admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-05-16T08:00:38.837751+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-05-16 08:03:29 +00:00
parent 031dc4bbd1
commit c57b480ddb
16 changed files with 861 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
CVE-2024/CVE-2024-36xx/CVE-2024-3641.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-3641",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-16T06:15:08.703",
"lastModified": "2024-05-16T06:15:08.703",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/f4047f1e-d5ea-425f-8def-76dd5e6a497e/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2024/CVE-2024-36xx/CVE-2024-3642.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-3642",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-16T06:15:09.770",
"lastModified": "2024-05-16T06:15:09.770",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/dc44d85f-afe8-4824-95b0-11b9abfb04d8/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2024/CVE-2024-36xx/CVE-2024-3643.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-3643",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-16T06:15:10.053",
"lastModified": "2024-05-16T06:15:10.053",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/698277e6-56f9-4688-9a84-c2fa3ea9f7dc/",
"source": "contact@wpscan.com"
}
]
}

20
CVE-2024/CVE-2024-36xx/CVE-2024-3644.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-3644",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-16T06:15:10.370",
"lastModified": "2024-05-16T06:15:10.370",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)"
}
],
"metrics": {},
"references": [
{
"url": "https://wpscan.com/vulnerability/10eb712a-d9c3-46c9-be6a-02811396fae8/",
"source": "contact@wpscan.com"
}
]
}

51
CVE-2024/CVE-2024-42xx/CVE-2024-4279.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-4279",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-16T06:15:10.667",
"lastModified": "2024-05-16T06:15:10.667",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow authenticated attackers, with Instructor-level permissions and above, to delete any course."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course_List.php#L357",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3086489/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45d04643-e43a-4732-91bf-e4af7b622e33?source=cve",
"source": "security@wordfence.com"
}
]
}

55
CVE-2024/CVE-2024-43xx/CVE-2024-4318.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4318",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-16T06:15:11.480",
"lastModified": "2024-05-16T06:15:11.480",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018question_id\u2019 parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L4456",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L4575",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3086489/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b?source=cve",
"source": "security@wordfence.com"
}
]
}

51
CVE-2024/CVE-2024-46xx/CVE-2024-4635.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-4635",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-16T06:15:12.090",
"lastModified": "2024-05-16T06:15:12.090",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018add_mime_type\u2019 function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/menu-icons/tags/0.13.13/vendor/codeinwp/icon-picker/includes/types/svg.php#L69",
"source": "security@wordfence.com"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3086753/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90284576-6570-4e4c-8eb3-743bc402ea1b?source=cve",
"source": "security@wordfence.com"
}
]
}

55
CVE-2024/CVE-2024-48xx/CVE-2024-4843.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4843",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2024-05-16T06:15:12.690",
"lastModified": "2024-05-16T06:15:12.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://thrive.trellix.com/s/article/000013505",
"source": "trellixpsirt@trellix.com"
}
]
}

55
CVE-2024/CVE-2024-48xx/CVE-2024-4844.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4844",
"sourceIdentifier": "trellixpsirt@trellix.com",
"published": "2024-05-16T07:15:50.743",
"lastModified": "2024-05-16T07:15:50.743",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "trellixpsirt@trellix.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "trellixpsirt@trellix.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://thrive.trellix.com/s/article/000013505",
"source": "trellixpsirt@trellix.com"
}
]
}

92
CVE-2024/CVE-2024-49xx/CVE-2024-4946.json Normal file
View File

@ -0,0 +1,92 @@
{
"id": "CVE-2024-4946",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-16T06:15:13.547",
"lastModified": "2024-05-16T06:15:13.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264481 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/CveSecLook/cve/issues/29",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.264481",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.264481",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.334215",
"source": "cna@vuldb.com"
}
]
}

96
CVE-2024/CVE-2024-49xx/CVE-2024-4960.json Normal file
View File

@ -0,0 +1,96 @@
{
"id": "CVE-2024-4960",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-16T06:15:14.650",
"lastModified": "2024-05-16T06:15:14.650",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. Affected is an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20licenseauthorization.php.php.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.264528",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.264528",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.333777",
"source": "cna@vuldb.com"
}
]
}

96
CVE-2024/CVE-2024-49xx/CVE-2024-4961.json Normal file
View File

@ -0,0 +1,96 @@
{
"id": "CVE-2024-4961",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-16T06:15:15.653",
"lastModified": "2024-05-16T06:15:15.653",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlineuser.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264529 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20onlineuser.php.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.264529",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.264529",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.333779",
"source": "cna@vuldb.com"
}
]
}

