From ce9a627e8ab8dde5102bc76182a746227cf5b1ff Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 9 Jul 2024 06:03:13 +0000 Subject: [PATCH] Auto-Update: 2024-07-09T06:00:18.529354+00:00 --- CVE-2024/CVE-2024-236xx/CVE-2024-23692.json | 2 +- CVE-2024/CVE-2024-346xx/CVE-2024-34685.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-346xx/CVE-2024-34689.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-346xx/CVE-2024-34692.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-371xx/CVE-2024-37171.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-371xx/CVE-2024-37172.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-371xx/CVE-2024-37173.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-371xx/CVE-2024-37174.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-371xx/CVE-2024-37175.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-371xx/CVE-2024-37180.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39592.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39593.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39594.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39595.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39596.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39597.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39598.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39599.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-396xx/CVE-2024-39600.json | 60 +++++++++++++++++++ CVE-2024/CVE-2024-46xx/CVE-2024-4667.json | 52 +++++++++++++++++ CVE-2024/CVE-2024-61xx/CVE-2024-6166.json | 52 +++++++++++++++++ CVE-2024/CVE-2024-61xx/CVE-2024-6169.json | 64 +++++++++++++++++++++ CVE-2024/CVE-2024-61xx/CVE-2024-6170.json | 56 ++++++++++++++++++ CVE-2024/CVE-2024-61xx/CVE-2024-6171.json | 56 ++++++++++++++++++ CVE-2024/CVE-2024-63xx/CVE-2024-6365.json | 56 ++++++++++++++++++ README.md | 41 +++++++++---- _state.csv | 38 +++++++++--- 27 files changed, 1478 insertions(+), 19 deletions(-) create mode 100644 CVE-2024/CVE-2024-346xx/CVE-2024-34685.json create mode 100644 CVE-2024/CVE-2024-346xx/CVE-2024-34689.json create mode 100644 CVE-2024/CVE-2024-346xx/CVE-2024-34692.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37171.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37172.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37173.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37174.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37175.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37180.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39592.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39593.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39594.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39595.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39596.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39597.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39598.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39599.json create mode 100644 CVE-2024/CVE-2024-396xx/CVE-2024-39600.json create mode 100644 CVE-2024/CVE-2024-46xx/CVE-2024-4667.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6166.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6169.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6170.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6171.json create mode 100644 CVE-2024/CVE-2024-63xx/CVE-2024-6365.json diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23692.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23692.json index e7ff00dcfbb..7f038f22cc5 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23692.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23692.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23692", "sourceIdentifier": "disclosure@vulncheck.com", "published": "2024-05-31T10:15:09.330", - "lastModified": "2024-06-28T04:15:04.597", + "lastModified": "2024-07-09T04:15:11.510", "vulnStatus": "Awaiting Analysis", "cveTags": [ { diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34685.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34685.json new file mode 100644 index 00000000000..5ab82bf3375 --- /dev/null +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34685.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-34685", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T04:15:12.090", + "lastModified": "2024-07-09T04:15:12.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to weak encoding of user-controlled input in\nSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can\nbe executed in the application, potentially leading to a Cross-Site Scripting\n(XSS) vulnerability. This has no impact on the availability of the application\nbut it has a low impact on its confidentiality and integrity." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3468681", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34689.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34689.json new file mode 100644 index 00000000000..ce8e96ed686 --- /dev/null +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34689.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-34689", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:10.873", + "lastModified": "2024-07-09T05:15:10.