From d0e7880708a7d9ff8a4d6bf9aacea444993e8686 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 18 Jun 2024 12:03:12 +0000 Subject: [PATCH] Auto-Update: 2024-06-18T12:00:18.528504+00:00 --- CVE-2023/CVE-2023-51xx/CVE-2023-5123.json | 4 +- CVE-2024/CVE-2024-375xx/CVE-2024-37568.json | 8 +- CVE-2024/CVE-2024-385xx/CVE-2024-38504.json | 55 ++++++++++++ CVE-2024/CVE-2024-385xx/CVE-2024-38505.json | 55 ++++++++++++ CVE-2024/CVE-2024-385xx/CVE-2024-38506.json | 55 ++++++++++++ CVE-2024/CVE-2024-385xx/CVE-2024-38507.json | 55 ++++++++++++ CVE-2024/CVE-2024-51xx/CVE-2024-5154.json | 6 +- CVE-2024/CVE-2024-54xx/CVE-2024-5458.json | 6 +- CVE-2024/CVE-2024-59xx/CVE-2024-5953.json | 63 ++++++++++++++ CVE-2024/CVE-2024-60xx/CVE-2024-6046.json | 58 ++----------- CVE-2024/CVE-2024-61xx/CVE-2024-6108.json | 92 +++++++++++++++++++++ README.md | 23 ++++-- _state.csv | 20 +++-- 13 files changed, 427 insertions(+), 73 deletions(-) create mode 100644 CVE-2024/CVE-2024-385xx/CVE-2024-38504.json create mode 100644 CVE-2024/CVE-2024-385xx/CVE-2024-38505.json create mode 100644 CVE-2024/CVE-2024-385xx/CVE-2024-38506.json create mode 100644 CVE-2024/CVE-2024-385xx/CVE-2024-38507.json create mode 100644 CVE-2024/CVE-2024-59xx/CVE-2024-5953.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6108.json diff --git a/CVE-2023/CVE-2023-51xx/CVE-2023-5123.json b/CVE-2023/CVE-2023-51xx/CVE-2023-5123.json index a16b86a3d90..f5bb743e62d 100644 --- a/CVE-2023/CVE-2023-51xx/CVE-2023-5123.json +++ b/CVE-2023/CVE-2023-51xx/CVE-2023-5123.json @@ -2,12 +2,12 @@ "id": "CVE-2023-5123", "sourceIdentifier": "security@grafana.com", "published": "2024-02-14T15:15:08.620", - "lastModified": "2024-05-03T13:15:20.927", + "lastModified": "2024-06-18T10:15:09.937", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path. \n\n\n\n\n\n \n \n \n\n\n\n\n\n\n \n \n This means that if the datasource was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the datasource which issues queries containing path traversal characters, which would in turn cause the datasource to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) https://example.com/api/admin_api/) .\n\nIn the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability.\n" + "value": "The JSON datasource plugin ( https://grafana.com/grafana/plugins/marcusolsson-json-datasource/ ) is a Grafana Labs maintained plugin for Grafana that allows for retrieving and processing JSON data from a remote endpoint (including a specific sub-path) configured by an administrator. Due to inadequate sanitization of the dashboard-supplied path parameter, it was possible to include path traversal characters (../) in the path parameter and send requests to paths on the configured endpoint outside the configured sub-path. \n\n\n\n\n\n \n \n \n\n\n\n\n\n\n \n \n This means that if the datasource was configured by an administrator to point at some sub-path of a domain (e.g. https://example.com/api/some_safe_api/ ), it was possible for an editor to create a dashboard referencing the datasource which issues queries containing path traversal characters, which would in turn cause the datasource to instead query arbitrary subpaths on the configured domain (e.g. https://example.com/api/admin_api/) .\n\nIn the rare case that this plugin is configured by an administrator to point back at the Grafana instance itself, this vulnerability becomes considerably more severe, as an administrator browsing a maliciously configured panel could be compelled to make requests to Grafana administrative API endpoints with their credentials, resulting in the potential for privilege escalation, hence the high score for this vulnerability." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-375xx/CVE-2024-37568.json b/CVE-2024/CVE-2024-375xx/CVE-2024-37568.json index d151e546e63..6be976301cd 100644 --- a/CVE-2024/CVE-2024-375xx/CVE-2024-37568.json +++ b/CVE-2024/CVE-2024-375xx/CVE-2024-37568.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37568", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-09T19:15:52.323", - "lastModified": "2024-06-12T13:29:13.877", - "vulnStatus": "Analyzed", + "lastModified": "2024-06-18T11:15:51.270", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -76,6 +76,10 @@ "Exploit", "Issue Tracking" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IZI7HYGN7VZAYFV6UV3SRLYF7QGERXIU/", + "source": "cve@mitre.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38504.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38504.json new file mode 100644 index 00000000000..836a4afb7fd --- /dev/null +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38504.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-38504", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-06-18T11:15:51.467", + "lastModified": "2024-06-18T11:15:51.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains YouTrack before 2024.2.34646 the Guest User Account was enabled for attaching files to articles" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38505.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38505.json new file mode 100644 index 00000000000..282eb260e61 --- /dev/null +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38505.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-38505", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-06-18T11:15:51.733", + "lastModified": "2024-06-18T11:15:51.733", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains YouTrack before 2024.2.34646 user access token was sent to the third-party site" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38506.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38506.json new file mode 100644 index 00000000000..a4b8af70b79 --- /dev/null +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38506.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-38506", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-06-18T11:15:52.030", + "lastModified": "2024-06-18T11:15:52.030", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains YouTrack before 2024.2.34646 user without appropriate permissions could enable the auto-attach option for workflows" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38507.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38507.json new file mode 100644 index 00000000000..bcacca92827 --- /dev/null +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38507.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-38507", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-06-18T11:15:52.267", + "lastModified": "2024-06-18T11:15:52.267", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains Hub before 2024.2.34646 stored XSS via project description was possible" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-51xx/CVE-2024-5154.json b/CVE-2024/CVE-2024-51xx/CVE-2024-5154.json index 6cc5ac96c46..519d1d36df3 100644 --- a/CVE-2024/CVE-2024-51xx/CVE-2024-5154.json +++ b/CVE-2024/CVE-2024-51xx/CVE-2024-5154.json @@ -2,7 +2,7 @@ "id": "CVE-2024-5154", "sourceIdentifier": "secalert@redhat.com", "published": "2024-06-12T09:15:19.973", - "lastModified": "2024-06-13T18:36:09.010", + "lastModified": "2024-06-18T10:15:10.640", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -55,6 +55,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:3676", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:3700", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-5154", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-54xx/CVE-2024-5458.json b/CVE-2024/CVE-2024-54xx/CVE-2024-5458.json index a8f2d8c214f..e099f5905d5 100644 --- a/CVE-2024/CVE-2024-54xx/CVE-2024-5458.json +++ b/CVE-2024/CVE-2024-54xx/CVE-2024-5458.json @@ -2,7 +2,7 @@ "id": "CVE-2024-5458", "sourceIdentifier": "security@php.net", "published": "2024-06-09T19:15:52.397", - "lastModified": "2024-06-13T04:15:17.220", + "lastModified": "2024-06-18T10:15:10.870", "vulnStatus": "Modified", "descriptions": [ { @@ -156,6 +156,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00009.html", + "source": "security@php.net" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PKGTQUOA2NTZ3RXN22CSAUJPIRUYRB4B/", "source": "security@php.net", diff --git a/CVE-2024/CVE-2024-59xx/CVE-2024-5953.json b/CVE-2024/CVE-2024-59xx/CVE-2024-5953.json new file mode 100644 index 00000000000..ba40db88820 --- /dev/null +++ b/CVE-2024/CVE-2024-59xx/CVE-2024-5953.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-5953", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-06-18T10:15:11.170", + "lastModified": "2024-06-18T10:15:11.170", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A denial of service vulnerability was found in the 389-ds-base LDAP server. This issue may allow an authenticated user to cause a server denial of service while attempting to log in with a user with a malformed hash in their password." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de denegaci\u00f3n de servicio en el servidor LDAP 389-ds-base. Este problema puede permitir que un usuario autenticado provoque una denegaci\u00f3n de servicio del servidor al intentar iniciar sesi\u00f3n con un usuario con un hash mal formado en su contrase\u00f1a." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1288" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-5953", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2292104", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6046.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6046.json index 0056426f7e2..26846eb0361 100644 --- a/CVE-2024/CVE-2024-60xx/CVE-2024-6046.json +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6046.json @@ -2,62 +2,14 @@ "id": "CVE-2024-6046", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-06-17T04:15:09.867", - "lastModified": "2024-06-17T12:42:04.623", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-06-18T11:15:52.513", + "vulnStatus": "Rejected", "descriptions": [ { "lang": "en", - "value": "SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device." - }, - { - "lang": "es", - "value": "SECOM WRTR-304GN-304TW-UPSC V02 (no admitido cuando est\u00e1 asignado) no filtra correctamente la entrada del usuario en la funcionalidad espec\u00edfica. Los atacantes remotos no autenticados pueden aprovechar esta vulnerabilidad para inyectar y ejecutar comandos arbitrarios del sistema en el dispositivo." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], - "metrics": { - "cvssMetricV31": [ - { - "source": "twcert@cert.org.tw", - "type": "Primary", - "cvssData": { - "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", - "attackVector": "NETWORK", - "attackComplexity": "LOW", - "privilegesRequired": "NONE", - "userInteraction": "NONE", - "scope": "UNCHANGED", - "confidentialityImpact": "HIGH", - "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" - }, - "exploitabilityScore": 3.9, - "impactScore": 5.9 - } - ] - }, - "weaknesses": [ - { - "source": "twcert@cert.org.tw", - "type": "Primary", - "description": [ - { - "lang": "en", - "value": "CWE-78" - } - ] - } - ], - "references": [ - { - "url": "https://www.twcert.org.tw/en/cp-139-7882-998f5-2.html", - "source": "twcert@cert.org.tw" - }, - { - "url": "https://www.twcert.org.tw/tw/cp-132-7881-f88ad-1.html", - "source": "twcert@cert.org.tw" - } - ] + "metrics": {}, + "references": [] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6108.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6108.json new file mode 100644 index 00000000000..b6e2e70010f --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6108.json @@ -0,0 +1,92 @@ +{ + "id": "CVE-2024-6108", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-06-18T10:15:11.653", + "lastModified": "2024-06-18T10:15:11.653", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. It has been classified as problematic. Affected is an unknown function of the file /vood/cgi-bin/vood_view.cgi?act=index&lang=EN# of the component Login. The manipulation of the argument errmsg leads to basic cross site scripting. It is possible to launch the attack remotely. VDB-268854 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad en Genexis Tilgin Home Gateway 322_AS0500-03_05_13_05. Ha sido clasificada como problem\u00e1tica. Una funci\u00f3n desconocida del archivo /vood/cgi-bin/vood_view.cgi?act=index&lang=ES# del componente Login es afectada por esta funci\u00f3n. La manipulaci\u00f3n del argumento errmsg conduce a cross site scripting b\u00e1sico. Es posible lanzar el ataque de forma remota. VDB-268854 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "NONE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 5.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 10.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.268854", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.268854", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.353708", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a9a8b1cd4c0..a7583282c05 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-18T10:00:45.313475+00:00 +2024-06-18T12:00:18.528504+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-18T09:15:09.767000+00:00 +2024-06-18T11:15:52.513000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,30 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -254342 +254348 ``` ### CVEs added in the last Commit -Recently added CVEs: `2` +Recently added CVEs: `6` -- [CVE-2024-5533](CVE-2024/CVE-2024-55xx/CVE-2024-5533.json) (`2024-06-18T08:15:50.723`) -- [CVE-2024-5899](CVE-2024/CVE-2024-58xx/CVE-2024-5899.json) (`2024-06-18T09:15:09.767`) +- [CVE-2024-38504](CVE-2024/CVE-2024-385xx/CVE-2024-38504.json) (`2024-06-18T11:15:51.467`) +- [CVE-2024-38505](CVE-2024/CVE-2024-385xx/CVE-2024-38505.json) (`2024-06-18T11:15:51.733`) +- [CVE-2024-38506](CVE-2024/CVE-2024-385xx/CVE-2024-38506.json) (`2024-06-18T11:15:52.030`) +- [CVE-2024-38507](CVE-2024/CVE-2024-385xx/CVE-2024-38507.json) (`2024-06-18T11:15