diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45824.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45824.json new file mode 100644 index 00000000000..03be0368df4 --- /dev/null +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45824.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-45824", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T19:15:57.027", + "lastModified": "2024-03-25T19:15:57.027", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-482xx/CVE-2023-48296.json b/CVE-2023/CVE-2023-482xx/CVE-2023-48296.json new file mode 100644 index 00000000000..d71f035af0f --- /dev/null +++ b/CVE-2023/CVE-2023-482xx/CVE-2023-48296.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2023-48296", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T19:15:57.300", + "lastModified": "2024-03-25T19:15:57.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4.\n" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/oroinc/orocommerce/commit/41c526498012d44cd88852c63697f1ef53b61db8", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/oroinc/orocommerce/security/advisories/GHSA-v7px-46v9-5qwp", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-272xx/CVE-2024-27299.json b/CVE-2024/CVE-2024-272xx/CVE-2024-27299.json new file mode 100644 index 00000000000..1a912231c81 --- /dev/null +++ b/CVE-2024/CVE-2024-272xx/CVE-2024-27299.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-27299", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T19:15:57.563", + "lastModified": "2024-03-25T19:15:57.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the \"Add News\" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-273xx/CVE-2024-27300.json b/CVE-2024/CVE-2024-273xx/CVE-2024-27300.json new file mode 100644 index 00000000000..0a1ed7def2a --- /dev/null +++ b/CVE-2024/CVE-2024-273xx/CVE-2024-27300.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-27300", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T19:15:57.807", + "lastModified": "2024-03-25T19:15:57.807", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28105.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28105.json new file mode 100644 index 00000000000..031fd0f31fa --- /dev/null +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28105.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28105", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T19:15:58.020", + "lastModified": "2024-03-25T19:15:58.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28106.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28106.json new file mode 100644 index 00000000000..f5a1aa9d69d --- /dev/null +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28106.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28106", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T19:15:58.263", + "lastModified": "2024-03-25T19:15:58.263", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28107.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28107.json new file mode 100644 index 00000000000..3dfd07231e5 --- /dev/null +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28107.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28107", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T19:15:58.477", + "lastModified": "2024-03-25T19:15:58.477", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-281xx/CVE-2024-28108.json b/CVE-2024/CVE-2024-281xx/CVE-2024-28108.json new file mode 100644 index 00000000000..04bfae78097 --- /dev/null +++ b/CVE-2024/CVE-2024-281xx/CVE-2024-28108.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-28108", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T19:15:58.700", + "lastModified": "2024-03-25T19:15:58.700", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28243.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28243.json new file mode 100644 index 00000000000..9e9967a1db9 --- /dev/null +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28243.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28243", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T20:15:07.950", + "lastModified": "2024-03-25T20:15:07.