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "WebFlow Services of SAP Business Workflow allows\nan authenticated attacker to enumerate accessible HTTP endpoints in the\ninternal network by specially crafting HTTP requests. On successful\nexploitation this can result in information disclosure. It has no impact on\nintegrity and availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3458789", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34692.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34692.json new file mode 100644 index 00000000000..edca8806a22 --- /dev/null +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34692.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-34692", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:11.183", + "lastModified": "2024-07-09T05:15:11.183", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to missing verification of file type or\ncontent, SAP Enable Now allows an authenticated attacker to upload arbitrary\nfiles. These files include executables which might be downloaded and executed\nby the user which could host malware. On successful exploitation an attacker\ncan cause limited impact on confidentiality and Integrity of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3476340", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37171.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37171.json new file mode 100644 index 00000000000..4ddc06ce0db --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37171.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-37171", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:11.407", + "lastModified": "2024-07-09T05:15:11.407", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP Transportation Management (Collaboration\nPortal) allows an attacker with non-administrative privileges to send a crafted\nrequest from a vulnerable web application. This will trigger the application\nhandler to send a request to an unintended service, which may reveal\ninformation about that service. The information obtained could be used to\ntarget internal systems behind firewalls that are normally inaccessible to an\nattacker from the external network, resulting in a Server-Side Request Forgery\nvulnerability. There is no effect on integrity or availability of the\napplication." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3469958", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37172.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37172.json new file mode 100644 index 00000000000..2c43487beb7 --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37172.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-37172", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:11.607", + "lastModified": "2024-07-09T05:15:11.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP S/4HANA Finance (Advanced Payment\nManagement) does not perform necessary authorization check for an authenticated\nuser, resulting in escalation of privileges. As a result, it has a low impact\nto confidentiality and availability but there is no impact on the integrity." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3457354", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37173.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37173.json new file mode 100644 index 00000000000..a8fefcbbb31 --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37173.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-37173", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T04:15:12.867", + "lastModified": "2024-07-09T04:15:12.867", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to insufficient input validation, SAP\n CRM WebClient UI allows an unauthenticated attacker to craft a URL link which\n embeds a malicious script. When a victim clicks on this link, the script will\n be executed in the victim's browser giving the attacker the ability to access\n and/or modify information with no effect on availability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3467377", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37174.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37174.json new file mode 100644 index 00000000000..86dc75aa96c --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37174.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-37174", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T04:15:13.127", + "lastModified": "2024-07-09T04:15:13.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Custom CSS support option in SAP CRM WebClient\nUI does not sufficiently encode user-controlled inputs resulting in Cross-Site\nScripting vulnerability. On successful exploitation an attacker can cause\nlimited impact on confidentiality and integrity of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3467377", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37175.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37175.json new file mode 100644 index 00000000000..cc9339a6010 --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37175.