96
CVE-2024/CVE-2024-49xx/CVE-2024-4962.json Normal file
View File

@ -0,0 +1,96 @@
{
"id": "CVE-2024-4962",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-16T07:15:52.070",
"lastModified": "2024-05-16T07:15:52.070",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264530 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20resmanage.php.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.264530",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.264530",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.333780",
"source": "cna@vuldb.com"
}
]
}

96
CVE-2024/CVE-2024-49xx/CVE-2024-4963.json Normal file
View File

@ -0,0 +1,96 @@
{
"id": "CVE-2024-4963",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-05-16T07:15:53.317",
"lastModified": "2024-05-16T07:15:53.317",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264531. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20url.php.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.264531",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.264531",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.333781",
"source": "cna@vuldb.com"
}
]
}

28
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-05-16T06:00:30.058589+00:00
2024-05-16T08:00:38.837751+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-05-16T05:15:52.187000+00:00
2024-05-16T07:15:53.317000+00:00
```
### Last Data Feed Release
@ -33,19 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
250075
250089
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `14`
- [CVE-2024-4929](CVE-2024/CVE-2024-49xx/CVE-2024-4929.json) (`2024-05-16T04:15:09.997`)
- [CVE-2024-4930](CVE-2024/CVE-2024-49xx/CVE-2024-4930.json) (`2024-05-16T04:15:14.873`)
- [CVE-2024-4931](CVE-2024/CVE-2024-49xx/CVE-2024-4931.json) (`2024-05-16T05:15:51.297`)
- [CVE-2024-4932](CVE-2024/CVE-2024-49xx/CVE-2024-4932.json) (`2024-05-16T05:15:51.653`)
- [CVE-2024-4933](CVE-2024/CVE-2024-49xx/CVE-2024-4933.json) (`2024-05-16T05:15:51.923`)
- [CVE-2024-4945](CVE-2024/CVE-2024-49xx/CVE-2024-4945.json) (`2024-05-16T05:15:52.187`)
- [CVE-2024-3641](CVE-2024/CVE-2024-36xx/CVE-2024-3641.json) (`2024-05-16T06:15:08.703`)
- [CVE-2024-3642](CVE-2024/CVE-2024-36xx/CVE-2024-3642.json) (`2024-05-16T06:15:09.770`)
- [CVE-2024-3643](CVE-2024/CVE-2024-36xx/CVE-2024-3643.json) (`2024-05-16T06:15:10.053`)
- [CVE-2024-3644](CVE-2024/CVE-2024-36xx/CVE-2024-3644.json) (`2024-05-16T06:15:10.370`)
- [CVE-2024-4279](CVE-2024/CVE-2024-42xx/CVE-2024-4279.json) (`2024-05-16T06:15:10.667`)
- [CVE-2024-4318](CVE-2024/CVE-2024-43xx/CVE-2024-4318.json) (`2024-05-16T06:15:11.480`)
- [CVE-2024-4635](CVE-2024/CVE-2024-46xx/CVE-2024-4635.json) (`2024-05-16T06:15:12.090`)
- [CVE-2024-4843](CVE-2024/CVE-2024-48xx/CVE-2024-4843.json) (`2024-05-16T06:15:12.690`)