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-674" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28244.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28244.json new file mode 100644 index 00000000000..7f75ed07f55 --- /dev/null +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28244.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28244", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T20:15:08.160", + "lastModified": "2024-03-25T20:15:08.160", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\def` or `\\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for \"Unicode (sub|super)script characters\" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-674" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28245.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28245.json new file mode 100644 index 00000000000..c60b24f3ca5 --- /dev/null +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28245.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28245", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T20:15:08.370", + "lastModified": "2024-03-25T20:15:08.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28246.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28246.json new file mode 100644 index 00000000000..da66b58155c --- /dev/null +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28246.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-28246", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T20:15:08.580", + "lastModified": "2024-03-25T20:15:08.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-184" + }, + { + "lang": "en", + "value": "CWE-697" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-288xx/CVE-2024-28850.json b/CVE-2024/CVE-2024-288xx/CVE-2024-28850.json new file mode 100644 index 00000000000..a92c7dabba0 --- /dev/null +++ b/CVE-2024/CVE-2024-288xx/CVE-2024-28850.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-28850", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T19:15:58.947", + "lastModified": "2024-03-25T19:15:58.947", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential for this feature to be vulnerable to RCE if it were specifically targeted via vulnerability chaining that exploited a separate SQLi (or similar) vulnerability. This is exploitable on a site if one of the below preconditions are met, the site is vulnerable to a writeable SQLi vulnerability in any plugin, theme, or WordPress core, the site's database is compromised at the hosting level, the site is vulnerable to a method of updating arbitrary options in the wp_options table, or the site is vulnerable to a method of triggering an arbitrary action, filter, or function with control of the parameters. As a hardening measure, WP Crontrol version 1.16.2 ships with a new feature that prevents tampering of the code stored in a PHP cron event." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.4, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-494" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/johnbillion/wp-crontrol/releases/tag/1.16.2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/johnbillion/wp-crontrol/security/advisories/GHSA-9xvf-cjvf-ff5q", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29025.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29025.json new file mode 100644 index 00000000000..7e018caf11a --- /dev/null +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29025.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-29025", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-03-25T20:15:08.797", + "lastModified": "2024-03-25T20:15:08.797", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-295xx/CVE-2024-29515.json b/CVE-2024/CVE-2024-295xx/CVE-2024-29515.json new file mode 100644 index 00000000000..7e83d7f010f --- /dev/null +++ b/CVE-2024/CVE-2024-295xx/CVE-2024-29515.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-29515", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-25T19:15:59.190", + "lastModified": "2024-03-25T19:15:59.