diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3641.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3641.json new file mode 100644 index 00000000000..361d18cf4fc --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3641.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-3641", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-05-16T06:15:08.703", + "lastModified": "2024-05-16T06:15:08.703", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some parameters, which could allow unauthenticated visitors to perform Cross-Site Scripting attacks against admins" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/f4047f1e-d5ea-425f-8def-76dd5e6a497e/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3642.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3642.json new file mode 100644 index 00000000000..69d6c722faf --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3642.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-3642", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-05-16T06:15:09.770", + "lastModified": "2024-05-16T06:15:09.770", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting subscriber, which could allow attackers to make logged in admins perform such action via a CSRF attack" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/dc44d85f-afe8-4824-95b0-11b9abfb04d8/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3643.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3643.json new file mode 100644 index 00000000000..0ad5d2343b4 --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3643.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-3643", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-05-16T06:15:10.053", + "lastModified": "2024-05-16T06:15:10.053", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Newsletter Popup WordPress plugin through 1.2 does not have CSRF check when deleting list, which could allow attackers to make logged in admins perform such action via a CSRF attack" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/698277e6-56f9-4688-9a84-c2fa3ea9f7dc/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3644.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3644.json new file mode 100644 index 00000000000..dc25037d375 --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3644.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-3644", + "sourceIdentifier": "contact@wpscan.com", + "published": "2024-05-16T06:15:10.370", + "lastModified": "2024-05-16T06:15:10.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Newsletter Popup WordPress plugin through 1.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://wpscan.com/vulnerability/10eb712a-d9c3-46c9-be6a-02811396fae8/", + "source": "contact@wpscan.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-42xx/CVE-2024-4279.json b/CVE-2024/CVE-2024-42xx/CVE-2024-4279.json new file mode 100644 index 00000000000..3d59a5abd3c --- /dev/null +++ b/CVE-2024/CVE-2024-42xx/CVE-2024-4279.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-4279", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-16T06:15:10.667", + "lastModified": "2024-05-16T06:15:10.667", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Tutor LMS \u2013 eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. This can allow authenticated attackers, with Instructor-level permissions and above, to delete any course." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Course_List.php#L357", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3086489/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/45d04643-e43a-4732-91bf-e4af7b622e33?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4318.