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-37175", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:11.823", + "lastModified": "2024-07-09T05:15:11.823", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP CRM WebClient does not\nperform necessary authorization check for an authenticated user, resulting in\nescalation of privileges. This could allow an attacker to access some sensitive\ninformation." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3467377", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37180.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37180.json new file mode 100644 index 00000000000..15809dcd239 --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37180.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-37180", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:12.033", + "lastModified": "2024-07-09T05:15:12.033", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Under certain conditions SAP NetWeaver\nApplication Server for ABAP and ABAP Platform allows an attacker to access\nremote-enabled function module with no further authorization which would\notherwise be restricted, the function can be used to read non-sensitive\ninformation with low impact on confidentiality of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3454858", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39592.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39592.json new file mode 100644 index 00000000000..78a85a52611 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39592.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-39592", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T04:15:13.420", + "lastModified": "2024-07-09T04:15:13.420", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Elements of PDCE does not perform necessary\nauthorization checks for an authenticated user, resulting in escalation of\nprivileges.\n\n\n\nThis\nallows an attacker to read sensitive information causing high impact on the\nconfidentiality of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3483344", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39593.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39593.json new file mode 100644 index 00000000000..3869dcdca3e --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39593.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-39593", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T04:15:13.663", + "lastModified": "2024-07-09T04:15:13.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP Landscape Management allows an authenticated\nuser to read confidential data disclosed by the REST Provider Definition\nresponse. Successful exploitation can cause high impact on confidentiality of\nthe managed entities." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3466801", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39594.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39594.json new file mode 100644 index 00000000000..d46aea119e6 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39594.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-39594", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:12.300", + "lastModified": "2024-07-09T05:15:12.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3482217", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39595.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39595.json new file mode 100644 index 00000000000..0f13e920783 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39595.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-39595", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:12.507", + "lastModified": "2024-07-09T05:15:12.507", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user-controlled inputs,\nresulting in Stored Cross-Site Scripting (XSS) vulnerability. This\nvulnerability allows users to modify website content and on successful\nexploitation, an attacker can cause low impact to the confidentiality and\nintegrity of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3482217", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39596.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39596.json new file mode 100644 index 00000000000..8273c006277 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39596.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-39596", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:12.710", + "lastModified": "2024-07-09T05:15:12.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to missing authorization checks, SAP Enable\nNow allows an author to escalate privileges to access information which should\notherwise be restricted. On successful exploitation, the attacker can cause\nlimited impact on confidentiality of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3476348", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39597.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39597.json new file mode 100644 index 00000000000..77e2cca2c7b --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39597.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-39597", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T04:15:13.963", + "lastModified": "2024-07-09T04:15:13.963", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In SAP Commerce, a user can misuse the forgotten\npassword functionality to gain access to a Composable Storefront B2B site for\nwhich early login and registration is activated, without requiring the merchant\nto approve the account beforehand. If the site is not configured as isolated\nsite, this can also grant access to other non-isolated early login sites, even\nif registration is not enabled for those other sites." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3490515", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39598.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39598.json new file mode 100644 index 00000000000..86b16487001 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39598.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-39598", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T04:15:14.860", + "lastModified": "2024-07-09T04:15:14.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SAP CRM (WebClient UI Framework) allows an\nauthenticated attacker to enumerate accessible HTTP endpoints in the internal\nnetwork by specially crafting HTTP requests. On successful exploitation this\ncan result in information disclosure. It has no impact on integrity and\navailability of the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3467377", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39599.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39599.json new file mode 100644 index 00000000000..915ef094cb8 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39599.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-39599", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:12.933", + "lastModified": "2024-07-09T05:15:12.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Due to a Protection Mechanism Failure in SAP\nNetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass\nthe configured malware scanner API because of a programming error. This leads\nto a low impact on the application's confidentiality, integrity, and\navailability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-693" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3456952", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-396xx/CVE-2024-39600.json b/CVE-2024/CVE-2024-396xx/CVE-2024-39600.json new file mode 100644 index 00000000000..2a2963f7688 --- /dev/null +++ b/CVE-2024/CVE-2024-396xx/CVE-2024-39600.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-39600", + "sourceIdentifier": "cna@sap.com", + "published": "2024-07-09T05:15:13.147", + "lastModified": "2024-07-09T05:15:13.147", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@sap.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "cna@sap.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://me.sap.com/notes/3461110", + "source": "cna@sap.com" + }, + { + "url": "https://url.sap/sapsecuritypatchday", + "source": "cna@sap.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-46xx/CVE-2024-4667.json b/CVE-2024/CVE-2024-46xx/CVE-2024-4667.json new file mode 100644 index 00000000000..04e9635246b --- /dev/null +++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4667.json @@ -0,0 +1,52 @@ +{ + "id": "CVE-2024-4667", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-09T05:15:13.353", + "lastModified": "2024-07-09T05:15:13.353", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/blog-posts-and-category-for-elementor/trunk/widgets/post-category-filter.php#L885", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/blog-posts-and-category-for-elementor/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a24c2d7d-8df8-4a3a-a538-09e11ebc6dd5?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6166.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6166.json new file mode 100644 index 00000000000..adc873cf6f2 --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6166.json @@ -0,0 +1,52 @@ +{ + "id": "CVE-2024-6166", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-09T05:15:13.543", + "lastModified": "2024-07-09T05:15:13.543", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018addons_order\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_addons.class.php#L79", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3112307/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9826c91c-0f6e-4d3b-bc14-4af6b60ef246?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6169.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6169.json new file mode 100644 index 00000000000..ec637086da4 --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6169.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-6169", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-09T05:15:13.737", + "lastModified": "2024-07-09T05:15:13.737", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018username\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://github.com/hakluke/weaponised-XSS-payloads/blob/master/wordpress_create_admin_user.js", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L168", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L178", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L182", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3112307/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2f11c32-d58e-4ac8-83c7-30927a626e10?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6170.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6170.json new file mode 100644 index 00000000000..c64e7f862ed --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6170.