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zzq66/cve7/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-296xx/CVE-2024-29666.json b/CVE-2024/CVE-2024-296xx/CVE-2024-29666.json new file mode 100644 index 00000000000..180ab4703b4 --- /dev/null +++ b/CVE-2024/CVE-2024-296xx/CVE-2024-29666.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-29666", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-03-25T19:15:59.253", + "lastModified": "2024-03-25T19:15:59.253", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/whgojp/cve-reports/wiki/There-is-a-weak-password-in-the-CMSV6-vehicle-monitoring-platform-system", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index a8a6c59fc11..37eba7c76ac 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-03-25T19:00:48.438871+00:00 +2024-03-25T21:00:49.911388+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-03-25T18:15:08.617000+00:00 +2024-03-25T20:15:08.797000+00:00 ``` ### Last Data Feed Release @@ -29,33 +29,35 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -242601 +242617 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `16` +* [CVE-2023-45824](CVE-2023/CVE-2023-458xx/CVE-2023-45824.json) (`2024-03-25T19:15:57.027`) +* [CVE-2023-48296](CVE-2023/CVE-2023-482xx/CVE-2023-48296.json) (`2024-03-25T19:15:57.300`) +* [CVE-2024-27299](CVE-2024/CVE-2024-272xx/CVE-2024-27299.json) (`2024-03-25T19:15:57.563`) +* [CVE-2024-27300](CVE-2024/CVE-2024-273xx/CVE-2024-27300.json) (`2024-03-25T19:15:57.807`) +* [CVE-2024-28105](CVE-2024/CVE-2024-281xx/CVE-2024-28105.json) (`2024-03-25T19:15:58.020`) +* [CVE-2024-28106](CVE-2024/CVE-2024-281xx/CVE-2024-28106.json) (`2024-03-25T19:15:58.263`) +* [CVE-2024-28107](CVE-2024/CVE-2024-281xx/CVE-2024-28107.json) (`2024-03-25T19:15:58.477`) +* [CVE-2024-28108](CVE-2024/CVE-2024-281xx/CVE-2024-28108.json) (`2024-03-25T19:15:58.700`) +* [CVE-2024-28243](CVE-2024/CVE-2024-282xx/CVE-2024-28243.json) (`2024-03-25T20:15:07.950`) +* [CVE-2024-28244](CVE-2024/CVE-2024-282xx/CVE-2024-28244.json) (`2024-03-25T20:15:08.160`) +* [CVE-2024-28245](CVE-2024/CVE-2024-282xx/CVE-2024-28245.json) (`2024-03-25T20:15:08.370`) +* [CVE-2024-28246](CVE-2024/CVE-2024-282xx/CVE-2024-28246.json) (`2024-03-25T20:15:08.580`) +* [CVE-2024-28850](CVE-2024/CVE-2024-288xx/CVE-2024-28850.json) (`2024-03-25T19:15:58.947`) +* [CVE-2024-29025](CVE-2024/CVE-2024-290xx/CVE-2024-29025.json) (`2024-03-25T20:15:08.797`) +* [CVE-2024-29515](CVE-2024/CVE-2024-295xx/CVE-2024-29515.json) (`2024-03-25T19:15:59.190`) +* [CVE-2024-29666](CVE-2024/CVE-2024-296xx/CVE-2024-29666.json) (`2024-03-25T19:15:59.253`) ### CVEs modified in the last Commit -Recently modified CVEs: `14` +Recently modified CVEs: `0` -* [CVE-2020-10256](CVE-2020/CVE-2020-102xx/CVE-2020-10256.json) (`2024-03-25T17:51:51.010`) -* [CVE-2022-32550](CVE-2022/CVE-2022-325xx/CVE-2022-32550.json) (`2024-03-25T17:51:51.010`) -* [CVE-2023-5388](CVE-2023/CVE-2023-53xx/CVE-2023-5388.json) (`2024-03-25T17:15:51.337`) -* [CVE-2024-0553](CVE-2024/CVE-2024-05xx/CVE-2024-0553.json) (`2024-03-25T18:15:08.443`) -* [CVE-2024-0743](CVE-2024/CVE-2024-07xx/CVE-2024-0743.json) (`2024-03-25T17:15:51.580`) -* [CVE-2024-1580](CVE-2024/CVE-2024-15xx/CVE-2024-1580.json) (`2024-03-25T18:15:08.617`) -* [CVE-2024-2607](CVE-2024/CVE-2024-26xx/CVE-2024-2607.json) (`2024-03-25T17:15:51.727`) -* [CVE-2024-2608](CVE-2024/CVE-2024-26xx/CVE-2024-2608.json) (`2024-03-25T17:15:51.783`) -* [CVE-2024-2610](CVE-2024/CVE-2024-26xx/CVE-2024-2610.json) (`2024-03-25T17:15:51.833`) -* [CVE-2024-2611](CVE-2024/CVE-2024-26xx/CVE-2024-2611.json) (`2024-03-25T17:15:51.880`) -* [CVE-2024-2612](CVE-2024/CVE-2024-26xx/CVE-2024-2612.json) (`2024-03-25T17:15:51.923`) -* [CVE-2024-2614](CVE-2024/CVE-2024-26xx/CVE-2024-2614.json) (`2024-03-25T17:15:51.963`) -* [CVE-2024-2616](CVE-2024/CVE-2024-26xx/CVE-2024-2616.json) (`2024-03-25T17:15:52.007`) -* [CVE-2024-29944](CVE-2024/CVE-2024-299xx/CVE-2024-29944.json) (`2024-03-25T17:15:51.670`) ## Download and Usage diff --git a/_state.csv b/_state.csv index a5d562f4a37..5262b3a94c1 100644 --- a/_state.csv +++ b/_state.csv @@ -145264,7 +145264,7 @@ CVE-2020-10251,0,0,60e00adc7774dee6d942361b5e0b5c06f892d31971df1667ec59378582af4 CVE-2020-10252,0,0,43cfb0f02c23e5df75b2573d59d524860ea2f61a2ff40097d256e2fa8d38acbc,2021-02-25T20:45:02.763000 CVE-2020-10254,0,0,a0db30a70fc6c5194ca13da5290065f4886d2fd95dd9343784ea2e45818ccc9b,2021-02-25T20:38:04.830000 CVE-2020-10255,0,0,9d937a674671927b820fea6c660adc54c3e0cb2f740c1152e2e888d23bdd3e9d,2020-03-16T15:23:07.183000 -CVE-2020-10256,0,1,a947828f363adcf4866b2f95aff136b660f824c75d3f15aff38b00b5d52bedc2,2024-03-25T17:51:51.010000 +CVE-2020-10256,0,0,a947828f363adcf4866b2f95aff136b660f824c75d3f15aff38b00b5d52bedc2,2024-03-25T17:51:51.010000 CVE-2020-10257,0,0,3db6f53035bf70b0f9c4e177f8691fcd6911e5880d45922af74d1de50ef17111,2021-07-21T11:39:23.747000 CVE-2020-1026,0,0,8abe83399268ab9ab7dbd4d63bfe6a90074a97f61d5d5d29e2ebb67d53c1fb51,2021-07-21T11:39:23.747000 CVE-2020-10262,0,0,96fd73feb8733734e0df3f2a8fb7066bfa7d40dc30900386676d4063b4017133,2021-07-21T11:39:23.747000 @@ -199516,7 +199516,7 @@ CVE-2022-32547,0,0,a5bd6a51ac6b6b46626cf08213f993683dd84ba1a906d5a3b07a4998ddb32 CVE-2022-32548,0,0,09b723dcb5ee0280441cf4085cdd31465fd5d058440db41b872b2c3044ddb019,2022-09-01T19:56:25.640000 CVE-2022-32549,0,0,2e321239b7da9d0e9f7831c66c17606cb59cc2529d599af8d5064e404894fc90,2022-06-29T16:26:28.237000 CVE-2022-3255,0,0,20cff5462333056b961e799c5a4e584e8f1e98472b11a4bb67e4bc06520bda87,2022-09-23T14:04:48.100000 -CVE-2022-32550,0,1,4506c071d389fa5f835f0d940b054c4284a431a1db069339baf104a909699a75,2024-03-25T17:51:51.010000 +CVE-2022-32550,0,0,4506c071d389fa5f835f0d940b054c4284a431a1db069339baf104a909699a75,2024-03-25T17:51:51.010000 CVE-2022-32551,0,0,889fe3f166cc63ae88d0540a95aa577b889dc61a2e1bee488ba5fbbb4c65000e,2022-07-12T18:44:45.453000 CVE-2022-32552,0,0,b7d1e565c51bc07f680141408d403d02617c58441a6539541c2f984524cd9540,2022-07-05T13:20:01.290000 CVE-2022-32553,0,0,a56029ba5246bd0dcfbac9a731105655fd3365fde64a1e19d9486af6747a6d87,2022-07-05T13:19:39.413000 @@ -231991,6 +231991,7 @@ CVE-2023-45820,0,0,f4c6a52d92a393c30847b4fc71894062e36da3ea4724378ac79251737821e CVE-2023-45821,0,0,c39b8ec690d7ab53b53258af4c85cbc98ead20fb8fb737080a2aefa59f2b219f,2023-10-31T15:48:49.977000 CVE-2023-45822,0,0,ec4085568120c2cdea66e618f4ad439349d930087a5d3f00d4f5af9a3e3690bd,2023-10-30T15:37:49.727000 CVE-2023-45823,0,0,c21a8f8120dd7efefb38d08e112bb6f41c1bc7889398b8ee0408a5ed5bac79fd,2023-10-30T15:35:37.783000 +CVE-2023-45824,1,1,049ea66a88d9027e0bd609d8da3a295a48e69ffec8dd943c52500e5590663021,2024-03-25T19:15:57.027000 CVE-2023-45825,0,0,88414c995076aa67d7f5d51bd87528e1f50db1b996348b886a8da3a42fd9881b,2023-10-27T18:17:11.990000 CVE-2023-45826,0,0,fb4fdde2234a33997d031bde8bd96295768aa3cdeb0dcb1add36c3acf5e6b149,2023-10-27T15:27:30.243000 CVE-2023-45827,0,0,590a647d29b19685fbfbe01785d9adf29e729c96d9c4a8d18d11575e526cfd85,2023-11-14T17:10:21.330000 @@ -233572,6 +233573,7 @@ CVE-2023-48292,0,0,68d5cac89456a75198e9f6724909e441fd8528b6f63cb54901138a8ef8533 CVE-2023-48293,0,0,3ec70bbcd91ac8140cabac70ad06065e2f73970aa51dc5a1d0f7ade1ae16b5cc,2023-11-29T18:02:07.070000 CVE-2023-48294,0,0,fb8bcdc0e962b03803bc66dd0b7948bdf3959e9ed068a6ab7e81686dd3e32643,2023-11-29T20:53:09.650000 CVE-2023-48295,0,0,c4c863fa0b65897d7af34fb0a7266543c2b1ed1d72e8fe5e40a567e24c2f3179,2023-11-25T01:21:51.610000 +CVE-2023-48296,1,1,2291d4912761a0bb527daaa12e65d1f364ff0766de72eb5168c6cdd1e4d384d6,2024-03-25T19:15:57.300000 CVE-2023-48297,0,0,8a9cc863aeec88effa9ed330fa7727693d20a3e8d6045445ff75b2b400886967,2024-01-25T15:42:48.877000 CVE-2023-48298,0,0,bc14e6e563010c8c6da73e3d2f28166bd0101a74a9a67d9b6073db0700a17331,2024-01-03T02:23:30.487000 CVE-2023-48299,0,0,8429fd27dcc103e7be0bb9740840a90f90d570b535fb154e7a4a4ae3a4eb18d0,2023-11-29T02:31:52.117000 @@ -236306,7 +236308,7 @@ CVE-2023-5384,0,0,441f1b8a30756cc9b5f3117d86e72f400495bdf444d07abaff550854597f23 CVE-2023-5385,0,0,9ae213cb30ffb83a1a2cc696047d7aba4caab30c852d1ef2dcb64596a9208adb,2023-11-27T20:13:07.160000 CVE-2023-5386,0,0,bfe87044f02046ad817ff7d54d504256b17a835afbb668f0ba9ab1d54dcdd82f,2023-11-27T20:14:47.710000 