mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-07-09T06:00:18.529354+00:00
This commit is contained in:
parent
69cec5231a
commit
ce9a627e8a
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-23692",
|
||||
"sourceIdentifier": "disclosure@vulncheck.com",
|
||||
"published": "2024-05-31T10:15:09.330",
|
||||
"lastModified": "2024-06-28T04:15:04.597",
|
||||
"lastModified": "2024-07-09T04:15:11.510",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"cveTags": [
|
||||
{
|
||||
|
60
CVE-2024/CVE-2024-346xx/CVE-2024-34685.json
Normal file
60
CVE-2024/CVE-2024-346xx/CVE-2024-34685.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-34685",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T04:15:12.090",
|
||||
"lastModified": "2024-07-09T04:15:12.090",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Due to weak encoding of user-controlled input in\nSAP NetWeaver Knowledge Management XMLEditor which allows malicious scripts can\nbe executed in the application, potentially leading to a Cross-Site Scripting\n(XSS) vulnerability. This has no impact on the availability of the application\nbut it has a low impact on its confidentiality and integrity."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3468681",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-346xx/CVE-2024-34689.json
Normal file
60
CVE-2024/CVE-2024-346xx/CVE-2024-34689.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-34689",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:10.873",
|
||||
"lastModified": "2024-07-09T05:15:10.873",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "WebFlow Services of SAP Business Workflow allows\nan authenticated attacker to enumerate accessible HTTP endpoints in the\ninternal network by specially crafting HTTP requests. On successful\nexploitation this can result in information disclosure. It has no impact on\nintegrity and availability of the application."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.0,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.1,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-918"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3458789",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-346xx/CVE-2024-34692.json
Normal file
60
CVE-2024/CVE-2024-346xx/CVE-2024-34692.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-34692",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:11.183",
|
||||
"lastModified": "2024-07-09T05:15:11.183",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Due to missing verification of file type or\ncontent, SAP Enable Now allows an authenticated attacker to upload arbitrary\nfiles. These files include executables which might be downloaded and executed\nby the user which could host malware. On successful exploitation an attacker\ncan cause limited impact on confidentiality and Integrity of the application."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 3.3,
|
||||
"baseSeverity": "LOW"
|
||||
},
|
||||
"exploitabilityScore": 0.8,
|
||||
"impactScore": 2.5
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-434"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3476340",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-371xx/CVE-2024-37171.json
Normal file
60
CVE-2024/CVE-2024-371xx/CVE-2024-37171.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-37171",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:11.407",
|
||||
"lastModified": "2024-07-09T05:15:11.407",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SAP Transportation Management (Collaboration\nPortal) allows an attacker with non-administrative privileges to send a crafted\nrequest from a vulnerable web application. This will trigger the application\nhandler to send a request to an unintended service, which may reveal\ninformation about that service. The information obtained could be used to\ntarget internal systems behind firewalls that are normally inaccessible to an\nattacker from the external network, resulting in a Server-Side Request Forgery\nvulnerability. There is no effect on integrity or availability of the\napplication."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.0,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.1,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-918"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3469958",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-371xx/CVE-2024-37172.json
Normal file
60
CVE-2024/CVE-2024-371xx/CVE-2024-37172.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-37172",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:11.607",
|
||||
"lastModified": "2024-07-09T05:15:11.607",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SAP S/4HANA Finance (Advanced Payment\nManagement) does not perform necessary authorization check for an authenticated\nuser, resulting in escalation of privileges. As a result, it has a low impact\nto confidentiality and availability but there is no impact on the integrity."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 5.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.5
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-862"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3457354",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-371xx/CVE-2024-37173.json