- [CVE-2024-4844](CVE-2024/CVE-2024-48xx/CVE-2024-4844.json) (`2024-05-16T07:15:50.743`)
- [CVE-2024-4946](CVE-2024/CVE-2024-49xx/CVE-2024-4946.json) (`2024-05-16T06:15:13.547`)
- [CVE-2024-4960](CVE-2024/CVE-2024-49xx/CVE-2024-4960.json) (`2024-05-16T06:15:14.650`)
- [CVE-2024-4961](CVE-2024/CVE-2024-49xx/CVE-2024-4961.json) (`2024-05-16T06:15:15.653`)
- [CVE-2024-4962](CVE-2024/CVE-2024-49xx/CVE-2024-4962.json) (`2024-05-16T07:15:52.070`)
- [CVE-2024-4963](CVE-2024/CVE-2024-49xx/CVE-2024-4963.json) (`2024-05-16T07:15:53.317`)
### CVEs modified in the last Commit

26
_state.csv
View File

@ -249380,6 +249380,10 @@ CVE-2024-3630,0,0,926139967a60c2fbb973591bfaf02247176107857bd2016db228b1bad05093
CVE-2024-3631,0,0,23ed89adaefd79fb5d4ee26d730630bda7cfdcd82c863393b1235437ef1ba153,2024-05-15T16:40:19.330000
CVE-2024-3634,0,0,c3f42805e4dda629640e8954ef2ceb56e7ae10c94dfd6ea4087a1beeea605aaf,2024-05-15T16:40:19.330000
CVE-2024-3637,0,0,e0d8ef5f7498633f88592f7b832da01e95be5d925cdaa67450761833b0152a3c,2024-05-03T12:48:41.067000
CVE-2024-3641,1,1,c2c736069181bb65e29c0da7bca489a775aa681088f4ee928d86de4924e35b70,2024-05-16T06:15:08.703000
CVE-2024-3642,1,1,dfcb658191217b0847b0136fb1181db07bc4bc30be62a8d122326f31cb93ccc8,2024-05-16T06:15:09.770000
CVE-2024-3643,1,1,9c63838f3108e1184b5f6296a67d9a667ca829e16dd541cd6e0af5d2ae7c4c4f,2024-05-16T06:15:10.053000
CVE-2024-3644,1,1,60ce9d7c14633a7757759403191393c379c01f763c9f518cf2d6452724743e9d,2024-05-16T06:15:10.370000
CVE-2024-3645,0,0,9bfaa42192c6fa49951fba1d7645fb7975d3a2b4cd9bcc55a7dd9ceef33e077c,2024-04-22T19:24:12.920000
CVE-2024-3646,0,0,f1ba7615d07aeacaca9371aa5a68bf3033db9a231eaf2716a6cbfd3f340bcd58,2024-04-19T16:19:49.043000
CVE-2024-3647,0,0,ca25e9298939397c868176f0412c03a959d2ccf69e0a681bb97da636a0c7782e,2024-05-02T18:00:37.360000
@ -249749,6 +249753,7 @@ CVE-2024-4257,0,0,686afb2bdc1867e065959576dafa6e091563f36d275fffebd240115b17e626
CVE-2024-4265,0,0,91d38fbd7b9c4ea0cd26c0f2028b5e1f8ee8c7d7e1c2c632d6b17cd2b7b69603,2024-05-02T18:00:37.360000
CVE-2024-4275,0,0,78dbf52771ddf59505b9222514d00cf39d2cb883e25965ab29139ce3d748873c,2024-05-14T16:11:39.510000
CVE-2024-4277,0,0,28c68fbd8fbf742ea35db69404ff5cf06f67a7656a1fd7514e44e23e67f2b3ef,2024-05-14T16:11:39.510000
CVE-2024-4279,1,1,2ac6bd0b10e6e7f652d9e3858e14943b37c33b2f252a487abb99bbfbc2deb934,2024-05-16T06:15:10.667000
CVE-2024-4280,0,0,7aeafddb0fd83afa23fda482b3f98dd67daeefdc6486dcc1d229d77652fac665,2024-05-14T16:11:39.510000
CVE-2024-4281,0,0,f2f6c94941e4ed7f1c98ab6351686f1d868a8657bf9b3ff2bb73d7d016e69d14,2024-05-08T13:15:00.690000
CVE-2024-4291,0,0,99733dd1187908a84b94fea97d567381592a65c8716487f97acf2ee13215c059,2024-05-14T15:43:13.120000
@ -249773,6 +249778,7 @@ CVE-2024-4312,0,0,59fbf303153e0d85b8066207fb91c9445249544d5462e1272c1306971dcf6c