CVE-2023-5387,0,0,45867b8235da7c9a90990530159b5190e5bd4e4eb429c6ce43ac3327afc64eac,2023-11-27T20:15:21.673000 -CVE-2023-5388,0,1,d8419ed9d62f698fc384ecf6a010e6209ef73e8b48bd2655f43e432d46603c08,2024-03-25T17:15:51.337000 +CVE-2023-5388,0,0,d8419ed9d62f698fc384ecf6a010e6209ef73e8b48bd2655f43e432d46603c08,2024-03-25T17:15:51.337000 CVE-2023-5389,0,0,07d2db5823402611439109f7f34a4853364795f9958639185189e21209a9cfea,2024-02-08T15:20:04.057000 CVE-2023-5390,0,0,7ebaee5947d3e1f1edd0aa63aeb1bb5e132bc79873105ca039e3fefbf61f0d4e,2024-02-08T17:18:46.787000 CVE-2023-5391,0,0,e65a9210280128a68a8a49095d5446b17a62134416876921dbd7f459dcc8b6e5,2024-02-01T00:49:46.897000 @@ -238200,7 +238202,7 @@ CVE-2024-0548,0,0,80207705746d060513163459f8fabc8aa4f06c77a1331e952faa3622cbea6d CVE-2024-0550,0,0,dfdea658ff2d4a5d2800f15c765c429e9f95b5fed7f08da72945c2e826e379dc,2024-02-28T14:06:45.783000 CVE-2024-0551,0,0,922e360153a9dcbd60fbe4dfaeb3541f29c0a6e954574d84c77eb44458c1c662,2024-02-27T14:19:41.650000 CVE-2024-0552,0,0,cb39895c5b0e747125001c9ad52f066ef8fb141fe496b45dac067f5c5920590c,2024-01-23T19:34:05.483000 -CVE-2024-0553,0,1,e2cbe1c8429d5f6f433e77535bc93ac8931da8c66b87ddc1723c2726c8e27f4e,2024-03-25T18:15:08.443000 +CVE-2024-0553,0,0,e2cbe1c8429d5f6f433e77535bc93ac8931da8c66b87ddc1723c2726c8e27f4e,2024-03-25T18:15:08.443000 CVE-2024-0554,0,0,c587d882bb90cc8a790d9405a76226eece938e548c8d6d0dfa16bb5ef9afac58,2024-01-23T19:37:17.313000 CVE-2024-0555,0,0,e27068c658ab2fe0ade46b360f75382aad49de171a45cc11ac1210a06742603e,2024-01-23T19:57:48.237000 CVE-2024-0556,0,0,58e51148ac56dc3dc5f63a5ecb0eb821e6a1130d50e3147308ecd24775c94ea7,2024-01-23T19:44:47.387000 @@ -238359,7 +238361,7 @@ CVE-2024-0738,0,0,ee10ed3c4f4e3e86327151617a4af196ee1f28a0a53bff1b5fb0cb6653f224 CVE-2024-0739,0,0,10e21229d49a20dc89ab08d940d4f1089a7db28e12de2fcab4977d5ab051acb1,2024-03-21T02:51:23.707000 CVE-2024-0741,0,0,a9fda7b42aa854b426665305c7828769c163150b209cbb19ab9d616db9041a98,2024-02-02T17:19:30.117000 CVE-2024-0742,0,0,1ae741d10e1bed36bf34ad7f16caeaf1531efb403a5a51e45593c25df5bee474,2024-02-02T17:19:23.497000 -CVE-2024-0743,0,1,dacaa2aeaf68f1371f0b5cca1647090718e67fd338218ae3423f36780ae31307,2024-03-25T17:15:51.580000 +CVE-2024-0743,0,0,dacaa2aeaf68f1371f0b5cca1647090718e67fd338218ae3423f36780ae31307,2024-03-25T17:15:51.580000 CVE-2024-0744,0,0,e96805dde96bfb723552d652089a0f0d2e0f936866d1fca2d8bc36dda88ad35c,2024-01-29T22:47:40.353000 CVE-2024-0745,0,0,e95f46af45f166ba44148aad2d02421e51785e292696d491c32d77e99976a28a,2024-01-30T16:08:53.497000 CVE-2024-0746,0,0,86e154f7304b77b0253dd3ebca2a1985a3fb1b8ae7973ed11288f18ffe31e532,2024-02-02T17:19:10.737000 @@ -238966,7 +238968,7 @@ CVE-2024-1564,0,0,84875cf797fa64328b336ae33772e46886c72657e3c983b9d184a2a3d50ffd CVE-2024-1566,0,0,fae18125d42af6480c1fb49e1e6428a52d2bf4f1074f21a5dfe482b2c8d87086,2024-02-28T14:06:45.783000 CVE-2024-1568,0,0,03adf0f94bdba0662cb278cdaa3b54a5cd3ae08b3ef89a1e89169605096fa6c9,2024-02-28T14:06:45.783000 CVE-2024-1570,0,0,fa96633d08cf4f7a9a083fffefdd325991610013e77e1890328cb3b85d75e300,2024-02-29T13:49:29.390000 -CVE-2024-1580,0,1,57a066d99d2330e02b559e213967b9537c09f53446ae713bb9e775797aeaae56,2024-03-25T18:15:08.617000 +CVE-2024-1580,0,0,57a066d99d2330e02b559e213967b9537c09f53446ae713bb9e775797aeaae56,2024-03-25T18:15:08.617000 CVE-2024-1582,0,0,5801086f12a7b25e0a24481309300eacfe3989ff6a37128452730610efa279b1,2024-03-13T12:33:51.697000 CVE-2024-1585,0,0,e91f99f5d286c3afef1058be20d258b7aa9acfdf346cd5b86fd70de17ee7844a,2024-03-13T18:15:58.530000 CVE-2024-1586,0,0,0f7dcaaedeb3b15eee35c0b1fbce415960454d76b6eae4dff9a3ecfad1011e31,2024-02-29T13:49:29.390000 @@ -241672,14 +241674,14 @@ CVE-2024-26064,0,0,ff144dd493cab1ed761f56b7eed61318aa93a620b7f1f749119957a2f49a9 CVE-2024-26065,0,0,f05434d986097dd89c414a15c420cdddc61d6433e66c11de1a1a2441f62c78a5,2024-03-18T19:40:00.173000 CVE-2024-26067,0,0,771feae423c61b47115f901b11f3c3dcf0abf651e532228608443b53ddaf898b,2024-03-18T19:40:00.173000 CVE-2024-26069,0,0,816c3bf702e981a32d8f2cbc8f4ffc747fd5bb2fd9e85087b9348ecbb0d6a22b,2024-03-18T19:40:00.173000 -CVE-2024-2607,0,1,89a26984e83bf730f9e0ffcdf869aba87099eedf56fce22909503cb84d4113dd,2024-03-25T17:15:51.727000 +CVE-2024-2607,0,0,89a26984e83bf730f9e0ffcdf869aba87099eedf56fce22909503cb84d4113dd,2024-03-25T17:15:51.727000 CVE-2024-26073,0,0,6888cf6593fb4013d9ac96b5e0e04253a32891793ba0fc6b5d0f9bb6acf56fbf,2024-03-18T19:40:00.173000 -CVE-2024-2608,0,1,ae6bcd3c34b2e2d2990ddd5b5011c47bd45b71daefa72e13093360a8fd3053e7,2024-03-25T17:15:51.783000 +CVE-2024-2608,0,0,ae6bcd3c34b2e2d2990ddd5b5011c47bd45b71daefa72e13093360a8fd3053e7,2024-03-25T17:15:51.783000 CVE-2024-26080,0,0,4c7f5e68dedcd9fba242c25344b93a9a82fec0775eb26628d32eb9d1bc78f44c,2024-03-18T19:40:00.173000 CVE-2024-2609,0,0,cc8825c211fc81d11ba8d4a686cc4e666f184437fb79cc71e4c781293d9d0cab,2024-03-19T13:26:46 CVE-2024-26094,0,0,85e3ce7a818102789382308d4aee284348d003fd2b7cf5cdd2a80c2099ce4bab,2024-03-18T19:40:00.173000 CVE-2024-26096,0,0,7149acbb034794a59086aa3fa6e989a4571021a73871d6ede0203941e15d68d8,2024-03-18T19:40:00.173000 -CVE-2024-2610,0,1,67723a01564f2caea2c87514edec943383e963cca14b6936c961f3c55ac7dad5,2024-03-25T17:15:51.833000 +CVE-2024-2610,0,0,67723a01564f2caea2c87514edec943383e963cca14b6936c961f3c55ac7dad5,2024-03-25T17:15:51.833000 CVE-2024-26101,0,0,a99024df1b18b54a773096b0beb63b24fd79a9e9974023773ae59f2a37feed95,2024-03-18T19:40:00.173000 CVE-2024-26102,0,0,238e693f3e2d466bc8d2c153335d74273ddf22aee27378fc2288011848995267,2024-03-18T19:40:00.173000 CVE-2024-26103,0,0,d8456b4083613d4d8db27a085dde20a49ef73abb0168ef69a30fce12bb31e1c6,2024-03-18T19:40:00.173000 @@ -241687,10 +241689,10 @@ CVE-2024-26104,0,0,26fa5e620c52b2c3f13956dc7ddff142e7a4604a5ec9b5dd0aa8139e69f91 CVE-2024-26105,0,0,11537b15eb4cc2020a0de2c2950a0ccff35f84e7097158552d59dda934784eba,2024-03-18T19:40:00.173000 CVE-2024-26106,0,0,1bcf517c10e9d03e04f36309423fea2ee998c751ee4d56005c66807def8df1c2,2024-03-18T19:40:00.173000 CVE-2024-26107,0,0,08a7d4a713d69f5e9264f33bf201cb0a984991aa907bf9c03d1e9d80640879b3,2024-03-18T19:40:00.173000 -CVE-2024-2611,0,1,da0a89015b2775908e0c15effdf847fbad8de27ce6d4f2420dc8937b9e1cf1ff,2024-03-25T17:15:51.880000 +CVE-2024-2611,0,0,da0a89015b2775908e0c15effdf847fbad8de27ce6d4f2420dc8937b9e1cf1ff,2024-03-25T17:15:51.880000 CVE-2024-26118,0,0,7c64ac890dd2a49d6d942d5500b1240c8fe85648327d773fcda60ffa1a5badd7,2024-03-18T19:40:00.173000 CVE-2024-26119,0,0,d15b90520fefb7812fc1dd26c7161c951db5fa8c9a1a7a8a2878ce59a176d881,2024-03-18T19:40:00.173000 -CVE-2024-2612,0,1,563748cada404dea46a8a1098e6e9010359bb31f9781cebd62e08951dacf5761,2024-03-25T17:15:51.923000 +CVE-2024-2612,0,0,563748cada404dea46a8a1098e6e9010359bb31f9781cebd62e08951dacf5761,2024-03-25T17:15:51.923000 CVE-2024-26120,0,0,1657b6d18890514d9af3eeebc8c2352500124f93d0e64bb8ac66ddfc251885ca,2024-03-18T19:40:00.173000 CVE-2024-26124,0,0,82c27b96a9dc28b3e1fb2de7ffef79a19fe8428577dd4db99bfdfe3e5dd7dcb3,2024-03-18T19:40:00.173000 CVE-2024-26125,0,0,b8e9f2510a0a2d65e00221b700c4ebf67290c396472beeb55853dce893354627,2024-03-18T19:40:00.173000 @@ -241705,7 +241707,7 @@ CVE-2024-26134,0,0,c48fec61bdbea71825089d60ba10afed6847a83574a5b8775f63985c4fd7b CVE-2024-26135,0,0,59fe0ab8843c555cfe91a706ee16a0503bc6707525e2af12cfc8995ef8319782,2024-02-20T21:52:55.187000 CVE-2024-26136,0,0,bc3bbfc3e7ddd7f5422807ceb3e66f18b225baf2ed7e74657a084b480c15c1ff,2024-02-22T19:07:37.840000 CVE-2024-26138,0,0,4d4da9f47e13e4c424c52e5eff6306f34e02033e2d2c801866f22decefe9c2c2,2024-02-22T19:07:27.197000 -CVE-2024-2614,0,1,74b9e45834bc5f5aff70c95ed7996a007a2a374ad9639edde00afe3bf9f497e0,2024-03-25T17:15:51.963000 +CVE-2024-2614,0,0,74b9e45834bc5f5aff70c95ed7996a007a2a374ad9639edde00afe3bf9f497e0,2024-03-25T17:15:51.963000 CVE-2024-26140,0,0,6de2d0c9ebf70d5d176c18f61310d4c12ab2f9c1ae885cf141ebe9307850ffc6,2024-02-22T19:07:37.840000 CVE-2024-26141,0,0,9df246c55a4395e8557802daf50823ee55f3169dd101c749aaebaef21dae00c2,2024-02-29T13:49:47.277000 CVE-2024-26142,0,0,edb6243c44774fbfc22b55927ba153d435243b85e5fd0fb08002baf86f2fdeda,2024-02-28T14:07:00.563000 @@ -241721,7 +241723,7 @@ CVE-2024-26150,0,0,8ea3c18b0fb78100fc3632066a5c3403e90a7daa780b43e6f9240c2ed9fee