:52.267`) +- [CVE-2024-5953](CVE-2024/CVE-2024-59xx/CVE-2024-5953.json) (`2024-06-18T10:15:11.170`) +- [CVE-2024-6108](CVE-2024/CVE-2024-61xx/CVE-2024-6108.json) (`2024-06-18T10:15:11.653`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `5` +- [CVE-2023-5123](CVE-2023/CVE-2023-51xx/CVE-2023-5123.json) (`2024-06-18T10:15:09.937`) +- [CVE-2024-37568](CVE-2024/CVE-2024-375xx/CVE-2024-37568.json) (`2024-06-18T11:15:51.270`) +- [CVE-2024-5154](CVE-2024/CVE-2024-51xx/CVE-2024-5154.json) (`2024-06-18T10:15:10.640`) +- [CVE-2024-5458](CVE-2024/CVE-2024-54xx/CVE-2024-5458.json) (`2024-06-18T10:15:10.870`) +- [CVE-2024-6046](CVE-2024/CVE-2024-60xx/CVE-2024-6046.json) (`2024-06-18T11:15:52.513`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 4861556bd7f..fe66f555434 100644 --- a/_state.csv +++ b/_state.csv @@ -237282,7 +237282,7 @@ CVE-2023-51210,0,0,ae23e1dd56bc994975ad1cf5f43a03ff833adca03d4acec46183d1f350286 CVE-2023-51217,0,0,609ce02576608b7bece0fa3e03a269d7ff1a0d343c7aa4770e1650d18ab2f9db,2024-01-26T14:40:49.700000 CVE-2023-51219,0,0,b829f21c4e7810120067efca1062712a7e6cce7a3463e7bfc3e1ac6ee6381973,2024-06-04T16:57:41.057000 CVE-2023-5122,0,0,289848059eca21be3f3161a9ce84be67f6f53e7bfbd9fab858ac01dbca7ceda6,2024-05-03T13:15:20.843000 -CVE-2023-5123,0,0,d83a60750d736ecae22d0d07118626874c976bab6aae803a6a9195f87e0d10b8,2024-05-03T13:15:20.927000 +CVE-2023-5123,0,1,1003f0c5d09fd5c6377a8ed198be6ef654af15350e829a342d2b861efae71924,2024-06-18T10:15:09.937000 CVE-2023-5124,0,0,835ddefba6ce80c573f759b7efca141aa364e1e9e5386c4c5da1a4ebd3e5f221,2024-02-05T16:48:58.247000 CVE-2023-51246,0,0,4290d85111a53988586ca964b371dea1ba9623223fc80dcee2dbf830592ba5b5,2024-01-12T16:31:28.787000 CVE-2023-5125,0,0,a1c4b4038cc3b3040fdc552203e289f2b08811b020cfaa60abf15cb6844a5b0c,2023-11-07T04:23:28.993000 @@ -252770,7 +252770,7 @@ CVE-2024-37535,0,0,07f7d930de9d2427116ed26f9657c7962aa8122c29cd0ba965c2b1ee75b9b CVE-2024-3754,0,0,01f193c84b52f462bda07bbe4a51fb49e63cd8bf2361f6b49c817e3a59b81e5a,2024-06-17T12:42:04.623000 CVE-2024-3755,0,0,255cc63bdc34aca663119fb8f6757a7da5a9acef7ecda034d88dc05babf4b05b,2024-05-06T12:44:56.377000 CVE-2024-3756,0,0,978b8204ea279199334a4c8c549150dc6420f24480b5effb717e8509749d66aa,2024-05-06T12:44:56.377000 -CVE-2024-37568,0,0,c31dda2ce4e2cf1c14da8896dd1ff7847e88710326c3ff8a35f20f8d9a2e2a98,2024-06-12T13:29:13.877000 +CVE-2024-37568,0,1,69f2fedd9c555b1dba6c5ed31ee1b4242f39058a2d21ca3419cdd98ba0a15bb0,2024-06-18T11:15:51.270000 CVE-2024-37569,0,0,748406cd7b0e731a2b9037b16c6d1dde7e8c81aa1003e1ce6c82275ceb288683,2024-06-12T16:32:56.203000 CVE-2024-3757,0,0,62301a2775fcbfb9e8b5b1aa90b79aa074cd639699f2863765d338333af4b798,2024-05-07T13:39:32.710000 CVE-2024-37570,0,0,a374041c2622c9ba66d2048315fc9e015af6a8717cce4f8beb5b59800398626a,2024-06-12T16:32:34.513000 @@ -252941,6 +252941,10 @@ CVE-2024-38470,0,0,72fd619cad47e9609a3b66bd344e6e0cff51bf41c439520887f75ce5743cc CVE-2024-3848,0,0,cff2d1cd97f0b1f2183f9bb4edcf4fc45d9e2b8ab251b9953f6af6105249c0ec,2024-05-16T13:03:05.353000 CVE-2024-3849,0,0,d4181d6192aab2f4a2b324451fbda7660fbd9621eb95f5f54a642a6a3d1e7d46,2024-05-02T18:00:37.360000 CVE-2024-3850,0,0,bbe49076d39470df53cdf5186eea91a2b4a40256492f588a1ab86bd1ba5244b0,2024-06-12T18:12:56.413000 +CVE-2024-38504,1,1,723c2c420862a936fd41d275c0985222db47b2d9ca77b454b39db26128f3cbfd,2024-06-18T11:15:51.467000 +CVE-2024-38505,1,1,368605ff3cf07dbe3cca2fed2dc47582b754d29e7d2c044d0a65ba1d0bae5b6e,2024-06-18T11:15:51.733000 +CVE-2024-38506,1,1,caa6d49f29866115f27bdd878f862855f9f5372966a6341bed1e9122088bbdeb,2024-06-18T11:15:52.030000 +CVE-2024-38507,1,1,685485b35ef3638082340806528733cf965a1abe52bfb88503b678c53e8d2242,2024-06-18T11:15:52.267000 CVE-2024-3851,0,0,16bcb9f87255ebcf1aad2856af6894b1b0c36049b98621e173e693ad3a900330,2024-05-16T13:03:05.353000 CVE-2024-3852,0,0,3038e46972183e994310b2b410f139aaace8bd74e7e7e979d336a57b5feba459,2024-04-22T10:15:07.430000 CVE-2024-3853,0,0,da9bcb4a065926b49732a0dd79b2f07a12fd9777c9341906bc363e07df8725cf,2024-04-17T12:48:31.863000 @@ -253895,7 +253899,7 @@ CVE-2024-5149,0,0,e167f321a43176bbe51b79fcd0ea912cf6c260f7c91862b43f4c0c9d62cbbb CVE-2024-5150,0,0,b6666c6d6ac9830dd3015f5fc02fd79f0a3b63d41ee2e14f8cd76da933186cb1,2024-05-29T13:02:09.280000 CVE-2024-5152,0,0,897a950e1a56cf66b3762a0b7d02348f108b131c1556072d1a2c46cab20012e4,2024-06-06T14:17:35.017000 CVE-2024-5153,0,0,828bf0d922f71aaeb9a620d2a28fca02e54e4a39590cf3792a194a4a5970d881,2024-06-06T14:17:35.017000 -CVE-2024-5154,0,0,1ba58da557e7753fe147db1d89f118e44764c86c1e3799ad99b07e3033b5f30f,2024-06-13T18:36:09.010000 +CVE-2024-5154,0,1,82d1e95029eac2df4860f47fd1c212761a30dff3def51a0032e4827082a89098,2024-06-18T10:15:10.640000 CVE-2024-5155,0,0,2a20a869c58a8b80fd2bd862f76df12b43c40fbeec518ecb9ca464561a78cd98,2024-06-17T12:42:04.623000 CVE-2024-5157,0,0,968c06835e3febdba747d4dd49e60507daf1a01e5377b117ee6e566931506abf,2024-06-10T18:15:37.893000 CVE-2024-5158,0,0,76369e6e46f6c34bbc5a354a762f99c1a790d22381b6a166821eb73e4f6cf9b3,2024-06-10T18:15:37.953000 @@ -254099,7 +254103,7 @@ CVE-2024-5439,0,0,d933d33f15def11b210f94c43e434fbcbcedf874aa4bf1c51db16a3b591b26 CVE-2024-5449,0,0,98f03fd41a859602711a787e6c6738ac5b4c6552335bab31c9f953ba2b79cc72,2024-06-06T14:17:35.017000 CVE-2024-5452,0,0,27a87c5d81b8c2c688ae4d039463a5b6ff5c5d7de26437cd334595b44d7597a4,2024-06-07T14:56:05.647000 CVE-2024-5453,0,0,f53a0f7c14e91f56fc73f4b75f7a3c7cc751f83b7f0078edb3a1d42587e45496,2024-06-11T17:34:52.263000 -CVE-2024-5458,0,0,280c02138e919e94dbbf1601703ec46acfb6deb4d1cb320c03863f40e695d8a3,2024-06-13T04:15:17.220000 +CVE-2024-5458,0,1,9de49bd96b675511c7046065b94648120f7be327e28ebfffc7c76c5b629abe0a,2024-06-18T10:15:10.870000 CVE-2024-5459,0,0,81bd5d1a4ebf239ba65f5777fb4bfb17f71fa270ff31c5f59fd635927a6c453f,2024-06-13T19:35:55.083000 CVE-2024-5463,0,0,a83ead02d534db419d64d9a246adc999062f3a690f2d2cbba14bffeb9debf0f5,2024-06-04T16:57:41.053000 CVE-2024-5464,0,0,20ac6d6efa943df789ee80e23b81c0dadba3276ccc683b7cb6fcce26ba339bb3,2024-06-17T12:42:04.623000 @@ -254141,7 +254145,7 @@ CVE-2024-5525,0,0,27d51e0f90117d5f6e29d565f6efd293c83de249201cb9426e9c70697dbb91 CVE-2024-5526,0,0,e88e82e62b5e4c5aebe68213504a5aa190a1c186279f7068714569f91c3de73e,2024-06-11T17:25:55.677000 CVE-2024-5530,0,0,a1a0702e27e4a4e3934db43cd9ea561e00ac905016f120852abcc67a37fa7a55,2024-06-11T13:54:12.057000 CVE-2024-5531,0,0,aff596c4345d9e9649e4107c993c40fc7416a56fa205089ee8692b6e8ba6cecf,2024-06-11T13:54:12.057000 -CVE-2024-5533,1,1,1c4322ac76e572f0c173bcdd34efadb5c3ffbed7ed1a6e60f6379858613a9887,2024-06-18T08:15:50.723000 +CVE-2024-5533,0,0,1c4322ac76e572f0c173bcdd34efadb5c3ffbed7ed1a6e60f6379858613a9887,2024-06-18T08:15:50.723000 CVE-2024-5536,0,0,d892d63cd79e6d462fe4485ce154b4e3b14e14d416b8b4d67114661d27280a01,2024-06-11T17:28:37.343000 CVE-2024-5537,0,0,071475eb8c0f92cc8ea9522d658283ad0e8213ba6740ff46ee05e5b24c18c3d8,2024-05-30T17:15:34.583000 