Normal file
60
CVE-2024/CVE-2024-371xx/CVE-2024-37173.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-37173",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T04:15:12.867",
|
||||
"lastModified": "2024-07-09T04:15:12.867",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Due to insufficient input validation, SAP\n CRM WebClient UI allows an unauthenticated attacker to craft a URL link which\n embeds a malicious script. When a victim clicks on this link, the script will\n be executed in the victim's browser giving the attacker the ability to access\n and/or modify information with no effect on availability of the application."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3467377",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-371xx/CVE-2024-37174.json
Normal file
60
CVE-2024/CVE-2024-371xx/CVE-2024-37174.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-37174",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T04:15:13.127",
|
||||
"lastModified": "2024-07-09T04:15:13.127",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Custom CSS support option in SAP CRM WebClient\nUI does not sufficiently encode user-controlled inputs resulting in Cross-Site\nScripting vulnerability. On successful exploitation an attacker can cause\nlimited impact on confidentiality and integrity of the application."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3467377",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-371xx/CVE-2024-37175.json
Normal file
60
CVE-2024/CVE-2024-371xx/CVE-2024-37175.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-37175",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:11.823",
|
||||
"lastModified": "2024-07-09T05:15:11.823",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SAP CRM WebClient does not\nperform necessary authorization check for an authenticated user, resulting in\nescalation of privileges. This could allow an attacker to access some sensitive\ninformation."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-862"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3467377",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-371xx/CVE-2024-37180.json
Normal file
60
CVE-2024/CVE-2024-371xx/CVE-2024-37180.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-37180",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:12.033",
|
||||
"lastModified": "2024-07-09T05:15:12.033",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Under certain conditions SAP NetWeaver\nApplication Server for ABAP and ABAP Platform allows an attacker to access\nremote-enabled function module with no further authorization which would\notherwise be restricted, the function can be used to read non-sensitive\ninformation with low impact on confidentiality of the application."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.3,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3454858",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-395xx/CVE-2024-39592.json
Normal file
60
CVE-2024/CVE-2024-395xx/CVE-2024-39592.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-39592",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T04:15:13.420",
|
||||
"lastModified": "2024-07-09T04:15:13.420",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Elements of PDCE does not perform necessary\nauthorization checks for an authenticated user, resulting in escalation of\nprivileges.\n\n\n\nThis\nallows an attacker to read sensitive information causing high impact on the\nconfidentiality of the application."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.7,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.1,
|
||||
"impactScore": 4.0
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-862"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3483344",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-395xx/CVE-2024-39593.json
Normal file
60
CVE-2024/CVE-2024-395xx/CVE-2024-39593.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-39593",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T04:15:13.663",
|
||||
"lastModified": "2024-07-09T04:15:13.663",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SAP Landscape Management allows an authenticated\nuser to read confidential data disclosed by the REST Provider Definition\nresponse. Successful exploitation can cause high impact on confidentiality of\nthe managed entities."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.9,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.7,
|
||||
"impactScore": 4.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3466801",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-395xx/CVE-2024-39594.json
Normal file
60
CVE-2024/CVE-2024-395xx/CVE-2024-39594.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-39594",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:12.300",
|
||||
"lastModified": "2024-07-09T05:15:12.300",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user controlled inputs,\nresulting in Reflected Cross-Site Scripting (XSS) vulnerability. After\nsuccessful exploitation, an attacker can cause low impact on the confidentiality\nand integrity of the application."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3482217",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-395xx/CVE-2024-39595.json