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4318.json new file mode 100644 index 00000000000..37d86b1a706 --- /dev/null +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4318.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-4318", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-16T06:15:11.480", + "lastModified": "2024-05-16T06:15:11.480", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Tutor LMS plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018question_id\u2019 parameter in versions up to, and including, 2.7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Instructor-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L4456", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/tutor/tags/2.7.0/classes/Utils.php#L4575", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3086489/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bbb3c65-f02c-4d6d-bd4e-b3232af5e21b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-46xx/CVE-2024-4635.json b/CVE-2024/CVE-2024-46xx/CVE-2024-4635.json new file mode 100644 index 00000000000..d8e62f9c5e0 --- /dev/null +++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4635.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2024-4635", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-16T06:15:12.090", + "lastModified": "2024-05-16T06:15:12.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Menu Icons by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018add_mime_type\u2019 function in versions up to, and including, 0.13.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/menu-icons/tags/0.13.13/vendor/codeinwp/icon-picker/includes/types/svg.php#L69", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3086753/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/90284576-6570-4e4c-8eb3-743bc402ea1b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4843.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4843.json new file mode 100644 index 00000000000..727fc2cf185 --- /dev/null +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4843.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-4843", + "sourceIdentifier": "trellixpsirt@trellix.com", + "published": "2024-05-16T06:15:12.690", + "lastModified": "2024-05-16T06:15:12.690", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "trellixpsirt@trellix.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "trellixpsirt@trellix.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-639" + } + ] + } + ], + "references": [ + { + "url": "https://thrive.trellix.com/s/article/000013505", + "source": "trellixpsirt@trellix.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-48xx/CVE-2024-4844.json b/CVE-2024/CVE-2024-48xx/CVE-2024-4844.json new file mode 100644 index 00000000000..3effe9f1802 --- /dev/null +++ b/CVE-2024/CVE-2024-48xx/CVE-2024-4844.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-4844", + "sourceIdentifier": "trellixpsirt@trellix.com", + "published": "2024-05-16T07:15:50.743", + "lastModified": "2024-05-16T07:15:50.743", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator (ePO) on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was possible through using a hard coded password for the keystore. Access Control restrictions on the file mean this would not be exploitable unless the user is the system admin for the server that ePO is running on." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "trellixpsirt@trellix.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.6, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "trellixpsirt@trellix.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://thrive.trellix.com/s/article/000013505", + "source": "trellixpsirt@trellix.