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-6170", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-09T05:15:13.947", + "lastModified": "2024-07-09T05:15:13.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018email\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://github.com/hakluke/weaponised-XSS-payloads/blob/master/wordpress_create_admin_user.js", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_settings_output.class.php#L398", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3112307/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db14b141-521b-464d-a638-2228b1a86c2b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6171.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6171.json new file mode 100644 index 00000000000..8c61a40f22c --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6171.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-6171", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-09T05:15:14.140", + "lastModified": "2024-07-09T05:15:14.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass antispam functionality in the Form Builder widgets." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/functions.class.php#L3407", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_form.class.php#L742", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3112307/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/714acd7d-6d19-4087-bb27-b9a4ccbb678b?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6365.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6365.json new file mode 100644 index 00000000000..27154775c53 --- /dev/null +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6365.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-6365", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-07-09T04:15:15.333", + "lastModified": "2024-07-09T04:15:15.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes it possible for unauthenticated attackers to execute code on the server." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/modules/wootablepress/models/wootablepress.php#L7", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3113335/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c547b25eab9..826ff0bd0a7 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-09T04:00:19.054471+00:00 +2024-07-09T06:00:18.529354+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-09T03:15:02.507000+00:00 +2024-07-09T05:15:14.140000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -256050 +256074 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `24` -- [CVE-2024-22020](CVE-2024/CVE-2024-220xx/CVE-2024-22020.json) (`2024-07-09T02:15:09.973`) -- [CVE-2024-34786](CVE-2024/CVE-2024-347xx/CVE-2024-34786.json) (`2024-07-09T02:15:10.177`) -- [CVE-2024-4944](CVE-2024/CVE-2024-49xx/CVE-2024-4944.json) (`2024-07-09T03:15:02.270`) -- [CVE-2024-5793](CVE-2024/CVE-2024-57xx/CVE-2024-5793.json) (`2024-07-09T02:15:10.240`) -- [CVE-2024-5855](CVE-2024/CVE-2024-58xx/CVE-2024-5855.json) (`2024-07-09T02:15:10.437`) -- [CVE-2024-5974](CVE-2024/CVE-2024-59xx/CVE-2024-5974.json) (`2024-07-09T03:15:02.507`) +- [CVE-2024-34685](CVE-2024/CVE-2024-346xx/CVE-2024-34685.json) (`2024-07-09T04:15:12.090`) +- [CVE-2024-34689](CVE-2024/CVE-2024-346xx/CVE-2024-34689.json) (`2024-07-09T05:15:10.873`) +- [CVE-2024-34692](CVE-2024/CVE-2024-346xx/CVE-2024-34692.json) (`2024-07-09T05:15:11.183`) +- [CVE-2024-37171](CVE-2024/CVE-2024-371xx/CVE-2024-37171.json) (`2024-07-09T05:15:11.407`) +- [CVE-2024-37172](CVE-2024/CVE-2024-371xx/CVE-2024-37172.json) (`2024-07-09T05:15:11.607`) +- [CVE-2024-37173](CVE-2024/CVE-2024-371xx/CVE-2024-37173.json) (`2024-07-09T04:15:12.867`) +- [CVE-2024-37174](CVE-2024/CVE-2024-371xx/CVE-2024-37174.json) (`2024-07-09T04:15:13.127`) +- [CVE-2024-37175](CVE-2024/CVE-2024-371xx/CVE-2024-37175.json) (`2024-07-09T05:15:11.823`) +- [CVE-2024-37180](CVE-2024/CVE-2024-371xx/CVE-2024-37180.json) (`2024-07-09T05:15:12.033`) +- [CVE-2024-39592](CVE-2024/CVE-2024-395xx/CVE-2024-39592.json) (`2024-07-09T04:15:13.420`) +- [CVE-2024-39593](CVE-2024/CVE-2024-395xx/CVE-2024-39593.json) (`2024-07-09T04:15:13.663`) +- [CVE-2024-39594](CVE-2024/CVE-2024-395xx/CVE-2024-39594.json) (`2024-07-09T05:15:12.300`) +- [CVE-2024-39595](CVE-2024/CVE-2024-395xx/CVE-2024-39595.json) (`2024-07-09T05:15:12.507`) +- [CVE-2024-39596](CVE-2024/CVE-2024-395xx/CVE-2024-39596.json) (`2024-07-09T05:15:12.710`) +- [CVE-2024-39597](CVE-2024/CVE-2024-395xx/CVE-2024-39597.json) (`2024-07-09T04:15:13.963`) +- [CVE-2024-39598](CVE-2024/CVE-2024-395xx/CVE-2024-39598.json) (`2024-07-09T04:15:14.860`) +- [CVE-2024-39599](CVE-2024/CVE-2024-395xx/CVE-2024-39599.json) (`2024-07-09T05:15:12.933`) +- [CVE-2024-39600](CVE-2024/CVE-2024-396xx/CVE-2024-39600.json) (`2024-07-09T05:15:13.147`) +- [CVE-2024-4667](CVE-2024/CVE-2024-46xx/CVE-2024-4667.json) (`2024-07-09T05:15:13.353`) +- [CVE-2024-6166](CVE-2024/CVE-2024-61xx/CVE-2024-6166.json) (`2024-07-09T05:15:13.543`) +- [CVE-2024-6169](CVE-2024/CVE-2024-61xx/CVE-2024-6169.json) (`2024-07-09T05:15:13.737`) +- [CVE-2024-6170](CVE-2024/CVE-2024-61xx/CVE-2024-6170.json) (`2024-07-09T05:15:13.947`) +- [CVE-2024-6171](CVE-2024/CVE-2024-61xx/CVE-2024-6171.json) (`2024-07-09T05:15:14.140`) +- [CVE-2024-6365](CVE-2024/CVE-2024-63xx/CVE-2024-6365.json) (`2024-07-09T04:15:15.333`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-23692](CVE-2024/CVE-2024-236xx/CVE-2024-23692.json) (`2024-07-09T04:15:11.510`) ## Download