Normal file
60
CVE-2024/CVE-2024-395xx/CVE-2024-39595.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-39595",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:12.507",
|
||||
"lastModified": "2024-07-09T05:15:12.507",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SAP Business Warehouse - Business Planning and\nSimulation application does not sufficiently encode user-controlled inputs,\nresulting in Stored Cross-Site Scripting (XSS) vulnerability. This\nvulnerability allows users to modify website content and on successful\nexploitation, an attacker can cause low impact to the confidentiality and\nintegrity of the application."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.3,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3482217",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-395xx/CVE-2024-39596.json
Normal file
60
CVE-2024/CVE-2024-395xx/CVE-2024-39596.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-39596",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:12.710",
|
||||
"lastModified": "2024-07-09T05:15:12.710",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Due to missing authorization checks, SAP Enable\nNow allows an author to escalate privileges to access information which should\notherwise be restricted. On successful exploitation, the attacker can cause\nlimited impact on confidentiality of the application."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 4.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-862"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3476348",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-395xx/CVE-2024-39597.json
Normal file
60
CVE-2024/CVE-2024-395xx/CVE-2024-39597.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-39597",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T04:15:13.963",
|
||||
"lastModified": "2024-07-09T04:15:13.963",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "In SAP Commerce, a user can misuse the forgotten\npassword functionality to gain access to a Composable Storefront B2B site for\nwhich early login and registration is activated, without requiring the merchant\nto approve the account beforehand. If the site is not configured as isolated\nsite, this can also grant access to other non-isolated early login sites, even\nif registration is not enabled for those other sites."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 7.2,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-285"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3490515",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-395xx/CVE-2024-39598.json
Normal file
60
CVE-2024/CVE-2024-395xx/CVE-2024-39598.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-39598",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T04:15:14.860",
|
||||
"lastModified": "2024-07-09T04:15:14.860",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "SAP CRM (WebClient UI Framework) allows an\nauthenticated attacker to enumerate accessible HTTP endpoints in the internal\nnetwork by specially crafting HTTP requests. On successful exploitation this\ncan result in information disclosure. It has no impact on integrity and\navailability of the application."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.0,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.1,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-918"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3467377",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-395xx/CVE-2024-39599.json
Normal file
60
CVE-2024/CVE-2024-395xx/CVE-2024-39599.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-39599",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:12.933",
|
||||
"lastModified": "2024-07-09T05:15:12.933",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Due to a Protection Mechanism Failure in SAP\nNetWeaver Application Server for ABAP and ABAP Platform, a developer can bypass\nthe configured malware scanner API because of a programming error. This leads\nto a low impact on the application's confidentiality, integrity, and\navailability."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 4.7,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 1.2,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-693"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3456952",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
60
CVE-2024/CVE-2024-396xx/CVE-2024-39600.json
Normal file
60
CVE-2024/CVE-2024-396xx/CVE-2024-39600.json
Normal file
@ -0,0 +1,60 @@
|
||||
{
|
||||
"id": "CVE-2024-39600",
|
||||
"sourceIdentifier": "cna@sap.com",
|
||||
"published": "2024-07-09T05:15:13.147",
|
||||
"lastModified": "2024-07-09T05:15:13.147",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Under certain conditions, the memory of SAP GUI\nfor Windows contains the password used to log on to an SAP system, which might\nallow an attacker to get hold of the password and impersonate the affected\nuser. As a result, it has a high impact on the confidentiality but there is no\nimpact on the integrity and availability."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
|
||||
"attackVector": "LOCAL",
|
||||
"attackComplexity": "HIGH",
|
||||
"privilegesRequired": "HIGH",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.0,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.6,
|
||||
"impactScore": 4.0
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@sap.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-200"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://me.sap.com/notes/3461110",
|
||||
"source": "cna@sap.com"
|
||||
},
|
||||
{
|
||||
"url": "https://url.sap/sapsecuritypatchday",
|
||||
"source": "cna@sap.com"
|
||||
}
|
||||
]
|
||||
}
|
52
CVE-2024/CVE-2024-46xx/CVE-2024-4667.json
Normal file
52
CVE-2024/CVE-2024-46xx/CVE-2024-4667.json
Normal file
@ -0,0 +1,52 @@
|
||||
{
|
||||
"id": "CVE-2024-4667",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-07-09T05:15:13.353",
|
||||
"lastModified": "2024-07-09T05:15:13.353",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Blog, Posts and Category Filter for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Post and Category Filter widget in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping on user supplied 'post_types' attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.1,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/blog-posts-and-category-for-elementor/trunk/widgets/post-category-filter.php#L885",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://wordpress.org/plugins/blog-posts-and-category-for-elementor/#developers",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a24c2d7d-8df8-4a3a-a538-09e11ebc6dd5?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
52
CVE-2024/CVE-2024-61xx/CVE-2024-6166.json
Normal file
52
CVE-2024/CVE-2024-61xx/CVE-2024-6166.json
Normal file
@ -0,0 +1,52 @@
|
||||
{
|
||||
"id": "CVE-2024-6166",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-07-09T05:15:13.543",
|
||||
"lastModified": "2024-07-09T05:15:13.543",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018addons_order\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_addons.class.php#L79",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset/3112307/",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9826c91c-0f6e-4d3b-bc14-4af6b60ef246?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
64
CVE-2024/CVE-2024-61xx/CVE-2024-6169.json
Normal file
64
CVE-2024/CVE-2024-61xx/CVE-2024-6169.json
Normal file
@ -0,0 +1,64 @@
|
||||
{
|
||||
"id": "CVE-2024-6169",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-07-09T05:15:13.737",
|
||||
"lastModified": "2024-07-09T05:15:13.737",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018username\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above and granted plugin setting edit permissions by an administrator, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.1,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/hakluke/weaponised-XSS-payloads/blob/master/wordpress_create_admin_user.js",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L168",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L178",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/instagram/helper.class.php#L182",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset/3112307/",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f2f11c32-d58e-4ac8-83c7-30927a626e10?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
56
CVE-2024/CVE-2024-61xx/CVE-2024-6170.json
Normal file
56
CVE-2024/CVE-2024-61xx/CVE-2024-6170.json
Normal file
@ -0,0 +1,56 @@
|
||||
{
|
||||
"id": "CVE-2024-6170",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-07-09T05:15:13.947",
|
||||
"lastModified": "2024-07-09T05:15:13.947",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018email\u2019 parameter in all versions up to, and including, 1.5.112 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.1,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/hakluke/weaponised-XSS-payloads/blob/master/wordpress_create_admin_user.js",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_settings_output.class.php#L398",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset/3112307/",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/db14b141-521b-464d-a638-2228b1a86c2b?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
56
CVE-2024/CVE-2024-61xx/CVE-2024-6171.json
Normal file
56
CVE-2024/CVE-2024-61xx/CVE-2024-6171.json
Normal file
@ -0,0 +1,56 @@
|
||||
{
|
||||
"id": "CVE-2024-6171",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-07-09T05:15:14.140",
|
||||
"lastModified": "2024-07-09T05:15:14.140",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 1.5.112 due to insufficient IP address validation and/or use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated attackers to bypass antispam functionality in the Form Builder widgets."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/framework/functions.class.php#L3407",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/unlimited-elements-for-elementor/trunk/inc_php/unitecreator_form.class.php#L742",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset/3112307/",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/714acd7d-6d19-4087-bb27-b9a4ccbb678b?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
56
CVE-2024/CVE-2024-63xx/CVE-2024-6365.json
Normal file
56