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4946.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4946.json new file mode 100644 index 00000000000..f27e28fad64 --- /dev/null +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4946.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-4946", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-16T06:15:13.547", + "lastModified": "2024-05-16T06:15:13.547", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/adminHome.php. The manipulation of the argument sliderpic leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264481 was assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/CveSecLook/cve/issues/29", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.264481", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.264481", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.334215", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4960.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4960.json new file mode 100644 index 00000000000..55763d7c450 --- /dev/null +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4960.json @@ -0,0 +1,96 @@ +{ + "id": "CVE-2024-4960", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-16T06:15:14.650", + "lastModified": "2024-05-16T06:15:14.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. Affected is an unknown function of the file interface/sysmanage/licenseauthorization.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264528. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20licenseauthorization.php.php.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.264528", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.264528", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.333777", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4961.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4961.json new file mode 100644 index 00000000000..a390f7d3368 --- /dev/null +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4961.json @@ -0,0 +1,96 @@ +{ + "id": "CVE-2024-4961", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-16T06:15:15.653", + "lastModified": "2024-05-16T06:15:15.653", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlineuser.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-264529 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20onlineuser.php.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.264529", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.264529", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.333779", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4962.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4962.json new file mode 100644 index 00000000000..d6de7d8e356 --- /dev/null +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4962.json @@ -0,0 +1,96 @@ +{ + "id": "CVE-2024-4962", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-16T07:15:52.070", + "lastModified": "2024-05-16T07:15:52.070", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file /useratte/resmanage.php. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-264530 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20resmanage.php.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.264530", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.264530", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.333780", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-49xx/CVE-2024-4963.json b/CVE-2024/CVE-2024-49xx/CVE-2024-4963.json new file mode 100644 index 00000000000..3d3ad0d5165 --- /dev/null +++ b/CVE-2024/CVE-2024-49xx/CVE-2024-4963.json @@ -0,0 +1,96 @@ +{ + "id": "CVE-2024-4963", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-05-16T07:15:53.317", + "lastModified": "2024-05-16T07:15:53.317", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument file_upload leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-264531. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/h0e4a0r1t/h0e4a0r1t.github.io/blob/master/2024/%3CWHB%7Cj%5CIbSU0m4%3A_/D-LINK-DAR-7000_upload_%20url.php.pdf", + "source": "cna@vuldb.com" + }, + { + "url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10354", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.264531", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.264531", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.333781", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a34f94df99c..716f4ffeb08 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-16T06:00:30.058589+00:00 +2024-05-16T08:00:38.837751+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-16T05:15:52.187000+00:00 +2024-05-16T07:15:53.317000+00:00 ``` ### Last Data Feed Release @@ -33,19 +33,27 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -250075 +250089 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `14` -- [CVE-2024-4929](CVE-2024/CVE-2024-49xx/CVE-2024-4929.json) (`2024-05-16T04:15:09.997`) -- [CVE-2024-4930](CVE-2024/CVE-2024-49xx/CVE-2024-4930.json) (`2024-05-16T04:15:14.873`) -- [CVE-2024-4931](CVE-2024/CVE-2024-49xx/CVE-2024-4931.json) (`2024-05-16T05:15:51.297`) -- [CVE-2024-4932](CVE-2024/CVE-2024-49xx/CVE-2024-4932.json) (`2024-05-16T05:15:51.653`) -- [CVE-2024-4933](CVE-2024/CVE-2024-49xx/CVE-2024-4933.json) (`2024-05-16T05:15:51.923`) -- [CVE-2024-4945](CVE-2024/CVE-2024-49xx/CVE-2024-4945.json) (`2024-05-16T05:15:52.187`) +- [CVE-2024-3641](CVE-2024/CVE-2024-36xx/CVE-2024-3641.json) (`2024-05-16T06:15:08.703`) +- [CVE-2024-3642](CVE-2024/CVE-2024-36xx/CVE-2024-3642.json) (`2024-05-16T06:15:09.770`) +- [CVE-2024-3643](CVE-2024/CVE-2024-36xx/CVE-2024-3643.json) (`2024-05-16T06:15:10.053`) +- [CVE-2024-3644](CVE-2024/CVE-2024-36xx/CVE-2024-3644.json) (`2024-05-16T06:15:10.370`) +- [CVE-2024-4279](CVE-2024/CVE-2024-42xx/CVE-2024-4279.json) (`2024-05-16T06:15:10.667`) +- [CVE-2024-4318](CVE-2024/CVE-2024-43xx/CVE-2024-4318.json) (`2024-05-16T06:15:11.480`) +- [CVE-2024-4635](CVE-2024/CVE-2024-46xx/CVE-2024-4635.json) (`2024-05-16T06:15:12.090`) +- [CVE-2024-4843](CVE-2024/CVE-2024-48xx/CVE-2024-4843.json) (`2024-05-16T06:15:12.690`) +- [CVE-2024-4844](CVE-2024/CVE-2024-48xx/CVE-2024-4844.json) (`2024-05-16T07:15:50.743`) +- [CVE-2024-4946](CVE-2024/CVE-2024-49xx/CVE-2024-4946.json) (`2024-05-16T06:15:13.547`) +- [CVE-2024-4960](CVE-2024/CVE-2024-49xx/CVE-2024-4960.json) (`2024-05-16T06:15:14.650`) +- [CVE-2024-4961](CVE-2024/CVE-2024-49xx/CVE-2024-4961.json) (`2024-05-16T06:15:15.653`) +- [CVE-2024-4962](CVE-2024/CVE-2024-49xx/CVE-2024-4962.json) (`2024-05-16T07:15:52.070`) +- [CVE-2024-4963](CVE-2024/CVE-2024-49xx/CVE-2024-4963.json) (`2024-05-16T07:15:53.317`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 4bc1dd73ee9..60bb863b3aa 100644 --- a/_state.csv +++ b/_state.csv @@ -249380,6 +249380,10 @@ CVE-2024-3630,0,0,926139967a60c2fbb973591bfaf02247176107857bd2016db228b1bad05093 CVE-2024-3631,0,0,23ed89adaefd79fb5d4ee26d730630bda7cfdcd82c863393b1235437ef1ba153,2024-05-15T16:40:19.330000 CVE-2024-3634,0,0,c3f42805e4dda629640e8954ef2ceb56e7ae10c94dfd6ea4087a1beeea605aaf,2024-05-15T16:40:19.330000 CVE-2024-3637,0,0,e0d8ef5f7498633f88592f7b832da01e95be5d925cdaa67450761833b0152a3c,2024-05-03T12:48:41.067000 +CVE-2024-3641,1,1,c2c736069181bb65e29c0da7bca489a775aa681088f4ee928d86de4924e35b70,2024-05-16T06:15:08.703000 +CVE-2024-3642,1,1,dfcb658191217b0847b0136fb1181db07bc4bc30be62a8d122326f31cb93ccc8,2024-05-16T06:15:09.770000 +CVE-2024-3643,1,1,9c63838f3108e1184b5f6296a67d9a667ca829e16dd541cd6e0af5d2ae7c4c4f,2024-05-16T06:15:10.053000 +CVE-2024-3644,1,1,60ce9d7c14633a7757759403191393c379c01f763c9f518cf2d6452724743e9d,2024-05-16T06:15:10.370000 CVE-2024-3645,0,0,9bfaa42192c6fa49951fba1d7645fb7975d3a2b4cd9bcc55a7dd9ceef33e077c,2024-04-22T19:24:12.920000 CVE-2024-3646,0,0,f1ba7615d07aeacaca9371aa5a68bf3033db9a231eaf2716a6cbfd3f340bcd58,2024-04-19T16:19:49.043000 CVE-2024-3647,0,0,ca25e9298939397c868176f0412c03a959d2ccf69e0a681bb97da636a0c7782e,2024-05-02T18:00:37.360000 @@ -249749,6 +249753,7 @@ CVE-2024-4257,0,0,686afb2bdc1867e065959576dafa6e091563f36d275fffebd240115b17e626 CVE-2024-4265,0,0,91d38fbd7b9c4ea0cd26c0f2028b5e1f8ee8c7d7e1c2c632d6b17cd2b7b69603,2024-05-02T18:00:37.360000 CVE-2024-4275,0,0,78dbf52771ddf59505b9222514d00cf39d2cb883e25965ab29139ce3d748873c,2024-05-14T16:11:39.510000 CVE-2024-4277,0,0,28c68fbd8fbf742ea35db69404ff5cf06f67a7656a1fd7514e44e23e67f2b3ef,2024-05-14T16:11:39.510000 +CVE-2024-4279,1,1,2ac6bd0b10e6e7f652d9e3858e14943b37c33b2f252a487abb99bbfbc2deb934,2024-05-16T06:15:10.667000 CVE-2024-4280,0,0,7aeafddb0fd83afa23fda482b3f98dd67daeefdc6486dcc1d229d77652fac665,2024-05-14T16:11:39.510000 CVE-2024-4281,0,0,f2f6c94941e4ed7f1c98ab6351686f1d868a8657bf9b3ff2bb73d7d016e69d14,2024-05-08T13:15:00.690000 CVE-2024-4291,0,0,99733dd1187908a84b94fea97d567381592a65c8716487f97acf2ee13215c059,2024-05-14T15:43:13.120000 @@ -249773,6 +249778,7 @@ CVE-2024-4312,0,0,59fbf303153e0d85b8066207fb91c9445249544d5462e1272c1306971dcf6c CVE-2024-4314,0,0,1abe213d6359155fbc7a923a6e4d64b59f3117ef3b0bed7e9addf21bcf8fc7a2,2024-05-14T16:11:39.510000 CVE-2024-4316,0,0,4eb558b43c841d372c5646b0ff6f31e7b1e5f7c5b425e59da2142a83b01fc710,2024-05-14T16:11:39.510000 CVE-2024-4317,0,0,2c3dc7f9b6a3b150a489d24a5609d4e1b33dc890cef48ba2f73e55381d4c5f9c,2024-05-14T16:11:39.510000 +CVE-2024-4318,1,1,d24f2ab57d12f01d40cb03b1f03d2be7573aa3e153bbb498909fbc1fd235f4b9,2024-05-16T06:15:11.480000 CVE-2024-4324,0,0,7ffaeab065d0c9a1857569b7bf1dcf908cb9c5c673c6c887858b7e3bb59f5daf,2024-05-02T18:00:37.360000 CVE-2024-4327,0,0,20184bec92cc4082f2f126e139d861bc6fcef5b3844d9de9bb39897b0f981d4a,2024-05-14T15:43:17.490000 CVE-2024-4329,0,0,06b73c5bc760ef811acf316cbe7dd6deaf968eed416c3cec66b38549d21201e2,2024-05-14T16:11:39.510000 @@ -249914,6 +249920,7 @@ CVE-2024-4622,0,0,db6b68bd807a8a0ddb358e449d01643070e9098450ab994d9259859922691c CVE-2024-4624,0,0,2f2dfaacad2af40d5d5be1945c7dfb7bd2ed3b09b9d237413e46013b6e4c845a,2024-05-14T19:17:55.627000 CVE-2024-4630,0,0,9ee39c9e70c3fde26d4ddaa20f9f4583498b5ac1a624dc38857653acd661b1f9,2024-05-14T16:11:39.510000 CVE-2024-4631,0,0,e8ed3d07eca49fd9ce5a62406bcf23da9793cbcc792a956665a267b4f25fd693,2024-05-14T15:44:13.487000 +CVE-2024-4635,1,1,50fd8f7f5db531f8bedaa09f8b425a92825a91facd7129de67b4f16b3c31db60,2024-05-16T06:15:12.090000 CVE-2024-4636,0,0,7626c868e066027a522192c74e27577bfe95437bdd86013fd6693eefb1ef5c81,2024-05-15T16:40:19.330000 CVE-2024-4644,0,0,0fbd9df577d4302041330f9a7bc7fdd69e588e0f0c78920c1382b2bed37c1f1c,2024-05-14T15:44:13.613000 CVE-2024-4645,0,0,2b9f7a703a2aa52d907a1c026b10663f1b251b0b170d9ffa49ce909ae1af0e08,2024-05-08T13:15:17.563000 @@ -250028,6 +250035,8 @@ CVE-2024-4824,0,0,12997f7cb79ce3030574eecdb24c333619e16861704962f1656fbd26f7680d CVE-2024-4825,0,0,1e0f749d21405e7cf2edd3aac0c05b5f99c8de86001892a511648a80a7280ab0,2024-05-14T16:11:39.510000 CVE-2024-4837,0,0,98aa18fa41c916e1bd621beebea0d7870bfc50e824dc02b9686403b5c337ef1b,2024-05-15T18:35:11.453000 