CVE-2024-4314,0,0,1abe213d6359155fbc7a923a6e4d64b59f3117ef3b0bed7e9addf21bcf8fc7a2,2024-05-14T16:11:39.510000
CVE-2024-4316,0,0,4eb558b43c841d372c5646b0ff6f31e7b1e5f7c5b425e59da2142a83b01fc710,2024-05-14T16:11:39.510000
CVE-2024-4317,0,0,2c3dc7f9b6a3b150a489d24a5609d4e1b33dc890cef48ba2f73e55381d4c5f9c,2024-05-14T16:11:39.510000
CVE-2024-4318,1,1,d24f2ab57d12f01d40cb03b1f03d2be7573aa3e153bbb498909fbc1fd235f4b9,2024-05-16T06:15:11.480000
CVE-2024-4324,0,0,7ffaeab065d0c9a1857569b7bf1dcf908cb9c5c673c6c887858b7e3bb59f5daf,2024-05-02T18:00:37.360000
CVE-2024-4327,0,0,20184bec92cc4082f2f126e139d861bc6fcef5b3844d9de9bb39897b0f981d4a,2024-05-14T15:43:17.490000
CVE-2024-4329,0,0,06b73c5bc760ef811acf316cbe7dd6deaf968eed416c3cec66b38549d21201e2,2024-05-14T16:11:39.510000
@ -249914,6 +249920,7 @@ CVE-2024-4622,0,0,db6b68bd807a8a0ddb358e449d01643070e9098450ab994d9259859922691c
CVE-2024-4624,0,0,2f2dfaacad2af40d5d5be1945c7dfb7bd2ed3b09b9d237413e46013b6e4c845a,2024-05-14T19:17:55.627000
CVE-2024-4630,0,0,9ee39c9e70c3fde26d4ddaa20f9f4583498b5ac1a624dc38857653acd661b1f9,2024-05-14T16:11:39.510000
CVE-2024-4631,0,0,e8ed3d07eca49fd9ce5a62406bcf23da9793cbcc792a956665a267b4f25fd693,2024-05-14T15:44:13.487000
CVE-2024-4635,1,1,50fd8f7f5db531f8bedaa09f8b425a92825a91facd7129de67b4f16b3c31db60,2024-05-16T06:15:12.090000
CVE-2024-4636,0,0,7626c868e066027a522192c74e27577bfe95437bdd86013fd6693eefb1ef5c81,2024-05-15T16:40:19.330000
CVE-2024-4644,0,0,0fbd9df577d4302041330f9a7bc7fdd69e588e0f0c78920c1382b2bed37c1f1c,2024-05-14T15:44:13.613000
CVE-2024-4645,0,0,2b9f7a703a2aa52d907a1c026b10663f1b251b0b170d9ffa49ce909ae1af0e08,2024-05-08T13:15:17.563000
@ -250028,6 +250035,8 @@ CVE-2024-4824,0,0,12997f7cb79ce3030574eecdb24c333619e16861704962f1656fbd26f7680d
CVE-2024-4825,0,0,1e0f749d21405e7cf2edd3aac0c05b5f99c8de86001892a511648a80a7280ab0,2024-05-14T16:11:39.510000
CVE-2024-4837,0,0,98aa18fa41c916e1bd621beebea0d7870bfc50e824dc02b9686403b5c337ef1b,2024-05-15T18:35:11.453000
CVE-2024-4840,0,0,c9ca0895b4a51cab0e2c0d59965d65e29a18e7a3fb86aea7f8e73c28a9d25dc4,2024-05-14T16:11:39.510000
CVE-2024-4843,1,1,3818dc820acf6e4fe82f48c8f8f73db1472d9b9cc2125ea1604de8ad3989a7cd,2024-05-16T06:15:12.690000
CVE-2024-4844,1,1,847ae9c7847e01c3e32c5a3c03c48c67b55d2183294ad6cb4301d83ba2064b5d,2024-05-16T07:15:50.743000
CVE-2024-4847,0,0,bba6603a81b56f6d60e806e2e7574571e772d40efe56d1512e7524611ff51b1c,2024-05-15T16:40:19.330000
CVE-2024-4853,0,0,08d9956cd1fc82aacd4cc52b553fb1ad7c9d41ecc90cc195f4a6a68d3e7942e4,2024-05-14T16:11:39.510000
CVE-2024-4854,0,0,3d480ab215b58518bc8b4d2ff21b01ce90d2ee2286e511ec2300ae6a56284679,2024-05-14T16:11:39.510000
@ -250062,15 +250071,20 @@ CVE-2024-4925,0,0,f27597173421d84a6aac0b72a1bbddc32a9683af76ff6d49d4515a21431438
CVE-2024-4926,0,0,4f98e2141ed005b65ace4243520c4a74cf195b626ffbd2348d2371f0030a111c,2024-05-16T02:15:08.693000