CVE-2024/CVE-2024-63xx/CVE-2024-6365.json
Normal file
@ -0,0 +1,56 @@
|
||||
{
|
||||
"id": "CVE-2024-6365",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-07-09T04:15:15.333",
|
||||
"lastModified": "2024-07-09T04:15:15.333",
|
||||
"vulnStatus": "Received",
|
||||
"cveTags": [],
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes it possible for unauthenticated attackers to execute code on the server."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 9.8,
|
||||
"baseSeverity": "CRITICAL"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/languages/customTitle.php",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/browser/woo-product-tables/trunk/modules/wootablepress/models/wootablepress.php#L7",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://plugins.trac.wordpress.org/changeset/3113335/",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ba84711f-bdbe-46d3-a9a3-cc2b1dcefd1a?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
41
README.md
41
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-07-09T04:00:19.054471+00:00
|
||||
2024-07-09T06:00:18.529354+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-07-09T03:15:02.507000+00:00
|
||||
2024-07-09T05:15:14.140000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -33,25 +33,44 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
256050
|
||||
256074
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `6`
|
||||
Recently added CVEs: `24`
|
||||
|
||||
- [CVE-2024-22020](CVE-2024/CVE-2024-220xx/CVE-2024-22020.json) (`2024-07-09T02:15:09.973`)
|
||||
- [CVE-2024-34786](CVE-2024/CVE-2024-347xx/CVE-2024-34786.json) (`2024-07-09T02:15:10.177`)
|
||||
- [CVE-2024-4944](CVE-2024/CVE-2024-49xx/CVE-2024-4944.json) (`2024-07-09T03:15:02.270`)
|
||||
- [CVE-2024-5793](CVE-2024/CVE-2024-57xx/CVE-2024-5793.json) (`2024-07-09T02:15:10.240`)
|
||||
- [CVE-2024-5855](CVE-2024/CVE-2024-58xx/CVE-2024-5855.json) (`2024-07-09T02:15:10.437`)
|
||||
- [CVE-2024-5974](CVE-2024/CVE-2024-59xx/CVE-2024-5974.json) (`2024-07-09T03:15:02.507`)
|
||||
- [CVE-2024-34685](CVE-2024/CVE-2024-346xx/CVE-2024-34685.json) (`2024-07-09T04:15:12.090`)
|
||||
- [CVE-2024-34689](CVE-2024/CVE-2024-346xx/CVE-2024-34689.json) (`2024-07-09T05:15:10.873`)
|
||||
- [CVE-2024-34692](CVE-2024/CVE-2024-346xx/CVE-2024-34692.json) (`2024-07-09T05:15:11.183`)
|
||||
- [CVE-2024-37171](CVE-2024/CVE-2024-371xx/CVE-2024-37171.json) (`2024-07-09T05:15:11.407`)
|
||||
- [CVE-2024-37172](CVE-2024/CVE-2024-371xx/CVE-2024-37172.json) (`2024-07-09T05:15:11.607`)
|
||||
- [CVE-2024-37173](CVE-2024/CVE-2024-371xx/CVE-2024-37173.json) (`2024-07-09T04:15:12.867`)
|
||||
- [CVE-2024-37174](CVE-2024/CVE-2024-371xx/CVE-2024-37174.json) (`2024-07-09T04:15:13.127`)
|
||||
- [CVE-2024-37175](CVE-2024/CVE-2024-371xx/CVE-2024-37175.json) (`2024-07-09T05:15:11.823`)
|
||||
- [CVE-2024-37180](CVE-2024/CVE-2024-371xx/CVE-2024-37180.json) (`2024-07-09T05:15:12.033`)
|
||||
- [CVE-2024-39592](CVE-2024/CVE-2024-395xx/CVE-2024-39592.json) (`2024-07-09T04:15:13.420`)
|
||||
- [CVE-2024-39593](CVE-2024/CVE-2024-395xx/CVE-2024-39593.json) (`2024-07-09T04:15:13.663`)
|
||||
- [CVE-2024-39594](CVE-2024/CVE-2024-395xx/CVE-2024-39594.json) (`2024-07-09T05:15:12.300`)
|
||||
- [CVE-2024-39595](CVE-2024/CVE-2024-395xx/CVE-2024-39595.json) (`2024-07-09T05:15:12.507`)
|
||||
- [CVE-2024-39596](CVE-2024/CVE-2024-395xx/CVE-2024-39596.json) (`2024-07-09T05:15:12.710`)
|
||||
- [CVE-2024-39597](CVE-2024/CVE-2024-395xx/CVE-2024-39597.json) (`2024-07-09T04:15:13.963`)
|
||||
- [CVE-2024-39598](CVE-2024/CVE-2024-395xx/CVE-2024-39598.json) (`2024-07-09T04:15:14.860`)
|
||||
- [CVE-2024-39599](CVE-2024/CVE-2024-395xx/CVE-2024-39599.json) (`2024-07-09T05:15:12.933`)
|
||||
- [CVE-2024-39600](CVE-2024/CVE-2024-396xx/CVE-2024-39600.json) (`2024-07-09T05:15:13.147`)
|
||||
- [CVE-2024-4667](CVE-2024/CVE-2024-46xx/CVE-2024-4667.json) (`2024-07-09T05:15:13.353`)
|
||||
- [CVE-2024-6166](CVE-2024/CVE-2024-61xx/CVE-2024-6166.json) (`2024-07-09T05:15:13.543`)
|
||||
- [CVE-2024-6169](CVE-2024/CVE-2024-61xx/CVE-2024-6169.json) (`2024-07-09T05:15:13.737`)
|
||||
- [CVE-2024-6170](CVE-2024/CVE-2024-61xx/CVE-2024-6170.json) (`2024-07-09T05:15:13.947`)
|
||||
- [CVE-2024-6171](CVE-2024/CVE-2024-61xx/CVE-2024-6171.json) (`2024-07-09T05:15:14.140`)
|
||||
- [CVE-2024-6365](CVE-2024/CVE-2024-63xx/CVE-2024-6365.json) (`2024-07-09T04:15:15.333`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `0`
|
||||
Recently modified CVEs: `1`
|
||||
|
||||
- [CVE-2024-23692](CVE-2024/CVE-2024-236xx/CVE-2024-23692.json) (`2024-07-09T04:15:11.510`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
38
_state.csv
38
_state.csv
@ -243645,7 +243645,7 @@ CVE-2024-22016,0,0,72bb3341c866069974fe863b6c9e848e25809f5f0697d51cda8a3c348c967
|
||||
CVE-2024-22017,0,0,eda129adeae4ecfa4b275b7bc6bb5638800d036cf47c85fe2baa6a803f743c01,2024-06-10T17:16:18.773000
|
||||
CVE-2024-22019,0,0,49190872720c4c119c607cdd3cd1206179dcd2b84c9cd0a4595a1040743a11fe,2024-05-01T18:15:13.800000
|
||||
CVE-2024-2202,0,0,830996a3e5b6be902d6f2e65d3759482285591493d041fcbf74113f66926d781,2024-03-25T01:51:01.223000
|
||||
CVE-2024-22020,1,1,7ac9a9c321ee32f5a7c3029e4b874c847226caf8006b26e3abdd3012e630e857,2024-07-09T02:15:09.973000
|