CVE-2024-26151,0,0,23d71c73b4a2821ea019a978d698b1910ca82d8c9eb2d93a0500cf52583cbf84,2024-02-23T02:42:54.547000 CVE-2024-26152,0,0,7e68ad422883506103ec46c3174c4872da8a983d075ae50a3e01c580804f4253,2024-02-23T02:42:54.547000 CVE-2024-26159,0,0,8db8f42d5662b161251586cebfdfad3ac7119bf59dcefc0ce4412d5330cc45ab,2024-03-12T17:46:17.273000 -CVE-2024-2616,0,1,e3c92b3b9aca00a51c867346d68b83b884e699ab07afe2070061dd49cd767a57,2024-03-25T17:15:52.007000 +CVE-2024-2616,0,0,e3c92b3b9aca00a51c867346d68b83b884e699ab07afe2070061dd49cd767a57,2024-03-25T17:15:52.007000 CVE-2024-26160,0,0,fa9ab77966a6520f6fd48a75b259529e6a68bdc5f72bc11ac282a7c57a6be71f,2024-03-12T17:46:17.273000 CVE-2024-26161,0,0,179c500caa38708835a1de408543085e57586fd097d7453a1bf1888d48f494e3,2024-03-12T17:46:17.273000 CVE-2024-26162,0,0,abe9736aa1712017432f5ac3cb4f9e06d55b8e6b2899e4fcc1a691ec906deb0c,2024-03-12T17:46:17.273000 @@ -242060,6 +242062,8 @@ CVE-2024-27295,0,0,7b61bc68a0e7596ec39f45cf16eb56847e1e2291e2b9c36b655d40907b360 CVE-2024-27296,0,0,efeac0d0835ce5e895a91174ac6e0936bc76da32bc1ae41fcb14571a12d2985d,2024-03-01T22:22:25.913000 CVE-2024-27297,0,0,4adef5b6b344504047ea652a2ba40cd8b6a71ad7086f702d549e1a8bda9ad1af,2024-03-12T12:40:13.500000 CVE-2024-27298,0,0,1aaf802a3586818726ce977e3c4d8b52b79c9b45f43876bfaeae085dddddd041,2024-03-01T22:22:25.913000 +CVE-2024-27299,1,1,176aea8d23b232e608245888debcb0647d2db76661c9933dd5b0554caf52337a,2024-03-25T19:15:57.563000 +CVE-2024-27300,1,1,3160f448301cd9af5646b8fce77c89cd9d1626279754d262e3ad239ca5375ebc,2024-03-25T19:15:57.807000 CVE-2024-27301,0,0,ea4f96db3674e6fe8e03ff7f55175b1f9fdc58c05fa850d93965ca0498d5bb55,2024-03-14T20:11:36.180000 CVE-2024-27302,0,0,f49f7cb8056f6127ae14fec0cfff2d0bf177dfba1318b206d31d7b548bf3e9f5,2024-03-06T21:42:48.053000 CVE-2024-27303,0,0,5bf58561ed507a70ca73108a11218e0be9a2a377c18b42118ebe9af756d8ec79,2024-03-06T21:42:48.053000 @@ -242246,6 +242250,10 @@ CVE-2024-28098,0,0,e6bafc5c1852b134e115137ad3427dd38b064af4ce40b8aa45bfc1cdd7573 CVE-2024-2810,0,0,b92d6e3c897f758ac7040d83811d4a7f895aec8457cffb8c1afb1549e2cbf96d,2024-03-22T12:45:36.130000 CVE-2024-28101,0,0,e11a50d18e90b930590d2818b294820a502a44e40046d3b082407cc261fb1fa1,2024-03-21T12:58:51.093000 CVE-2024-28102,0,0,5173038e442300ac4f9841553f79acc51f599800474c7e2979929429acf935f8,2024-03-21T12:58:51.093000 +CVE-2024-28105,1,1,1e7beafb03e644141304d24087ff8acd32ac7fc246fe0ea56b912fe6dba4716f,2024-03-25T19:15:58.020000 +CVE-2024-28106,1,1,bb2c389659b7d47d7f4731b5f1aba2a584a421dafc9f1c605b135ae67786751f,2024-03-25T19:15:58.263000 +CVE-2024-28107,1,1,4daf19aae99ff65363486cf8c27fd6cda9c3b2687a68ae8e2ab6467687460c3a,2024-03-25T19:15:58.477000 +CVE-2024-28108,1,1,fec09cb41fe9dd09fa90f08da9d84092bab20ea842ad59e0f701afc0558b4919,2024-03-25T19:15:58.700000 CVE-2024-2811,0,0,f7057bb7f00ea7a6844ea17aaf27f5b41bb400a788aa8b2ef4be0037da4fe7f5,2024-03-22T12:45:36.130000 CVE-2024-28110,0,0,0aa63c709bee34101fee09332c67840fa8b7d5aea01ed58b7f238cd7f26f2f87,2024-03-07T13:52:27.110000 CVE-2024-28111,0,0,ef109000cb681b8950a504435d888106cd334990070bd9ca1f33bba165c1974a,2024-03-07T13:52:27.110000 @@ -242325,6 +242333,10 @@ CVE-2024-28238,0,0,38219e010007b7fe5426826144cd2eabd2e22d36d31c50aa8471901674b52 CVE-2024-28239,0,0,faccbe471f1ae24e1ff85c8426d7d0f8447bb8e496567a24af19b5962ca5e940,2024-03-13T12:33:51.697000 CVE-2024-2824,0,0,b51ff6d9b96df45cee8ace66bda2fe24718173170fbb213d719055238fa4da73,2024-03-22T19:02:10.300000 CVE-2024-28242,0,0,9b0e39431cf5407ac797c89bdeeecca7ea971387c91b8e8005c08f8a0179928d,2024-03-17T22:38:29.433000 +CVE-2024-28243,1,1,e0119a28ec2c44f4cb1af1d18bda62a690b344f16c003db20f70f756f1081594,2024-03-25T20:15:07.950000 +CVE-2024-28244,1,1,934446e44fd5669812bb7e483c32615ece1dc5df50710a3c2a5bb1a3fd0169ea,2024-03-25T20:15:08.160000 +CVE-2024-28245,1,1,c546468cb3694163bd1d797cfe51142dba6cf171909f41053df96a18f5d53143,2024-03-25T20:15:08.370000 +CVE-2024-28246,1,1,a31e3ec472a2fefca7e2d2fc4962d14814e6b1e837b56165e76670e074db0a40,2024-03-25T20:15:08.580000 CVE-2024-28248,0,0,b617812c524b85d27f2a46b3a739648463fa9ffb5a6e46ea47ba0c68bd3fa409,2024-03-19T13:26:46 