Auto-Update: 2024-07-28T04:00:16.789234+00:00

2025-05-08 19:47:09 +00:00 · 2024-07-28 04:03:11 +00:00 · 2024-07-28 04:03:11 +00:00 · f3600343c7
commit f3600343c7
parent fa3c399ad1
7 changed files with 524 additions and 322 deletions
--- a/CVE-2024/CVE-2024-420xx/CVE-2024-42049.json
+++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42049.json
@ -0,0 +1,25 @@
+{
+  "id": "CVE-2024-42049",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-28T02:15:09.823",
+  "lastModified": "2024-07-28T02:15:09.823",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "TightVNC (Server for Windows) before 2.8.84 allows attackers to connect to the control pipe via a network connection."
+    }
+  ],
+  "metrics": {},
+  "references": [
+    {
+      "url": "https://sourceforge.net/p/vnc-tight/bugs/1629/",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.tightvnc.com/whatsnew.php",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-420xx/CVE-2024-42050.json
+++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42050.json
@ -0,0 +1,48 @@
+{
+  "id": "CVE-2024-42050",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-28T03:15:01.767",
+  "lastModified": "2024-07-28T03:15:01.767",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The MSI installer for Splashtop Streamer for Windows before 3.7.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM via an oplock on CredProvider_Inst.reg."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.0,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.0,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/4.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/25584410412571--Splashtop-Streamer-version-v3-7-0-0-for-Windows-released",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-420xx/CVE-2024-42051.json
+++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42051.json
@ -0,0 +1,48 @@
+{
+  "id": "CVE-2024-42051",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-28T03:15:02.033",
+  "lastModified": "2024-07-28T03:15:02.033",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The MSI installer for Splashtop Streamer for Windows before 3.6.2.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by replacing InstRegExp.reg."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/3.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/20716875636763-Splashtop-Streamer-version-v3-6-2-0-for-Windows-released",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-420xx/CVE-2024-42052.json
+++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42052.json
@ -0,0 +1,48 @@
+{
+  "id": "CVE-2024-42052",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-28T03:15:02.223",
+  "lastModified": "2024-07-28T03:15:02.223",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The MSI installer for Splashtop Streamer for Windows before 3.5.8.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a wevtutil.exe file in the folder."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/1.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/15813655496603-Splashtop-Streamer-version-v3-5-8-0-for-Windows-released",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-420xx/CVE-2024-42053.json
+++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42053.json
@ -0,0 +1,48 @@
+{
+  "id": "CVE-2024-42053",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-28T03:15:02.400",