||||
CVE-2024-22020,0,0,7ac9a9c321ee32f5a7c3029e4b874c847226caf8006b26e3abdd3012e630e857,2024-07-09T02:15:09.973000
|
||||
CVE-2024-22021,0,0,ba38d4b86a2c5af951f989c7a28594b6207f0b19739ba3d580be6e4d49001bfb,2024-02-29T01:44:04.690000
|
||||
CVE-2024-22022,0,0,925c0d46bbd39b5d0f2644b5e26e0cd82488a20b7de7cccfa4639e9bb8f60d9e,2024-02-15T18:45:30.887000
|
||||
CVE-2024-22023,0,0,738809cdca073240a61fbce615868c0b1c3f7d174f610e159e035e11db1f2996,2024-07-03T01:46:59.843000
|
||||
@ -244710,7 +244710,7 @@ CVE-2024-23687,0,0,888c703c13765b4aadeca06043a7e3dd693e14ab5fbf0ceb683a371be24cf
|
||||
CVE-2024-23688,0,0,07f47d429f26f5d25558115321368745a1af1492969a475a8855a8882844f455,2024-01-26T15:53:31.397000
|
||||
CVE-2024-23689,0,0,d7d4e018343e45ab929852f091e2e71006911f05a5c0cdd59769a6f5a80fdcee,2024-01-26T14:50:45.023000
|
||||
CVE-2024-2369,0,0,6a36576cd82a0efb1a6cf47fca1f81c4dce9d8f7b0632041d2d5bfbf236b9c0b,2024-04-08T18:15:08.527000
|
||||
CVE-2024-23692,0,0,ee8d47877e8ab9dffb6b0f67245eb523eb65e271e0c42f12e1c102143c73f4cc,2024-06-28T04:15:04.597000
|
||||
CVE-2024-23692,0,1,2c70ac9488c5faf6a5d518e660044a8820026bf6342ba13329711a2daa262f78,2024-07-09T04:15:11.510000
|
||||
CVE-2024-2370,0,0,d585ae9ac856bf263bbb5fc87411ce61002d06f83e420348ba9623542805dbad,2024-03-20T16:15:08.270000
|
||||
CVE-2024-23704,0,0,3ab2415bdb26ba29dae3109785e9f4b7ad9e6e4e471a3ed83e21564f6ce311e3,2024-07-03T01:47:59.750000
|
||||
CVE-2024-23705,0,0,ead7fe198af09437794c6077c888124fa1580ba6ce0d00067776236205768400,2024-07-03T01:48:00.597000
|
||||
@ -251931,12 +251931,15 @@ CVE-2024-3467,0,0,f3d3ded26da1ff40cb7ce9044f06d10da868ecf8c657bb03487a95cc57367c
|
||||
CVE-2024-3468,0,0,6bbe60d0879e290e30537ffe4a101c3b7c2eb02820a408eaf36ef669c7ee7262,2024-06-13T18:36:09.010000
|
||||
CVE-2024-34683,0,0,57f33302e0e1383af68f9608971b574f2348ee1ba8843154fc93224fbb8e249d,2024-06-11T13:54:12.057000
|
||||
CVE-2024-34684,0,0,f13e9960dc41706e42f4935ca84a9d2f683382b7e93743a6923148ca6654eab6,2024-06-11T13:54:12.057000
|
||||
CVE-2024-34685,1,1,599fef26d3e9353b0e44e4f834bd29124a0eee0b88baf7c58621d11bf109011b,2024-07-09T04:15:12.090000
|
||||
CVE-2024-34686,0,0,7af176def25b884316086a3c169e2999baee313c40e043953fcc8ef9decb4a68,2024-06-11T13:54:12.057000
|
||||
CVE-2024-34687,0,0,4ff76c42affc0861ee718b9e208e6eefdbf0a3ab639bfa3166f3943bc94075ba,2024-05-14T19:17:55.627000
|
||||
CVE-2024-34688,0,0,66fff955b629aa6883569d950a703da0f073f684f77574846b0584730e15d6f7,2024-06-11T13:54:12.057000
|
||||
CVE-2024-34689,1,1,4e0a1aa30587f4beffba22c5b7083106741f4a3e113a0ca515f11da3d865865a,2024-07-09T05:15:10.873000
|
||||
CVE-2024-3469,0,0,89a04cf68ae33ee1037c8a13e9431c4d00d2106abb2ae6d7191ba817489a1fcd,2024-06-13T19:36:21.350000
|
||||
CVE-2024-34690,0,0,823a2e1ae33b55e0d3769be79c59e7f42483b5ff6dba621f60a0402d90d83ba8,2024-06-11T13:54:12.057000
|
||||
CVE-2024-34691,0,0,827395ff4b0bf99f2642a5cd3134d1fe0effa60012a62490a349f26f4db25abb,2024-06-11T13:54:12.057000
|
||||
CVE-2024-34692,1,1,8319862b3a6af638016114f7420272c99e32111651681c26ab36193f2a17a299,2024-07-09T05:15:11.183000
|
||||
CVE-2024-34693,0,0,6da431cb088539cdedaef048562e52acae68c24a7fe449888c5724e281a42b04,2024-06-20T12:43:25.663000
|
||||
CVE-2024-34694,0,0,c52b0ddd7913e7b99d778e62e2419069bd9d8eb90d9108e75c7e8088bb5608e8,2024-06-17T12:42:04.623000
|
||||
CVE-2024-34695,0,0,d5ed5d99c8f0d08b73ea3cb249327295e787f14594542dd2f27279ab9312830c,2024-05-14T16:12:23.490000
|
||||
@ -251994,7 +251997,7 @@ CVE-2024-34772,0,0,635f5a0bcdcc084928ed60d40a3f5691181a54a2efa05b50e13ad74622471
|
||||
CVE-2024-34773,0,0,8d4786b71411a201832db647dece110e046d5ed6169dce1446e93616263bacee,2024-05-14T19:17:55.627000
|
||||
CVE-2024-34777,0,0,241250eac73524748eb5086b6b92bdea38568ca1ebb8b3f151f19ab25319a6c6,2024-06-21T15:58:51.410000
|
||||
CVE-2024-3478,0,0,ae882595ac6fe06ab517c1e505d55eeeed4b5c0450cbd6b83825ab78d9e88f1e,2024-05-02T13:27:25.103000
|
||||
CVE-2024-34786,1,1,94d1c061cc5f13dffb4f68e0e197de19d4c89677c31a8380fea1af84a624bb00,2024-07-09T02:15:10.177000
|
||||
CVE-2024-34786,0,0,94d1c061cc5f13dffb4f68e0e197de19d4c89677c31a8380fea1af84a624bb00,2024-07-09T02:15:10.177000
|
||||
CVE-2024-34789,0,0,b4abe5a3fd205f47118c608999fff7fb705b59bf0f04c59cc3f88812458f1961,2024-06-03T14:46:24.250000
|
||||
CVE-2024-3479,0,0,fd58a9eee7829eb22d6cfb17d87e6b7652b13a6666535069e70c5a2768e8dce6,2024-05-03T15:32:19.637000
|
||||
CVE-2024-34790,0,0,9e31f1a476eb6c02a36285de2f1caa75b634dd2719e2ac168a65fe68e0cc5979,2024-06-03T14:46:24.250000
|
||||
@ -253468,10 +253471,16 @@ CVE-2024-37167,0,0,8e3878203632039bd5d0fde820eb6a3f65b81345351f922c359b0f8f5a698
|
||||
CVE-2024-37168,0,0,30a5bfe372ab5dc3b67016944b26b77b656c73122e285b83c454024b12c1f789,2024-06-11T13:54:12.057000
|
||||
CVE-2024-37169,0,0,fdaa52111ac9b7853a3eb23a839ff4b8133f3da9944b0a746205935031e65f63,2024-06-11T13:54:12.057000
|
||||
CVE-2024-3717,0,0,f925293668cd733410cea58d8de3d8ac1f08ce4fec8b5812651df64ea2fd428a,2024-05-02T18:00:37.360000
|
||||
CVE-2024-37171,1,1,43234f6ea7afca38e0c30df5fcd58a6c92eeb817269542e3779c99957fab2101,2024-07-09T05:15:11.407000
|
||||
CVE-2024-37172,1,1,61fe31fe11bb97d2687f388418f92853565110d1c5ebc386a482d6529d21004b,2024-07-09T05:15:11.607000
|
||||
CVE-2024-37173,1,1,e32ab5f3b3abef3bb39e4b8844627c719261e75378e29af66feec9e8018b2306,2024-07-09T04:15:12.867000
