Auto-Update: 2024-12-24T05:00:20.145440+00:00

2025-07-11 16:13:34 +00:00 · 2024-12-24 05:03:43 +00:00 · 2024-12-24 05:03:43 +00:00 · fef55bc56a
commit fef55bc56a
parent 5f43be7808
12 changed files with 481 additions and 46 deletions
--- a/CVE-2024/CVE-2024-125xx/CVE-2024-12582.json
+++ b/CVE-2024/CVE-2024-125xx/CVE-2024-12582.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-12582",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-12-24T04:15:05.137",
  "lastModified": "2024-12-24T04:15:05.137",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in the skupper console,  a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the \"admin\" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "secalert@redhat.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "secalert@redhat.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-305"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://access.redhat.com/security/cve/CVE-2024-12582",
      "source": "secalert@redhat.com"
    },
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333540",
      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-408xx/CVE-2024-40896.json
+++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40896.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-40896",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-12-23T17:15:08.400",
-  "lastModified": "2024-12-23T18:15:06.940",
+  "lastModified": "2024-12-24T03:15:06.727",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
@ -11,7 +11,30 @@
      "value": "In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting \"checked\"). This makes classic XXE attacks possible."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cve@mitre.org",
--- a/CVE-2024/CVE-2024-475xx/CVE-2024-47515.json
+++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47515.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-47515",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-12-24T04:15:05.750",
  "lastModified": "2024-12-24T04:15:05.750",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "secalert@redhat.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "secalert@redhat.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-61"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2315806",
      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56310.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56310.json
@ -2,16 +2,55 @@
  "id": "CVE-2024-56310",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-12-22T21:15:16.433",
-  "lastModified": "2024-12-22T21:15:16.433",
+  "lastModified": "2024-12-24T03:15:07.440",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent."
    },
    {
      "lang": "es",
      "value": "REDCap hasta la versi\u00f3n 15.0.0 tiene una falla de seguridad en el nombre de Project Dashboards, lo que expone a los usuarios a un ataque de Cross-Site Request Forgery (CSRF). Un atacante puede aprovechar esto al atraer a los usuarios para que hagan clic en un nombre de Project Dashboards que contenga la carga maliciosa, lo que desencadena una solicitud de cierre de sesi\u00f3n y finaliza su sesi\u00f3n. Esta vulnerabilidad se origina en la ausencia de protecciones CSRF en la funcionalidad de cierre de sesi\u00f3n, lo que permite que se ejecuten acciones maliciosas sin el consentimiento del usuario."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap",
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56311.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56311.json
@ -2,16 +2,55 @@
  "id": "CVE-2024-56311",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-12-22T21:15:16.600",
-  "lastModified": "2024-12-22T21:15:16.600",
+  "lastModified": "2024-12-24T03:15:07.607",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent."
    },
    {
      "lang": "es",
      "value": "REDCap hasta la versi\u00f3n 15.0.0 tiene una falla de seguridad en la secci\u00f3n Notas de los eventos del calendario, lo que expone a los usuarios a un ataque de Cross-Site Request Forgery (CSRF). Un atacante puede aprovechar esto enga\u00f1ando a los usuarios para que accedan a las notas de un evento del calendario, lo que desencadena una solicitud de cierre de sesi\u00f3n y finaliza su sesi\u00f3n. Esta vulnerabilidad se debe a la ausencia de protecciones CSRF en la funcionalidad de cierre de sesi\u00f3n, lo que permite que se ejecuten acciones maliciosas sin el consentimiento del usuario."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ]
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap",
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56312.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56312.json
@ -2,16 +2,55 @@