and Usage diff --git a/_state.csv b/_state.csv index e7729c2297d..0ac182d8782 100644 --- a/_state.csv +++ b/_state.csv @@ -243645,7 +243645,7 @@ CVE-2024-22016,0,0,72bb3341c866069974fe863b6c9e848e25809f5f0697d51cda8a3c348c967 CVE-2024-22017,0,0,eda129adeae4ecfa4b275b7bc6bb5638800d036cf47c85fe2baa6a803f743c01,2024-06-10T17:16:18.773000 CVE-2024-22019,0,0,49190872720c4c119c607cdd3cd1206179dcd2b84c9cd0a4595a1040743a11fe,2024-05-01T18:15:13.800000 CVE-2024-2202,0,0,830996a3e5b6be902d6f2e65d3759482285591493d041fcbf74113f66926d781,2024-03-25T01:51:01.223000 -CVE-2024-22020,1,1,7ac9a9c321ee32f5a7c3029e4b874c847226caf8006b26e3abdd3012e630e857,2024-07-09T02:15:09.973000 +CVE-2024-22020,0,0,7ac9a9c321ee32f5a7c3029e4b874c847226caf8006b26e3abdd3012e630e857,2024-07-09T02:15:09.973000 CVE-2024-22021,0,0,ba38d4b86a2c5af951f989c7a28594b6207f0b19739ba3d580be6e4d49001bfb,2024-02-29T01:44:04.690000 CVE-2024-22022,0,0,925c0d46bbd39b5d0f2644b5e26e0cd82488a20b7de7cccfa4639e9bb8f60d9e,2024-02-15T18:45:30.887000 CVE-2024-22023,0,0,738809cdca073240a61fbce615868c0b1c3f7d174f610e159e035e11db1f2996,2024-07-03T01:46:59.843000 @@ -244710,7 +244710,7 @@ CVE-2024-23687,0,0,888c703c13765b4aadeca06043a7e3dd693e14ab5fbf0ceb683a371be24cf CVE-2024-23688,0,0,07f47d429f26f5d25558115321368745a1af1492969a475a8855a8882844f455,2024-01-26T15:53:31.397000 CVE-2024-23689,0,0,d7d4e018343e45ab929852f091e2e71006911f05a5c0cdd59769a6f5a80fdcee,2024-01-26T14:50:45.023000 CVE-2024-2369,0,0,6a36576cd82a0efb1a6cf47fca1f81c4dce9d8f7b0632041d2d5bfbf236b9c0b,2024-04-08T18:15:08.527000 -CVE-2024-23692,0,0,ee8d47877e8ab9dffb6b0f67245eb523eb65e271e0c42f12e1c102143c73f4cc,2024-06-28T04:15:04.597000 +CVE-2024-23692,0,1,2c70ac9488c5faf6a5d518e660044a8820026bf6342ba13329711a2daa262f78,2024-07-09T04:15:11.510000 CVE-2024-2370,0,0,d585ae9ac856bf263bbb5fc87411ce61002d06f83e420348ba9623542805dbad,2024-03-20T16:15:08.270000 CVE-2024-23704,0,0,3ab2415bdb26ba29dae3109785e9f4b7ad9e6e4e471a3ed83e21564f6ce311e3,2024-07-03T01:47:59.750000 CVE-2024-23705,0,0,ead7fe198af09437794c6077c888124fa1580ba6ce0d00067776236205768400,2024-07-03T01:48:00.597000 @@ -251931,12 +251931,15 @@ CVE-2024-3467,0,0,f3d3ded26da1ff40cb7ce9044f06d10da868ecf8c657bb03487a95cc57367c CVE-2024-3468,0,0,6bbe60d0879e290e30537ffe4a101c3b7c2eb02820a408eaf36ef669c7ee7262,2024-06-13T18:36:09.010000 CVE-2024-34683,0,0,57f33302e0e1383af68f9608971b574f2348ee1ba8843154fc93224fbb8e249d,2024-06-11T13:54:12.057000 CVE-2024-34684,0,0,f13e9960dc41706e42f4935ca84a9d2f683382b7e93743a6923148ca6654eab6,2024-06-11T13:54:12.057000 +CVE-2024-34685,1,1,599fef26d3e9353b0e44e4f834bd29124a0eee0b88baf7c58621d11bf109011b,2024-07-09T04:15:12.090000 CVE-2024-34686,0,0,7af176def25b884316086a3c169e2999baee313c40e043953fcc8ef9decb4a68,2024-06-11T13:54:12.057000 CVE-2024-34687,0,0,4ff76c42affc0861ee718b9e208e6eefdbf0a3ab639bfa3166f3943bc94075ba,2024-05-14T19:17:55.627000 CVE-2024-34688,0,0,66fff955b629aa6883569d950a703da0f073f684f77574846b0584730e15d6f7,2024-06-11T13:54:12.057000 +CVE-2024-34689,1,1,4e0a1aa30587f4beffba22c5b7083106741f4a3e113a0ca515f11da3d865865a,2024-07-09T05:15:10.873000 CVE-2024-3469,0,0,89a04cf68ae33ee1037c8a13e9431c4d00d2106abb2ae6d7191ba817489a1fcd,2024-06-13T19:36:21.350000 CVE-2024-34690,0,0,823a2e1ae33b55e0d3769be79c59e7f42483b5ff6dba621f60a0402d90d83ba8,2024-06-11T13:54:12.057000 CVE-2024-34691,0,0,827395ff4b0bf99f2642a5cd3134d1fe0effa60012a62490a349f26f4db25abb,2024-06-11T13:54:12.057000 +CVE-2024-34692,1,1,8319862b3a6af638016114f7420272c99e32111651681c26ab36193f2a17a299,2024-07-09T05:15:11.183000 CVE-2024-34693,0,0,6da431cb088539cdedaef048562e52acae68c24a7fe449888c5724e281a42b04,2024-06-20T12:43:25.663000 CVE-2024-34694,0,0,c52b0ddd7913e7b99d778e62e2419069bd9d8eb90d9108e75c7e8088bb5608e8,2024-06-17T12:42:04.623000 CVE-2024-34695,0,0,d5ed5d99c8f0d08b73ea3cb249327295e787f14594542dd2f27279ab9312830c,2024-05-14T16:12:23.490000 @@ -251994,7 +251997,7 @@ CVE-2024-34772,0,0,635f5a0bcdcc084928ed60d40a3f5691181a54a2efa05b50e13ad74622471 CVE-2024-34773,0,0,8d4786b71411a201832db647dece110e046d5ed6169dce1446e93616263bacee,2024-05-14T19:17:55.627000 CVE-2024-34777,0,0,241250eac73524748eb5086b6b92bdea38568ca1ebb8b3f151f19ab25319a6c6,2024-06-21T15:58:51.410000 CVE-2024-3478,0,0,ae882595ac6fe06ab517c1e505d55eeeed4b5c0450cbd6b83825ab78d9e88f1e,2024-05-02T13:27:25.103000 -CVE-2024-34786,1,1,94d1c061cc5f13dffb4f68e0e197de19d4c89677c31a8380fea1af84a624bb00,2024-07-09T02:15:10.177000 +CVE-2024-34786,0,0,94d1c061cc5f13dffb4f68e0e197de19d4c89677c31a8380fea1af84a624bb00,2024-07-09T02:15:10.177000 CVE-2024-34789,0,0,b4abe5a3fd205f47118c608999fff7fb705b59bf0f04c59cc3f88812458f1961,2024-06-03T14:46:24.250000 CVE-2024-3479,0,0,fd58a9eee7829eb22d6cfb17d87e6b7652b13a6666535069e70c5a2768e8dce6,2024-05-03T15:32:19.637000 CVE-2024-34790,0,0,9e31f1a476eb6c02a36285de2f1caa75b634dd2719e2ac168a65fe68e0cc5979,2024-06-03T14:46:24.250000 @@ -253468,10 +253471,16 @@ CVE-2024-37167,0,0,8e3878203632039bd5d0fde820eb6a3f65b81345351f922c359b0f8f5a698 