Auto-Update: 2024-05-31T06:00:30.129297+00:00

2025-05-09 03:57:14 +00:00 · 2024-05-31 06:03:21 +00:00 · 2024-05-31 06:03:21 +00:00 · de1305cf4c
commit de1305cf4c
parent d336ea971b
4 changed files with 102 additions and 10 deletions
--- a/CVE-2024/CVE-2024-27xx/CVE-2024-2793.json
+++ b/CVE-2024/CVE-2024-27xx/CVE-2024-2793.json
@ -0,0 +1,63 @@
+{
+  "id": "CVE-2024-2793",
+  "sourceIdentifier": "security@wordfence.com",
+  "published": "2024-05-31T05:15:13.953",
+  "lastModified": "2024-05-31T05:15:13.953",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The Visual Website Collaboration, Feedback & Project Management \u2013 Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@wordfence.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.2,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/trunk/inc/wpf_ajax_functions.php#L1923",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/trunk/inc/wpf_ajax_functions.php#L505",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/browser/atarim-visual-collaboration/trunk/inc/wpf_ajax_functions.php#L666",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3094260/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://plugins.trac.wordpress.org/changeset/3094999/",
+      "source": "security@wordfence.com"
+    },
+    {
+      "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9bd63003-d1d6-480a-8df7-878bcc89f1ee?source=cve",
+      "source": "security@wordfence.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-370xx/CVE-2024-37032.json
+++ b/CVE-2024/CVE-2024-370xx/CVE-2024-37032.json
@ -0,0 +1,28 @@
+{
+  "id": "CVE-2024-37032",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-05-31T04:15:09.617",
+  "lastModified": "2024-05-31T04:15:09.617",
+  "vulnStatus": "Received",
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Ollama before 0.1.34 does not validate the format of the digest (sha256 with 64 hex digits) when getting the model path, and thus mishandles the TestGetBlobsPath test cases such as fewer than 64 hex digits, more than 64 hex digits, or an initial ../ substring."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/ollama/ollama/compare/v0.1.33...v0.1.34",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/ollama/ollama/pull/4175",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-05-31T04:00:37.880696+00:00
+2024-05-31T06:00:30.129297+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-05-31T03:15:08.853000+00:00
+2024-05-31T05:15:13.953000+00:00
 ```

 ### Last Data Feed Release
@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-252268
+252270
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `2`

- [CVE-2024-32850](CVE-2024/CVE-2024-328xx/CVE-2024-32850.json) (`2024-05-31T02:15:08.843`)
- [CVE-2024-5345](CVE-2024/CVE-2024-53xx/CVE-2024-5345.json) (`2024-05-31T03:15:08.613`)
- [CVE-2024-5418](CVE-2024/CVE-2024-54xx/CVE-2024-5418.json) (`2024-05-31T03:15:08.853`)
+- [CVE-2024-2793](CVE-2024/CVE-2024-27xx/CVE-2024-2793.json) (`2024-05-31T05:15:13.953`)
+- [CVE-2024-37032](CVE-2024/CVE-2024-370xx/CVE-2024-37032.json) (`2024-05-31T04:15:09.617`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -246643,6 +246643,7 @@ CVE-2024-27923,0,0,6315a11e520237c7a00a77a9064110cafb23d4fa4ef48ae08381daff9c66a
 CVE-2024-27926,0,0,482a279bf8a2e4dde902f41b0697343ca5742cbc4dc0f096e4ab97ea36cd603a,2024-03-21T12:58:51.093000
 CVE-2024-27927,0,0,237b8b5752e07344616ad65615a1cc64162ff161106a6f88e5e779d2eb531f82,2024-03-21T12:58:51.093000
 CVE-2024-27929,0,0,73a095084ef7d2402679e8eb74db9354223732f58513ff4d8baa79ac5795a712,2024-03-06T22:15:57.473000
+CVE-2024-2793,1,1,c9b4b3bf5e28572ae12c9655b2356bed8b648798eacf6df40387590630d3fde5,2024-05-31T05:15:13.953000
 CVE-2024-27930,0,0,2ea68c3b4eb8704cdeb414ca14c4ae96cc471d329de4819b8fb20740530e290d,2024-04-24T15:15:46.380000
 CVE-2024-27931,0,0,474630ce944d2a0365d4f3e7a2f115d78fc6fcc1a794480671d648d7254d6d15,2024-03-05T18:50:18.333000