  "id": "CVE-2024-56312",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-12-22T22:15:05.630",
-  "lastModified": "2024-12-22T22:15:05.630",
+  "lastModified": "2024-12-24T03:15:07.770",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en el nombre del panel de proyectos de REDCap hasta la versi\u00f3n 15.0.0 permite a los usuarios autenticados inyectar secuencias de comandos maliciosas en el campo de nombre de un panel de proyectos. Cuando un usuario hace clic en el nombre del panel de proyectos, se ejecuta el payload manipulado, lo que potencialmente permite la ejecuci\u00f3n de secuencias de comandos web arbitrarias."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap",
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56313.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56313.json
@ -2,16 +2,55 @@
  "id": "CVE-2024-56313",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-12-22T22:15:06.540",
-  "lastModified": "2024-12-22T22:15:06.540",
+  "lastModified": "2024-12-24T03:15:07.927",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en la funci\u00f3n Calendario de REDCap hasta la versi\u00f3n 15.0.0 permite a los usuarios autenticados inyectar secuencias de comandos maliciosas en el campo Notas de un evento del calendario. Cuando se visualiza el evento, se ejecuta el payload manipulado, lo que potencialmente permite la ejecuci\u00f3n de secuencias de comandos web arbitrarias."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap",
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56314.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56314.json
@ -2,16 +2,55 @@
  "id": "CVE-2024-56314",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-12-22T22:15:06.670",
-  "lastModified": "2024-12-22T22:15:06.670",
+  "lastModified": "2024-12-24T03:15:08.083",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de cross-site scripting (XSS) almacenado en Project name de REDCap hasta la versi\u00f3n 15.0.0 permite a los usuarios autenticados inyectar secuencias de comandos maliciosas en el campo de nombre de un proyecto. Cuando un usuario hace clic en el nombre del proyecto para acceder a \u00e9l, se ejecuta el payload manipulado, lo que potencialmente permite la ejecuci\u00f3n de secuencias de comandos web arbitrarias."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/ping-oui-no/Vulnerability-Research-CVESS/tree/main/RedCap",
--- a/CVE-2024/CVE-2024-563xx/CVE-2024-56375.json
+++ b/CVE-2024/CVE-2024-563xx/CVE-2024-56375.json
@ -2,16 +2,55 @@
  "id": "CVE-2024-56375",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-12-22T23:15:06.613",
-  "lastModified": "2024-12-22T23:15:06.613",
+  "lastModified": "2024-12-24T03:15:08.247",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn't actually exist, a crash is nearly guaranteed."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un desbordamiento de enteros en Fort 1.6.3 y 1.6.4 antes de 1.6.5. Un repositorio RPKI malicioso que desciende de un Trust Anchor (confiable) puede servir (a trav\u00e9s de rsync o RRDP) un objeto RPKI de manifiesto que contiene una lista de archivos vac\u00eda. Fort desreferencia (y, poco despu\u00e9s, escribe en) esta matriz durante un intento de mezcla, antes de la validaci\u00f3n que normalmente la rechazar\u00eda si estuviera vac\u00eda. Este acceso fuera de los l\u00edmites se debe a un desbordamiento de enteros que hace que el bucle circundante se repita infinitamente. Debido a que el producto est\u00e1 bloqueado permanentemente al intentar mezclar una matriz que en realidad no existe, es casi seguro que se produzca un bloqueo."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-191"
        }
      ]
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://nicmx.github.io/FORT-validator/CVE.html",
--- a/CVE-2024/CVE-2024-94xx/CVE-2024-9427.json
+++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9427.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-9427",
  "sourceIdentifier": "secalert@redhat.com",
  "published": "2024-12-24T04:15:07.360",
  "lastModified": "2024-12-24T04:15:07.360",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "secalert@redhat.com",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5
      }
    ]
  },
  "weaknesses": [
    {
      "source": "secalert@redhat.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2316047",
      "source": "secalert@redhat.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-12-24T03:00:19.458432+00:00
+2024-12-24T05:00:20.145440+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-12-24T02:15:06.740000+00:00
+2024-12-24T04:15:07.360000+00:00
 ```