CVE-2024-37168,0,0,30a5bfe372ab5dc3b67016944b26b77b656c73122e285b83c454024b12c1f789,2024-06-11T13:54:12.057000 CVE-2024-37169,0,0,fdaa52111ac9b7853a3eb23a839ff4b8133f3da9944b0a746205935031e65f63,2024-06-11T13:54:12.057000 CVE-2024-3717,0,0,f925293668cd733410cea58d8de3d8ac1f08ce4fec8b5812651df64ea2fd428a,2024-05-02T18:00:37.360000 +CVE-2024-37171,1,1,43234f6ea7afca38e0c30df5fcd58a6c92eeb817269542e3779c99957fab2101,2024-07-09T05:15:11.407000 +CVE-2024-37172,1,1,61fe31fe11bb97d2687f388418f92853565110d1c5ebc386a482d6529d21004b,2024-07-09T05:15:11.607000 +CVE-2024-37173,1,1,e32ab5f3b3abef3bb39e4b8844627c719261e75378e29af66feec9e8018b2306,2024-07-09T04:15:12.867000 +CVE-2024-37174,1,1,5e04972841fe6fcf4ffc0d3618dad2e0076d881eedc9522f7898db62b1757140,2024-07-09T04:15:13.127000 +CVE-2024-37175,1,1,347df71847d257d376278acd94f7b1194a3146011c837c4fd015a32842a5f2e5,2024-07-09T05:15:11.823000 CVE-2024-37176,0,0,d1a35fccbf9345cac8b07991c8d6b2cc7ed3bc253ab49e3211031359d59ab44e,2024-06-11T13:54:12.057000 CVE-2024-37177,0,0,0421ff7903314276b7c17b8917958f0d79116e678cb0fb3c4c323480013ea020,2024-06-11T13:54:12.057000 CVE-2024-37178,0,0,09d4f25c1f8a3d05343115dea3f64d1198524e716da67f7a6714a382347c3c9a,2024-06-11T13:54:12.057000 CVE-2024-3718,0,0,a740a1633905d284711162c33f52150d8f35c5a9e41e141a82d07851d64c55d1,2024-05-24T13:03:05.093000 +CVE-2024-37180,1,1,f4168c4817ac9ffc2a3d643f903b1ba2f9d2825c28bc6d5c333b6d0f2567d142,2024-07-09T05:15:12.033000 CVE-2024-37182,0,0,549cc5da2b56e1ffc4f85fe12d4fc3bdb7526f84c41d2237f570cc5dd0365265,2024-06-17T12:42:04.623000 CVE-2024-37183,0,0,797ee6627defafae369247d5bda2be326b262d85b9c4ea85f3eb35804b563c70,2024-06-21T11:22:01.687000 CVE-2024-37185,0,0,ce3a2eeaa366e0078438541c31768228f57c06809ab185bd78a5053ce3cc0bd3,2024-07-03T18:02:57.857000 @@ -254245,6 +254254,15 @@ CVE-2024-3956,0,0,84c84e343f731479baad188521c68e2e10d428da5ee4bd61443cf640ccedc1 CVE-2024-3957,0,0,6e4e327328ad5c18e880466a103b162c10591051d90490bf0a67f6889d728425,2024-05-02T18:00:37.360000 CVE-2024-39573,0,0,7e7eebc8f7807e5a5d00f82c0d28f5abe2d79239ae34bea5f004fd03abc17ccd,2024-07-03T02:05:50.170000 CVE-2024-3959,0,0,1ce1302f5c536ae0ba1596a30e53c3274b88d91eb780326b1103788329e8cf86,2024-06-28T13:21:52.223000 +CVE-2024-39592,1,1,e9fbc7370198c1cbca6951990862b24e358e9ec3c2e9bd4f45cf183b473fcc73,2024-07-09T04:15:13.420000 +CVE-2024-39593,1,1,ab03db1c29c90c00f00398b8b34dd1b966b8fb91a2a61ea761d1298c478a33fd,2024-07-09T04:15:13.663000 +CVE-2024-39594,1,1,33b48254f7725103ef14f256c42af6ad5da0f009dadf2684d8d18d903acdbf27,2024-07-09T05:15:12.300000 +CVE-2024-39595,1,1,471e285f08cfbb4edf473e6fa6b72d8f521ddce3ac42dce6e5431bcd3ffc3d43,2024-07-09T05:15:12.507000 +CVE-2024-39596,1,1,0feaf9df8c3dc646766d47600878c5d7ae6de97f7b44b244e3b98f62d5af41dd,2024-07-09T05:15:12.710000 +CVE-2024-39597,1,1,36f1d3adbce1e7aa89c00d0262e3c7a8d694651600c7f20323c7a8a29ca1a0c0,2024-07-09T04:15:13.963000 +CVE-2024-39598,1,1,e8488730700596e1567b8dff879031d95da6c3679e0700a8c6ced72dcc6e8955,2024-07-09T04:15:14.860000 +CVE-2024-39599,1,1,f65d91ec3eb36b59fbb470462f3f8ed5c6e76551cc56e87fa2afdeb6b919fb07,2024-07-09T05:15:12.933000 +CVE-2024-39600,1,1,884daf42f25ca1a9a1e2d565c12782fe1a29cd522096c7120d71ea9c80e3968d,2024-07-09T05:15:13.147000 CVE-2024-3961,0,0,6646adb167e87c94860ebd5d8d983b1f971f6dc9fb8c86a5eaff8de194f86033,2024-06-21T11:22:01.687000 CVE-2024-3962,0,0,9de964d29f43823164300439a0e71453bbca4a5c1f5767eca51db600267798cd,2024-04-26T12:58:17.720000 CVE-2024-3965,0,0,ca98c8c8f38859cd31112b30cbcab1577d0379601171e9b943854dcc0ce8c1f6,2024-07-03T02:06:56.690000 @@ -254878,6 +254896,7 @@ CVE-2024-4662,0,0,271820e0248036cdcfeea2da470b958f93caba3600263b2df375c674d93150 CVE-2024-4663,0,0,ac32c04a2cae0071224eeefc80f9a000b8618e2f1af1abc8eb33d3a9321c7d70,2024-06-20T12:44:01.637000 CVE-2024-4664,0,0,4d4aeec2b9d4ae73905aa066e928be5011f1ff91cc6ef5979d75af441c67cdbb,2024-06-28T13:28:06.347000 CVE-2024-4666,0,0,dde8d66c76bdf850b898b9f95df0d92f0ac3da730c1f32826d61843a6ef06bf5,2024-05-15T16:40:19.330000 +CVE-2024-4667,1,1,75e1dc16514bffbc93dda5a13d1fe5934ce31554cffa550069cabbcf17eb51c4,2024-07-09T05:15:13.353000 CVE-2024-4668,0,0,3c2f34d91ee8c9aacf0f125fe94ffbbe9a611b8f1a54ab65e0473cea71baad6f,2024-05-30T13:15:41.297000 CVE-2024-4669,0,0,cb3ea770e599714f2de5e50bc4195c130850e813b58882b88bfe234ded1dcd7f,2024-06-13T18:36:09.013000 CVE-2024-4670,0,0,438b57b9006ea70a278767dc5849ca5e16eeaf7f43c9f1acf2c1dcf72f3e2983,2024-05-15T16:40:19.330000 @@ -255111,7 +255130,7 @@ CVE-2024-4940,0,0,cb78cb49a43bd348a99dcd2f7e1d39ee831dc08e65c1988e89651f86623130 CVE-2024-4941,0,0,04ed79d9b1e3032260e31cb6cd2ea8a25db6821440182f4cb50592b145bee1e2,2024-06-07T14:56:05.647000 CVE-2024-4942,0,0,157240698edb46a5deca9943c90e89d5c268795c03f1dadbb4d2f6e28d77068b,2024-06-06T14:17:35.017000 CVE-2024-4943,0,0,d9b88319a5992961df806c2aff168607709c5e19495e72269f7fd7790830e1d9,2024-05-21T12:37:59.687000 -CVE-2024-4944,1,1,a57995eb1ec9aa01add18e609846b77b990bf63b23a0d545f93722ff35d463f3,2024-07-09T03:15:02.270000 +CVE-2024-4944,0,0,a57995eb1ec9aa01add18e609846b77b990bf63b23a0d545f93722ff35d463f3,2024-07-09T03:15:02.270000 CVE-2024-4945,0,0,862ec6002e9c3369e40f6935606e597aac95fb1ef3a2f5a2c72d02ef723dafd2,2024-06-04T19:20:54.767000 