+  "lastModified": "2024-07-28T03:15:02.400",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The MSI installer for Splashtop Streamer for Windows before 3.6.0.0 uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges to SYSTEM by placing a version.dll file in the folder."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 7.8,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/SpacePlant/Vulns/blob/main/Advisories/2024/2.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://support-splashtopbusiness.splashtop.com/hc/en-us/articles/18223802896539-Splashtop-Streamer-version-v3-6-0-0-for-Windows-released",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-28T02:00:17.163281+00:00
+2024-07-28T04:00:16.789234+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-27T22:15:01.833000+00:00
+2024-07-28T03:15:02.400000+00:00
 ```

 ### Last Data Feed Release
@ -33,44 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-258087
+258092
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `0`
+Recently added CVEs: `5`

+- [CVE-2024-42049](CVE-2024/CVE-2024-420xx/CVE-2024-42049.json) (`2024-07-28T02:15:09.823`)
+- [CVE-2024-42050](CVE-2024/CVE-2024-420xx/CVE-2024-42050.json) (`2024-07-28T03:15:01.767`)
+- [CVE-2024-42051](CVE-2024/CVE-2024-420xx/CVE-2024-42051.json) (`2024-07-28T03:15:02.033`)
+- [CVE-2024-42052](CVE-2024/CVE-2024-420xx/CVE-2024-42052.json) (`2024-07-28T03:15:02.223`)
+- [CVE-2024-42053](CVE-2024/CVE-2024-420xx/CVE-2024-42053.json) (`2024-07-28T03:15:02.400`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `292`
+Recently modified CVEs: `0`

- [CVE-2024-6405](CVE-2024/CVE-2024-64xx/CVE-2024-6405.json) (`2024-07-01T12:37:24.220`)
- [CVE-2024-6421](CVE-2024/CVE-2024-64xx/CVE-2024-6421.json) (`2024-07-11T13:05:54.930`)
- [CVE-2024-6422](CVE-2024/CVE-2024-64xx/CVE-2024-6422.json) (`2024-07-11T13:05:54.930`)
- [CVE-2024-6589](CVE-2024/CVE-2024-65xx/CVE-2024-6589.json) (`2024-07-25T12:36:39.947`)
- [CVE-2024-6621](CVE-2024/CVE-2024-66xx/CVE-2024-6621.json) (`2024-07-16T13:43:58.773`)
- [CVE-2024-6799](CVE-2024/CVE-2024-67xx/CVE-2024-6799.json) (`2024-07-19T13:01:44.567`)
- [CVE-2024-6904](CVE-2024/CVE-2024-69xx/CVE-2024-6904.json) (`2024-07-19T13:01:44.567`)
- [CVE-2024-6905](CVE-2024/CVE-2024-69xx/CVE-2024-6905.json) (`2024-07-19T13:01:44.567`)
- [CVE-2024-6906](CVE-2024/CVE-2024-69xx/CVE-2024-6906.json) (`2024-07-19T13:01:44.567`)
- [CVE-2024-6907](CVE-2024/CVE-2024-69xx/CVE-2024-6907.json) (`2024-07-19T13:01:44.567`)
- [CVE-2024-6916](CVE-2024/CVE-2024-69xx/CVE-2024-6916.json) (`2024-07-19T13:01:44.567`)
- [CVE-2024-6972](CVE-2024/CVE-2024-69xx/CVE-2024-6972.json) (`2024-07-25T12:36:39.947`)
- [CVE-2024-7047](CVE-2024/CVE-2024-70xx/CVE-2024-7047.json) (`2024-07-25T12:36:39.947`)
- [CVE-2024-7057](CVE-2024/CVE-2024-70xx/CVE-2024-7057.json) (`2024-07-25T12:36:39.947`)
- [CVE-2024-7060](CVE-2024/CVE-2024-70xx/CVE-2024-7060.json) (`2024-07-25T12:36:39.947`)
- [CVE-2024-7062](CVE-2024/CVE-2024-70xx/CVE-2024-7062.json) (`2024-07-26T12:38:41.683`)
- [CVE-2024-7068](CVE-2024/CVE-2024-70xx/CVE-2024-7068.json) (`2024-07-25T17:47:18.717`)
- [CVE-2024-7069](CVE-2024/CVE-2024-70xx/CVE-2024-7069.json) (`2024-07-25T17:33:53.777`)
- [CVE-2024-7091](CVE-2024/CVE-2024-70xx/CVE-2024-7091.json) (`2024-07-25T12:36:39.947`)
- [CVE-2024-7115](CVE-2024/CVE-2024-71xx/CVE-2024-7115.json) (`2024-07-26T12:38:41.683`)
- [CVE-2024-7116](CVE-2024/CVE-2024-71xx/CVE-2024-7116.json) (`2024-07-26T12:38:41.683`)
- [CVE-2024-7117](CVE-2024/CVE-2024-71xx/CVE-2024-7117.json) (`2024-07-26T12:38:41.683`)
- [CVE-2024-7118](CVE-2024/CVE-2024-71xx/CVE-2024-7118.json) (`2024-07-26T12:38:41.683`)
- [CVE-2024-7119](CVE-2024/CVE-2024-71xx/CVE-2024-7119.json) (`2024-07-26T12:38:41.683`)
- [CVE-2024-7120](CVE-2024/CVE-2024-71xx/CVE-2024-7120.json) (`2024-07-26T12:38:41.683`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv