T19:21:07.913000 CVE-2024-5385,0,0,bc3c0d01b2051e708e659a5c3590b7dd8cb9dd588e93f64ca3944fc804f9c929,2024-05-28T12:39:28.377000 @@ -252902,25 +252911,25 @@ CVE-2024-5418,0,0,2256a9e2dd23df3cf1b1192c58484a92d936d5218e6c5eda868cde380ba142 CVE-2024-5420,0,0,a73d8f6d4dfc82a2a2c0b4ab3cbb373ed67379d75299be1a27f6ef6c455a38e1,2024-06-04T16:57:41.053000 CVE-2024-5421,0,0,79ca1971e275d0efebd28f5347a8ca150a1bd7e69deb239fcb0cd29979a5cc8c,2024-06-04T16:57:41.053000 CVE-2024-5422,0,0,22b69754062c7145c382eca03e4d53f86a6d68d1fbe6295548fe29968bcde31c,2024-06-04T16:57:41.053000 -CVE-2024-5425,0,0,6092e19396deba213e85ae08bbcc12bed3d27afd586c83d01af99efa1b8182c3,2024-06-07T04:15:32.597000 -CVE-2024-5426,0,0,f0ba7165774eb511a9428d5fa891e29ba886c75861e32ff30e1b730e5ef3d885,2024-06-07T10:15:11.627000 +CVE-2024-5425,0,1,198a56668ec12904be81f8cc7c88bdb7cf556c1b42bf2a53d8f10dc0d316d5c3,2024-06-07T14:56:05.647000 +CVE-2024-5426,0,1,c52b05c956aef0ebc92497f13a237437e9e1b46eda875fd2b0298bc8654dece2,2024-06-07T14:56:05.647000 CVE-2024-5427,0,0,42975a4514a9d913e780b5e6c34dc14580ffe2cdca703f885481d0f432a70e28,2024-05-31T13:01:46.727000 CVE-2024-5428,0,0,febfd9b4f977de4c3dc04e5fc8e71b9454e3ad809e74595cd325ad9561a295a7,2024-05-28T14:59:09.827000 CVE-2024-5433,0,0,d0946774ada383b4af0e78f23b9c449d05f83a7124810af4e383f90b0cdbda75,2024-05-29T13:02:09.280000 CVE-2024-5434,0,0,dc2716eb218edba725ac85c17a2930de7a00b6563d0ca53040574106ea0b92ed,2024-05-29T13:02:09.280000 CVE-2024-5436,0,0,95eba267f429de080e9b35fcd14e1e1840b0308e404c32773ec35c18106c7cbc,2024-05-31T13:01:46.727000 CVE-2024-5437,0,0,551b020f0044e3ab584c14f08f0984900b4bc26534c92382eb6ac2bb660708ea,2024-06-04T19:21:09.363000 -CVE-2024-5438,1,1,c68e02e29f5a63765155985f064a9c6ff9153fe481d90a43fee6b2f685a5b37b,2024-06-07T13:15:50.500000 +CVE-2024-5438,0,1,d92c50b08d359bc997c1324c03e4556946075ec11f8d28ecff08d4d211fb2a09,2024-06-07T14:56:05.647000 CVE-2024-5439,0,0,abaad0f03a42ef683e08fa0b9e3df38062d4c8e86744ed6e348d5f6378ac054e,2024-06-05T12:53:50.240000 CVE-2024-5449,0,0,98f03fd41a859602711a787e6c6738ac5b4c6552335bab31c9f953ba2b79cc72,2024-06-06T14:17:35.017000 -CVE-2024-5452,0,0,51f3c1c413594cd866b69776cb002e654e163c9e6a2597e303fe793bbbc68d20,2024-06-06T18:15:20.970000 +CVE-2024-5452,0,1,27a87c5d81b8c2c688ae4d039463a5b6ff5c5d7de26437cd334595b44d7597a4,2024-06-07T14:56:05.647000 CVE-2024-5453,0,0,7c8641ed8daae70878106ab21b3cb2696b56b68c7012b2cceeb0fd9522a96b5d,2024-06-05T12:53:50.240000 CVE-2024-5459,0,0,9ffec4e6ddf7de8eef808a13af7e4d67efb473b64a2ed4688c4272492e191c2e,2024-06-06T14:17:35.017000 CVE-2024-5463,0,0,a83ead02d534db419d64d9a246adc999062f3a690f2d2cbba14bffeb9debf0f5,2024-06-04T16:57:41.053000 -CVE-2024-5478,0,0,1ef0bb50a649d100e6b6e5867a32346dbaf702df776fd9ccf56584d5ac31685c,2024-06-06T19:16:08.933000 -CVE-2024-5480,0,0,7acd9272dfc79491331c2743580d8bf7851e57b6d749beaee672d10d57699079,2024-06-06T19:16:09.177000 -CVE-2024-5481,0,0,f4650e5a9e70e91e77d53046237c989c45ea8e4fb011dcec564220c3917625f1,2024-06-07T10:15:11.827000 -CVE-2024-5482,0,0,e11c8a82377eae1fe2257fe2ef2320fbfa70a31638b38065c37bd2fe4d218241,2024-06-06T18:15:21.207000 +CVE-2024-5478,0,1,cbce39d40f4102e26dfaf35e6a6b20bf349245ad3d94d864b4543f6f43a9d245,2024-06-07T14:56:05.647000 +CVE-2024-5480,0,1,0c96379cb76c4f8b6d9852cdcc0f60ebab5e5f97f64e4439ef99fbfb3e3714ee,2024-06-07T14:56:05.647000 +CVE-2024-5481,0,1,406f172e59ecbac276ccfc58dfa6ee22450498ce91b1e77470bfac4fdae1bff2,2024-06-07T14:56:05.647000 +CVE-2024-5482,0,1,deb4cff32cf3f87f89ff2e26ffd7a2390ad03b8acd8adef3ed5769f2b5cc7acd,2024-06-07T14:56:05.647000 CVE-2024-5483,0,0,88635ac2041f9699472eef4c51a5eb67a3fcf4378dec7f1a98452fd31b9eaa6a,2024-06-05T12:53:50.240000 CVE-2024-5484,0,0,7de35f8eee9232651ed147ec3168f6740617b1737ec3ff6913988b98b84f6ef1,2024-05-31T11:15:09.783000 CVE-2024-5485,0,0,dca0cc3d797ec50003ec75de23195400e6c002137c330b8a6fe7501d852f23b7,2024-06-04T16:57:41.053000 @@ -252933,11 +252942,11 @@ CVE-2024-5497,0,0,ab8588e70076db377038b29b9a66e8a510eb618435283ed127a9c3006e6bcf CVE-2024-5498,0,0,dab02e844b257084ed7b3549ae0f3640a76ecb84ebd8816420b3fd7743f6bb99,2024-05-31T13:01:46.727000 CVE-2024-5499,0,0,81e89a725c57d0700c4cd096315f3d39ae027d50af2b014e3217c574a66f3e1e,2024-05-31T13:01:46.727000 CVE-2024-5501,0,0,d4e4bc8b8db5b9e6fa14f6bf5c3381308561a5d72eef767955ee99c11419b1db,2024-06-03T14:46:24.250000 -CVE-2024-5505,0,0,d2cb4031ac0e22ec6069c979338fdf3f544cdf6db0f25f339989aaec9429bb66,2024-06-06T18:15:21.423000 -CVE-2024-5506,0,0,32e2eb343f3f0bd74f6ad417b60d118e0d7e9a9e3686501b5df4b0357c86a313,2024-06-06T18:15:21.640000 -CVE-2024-5507,0,0,43449cc3c70ddada151eef45a6786ae12e821b7a456a54d34bbb352c33d57a13,2024-06-06T18:15:21.853000 -CVE-2024-5508,0,0,0c9c069985c325176d246bfe3686155fa708ddcb8dd93817639e4557e7e31fd7,2024-06-06T18:15:22.053000 -CVE-2024-5509,0,0,a2a9ad89c14858c6013cd436dc22d462a9135a56515c4db8e172f0ed3f96b714,2024-06-06T18:15:22.270000 +CVE-2024-5505,0,1,ff6feb748e9ca42b8e8d72ec970c71fc058363b762c81ee7cd5f161b90d542df,2024-06-07T14:56:05.647000 +CVE-2024-5506,0,1,145a0430bcbf3c9e37cb0bfbb46dfd0872ec5ea7a67e12bde9d4f6bf02ce6bf6,2024-06-07T14:56:05.647000 +CVE-2024-5507,0,1,ccb5bb2278d991403ca27e2a2c2825e9f4f1d687c84a7520e08690b80bccd919,2024-06-07T14:56:05.647000 +CVE-2024-5508,0,1,630aa65a3ef981bfe31dfd16d699cf2b191fc11782ec3ae3927c2ac54d2f28e7,2024-06-07T14:56:05.647000 +CVE-2024-5509,0,1,6030c4ceb8ab173bb7b776254c7764864e91fd29f54b45e6bd0860a4aa8c5abb,2024-06-07T14:56:05.647000 CVE-2024-5514,0,0,70c4aeaa591affd56aff675f51e2f18386671ce8fe86006ee8f4233a6878a480,2024-05-30T13:15:41.297000 CVE-2024-5515,0,0,ee141b950e00faf41ae735544f3c42661c59392a1bd80d08fc643781e3f0c712,2024-06-04T19:21:09.717000 CVE-2024-5516,0,0,8d74667db1352f12a9612473740ccf08a33c117063b3a4fb47e7178666e5f5de,2024-06-04T19:21:09.817000 @@ -252953,9 +252962,9 @@ CVE-2024-5526,0,0,ff5b1387d351b0ba676942fad975bab52e39b4bce1932efe40f06f69ab4492 CVE-2024-5536,0,0,68edb52432771856b464d791aa7fccb8518cf1ab9cd2d253ae0bbced65da7ce5,2024-06-05T12:53:50.240000 CVE-2024-5537,0,0,071475eb8c0f92cc8ea9522d658283ad0e8213ba6740ff46ee05e5b24c18c3d8,2024-05-30T17:15:34.583000 CVE-2024-5538,0,0,183cea799fa9410e329e72f326a10b8369aedcea9a5b7583a44bf33ecc305070,2024-05-31T11:15:09.923000 -CVE-2024-5542,1,1,1acd582f90e629ad42e9c86e8ca84f63f6e5f2303fd439616d2f25c7ff12dbf1,2024-06-07T13:15:50.730000 -CVE-2024-5550,0,0,cb9b219d208e0c95758a8fbea0672dbd1aa2a5edc30e57a4c85a08cac77a6a17,2024-06-06T19:16:09.473000 -CVE-2024-5552,0,0,ba88e0a10544f7d9b8f275dcdbb1422922eafb68862bddfd324b50251e0be673,2024-06-06T19:16:09.697000 +CVE-2024-5542,0,1,8ccc4287bba5600d74ad82166ef7f79930f1e9599cd69c87e841ee0b8a07d91e,2024-06-07T14:56:05.647000 +CVE-2024-5550,0,1,e4fc13aea5b719d7c555043aa9a8be47a59e2f4d5eac2e9fa0d5ff8a8edb892f,2024-06-07T14:56:05.647000 +CVE-2024-5552,0,1,12abaaddd513e722275738643d6cd32f6bb9e257da98294dd5bedf4ad4cbf55d,2024-06-07T14:56:05.647000 CVE-2024-5564,0,0,cd961630c6982ea90916e9cc290067a2c4a02a79292d87af6b0ec76760478ca9,2024-06-03T14:46:24.250000 CVE-2024-5565,0,0,ca2b275160a932f35493ef873c1e3b3376ac0de1d1f0359f5898f4a0c4303049,2024-05-31T19:14:47.793000 CVE-2024-5571,0,0,5bd1fe120d21671f33dde8145e3554ed59688f09b1ce68450c982cea21578a28,2024-06-05T12:53:50.240000 @@ -252963,17 +252972,17 @@ CVE-2024-5587,0,0,9180b0762a5a5a7a17ce70cd861bdf25e955d88caf903bee442f7c48a0a2a2 CVE-2024-5588,0,0,21589c4423d1fee081cb695dd8009f3bd5a36bd74dae1713c28449f0da1cd8d1,2024-06-04T19:21:10.267000 CVE-2024-5589,0,0,dc63c38434ce5bb089af0d0f8aa09f6a46f1fae34dd45c15f4542741dea047b7,2024-06-03T14:46:24.250000 CVE-2024-5590,0,0,ca60332ff9933405c7b9b37e93d2404b53274b9ec741b4065c0c1eadbd60da94,2024-06-03T14:46:24.250000 -CVE-2024-5599,1,1,fdd36682244cdbef288ffa67e6c6a7aab434ffe17fb8bc79cb41fa5b7c68bd24,2024-06-07T13:15:50.943000 -CVE-2024-5607,0,0,8b06d468a789bf21a5887ce32c4b351ff2f13075122362c1fae85c795fb5346a,2024-06-07T03:15:09.630000 +CVE-2024-5599,0,1,f4a52e1bfb366a6202506629155ecd183236e8f05f71acf047338b6dce70d1b5,2024-06-07T14:56:05.647000 +CVE-2024-5607,0,1,9601597658129a089207c1a0e7e7267aceda952302ad39754d738e7307549543,2024-06-07T14:56:05.647000 CVE-2024-5609,0,0,f28c83e3e9d04345913d36de3bfdbd0d644d73b3d20045d9399b3368319c8d47,2024-06-06T19:16:09.920000 -CVE-2024-5612,0,0,e8a0b0cebc6090829ad560ec9543d9f4ddc54548118aadc3bd76e2acffa1644e,2024-06-07T05:15:50.523000 +CVE-2024-5612,0,1,24bfbb6efa391db3014703335fcf10e8f670f2b2b154031d8b7a312f92d36720,2024-06-07T14:56:05.647000 CVE-2024-5615,0,0,2b9f4fbf88dd4ea6ff55678ac9c0762fd6b29ae2ea4765ff6af29ac25e53e3d4,2024-06-06T14:17:35.017000 CVE-2024-5629,0,0,2b19d175fd80b16aa424307957676ae3dd964a506cce5329fc9e2ea04d26ec96,2024-06-06T14:17:35.017000 CVE-2024-5635,0,0,2f4fd95f40cb43c9475682f37f78b479557c0ba40bc4b87c84bd3a410bdbca2c,2024-06-05T12:53:50.240000 CVE-2024-5636,0,0,ae2ff24a8e15c0ed795cb405ff4b68943ed8f15194eed9e4ca4bf581e03cae2a,2024-06-05T12:53:50.240000 -CVE-2024-5637,0,1,bc17a2be6303686256c1add4864c0004c19172542cbf550816e24e8d78122f79,2024-06-07T11:15:53.353000 -CVE-2024-5640,0,0,785e2574eb7b079aab076db7f0229c04a13e86681b300342f00e17b399aeb615,2024-06-07T05:15:50.730000 -CVE-2024-5645,0,0,1277fbcf5a971876f13ccf037dda56ec4bd3121192c25c235de45aca7b607e2f,2024-06-07T10:15:12.090000 +CVE-2024-5637,0,1,ac3ce2f387cb57c22df0353acef752a2e3012aca45064cc36768fafeb33c665e,2024-06-07T14:56:05.647000 +CVE-2024-5640,0,1,86163b3d741cee0a4e50ef8553f0c82f1f0c15bd48d022d2d250ef0f55c23f10,2024-06-07T14:56:05.647000 +CVE-2024-5645,0,1,c14f368d8ed33123f2e6f42b798410915cfa25d6cf41b8a76db4e578eb499f6a,2024-06-07T14:56:05.647000 CVE-2024-5653,0,0,283076b6ccce08ae3d1ddf9d7f5983a839d66c80929543a8a527d0bfdf86a2f9,2024-06-06T14:17:35.017000 CVE-2024-5656,0,0,adabf37f78545832b9e31783c044d8f042bfbaaca432946aa95ed82eb518777b,2024-06-06T14:17:35.017000 CVE-2024-5657,0,0,b9899ab9d953b5e4a78b96db0691f3e8b536e92241286e49b6931592afb0dbef,2024-06-06T14:17:35.017000 @@ -252982,6 +252991,6 @@ CVE-2024-5665,0,0,bd958d396bb4ad35b63d57ac1176d92cc2fe04cdc3b5189c4ab55e781e3023 CVE-2024-5673,0,0,b896d7e323904f9e987f87941609f4675d0746a7c5358db642d05671db0b87b4,2024-06-06T14:17:35.017000 CVE-2024-5675,0,0,38acd8263eeb8d1e4c48e0984f055dd4606319e26fa8928f4d3e5881bdfd6563,2024-06-06T14:17:35.017000 CVE-2024-5684,0,0,b2f8ad263f684025e461aeac45146ad505c13a2339a4851373464b5600c43386,2024-06-06T14:17:35.017000 -CVE-2024-5732,0,0,fc923aa6728a25234fa6531e6345ccffb223cf9da524e30207a6e79495962e63,2024-06-07T10:15:12.293000 -CVE-2024-5733,1,1,1d60776f09d2c8dcd6e5592432b40ea59236a4c4b2f64dd6aafdc357bd72aa6b,2024-06-07T12:15:09.190000 -CVE-2024-5734,1,1,2599686f5de9207cd15545a56a3a3c88d9fe11ecfd5e79a6a99bad6b1512bb16,2024-06-07T12:15:09.463000 +CVE-2024-5732,0,1,164b158659f154321408f970302d5931abbeea5b0cb278b288a24fa0afd832a5,2024-06-07T15:15:51.007000 +CVE-2024-5733,0,1,912af201a333601d8ad85caf06bb206334f6fa2fa638d7d63d5571cfacf454d4,2024-06-07T14:56:05.647000 +CVE-2024-5734,0,1,e917358d44ba354d5dfd3644d0fff527946ef8bd40b673f8ac84c778286083ab,2024-06-07T14:56:05.647000