CVE-2024-4946,0,0,de881559bc92412238785deff68c564cad0647963d61d3efd064c0cec6c4ee1e,2024-06-04T19:20:54.867000 CVE-2024-4947,0,0,8b22fa92c86c832263b0660c6b596a76b1c7e8c155bae82cd88218c6326792e3,2024-07-03T02:08:19.620000 @@ -255708,7 +255727,7 @@ CVE-2024-5787,0,0,7676e1b0ab184e8654efc91f56a8d84cd9d6d539bf642c0a4ff7f743a62b9d CVE-2024-5788,0,0,b8c011e09345f8c438c15d748dc7ecb5f2eb62164ea0c1da7169d985a2f9f593,2024-06-28T10:27:00.920000 CVE-2024-5790,0,0,f8b87ca5470f9146716524e5e38538dc26468d2ae797b52818768e7113cbca8a,2024-07-01T12:37:24.220000 CVE-2024-5791,0,0,424014ca254e257c8c57009775e061d0dd2abf87fc81691a50ea6d1a360bb310,2024-06-24T20:00:46.390000 -CVE-2024-5793,1,1,af5a5b6481201cf3530d669d7483e5b5d72a03324906b65441139d3ef7b4ea9b,2024-07-09T02:15:10.240000 +CVE-2024-5793,0,0,af5a5b6481201cf3530d669d7483e5b5d72a03324906b65441139d3ef7b4ea9b,2024-07-09T02:15:10.240000 CVE-2024-5796,0,0,ee9ea77d6816c67e871ce0ce39c4d235af8efb4db7bec50166a494d6f8b7e47e,2024-06-28T10:27:00.920000 CVE-2024-5798,0,0,f6c60b5ac812e7711b355fdc9c4ea7ca1c381d5fa9189e95b5ac079c15b31d9c,2024-06-13T18:36:09.010000 CVE-2024-5805,0,0,d5f814a63108fa76cde55a23a7ee4c9d4c1228e8f74ac6f24226e1e9997c1554,2024-06-25T18:50:42.040000 @@ -255744,7 +255763,7 @@ CVE-2024-5846,0,0,0b2d8f18d514785edc16bc8a9875d408ec093858a0edbb60b84e2acabc32d1 CVE-2024-5847,0,0,af863962a64ba64b748fc267021bdca1358cb53ef73ef1a0e2073c98890c9fa1,2024-07-03T02:09:31.730000 CVE-2024-5851,0,0,1ff86bf427427298fe5dc39bbfedb897b9870fd2315cf065507e70165fb41d41,2024-06-13T18:36:09.013000 CVE-2024-5853,0,0,4db307c3757855b51e51fa12e1eb9aa67e540512d9bb40f822c5370c3893dc4f,2024-06-20T12:44:01.637000 -CVE-2024-5855,1,1,b90d3fcafd8e229d80167b4f5d2f3aed65497222ce1cbd14143f59d272d601d1,2024-07-09T02:15:10.437000 +CVE-2024-5855,0,0,b90d3fcafd8e229d80167b4f5d2f3aed65497222ce1cbd14143f59d272d601d1,2024-07-09T02:15:10.437000 CVE-2024-5858,0,0,30241924d409355226bb80c4fb982c4833f84483f4f89b94e986f70fe7751e71,2024-06-17T12:42:04.623000 CVE-2024-5859,0,0,5b284a4381086ad6bad860c96074f61ed02c9601ee45c79362fb0f8a492df8fd,2024-06-24T19:21:07.943000 CVE-2024-5860,0,0,56b79e1c6d22cf1e6319b4d2696b988928a56f1c09b2a292e92b44a530d0359a,2024-07-05T13:52:14.463000 @@ -255801,7 +255820,7 @@ CVE-2024-5967,0,0,a8cf0971f84f68dc327704c7b15af8c68f3ca5a6cf4ca8aa54163d9ca95100 CVE-2024-5970,0,0,118b7b2e028a3447b60495fc36df0133e6c8ea6adad2a5f3d89bac8698786790,2024-06-20T12:44:01.637000 CVE-2024-5971,0,0,4c029e3f50bafbefeafdd3bea254ba330995380b3f87a3e11bd5645cadf91acc,2024-07-08T21:15:12.480000 CVE-2024-5972,0,0,3700c5b3eb4bcd1d3bafe18b568e7aab0a0471128c3ce92a2f73ba8aa9a9cb4f,2024-06-28T19:15:07.500000 -CVE-2024-5974,1,1,41bc2a5468ec6e846fb0d5ca66e59c6c799063474682442dfaf14d89f985b4c7,2024-07-09T03:15:02.507000 +CVE-2024-5974,0,0,41bc2a5468ec6e846fb0d5ca66e59c6c799063474682442dfaf14d89f985b4c7,2024-07-09T03:15:02.507000 CVE-2024-5976,0,0,e855126a3e03657c0f9ccfb70e360e6531fe17aa442fb39ef6227c53616360fe,2024-06-17T12:43:31.090000 CVE-2024-5979,0,0,ecf851c3d3de50590eb0b5525283c723dc89573922e14c045baaee03d0d0831b,2024-06-27T19:25:12.067000 CVE-2024-5980,0,0,c1ed3bf259928f44163accb5dee81e38c4dedf71ab1a0c47da4cd2f2cf410bfa,2024-06-27T19:25:12.067000 @@ -255901,6 +255920,10 @@ CVE-2024-6154,0,0,14c261dad2c658f3f85287831ecf663ba772d4a017166d6d5d3cda8ce83886 CVE-2024-6160,0,0,e0e9df11502e0f78d6d764c03981bde61fa7fdce13ce5e8e72c2edbfe567293b,2024-06-24T12:57:36.513000 CVE-2024-6162,0,0,bd502c2e3c0167c78ca1c8188e0261103b8f8aa5eaa8e4a394c72d49dddda11b,2024-06-20T16:07:50.417000 CVE-2024-6163,0,0,fd093a646484e49cdcba7f0d5c73f035da9d8dc2d3299e73ed2192cb6789df3d,2024-07-08T15:49:22.437000 +CVE-2024-6166,1,1,5c4d52af9866858053c3eeea16d68907704a85cfdb8db169c7463c4ce71e2e87,2024-07-09T05:15:13.543000 +CVE-2024-6169,1,1,ce8d122e0a50be6f8fa73ffe894d94184504d99eef0aeb8e273d477c681a2bdc,2024-07-09T05:15:13.737000 +CVE-2024-6170,1,1,0468d52887e9eae9812e1edfdf6b67c73acd7e11661c4df6b03ac9b47ecd36e7,2024-07-09T05:15:13.947000 +CVE-2024-6171,1,1,8e1eb909673fdd1b41df5f9a5c307f9b997bc3d03b662395e5999738418db058,2024-07-09T05:15:14.140000 CVE-2024-6172,0,0,772bb913ed7f683b9ada9dc0ecd54a374149383f55e758d624c0fb5be0b0bf4c,2024-07-03T18:00:01.770000 CVE-2024-6176,0,0,855875508d6019a3b7cc5455db83c0ed155c5813092b253896702a30576b2ecb,2024-06-20T12:43:25.663000 CVE-2024-6177,0,0,a0175799dd5324c2ac4fd3e8bb126589ce94cff0760703c070fdf39975a6cb07,2024-06-20T15:17:06.493000 @@ -255992,6 +256015,7 @@ CVE-2024-6349,0,0,f01d61e3475192c945ec3639c2eda3b231a23d2f279c2f15b4719385fb2bd0 CVE-2024-6354,0,0,c9410e2fdcd521ee7fa5aea0abe57bbff6ce1153eea9fc9c27ad647524c61c5c,2024-07-03T02:09:53.917000 CVE-2024-6355,0,0,ae01fd3dff3a0136dc0dcda0f0c62bd72a4c84afe63740fbe5ae0aaceef04f3e,2024-06-27T14:15:16.753000 CVE-2024-6363,0,0,821afe251d4d71225fc87e03c6904bf5a4c1b246a1e7e806532ba337c88c686a,2024-07-01T12:37:24.220000 +CVE-2024-6365,1,1,fcbce586cbad80cebdef2a9ececdb44751b1b32b76d3bac4f807faf6d1ade07b,2024-07-09T04:15:15.333000 CVE-2024-6367,0,0,7207995286cd77894417e443ceec13186f4617a3d835dc70f545e6022e4f6dc9,2024-06-27T12:47:19.847000 CVE-2024-6368,0,0,15233ad7ff1f989e7bdf86db89d9527b042f90cc8844e61c0b9d2d12d522b414,2024-06-27T18:15:21.083000 CVE-2024-6369,0,0,c793378edfea0b2a8c32a50d08899943167a983433e0948af5044c43e0a7ad33,2024-06-27T12:47:19.847000