CVE-2024-5538,0,0,183cea799fa9410e329e72f326a10b8369aedcea9a5b7583a44bf33ecc305070,2024-05-31T11:15:09.923000 @@ -254281,7 +254285,7 @@ CVE-2024-5895,0,0,adce2320c8f2da0eb4076cf48b8528b0367e1a91f9f4f56c3200b06ef2e34d CVE-2024-5896,0,0,74561a30f59034551bf30203dd9d488264eda62db1d6fb3f9fe44d921fc69839,2024-06-13T18:36:09.010000 CVE-2024-5897,0,0,ae4d2a8aeafd445ed5a0eb6a013a1f5f8d0cd09f1eb619f9e05beaa5efdbf2f0,2024-06-13T18:36:09.010000 CVE-2024-5898,0,0,2556a153e2769b2848dc3169e1f22718fe5b8f425c00f464c0cc68408399ec6a,2024-06-13T18:36:09.010000 -CVE-2024-5899,1,1,245f17f428e9e1e62838ca77aac18c3a3f2c82b4ea4c8e0b16de72a2626c4ba3,2024-06-18T09:15:09.767000 +CVE-2024-5899,0,0,245f17f428e9e1e62838ca77aac18c3a3f2c82b4ea4c8e0b16de72a2626c4ba3,2024-06-18T09:15:09.767000 CVE-2024-5905,0,0,52472d1772ec890cf9f052f234eba7e8e08aa90a47029f036f0775ad3cc74056,2024-06-13T18:36:09.010000 CVE-2024-5906,0,0,b7fc466b9931ce265a1ef81017e39098b5ad31bf494bc22103ede7f6c2cace23,2024-06-13T18:36:09.010000 CVE-2024-5907,0,0,17327a712757852c4b43c811f24252c9a6d5917388dc8b093882f86e14b7ae5b,2024-06-13T18:36:09.010000 @@ -254296,6 +254300,7 @@ CVE-2024-5949,0,0,d7dee9eee40bd92a70c4f623828d380d2dd593c00c7f59e1204a1a9d39be48 CVE-2024-5950,0,0,63f8256c9087af57fddfc205322f9075c204b1d3853d2ea1d0284b0d233997a1,2024-06-17T12:43:31.090000 CVE-2024-5951,0,0,7ddd1cddf9a9fdc846148c5866e7aa3c8ed2def81486ca15d97d818d600ecbf4,2024-06-17T12:43:31.090000 CVE-2024-5952,0,0,a56b129ed0896e22b77ffae27056ae02e2ff1e28286e49f9b0ac6b9f084a57b2,2024-06-17T12:43:31.090000 +CVE-2024-5953,1,1,9ea5135a8dda1dad51ca93f6728c4080a08758d993efcfa67e208f3eb48bc4e5,2024-06-18T10:15:11.170000 CVE-2024-5961,0,0,5b2a3ec0406c808b5387d2b9b0077c5bc424b1c4427d5cb7165a954efcfd8c0c,2024-06-17T12:42:04.623000 CVE-2024-5976,0,0,e855126a3e03657c0f9ccfb70e360e6531fe17aa442fb39ef6227c53616360fe,2024-06-17T12:43:31.090000 CVE-2024-5981,0,0,7870df79665c127e5a33d8fe67e56d8db296d9f7a121386a1275e14871265ba2,2024-06-17T12:43:31.090000 @@ -254322,7 +254327,7 @@ CVE-2024-6042,0,0,6d196e9da9a08d79a22225e118daa7f0e4c238306b694dbe66ba5d1dac9a15 CVE-2024-6043,0,0,2b8824b7583f59608b507bc98e72cef1625bf75f2d50538bd13acbdb5303fcd4,2024-06-17T14:15:12.833000 CVE-2024-6044,0,0,37b6b4fa1580189a7337f6bfb06fe7d410ca0d1be60eeed3fa0619de7f50b5bc,2024-06-17T12:42:04.623000 CVE-2024-6045,0,0,2dcda6a0cbff8cd9e195f4d3ab65f0210762794017ec56ef72ed3655d46b17a0,2024-06-17T12:42:04.623000 -CVE-2024-6046,0,0,a5ace0bbdf0f368d76efea99e17761b90d722a7f8fb2cd5b11d6c7027f5ee450,2024-06-17T12:42:04.623000 +CVE-2024-6046,0,1,91371f2b9afd0a654dc4dc6a88ac5fb04a186cb82713804dda3cac2d7733c344,2024-06-18T11:15:52.513000 CVE-2024-6047,0,0,4cdf0f1acff12373f8f857c8d442b9de2221d44745323cc3f60bf66bccd7a239,2024-06-17T14:15:13.040000 CVE-2024-6048,0,0,03e9485ef23720c113f11fed6c539200d9a1624e025ca24798cddf9d0c1a9e3b,2024-06-17T12:42:04.623000 CVE-2024-6055,0,0,93ffb465c6acddf15e4142ae2e8b4bcae95c7241e5f24a2dedc05f862f5d2e79,2024-06-17T13:15:53.697000 @@ -254341,3 +254346,4 @@ CVE-2024-6080,0,0,ce117abbbf27c271f3b1c554aeba9f1090748517ce038abb4811acdf5fadb2 CVE-2024-6082,0,0,b34a8b9e9d7597c030b945a5724fac42f5803ca75f53728fefe9f424acf1cad3,2024-06-17T23:15:51.920000 CVE-2024-6083,0,0,6fddaebd6fd505529ccfd2377fbb90eb3ff967f1b7daa3e62aab60a1d99a55f2,2024-06-18T00:15:09.853000 CVE-2024-6084,0,0,c58d4bbed9965d0c5b3b3d3408fb3218484aa76898e857d18c4411d57b93b108,2024-06-18T05:15:52.453000 +CVE-2024-6108,1,1,629cb2a981568eef963fe0fd8730638a990cab0f00ba579fb1df944ef1acda4c,2024-06-18T10:15:11.653000