 CVE-2024-27932,0,0,96dca8ba166ad184bdfd834c2d09938f89d6bc1a68e74d43ba7e517b0ae48aea,2024-03-21T12:58:51.093000
@ -249540,7 +249541,7 @@ CVE-2024-32834,0,0,d2ed9ea40163afd5f111e44be27b5edfb4cb8a8dd0234c49fdc13943a21fb
 CVE-2024-32835,0,0,a55a936ce932c192bddb52ecc7ef5c50500f7aaee0689f590c1aa942fe932618,2024-04-24T13:39:42.883000
 CVE-2024-32836,0,0,b79abde0b1fb00c320171e12e4361e475bc7a0910a68d24b478ff673cfed4676,2024-04-24T13:39:42.883000
 CVE-2024-3285,0,0,ea17e16acaa3172cbcc052cf9bfb1b3e7ee2b004434b062b8e67c1c1ed8bff14,2024-04-11T12:47:44.137000
-CVE-2024-32850,1,1,df111e9c097d0d92132a1876ea8ece172e0febc039d526d9e009002112ecff3b,2024-05-31T02:15:08.843000
+CVE-2024-32850,0,0,df111e9c097d0d92132a1876ea8ece172e0febc039d526d9e009002112ecff3b,2024-05-31T02:15:08.843000
 CVE-2024-3286,0,0,2b72849c89237e28c3d3a120424f9748393454aee8e724834e4cfefbfa74f3f9,2024-05-17T18:36:31.297000
 CVE-2024-32866,0,0,20522d9aebf09a5d43cbab0aa4b3dc9ed937958cfd0ea9d3803e03cb59093366,2024-04-24T13:39:42.883000
 CVE-2024-32867,0,0,8b49049697f6722e345366f8694914765116c8554c5893cf239e1c1a736d6057,2024-05-07T20:07:58.737000
@ -251211,6 +251212,7 @@ CVE-2024-3701,0,0,d78f52a76181001272debccb095fb5971bb478ebc111313d9ff2994f4ec059
 CVE-2024-37017,0,0,a92df0fafe66b57fbe8f6a1f20bf3902c65d99ba86bca3f5a67b04f174fafc33,2024-05-31T00:15:08.890000
 CVE-2024-37018,0,0,369f4f53e34cd54c57d99b89ebf6aea6aedb35d7f020c20028cdc1b2916fe8e4,2024-05-31T01:15:54.323000
 CVE-2024-3703,0,0,46d289814974ee20b6160fe56cc828277066d832a1c60ccf5d9c1a62d06c47e2,2024-05-03T12:48:41.067000
+CVE-2024-37032,1,1,43401a1b02c2b8d23932a91945292285aa64ffe2c28a743fd761550b04b8065c,2024-05-31T04:15:09.617000
 CVE-2024-3704,0,0,ad7f205e31bc442943bbd584692b194a3485d815654eeb83e4eefef6a6eff393,2024-04-15T13:15:51.577000
 CVE-2024-3705,0,0,44f1c76d2f6cd8dab882ddfdbdbe908a4e3a8f22d6a90f31f0279b7faf87a669,2024-04-15T13:15:51.577000
 CVE-2024-3706,0,0,93b27543775cdce8e7b256b8d014ea258e7a61f0ddb1cca03581da1a85330700,2024-04-15T13:15:51.577000
@ -252189,7 +252191,7 @@ CVE-2024-5338,0,0,f1fc65a7b53696dcb1b22f7cb4a402d175011424b23786711e5e263fd7ec2e
 CVE-2024-5339,0,0,06454cd858966bd04fe11523962adaa26a10dc55f1781c23c279a6bf8e0f1118,2024-05-28T12:39:42.673000
 CVE-2024-5340,0,0,c66c0c9e55de3c725084d3080da1dc604d47daf703d95b2c548541ec6a382225,2024-05-28T12:39:42.673000
 CVE-2024-5341,0,0,2b72dd4ef57e598a2469a1d6786a4762ce0fcb8187c35f2f4bd1ff39b4044b7e,2024-05-30T13:15:41.297000
-CVE-2024-5345,1,1,ab408465466f89085738a2657691827a8c34288c9c24d6282b532357c2e7aa95,2024-05-31T03:15:08.613000
+CVE-2024-5345,0,0,ab408465466f89085738a2657691827a8c34288c9c24d6282b532357c2e7aa95,2024-05-31T03:15:08.613000
 CVE-2024-5350,0,0,60bbd22831ddecb115d40713a9dc768f9983e70563a63aa9f7486c68fbd4f9e1,2024-05-28T12:39:42.673000
 CVE-2024-5351,0,0,75936f9a30b9b2678d667660507da4226e150a018add31c316ae6f6c8d9a34b8,2024-05-28T12:39:42.673000
 CVE-2024-5352,0,0,436cc86ab2a56db91a02662bc69df77d88892fce705caf803e28ba33694f3f1c,2024-05-28T12:39:42.673000
@ -252246,7 +252248,7 @@ CVE-2024-5411,0,0,e0e2b037ba712eee566a50718dc689d20775fc59c9b248d0618a71b0dcd07b
 CVE-2024-5413,0,0,b82b9711af907924143b902545bad47c16b9191e82f7488c30e422ab2732b1e2,2024-05-28T14:59:09.827000
 CVE-2024-5414,0,0,00699255cb30deaace9d09c2453b71a81be7d08b48d1c00b566847910d37827a,2024-05-28T14:59:09.827000
 CVE-2024-5415,0,0,30fb2f383abca6cc2ff9ab88331c18d1b11c9d102c850a6497c8044d92363f58,2024-05-28T14:59:09.827000
-CVE-2024-5418,1,1,1d2ad2df007595b2da9031a43cb4322b2ece3287a48cad8d9581b799a377fd31,2024-05-31T03:15:08.853000
+CVE-2024-5418,0,0,1d2ad2df007595b2da9031a43cb4322b2ece3287a48cad8d9581b799a377fd31,2024-05-31T03:15:08.853000
 CVE-2024-5428,0,0,48df461aef64d2744feebfecb3948a4ed7b72d467be8b3109a057cc13cad6e25,2024-05-28T14:59:09.827000
 CVE-2024-5433,0,0,d0946774ada383b4af0e78f23b9c449d05f83a7124810af4e383f90b0cdbda75,2024-05-29T13:02:09.280000
 CVE-2024-5434,0,0,dc2716eb218edba725ac85c17a2930de7a00b6563d0ca53040574106ea0b92ed,2024-05-29T13:02:09.280000