CVE-2024-28249,0,0,7f01b3731d6ed3594265964b9061da88eb89dfe99b6d59bfec8413859c3ac454,2024-03-19T13:26:46 CVE-2024-2825,0,0,731d564e18c15016bfac25b783d866bfc2b3073e42c4b54f0ca736209097bfbb,2024-03-25T01:51:01.223000 @@ -242465,6 +242477,7 @@ CVE-2024-28835,0,0,807354fa6b4609be92d801df299988ca81259642594a0e94cba8cafe4de90 CVE-2024-28847,0,0,77ca7298b6799783b77992e414cebfaaf69a1bd2c05124cbdf6b914d3e0bb310,2024-03-17T22:38:29.433000 CVE-2024-28848,0,0,f738fe56a5bc4cdb728fabdb4b9cb52618afbf9827db3dbc12ec3f1fb91169bf,2024-03-21T02:52:25.197000 CVE-2024-28849,0,0,5e73d26630408070b9f2d0554aca63f533ce0044a2d97ed66eab06494ab2be18,2024-03-23T03:15:11.970000 +CVE-2024-28850,1,1,1d7ce55a2b28f062d7e286d9465b7ed662f190716d21e23a54ba08f46a8974ec,2024-03-25T19:15:58.947000 CVE-2024-28851,0,0,f15187ac52243f1288d6dabed456ab5bd2287b2db60c97a538d0582f4f0ba12d,2024-03-17T22:38:29.433000 CVE-2024-28854,0,0,8cb03aded6b194ffbf5e93b6a999bfbf01ac8f736343c4fc752b0e38a8bc9f90,2024-03-17T22:38:29.433000 CVE-2024-28855,0,0,2384a3330fde47f752f152bfa13a6226cb6b236bb18ff2466f5e886c7d3e893c,2024-03-19T13:26:46 @@ -242479,6 +242492,7 @@ CVE-2024-28891,0,0,0aa614d18123b6bc2c76e9c8b5d356a2e7d71bba766bbf9db36fdc818df4c CVE-2024-28916,0,0,3588de3801d3f24953276fa6b57f2d684fb38fc8b3ed3ad7d8613e127e6022b7,2024-03-21T12:58:51.093000 CVE-2024-29009,0,0,e428945e790b35d2116d11f320908f919961bf6f75e41d300d21cf55f5bcc19c,2024-03-25T13:47:14.087000 CVE-2024-29018,0,0,996b521b7d9365d8d41596984cc4ea0a166d70f0fc41d183b4857a8a3632cdd4,2024-03-21T12:58:51.093000 +CVE-2024-29025,1,1,598c6a42361f85342a77bfecefe79230d1e37c2f1b5e0396b0f92ae4ecb3d3d5,2024-03-25T20:15:08.797000 CVE-2024-29026,0,0,ae12b0436e3ecdf28001034b69d1ac66de23f0f8b6b646a25aa4e89d5c652db8,2024-03-21T12:58:51.093000 CVE-2024-29027,0,0,0443c0a5c3d136c6828a405e5e82a90c05a4f9edd7fbc1d30ba3bd5c5a4c0f72,2024-03-20T13:00:16.367000 CVE-2024-29031,0,0,7f58d37a0fe973dfcea39547446f82cfc81d56a030b41fe804de053f1e911236,2024-03-22T12:45:36.130000 @@ -242571,7 +242585,9 @@ CVE-2024-29472,0,0,8914457096a81cfec257e1932986907f8b2f25a966f10c0d7629905ec24b0 CVE-2024-29473,0,0,2dcbe7e94767e08f46a9353b62d8f30da500a221f5affb32fc9ef958cfff985b,2024-03-21T12:58:51.093000 CVE-2024-29474,0,0,cd74b93fedbacc13ab911c0f2a2b89e07d9e578953f3b262ce40503b72930e98,2024-03-21T12:58:51.093000 CVE-2024-29499,0,0,bc8db29a97bf5517e5213278d0d5f5ecdec4b51f00adea3262848d25f6e735bc,2024-03-22T19:02:10.300000 +CVE-2024-29515,1,1,56178cd0a3dedb065e0281a7015d8a355456da4af63e18194c370c98d4f6bde4,2024-03-25T19:15:59.190000 CVE-2024-29650,0,0,3de71c7e130cece9a4956a25a7008efc5004a21e047c073aea3bd083423d5a0e,2024-03-25T16:43:06.137000 +CVE-2024-29666,1,1,3d3e8998729d7c81601d3d6c0867b3edf5ea58a2411ca65573245ab0d6ade13e,2024-03-25T19:15:59.253000 CVE-2024-29732,0,0,3aff958eec55f5cf06538251c792be6423021bd21573f6f2f920d098c9ad37bd,2024-03-21T12:58:51.093000 CVE-2024-29858,0,0,585719d860c91771e96e52d882eed744121f21e899f727afe6b381f4ffbb308d,2024-03-21T12:58:51.093000 CVE-2024-29859,0,0,6ebff5730a73f542ffebf0a56f74146bb69314ac3f95118519ec4b678666f245,2024-03-21T12:58:51.093000 @@ -242592,7 +242608,7 @@ CVE-2024-29879,0,0,f281e5565c18f62981e30c243c39ad05583d9bbab1631a620c93b3c78846e CVE-2024-29880,0,0,e4ba47a3336aba44b26bc2b767c682c9997cfe6f0e16a9457e7fe50a3abeaa1c,2024-03-21T15:24:35.093000 CVE-2024-29916,0,0,dd300e18b662f862d3dd0881eace85d81be3f3aaeb79c908bcef100a80a89dd1,2024-03-21T19:47:03.943000 CVE-2024-29943,0,0,39d573a490fc5d2b219e8af270d3feeff9aa72e4341ddd52f10b0ddfa677f78e,2024-03-22T15:34:43.663000 -CVE-2024-29944,0,1,4d21f9c7c1ab1ff30cce77b261f7b06b8e28526248b968d986726dab452f24fc,2024-03-25T17:15:51.670000 +CVE-2024-29944,0,0,4d21f9c7c1ab1ff30cce77b261f7b06b8e28526248b968d986726dab452f24fc,2024-03-25T17:15:51.670000 CVE-2024-30156,0,0,aff0cd27a6d4ebd55e03f44f61cc23ee9163e094843acbac5af736e684ab9391,2024-03-25T01:51:01.223000 CVE-2024-30161,0,0,f6d00094643508d05d1e5626fca4ef83c82ab69ba4696adb329c49eff6d0ab4a,2024-03-25T01:51:01.223000 CVE-2024-30187,0,0,f8d37ff5304c8d102184c9586047a497264eab63488a1192b60bf85807ce2976,2024-03-25T13:47:14.087000