|
||||
CVE-2024-37174,1,1,5e04972841fe6fcf4ffc0d3618dad2e0076d881eedc9522f7898db62b1757140,2024-07-09T04:15:13.127000
|
||||
CVE-2024-37175,1,1,347df71847d257d376278acd94f7b1194a3146011c837c4fd015a32842a5f2e5,2024-07-09T05:15:11.823000
|
||||
CVE-2024-37176,0,0,d1a35fccbf9345cac8b07991c8d6b2cc7ed3bc253ab49e3211031359d59ab44e,2024-06-11T13:54:12.057000
|
||||
CVE-2024-37177,0,0,0421ff7903314276b7c17b8917958f0d79116e678cb0fb3c4c323480013ea020,2024-06-11T13:54:12.057000
|
||||
CVE-2024-37178,0,0,09d4f25c1f8a3d05343115dea3f64d1198524e716da67f7a6714a382347c3c9a,2024-06-11T13:54:12.057000
|
||||
CVE-2024-3718,0,0,a740a1633905d284711162c33f52150d8f35c5a9e41e141a82d07851d64c55d1,2024-05-24T13:03:05.093000
|
||||
CVE-2024-37180,1,1,f4168c4817ac9ffc2a3d643f903b1ba2f9d2825c28bc6d5c333b6d0f2567d142,2024-07-09T05:15:12.033000
|
||||
CVE-2024-37182,0,0,549cc5da2b56e1ffc4f85fe12d4fc3bdb7526f84c41d2237f570cc5dd0365265,2024-06-17T12:42:04.623000
|
||||
CVE-2024-37183,0,0,797ee6627defafae369247d5bda2be326b262d85b9c4ea85f3eb35804b563c70,2024-06-21T11:22:01.687000
|
||||
CVE-2024-37185,0,0,ce3a2eeaa366e0078438541c31768228f57c06809ab185bd78a5053ce3cc0bd3,2024-07-03T18:02:57.857000
|
||||
@ -254245,6 +254254,15 @@ CVE-2024-3956,0,0,84c84e343f731479baad188521c68e2e10d428da5ee4bd61443cf640ccedc1
|
||||
CVE-2024-3957,0,0,6e4e327328ad5c18e880466a103b162c10591051d90490bf0a67f6889d728425,2024-05-02T18:00:37.360000
|
||||
CVE-2024-39573,0,0,7e7eebc8f7807e5a5d00f82c0d28f5abe2d79239ae34bea5f004fd03abc17ccd,2024-07-03T02:05:50.170000
|
||||
CVE-2024-3959,0,0,1ce1302f5c536ae0ba1596a30e53c3274b88d91eb780326b1103788329e8cf86,2024-06-28T13:21:52.223000
|
||||
CVE-2024-39592,1,1,e9fbc7370198c1cbca6951990862b24e358e9ec3c2e9bd4f45cf183b473fcc73,2024-07-09T04:15:13.420000
|
||||
CVE-2024-39593,1,1,ab03db1c29c90c00f00398b8b34dd1b966b8fb91a2a61ea761d1298c478a33fd,2024-07-09T04:15:13.663000
|
||||
CVE-2024-39594,1,1,33b48254f7725103ef14f256c42af6ad5da0f009dadf2684d8d18d903acdbf27,2024-07-09T05:15:12.300000
|
||||
CVE-2024-39595,1,1,471e285f08cfbb4edf473e6fa6b72d8f521ddce3ac42dce6e5431bcd3ffc3d43,2024-07-09T05:15:12.507000
|
||||
CVE-2024-39596,1,1,0feaf9df8c3dc646766d47600878c5d7ae6de97f7b44b244e3b98f62d5af41dd,2024-07-09T05:15:12.710000
|
||||
CVE-2024-39597,1,1,36f1d3adbce1e7aa89c00d0262e3c7a8d694651600c7f20323c7a8a29ca1a0c0,2024-07-09T04:15:13.963000
|
||||
CVE-2024-39598,1,1,e8488730700596e1567b8dff879031d95da6c3679e0700a8c6ced72dcc6e8955,2024-07-09T04:15:14.860000
|
||||
CVE-2024-39599,1,1,f65d91ec3eb36b59fbb470462f3f8ed5c6e76551cc56e87fa2afdeb6b919fb07,2024-07-09T05:15:12.933000
|
||||
CVE-2024-39600,1,1,884daf42f25ca1a9a1e2d565c12782fe1a29cd522096c7120d71ea9c80e3968d,2024-07-09T05:15:13.147000
|
||||
CVE-2024-3961,0,0,6646adb167e87c94860ebd5d8d983b1f971f6dc9fb8c86a5eaff8de194f86033,2024-06-21T11:22:01.687000
|
||||
CVE-2024-3962,0,0,9de964d29f43823164300439a0e71453bbca4a5c1f5767eca51db600267798cd,2024-04-26T12:58:17.720000
|
||||
CVE-2024-3965,0,0,ca98c8c8f38859cd31112b30cbcab1577d0379601171e9b943854dcc0ce8c1f6,2024-07-03T02:06:56.690000
|
||||
@ -254878,6 +254896,7 @@ CVE-2024-4662,0,0,271820e0248036cdcfeea2da470b958f93caba3600263b2df375c674d93150
|
||||
CVE-2024-4663,0,0,ac32c04a2cae0071224eeefc80f9a000b8618e2f1af1abc8eb33d3a9321c7d70,2024-06-20T12:44:01.637000
|
||||
CVE-2024-4664,0,0,4d4aeec2b9d4ae73905aa066e928be5011f1ff91cc6ef5979d75af441c67cdbb,2024-06-28T13:28:06.347000
|
||||
CVE-2024-4666,0,0,dde8d66c76bdf850b898b9f95df0d92f0ac3da730c1f32826d61843a6ef06bf5,2024-05-15T16:40:19.330000
|
||||
CVE-2024-4667,1,1,75e1dc16514bffbc93dda5a13d1fe5934ce31554cffa550069cabbcf17eb51c4,2024-07-09T05:15:13.353000
|
||||
CVE-2024-4668,0,0,3c2f34d91ee8c9aacf0f125fe94ffbbe9a611b8f1a54ab65e0473cea71baad6f,2024-05-30T13:15:41.297000
|
||||
CVE-2024-4669,0,0,cb3ea770e599714f2de5e50bc4195c130850e813b58882b88bfe234ded1dcd7f,2024-06-13T18:36:09.013000
|
||||
CVE-2024-4670,0,0,438b57b9006ea70a278767dc5849ca5e16eeaf7f43c9f1acf2c1dcf72f3e2983,2024-05-15T16:40:19.330000
|
||||
@ -255111,7 +255130,7 @@ CVE-2024-4940,0,0,cb78cb49a43bd348a99dcd2f7e1d39ee831dc08e65c1988e89651f86623130
|
||||
CVE-2024-4941,0,0,04ed79d9b1e3032260e31cb6cd2ea8a25db6821440182f4cb50592b145bee1e2,2024-06-07T14:56:05.647000
|
||||
CVE-2024-4942,0,0,157240698edb46a5deca9943c90e89d5c268795c03f1dadbb4d2f6e28d77068b,2024-06-06T14:17:35.017000
|
||||
CVE-2024-4943,0,0,d9b88319a5992961df806c2aff168607709c5e19495e72269f7fd7790830e1d9,2024-05-21T12:37:59.687000
|
||||
CVE-2024-4944,1,1,a57995eb1ec9aa01add18e609846b77b990bf63b23a0d545f93722ff35d463f3,2024-07-09T03:15:02.270000
|
||||
CVE-2024-4944,0,0,a57995eb1ec9aa01add18e609846b77b990bf63b23a0d545f93722ff35d463f3,2024-07-09T03:15:02.270000
|
||||
CVE-2024-4945,0,0,862ec6002e9c3369e40f6935606e597aac95fb1ef3a2f5a2c72d02ef723dafd2,2024-06-04T19:20:54.767000
|
||||
CVE-2024-4946,0,0,de881559bc92412238785deff68c564cad0647963d61d3efd064c0cec6c4ee1e,2024-06-04T19:20:54.867000
|
||||
CVE-2024-4947,0,0,8b22fa92c86c832263b0660c6b596a76b1c7e8c155bae82cd88218c6326792e3,2024-07-03T02:08:19.620000
|
||||
@ -255708,7 +255727,7 @@ CVE-2024-5787,0,0,7676e1b0ab184e8654efc91f56a8d84cd9d6d539bf642c0a4ff7f743a62b9d
|
||||