CVE-2024-4927,0,0,75241ddb08f272d96e505368d4085d15e400ffeb74f400a01614a704de643552,2024-05-16T03:15:08.123000
CVE-2024-4928,0,0,323f47d5f31773ee017d1eb20a2af002adaec5ddcf60bb89f3fe599cd45a64e6,2024-05-16T03:15:08.387000
CVE-2024-4929,1,1,edfd15fc5d94d8ac95e936a84c0de715965d27f6e5272229617201c4208e15f1,2024-05-16T04:15:09.997000
CVE-2024-4930,1,1,3d4b0e3126e39683b6520266d82fa17aa1b61b155692c5e1fd3ac967e9b971ec,2024-05-16T04:15:14.873000
CVE-2024-4931,1,1,e8aef8669aecd123bcf043fff54871e4465e2968f0b1250d2d302a5f8fecabe4,2024-05-16T05:15:51.297000
CVE-2024-4932,1,1,058543e447fe0a6c6e3ca8a3b483a4b014e7d28d3f060e226c444a4c1c5a9a03,2024-05-16T05:15:51.653000
CVE-2024-4933,1,1,ab99dc1911a1d20350ea3b7f0ab187ed2ed291967036718a5441324a0985fe0a,2024-05-16T05:15:51.923000
CVE-2024-4945,1,1,f7ff43915bb3447a49348ea8439196c37097175d385373eb27c5110d3bca27db,2024-05-16T05:15:52.187000
CVE-2024-4929,0,0,edfd15fc5d94d8ac95e936a84c0de715965d27f6e5272229617201c4208e15f1,2024-05-16T04:15:09.997000
CVE-2024-4930,0,0,3d4b0e3126e39683b6520266d82fa17aa1b61b155692c5e1fd3ac967e9b971ec,2024-05-16T04:15:14.873000
CVE-2024-4931,0,0,e8aef8669aecd123bcf043fff54871e4465e2968f0b1250d2d302a5f8fecabe4,2024-05-16T05:15:51.297000
CVE-2024-4932,0,0,058543e447fe0a6c6e3ca8a3b483a4b014e7d28d3f060e226c444a4c1c5a9a03,2024-05-16T05:15:51.653000
CVE-2024-4933,0,0,ab99dc1911a1d20350ea3b7f0ab187ed2ed291967036718a5441324a0985fe0a,2024-05-16T05:15:51.923000
CVE-2024-4945,0,0,f7ff43915bb3447a49348ea8439196c37097175d385373eb27c5110d3bca27db,2024-05-16T05:15:52.187000
CVE-2024-4946,1,1,56d2009b3ea2f42166976333c587ee672b667eb69299fd030e9cac0c5f8a0cfd,2024-05-16T06:15:13.547000
CVE-2024-4947,0,0,f706014ab5e494173f189b6b147bc73eaca2bb6d431298f9b49d098b14ff5782,2024-05-15T21:15:09.273000
CVE-2024-4948,0,0,bdd7cd38392862513bf6cf6f69f8c528e08e359340031d01daba548f07be3f14,2024-05-15T21:15:09.347000
CVE-2024-4949,0,0,7a7f679654eca12ebf0c1d1d6ac210b4148b3d26ab259c26b5f77d48b40c4cf5,2024-05-15T21:15:09.430000
CVE-2024-4950,0,0,efed32b4f23b877a04e85fe2ab12f10b9d3c39ad2529470125a1a9db3cdcfb9e,2024-05-15T21:15:09.493000
CVE-2024-4960,1,1,c49508adf3f3a5eb1425f7e931390bfce6357a2941a524ce558affdebf7d9038,2024-05-16T06:15:14.650000
CVE-2024-4961,1,1,b5bf727b57104372660c156a79de4dd7fcbd334baec39df64f2fcd679ab82991,2024-05-16T06:15:15.653000
CVE-2024-4962,1,1,3baa8333e1c6ce33c5d2777d789b5621e22d7c0e10ef51ecf2767ae021e895b8,2024-05-16T07:15:52.070000
CVE-2024-4963,1,1,1a3c037e8b3229455ecd984a22cb3ed58fa4dd2659d4c4795a0e51d745b1c4c3,2024-05-16T07:15:53.317000
CVE-2024-4976,0,0,7bb4e20b87953c4b97f492da11cca71d462ce6af7b37913524811fb56920cd3a,2024-05-15T21:15:09.560000
CVE-2024-4984,0,0,ae1bf2c0289bb389f179eb37322fc8de1d2045b7a529e537ac0945a8c2d06fe0,2024-05-16T02:15:09.003000

Can't render this file because it is too large.