CVE-2024-4840,0,0,c9ca0895b4a51cab0e2c0d59965d65e29a18e7a3fb86aea7f8e73c28a9d25dc4,2024-05-14T16:11:39.510000 +CVE-2024-4843,1,1,3818dc820acf6e4fe82f48c8f8f73db1472d9b9cc2125ea1604de8ad3989a7cd,2024-05-16T06:15:12.690000 +CVE-2024-4844,1,1,847ae9c7847e01c3e32c5a3c03c48c67b55d2183294ad6cb4301d83ba2064b5d,2024-05-16T07:15:50.743000 CVE-2024-4847,0,0,bba6603a81b56f6d60e806e2e7574571e772d40efe56d1512e7524611ff51b1c,2024-05-15T16:40:19.330000 CVE-2024-4853,0,0,08d9956cd1fc82aacd4cc52b553fb1ad7c9d41ecc90cc195f4a6a68d3e7942e4,2024-05-14T16:11:39.510000 CVE-2024-4854,0,0,3d480ab215b58518bc8b4d2ff21b01ce90d2ee2286e511ec2300ae6a56284679,2024-05-14T16:11:39.510000 @@ -250062,15 +250071,20 @@ CVE-2024-4925,0,0,f27597173421d84a6aac0b72a1bbddc32a9683af76ff6d49d4515a21431438 CVE-2024-4926,0,0,4f98e2141ed005b65ace4243520c4a74cf195b626ffbd2348d2371f0030a111c,2024-05-16T02:15:08.693000 CVE-2024-4927,0,0,75241ddb08f272d96e505368d4085d15e400ffeb74f400a01614a704de643552,2024-05-16T03:15:08.123000 CVE-2024-4928,0,0,323f47d5f31773ee017d1eb20a2af002adaec5ddcf60bb89f3fe599cd45a64e6,2024-05-16T03:15:08.387000 -CVE-2024-4929,1,1,edfd15fc5d94d8ac95e936a84c0de715965d27f6e5272229617201c4208e15f1,2024-05-16T04:15:09.997000 -CVE-2024-4930,1,1,3d4b0e3126e39683b6520266d82fa17aa1b61b155692c5e1fd3ac967e9b971ec,2024-05-16T04:15:14.873000 -CVE-2024-4931,1,1,e8aef8669aecd123bcf043fff54871e4465e2968f0b1250d2d302a5f8fecabe4,2024-05-16T05:15:51.297000 -CVE-2024-4932,1,1,058543e447fe0a6c6e3ca8a3b483a4b014e7d28d3f060e226c444a4c1c5a9a03,2024-05-16T05:15:51.653000 -CVE-2024-4933,1,1,ab99dc1911a1d20350ea3b7f0ab187ed2ed291967036718a5441324a0985fe0a,2024-05-16T05:15:51.923000 -CVE-2024-4945,1,1,f7ff43915bb3447a49348ea8439196c37097175d385373eb27c5110d3bca27db,2024-05-16T05:15:52.187000 +CVE-2024-4929,0,0,edfd15fc5d94d8ac95e936a84c0de715965d27f6e5272229617201c4208e15f1,2024-05-16T04:15:09.997000 +CVE-2024-4930,0,0,3d4b0e3126e39683b6520266d82fa17aa1b61b155692c5e1fd3ac967e9b971ec,2024-05-16T04:15:14.873000 +CVE-2024-4931,0,0,e8aef8669aecd123bcf043fff54871e4465e2968f0b1250d2d302a5f8fecabe4,2024-05-16T05:15:51.297000 +CVE-2024-4932,0,0,058543e447fe0a6c6e3ca8a3b483a4b014e7d28d3f060e226c444a4c1c5a9a03,2024-05-16T05:15:51.653000 +CVE-2024-4933,0,0,ab99dc1911a1d20350ea3b7f0ab187ed2ed291967036718a5441324a0985fe0a,2024-05-16T05:15:51.923000 +CVE-2024-4945,0,0,f7ff43915bb3447a49348ea8439196c37097175d385373eb27c5110d3bca27db,2024-05-16T05:15:52.187000 +CVE-2024-4946,1,1,56d2009b3ea2f42166976333c587ee672b667eb69299fd030e9cac0c5f8a0cfd,2024-05-16T06:15:13.547000 CVE-2024-4947,0,0,f706014ab5e494173f189b6b147bc73eaca2bb6d431298f9b49d098b14ff5782,2024-05-15T21:15:09.273000 CVE-2024-4948,0,0,bdd7cd38392862513bf6cf6f69f8c528e08e359340031d01daba548f07be3f14,2024-05-15T21:15:09.347000 CVE-2024-4949,0,0,7a7f679654eca12ebf0c1d1d6ac210b4148b3d26ab259c26b5f77d48b40c4cf5,2024-05-15T21:15:09.430000 CVE-2024-4950,0,0,efed32b4f23b877a04e85fe2ab12f10b9d3c39ad2529470125a1a9db3cdcfb9e,2024-05-15T21:15:09.493000 +CVE-2024-4960,1,1,c49508adf3f3a5eb1425f7e931390bfce6357a2941a524ce558affdebf7d9038,2024-05-16T06:15:14.650000 +CVE-2024-4961,1,1,b5bf727b57104372660c156a79de4dd7fcbd334baec39df64f2fcd679ab82991,2024-05-16T06:15:15.653000 +CVE-2024-4962,1,1,3baa8333e1c6ce33c5d2777d789b5621e22d7c0e10ef51ecf2767ae021e895b8,2024-05-16T07:15:52.070000 +CVE-2024-4963,1,1,1a3c037e8b3229455ecd984a22cb3ed58fa4dd2659d4c4795a0e51d745b1c4c3,2024-05-16T07:15:53.317000 CVE-2024-4976,0,0,7bb4e20b87953c4b97f492da11cca71d462ce6af7b37913524811fb56920cd3a,2024-05-15T21:15:09.560000 CVE-2024-4984,0,0,ae1bf2c0289bb389f179eb37322fc8de1d2045b7a529e537ac0945a8c2d06fe0,2024-05-16T02:15:09.003000