CVE-2024-5788,0,0,b8c011e09345f8c438c15d748dc7ecb5f2eb62164ea0c1da7169d985a2f9f593,2024-06-28T10:27:00.920000
|
||||
CVE-2024-5790,0,0,f8b87ca5470f9146716524e5e38538dc26468d2ae797b52818768e7113cbca8a,2024-07-01T12:37:24.220000
|
||||
CVE-2024-5791,0,0,424014ca254e257c8c57009775e061d0dd2abf87fc81691a50ea6d1a360bb310,2024-06-24T20:00:46.390000
|
||||
CVE-2024-5793,1,1,af5a5b6481201cf3530d669d7483e5b5d72a03324906b65441139d3ef7b4ea9b,2024-07-09T02:15:10.240000
|
||||
CVE-2024-5793,0,0,af5a5b6481201cf3530d669d7483e5b5d72a03324906b65441139d3ef7b4ea9b,2024-07-09T02:15:10.240000
|
||||
CVE-2024-5796,0,0,ee9ea77d6816c67e871ce0ce39c4d235af8efb4db7bec50166a494d6f8b7e47e,2024-06-28T10:27:00.920000
|
||||
CVE-2024-5798,0,0,f6c60b5ac812e7711b355fdc9c4ea7ca1c381d5fa9189e95b5ac079c15b31d9c,2024-06-13T18:36:09.010000
|
||||
CVE-2024-5805,0,0,d5f814a63108fa76cde55a23a7ee4c9d4c1228e8f74ac6f24226e1e9997c1554,2024-06-25T18:50:42.040000
|
||||
@ -255744,7 +255763,7 @@ CVE-2024-5846,0,0,0b2d8f18d514785edc16bc8a9875d408ec093858a0edbb60b84e2acabc32d1
|
||||
CVE-2024-5847,0,0,af863962a64ba64b748fc267021bdca1358cb53ef73ef1a0e2073c98890c9fa1,2024-07-03T02:09:31.730000
|
||||
CVE-2024-5851,0,0,1ff86bf427427298fe5dc39bbfedb897b9870fd2315cf065507e70165fb41d41,2024-06-13T18:36:09.013000
|
||||
CVE-2024-5853,0,0,4db307c3757855b51e51fa12e1eb9aa67e540512d9bb40f822c5370c3893dc4f,2024-06-20T12:44:01.637000
|
||||
CVE-2024-5855,1,1,b90d3fcafd8e229d80167b4f5d2f3aed65497222ce1cbd14143f59d272d601d1,2024-07-09T02:15:10.437000
|
||||
CVE-2024-5855,0,0,b90d3fcafd8e229d80167b4f5d2f3aed65497222ce1cbd14143f59d272d601d1,2024-07-09T02:15:10.437000
|
||||
CVE-2024-5858,0,0,30241924d409355226bb80c4fb982c4833f84483f4f89b94e986f70fe7751e71,2024-06-17T12:42:04.623000
|
||||
CVE-2024-5859,0,0,5b284a4381086ad6bad860c96074f61ed02c9601ee45c79362fb0f8a492df8fd,2024-06-24T19:21:07.943000
|
||||
CVE-2024-5860,0,0,56b79e1c6d22cf1e6319b4d2696b988928a56f1c09b2a292e92b44a530d0359a,2024-07-05T13:52:14.463000
|
||||
@ -255801,7 +255820,7 @@ CVE-2024-5967,0,0,a8cf0971f84f68dc327704c7b15af8c68f3ca5a6cf4ca8aa54163d9ca95100
|
||||
CVE-2024-5970,0,0,118b7b2e028a3447b60495fc36df0133e6c8ea6adad2a5f3d89bac8698786790,2024-06-20T12:44:01.637000
|
||||
CVE-2024-5971,0,0,4c029e3f50bafbefeafdd3bea254ba330995380b3f87a3e11bd5645cadf91acc,2024-07-08T21:15:12.480000
|
||||
CVE-2024-5972,0,0,3700c5b3eb4bcd1d3bafe18b568e7aab0a0471128c3ce92a2f73ba8aa9a9cb4f,2024-06-28T19:15:07.500000
|
||||
CVE-2024-5974,1,1,41bc2a5468ec6e846fb0d5ca66e59c6c799063474682442dfaf14d89f985b4c7,2024-07-09T03:15:02.507000
|
||||
CVE-2024-5974,0,0,41bc2a5468ec6e846fb0d5ca66e59c6c799063474682442dfaf14d89f985b4c7,2024-07-09T03:15:02.507000
|
||||
CVE-2024-5976,0,0,e855126a3e03657c0f9ccfb70e360e6531fe17aa442fb39ef6227c53616360fe,2024-06-17T12:43:31.090000
|
||||
CVE-2024-5979,0,0,ecf851c3d3de50590eb0b5525283c723dc89573922e14c045baaee03d0d0831b,2024-06-27T19:25:12.067000
|
||||
CVE-2024-5980,0,0,c1ed3bf259928f44163accb5dee81e38c4dedf71ab1a0c47da4cd2f2cf410bfa,2024-06-27T19:25:12.067000
|
||||
@ -255901,6 +255920,10 @@ CVE-2024-6154,0,0,14c261dad2c658f3f85287831ecf663ba772d4a017166d6d5d3cda8ce83886
|
||||
CVE-2024-6160,0,0,e0e9df11502e0f78d6d764c03981bde61fa7fdce13ce5e8e72c2edbfe567293b,2024-06-24T12:57:36.513000
|
||||
CVE-2024-6162,0,0,bd502c2e3c0167c78ca1c8188e0261103b8f8aa5eaa8e4a394c72d49dddda11b,2024-06-20T16:07:50.417000
|
||||
CVE-2024-6163,0,0,fd093a646484e49cdcba7f0d5c73f035da9d8dc2d3299e73ed2192cb6789df3d,2024-07-08T15:49:22.437000
|
||||
CVE-2024-6166,1,1,5c4d52af9866858053c3eeea16d68907704a85cfdb8db169c7463c4ce71e2e87,2024-07-09T05:15:13.543000
|
||||
CVE-2024-6169,1,1,ce8d122e0a50be6f8fa73ffe894d94184504d99eef0aeb8e273d477c681a2bdc,2024-07-09T05:15:13.737000
|
||||
CVE-2024-6170,1,1,0468d52887e9eae9812e1edfdf6b67c73acd7e11661c4df6b03ac9b47ecd36e7,2024-07-09T05:15:13.947000
|
||||
CVE-2024-6171,1,1,8e1eb909673fdd1b41df5f9a5c307f9b997bc3d03b662395e5999738418db058,2024-07-09T05:15:14.140000
|
||||
CVE-2024-6172,0,0,772bb913ed7f683b9ada9dc0ecd54a374149383f55e758d624c0fb5be0b0bf4c,2024-07-03T18:00:01.770000
|
||||
CVE-2024-6176,0,0,855875508d6019a3b7cc5455db83c0ed155c5813092b253896702a30576b2ecb,2024-06-20T12:43:25.663000
|
||||
CVE-2024-6177,0,0,a0175799dd5324c2ac4fd3e8bb126589ce94cff0760703c070fdf39975a6cb07,2024-06-20T15:17:06.493000
|
||||
@ -255992,6 +256015,7 @@ CVE-2024-6349,0,0,f01d61e3475192c945ec3639c2eda3b231a23d2f279c2f15b4719385fb2bd0
|
||||
CVE-2024-6354,0,0,c9410e2fdcd521ee7fa5aea0abe57bbff6ce1153eea9fc9c27ad647524c61c5c,2024-07-03T02:09:53.917000
|
||||
CVE-2024-6355,0,0,ae01fd3dff3a0136dc0dcda0f0c62bd72a4c84afe63740fbe5ae0aaceef04f3e,2024-06-27T14:15:16.753000
|
||||
CVE-2024-6363,0,0,821afe251d4d71225fc87e03c6904bf5a4c1b246a1e7e806532ba337c88c686a,2024-07-01T12:37:24.220000
|
||||
CVE-2024-6365,1,1,fcbce586cbad80cebdef2a9ececdb44751b1b32b76d3bac4f807faf6d1ade07b,2024-07-09T04:15:15.333000
|
||||
CVE-2024-6367,0,0,7207995286cd77894417e443ceec13186f4617a3d835dc70f545e6022e4f6dc9,2024-06-27T12:47:19.847000
|
||||
CVE-2024-6368,0,0,15233ad7ff1f989e7bdf86db89d9527b042f90cc8844e61c0b9d2d12d522b414,2024-06-27T18:15:21.083000
|
||||
CVE-2024-6369,0,0,c793378edfea0b2a8c32a50d08899943167a983433e0948af5044c43e0a7ad33,2024-06-27T12:47:19.847000
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user