 ### Last Data Feed Release
@ -33,26 +33,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-274585
+274588
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `0`
+Recently added CVEs: `3`
 - [CVE-2024-12582](CVE-2024/CVE-2024-125xx/CVE-2024-12582.json) (`2024-12-24T04:15:05.137`)
 - [CVE-2024-47515](CVE-2024/CVE-2024-475xx/CVE-2024-47515.json) (`2024-12-24T04:15:05.750`)
 - [CVE-2024-9427](CVE-2024/CVE-2024-94xx/CVE-2024-9427.json) (`2024-12-24T04:15:07.360`)
 ### CVEs modified in the last Commit
 Recently modified CVEs: `7`
- [CVE-2021-44207](CVE-2021/CVE-2021-442xx/CVE-2021-44207.json) (`2024-12-24T02:00:01.823`)
+- [CVE-2024-40896](CVE-2024/CVE-2024-408xx/CVE-2024-40896.json) (`2024-12-24T03:15:06.727`)
- [CVE-2024-23945](CVE-2024/CVE-2024-239xx/CVE-2024-23945.json) (`2024-12-24T02:15:05.303`)
+- [CVE-2024-56310](CVE-2024/CVE-2024-563xx/CVE-2024-56310.json) (`2024-12-24T03:15:07.440`)
- [CVE-2024-53275](CVE-2024/CVE-2024-532xx/CVE-2024-53275.json) (`2024-12-24T02:15:06.037`)
+- [CVE-2024-56311](CVE-2024/CVE-2024-563xx/CVE-2024-56311.json) (`2024-12-24T03:15:07.607`)
- [CVE-2024-53276](CVE-2024/CVE-2024-532xx/CVE-2024-53276.json) (`2024-12-24T02:15:06.207`)
+- [CVE-2024-56312](CVE-2024/CVE-2024-563xx/CVE-2024-56312.json) (`2024-12-24T03:15:07.770`)
- [CVE-2024-54148](CVE-2024/CVE-2024-541xx/CVE-2024-54148.json) (`2024-12-24T02:15:06.410`)
+- [CVE-2024-56313](CVE-2024/CVE-2024-563xx/CVE-2024-56313.json) (`2024-12-24T03:15:07.927`)
- [CVE-2024-56201](CVE-2024/CVE-2024-562xx/CVE-2024-56201.json) (`2024-12-24T02:15:06.580`)
+- [CVE-2024-56314](CVE-2024/CVE-2024-563xx/CVE-2024-56314.json) (`2024-12-24T03:15:08.083`)
- [CVE-2024-56326](CVE-2024/CVE-2024-563xx/CVE-2024-56326.json) (`2024-12-24T02:15:06.740`)
+- [CVE-2024-56375](CVE-2024/CVE-2024-563xx/CVE-2024-56375.json) (`2024-12-24T03:15:08.247`)
 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -185333,7 +185333,7 @@ CVE-2021-44203,0,0,508eb6b050cb9edbc4d859609017b4ff90c361b8833265453c85194c90e26
 CVE-2021-44204,0,0,6aa974a64a61b329c694450f42afb1d8eae9a90c5f26859b2e2e19f2c7f64169,2024-11-21T06:30:34.300000
 CVE-2021-44205,0,0,9799064d1571df0d6982a5073ec220e92a13da5e067c0085ff08f97692729941,2024-11-21T06:30:34.457000
 CVE-2021-44206,0,0,feed6a6bf0af4d6221906ba9bcec078465a0c79d160fd89322c280f481c9a8b2,2024-11-21T06:30:34.593000
-CVE-2021-44207,0,1,ab6cd68759d96ee58722adf9b03fe12962a554c33b9877fa7739bad5005c5447,2024-12-24T02:00:01.823000
+CVE-2021-44207,0,0,ab6cd68759d96ee58722adf9b03fe12962a554c33b9877fa7739bad5005c5447,2024-12-24T02:00:01.823000
 CVE-2021-44208,0,0,a9d10b6a2bda2a03da19d70e83cce1926454ffed3cce9a05f84b2a5b9a807bcf,2024-11-21T06:30:34.903000
 CVE-2021-44209,0,0,13573abfe045728a3019e5db77d9947d269097fe48a3b8d8e4f8297ef768ba41,2024-11-21T06:30:35.083000
 CVE-2021-4421,0,0,fa171effbeb755b01cbed06c07ebd983fcfa0fc4053d0cff65567cd80e77ab7e,2024-11-21T06:37:41.153000
@ -244954,6 +244954,7 @@ CVE-2024-12578,0,0,9683da78c95f4de0afe4f169763bacae0c8e4e48d594e85dbc7c32bda1c6e
 CVE-2024-12579,0,0,6b066a632ed42755872bfe12897131044e41b00627589546ab36be31d813b6f2,2024-12-13T05:15:07.473000
 CVE-2024-1258,0,0,36d421eec5fc7cce6382fad9fd3a9a8780da80fcb6e09fc8e5e480709b2e6caa,2024-11-21T08:50:10.573000
 CVE-2024-12581,0,0,899275a869b7c967a158446f680d5b1e6ee7fb8c13fa325a1164dc54186bea7f,2024-12-13T06:15:26.433000
 CVE-2024-12582,1,1,7e453b0b2fc58c5f199238f8e99bab882063c16a606bbbed878c19f5c7e5ca1a,2024-12-24T04:15:05.137000
 CVE-2024-12588,0,0,1933918a1bc731b9f2daeac6f15474bd290e2defc9eea3981aaebba99a0dc9b7,2024-12-21T09:15:06.233000
 CVE-2024-1259,0,0,1c6bb100fc9cba505c4d696801bfd3102c508e530bb2e36c86a6685675278bd7,2024-11-21T08:50:10.730000
 CVE-2024-12591,0,0,eaf713466d72851d200fb1c2165d3b74352c989b31dbbf0a4a003e2ec790fb1b,2024-12-21T10:15:09.177000
@ -248911,7 +248912,7 @@ CVE-2024-2394,0,0,621d534b6e99ea3eb7663377d97ee0e05ad2be3959f632056cfe6794bf2d11
 CVE-2024-23940,0,0,06d04c2e3a7f29a0e7a62a5331ae3d9d5c7acce3a81c480978850a16e4f0b74a,2024-11-21T08:58:43.807000
 CVE-2024-23941,0,0,377e40ad54a332b818df016f5e6db38286f42aa52aa09ea13a642fb9c9a22ca1,2024-11-21T08:58:43.940000
 CVE-2024-23944,0,0,52d30435d5fece2084654095f6cb22c51963787cdd07ba430e66badb23fb97d7,2024-11-21T08:58:44.067000
-CVE-2024-23945,0,1,77580d48a82d4562485ba4e0b8bab784875ff9ee3be586b8b7971d4db544c20c,2024-12-24T02:15:05.303000
+CVE-2024-23945,0,0,77580d48a82d4562485ba4e0b8bab784875ff9ee3be586b8b7971d4db544c20c,2024-12-24T02:15:05.303000
 CVE-2024-23946,0,0,9c898cf09e521a2a31019dd3080db79ce9c32f7697e5321cb7301cafff4ddf89,2024-11-21T08:58:44.260000
 CVE-2024-23947,0,0,f911293c6af8cf8e2a4c71b3a16ce5c03d9ac810bd789b6ce8a33c36c29ca1c5,2024-11-21T08:58:44.480000
 CVE-2024-23948,0,0,d6d4011f0c2b673928e54c2b884e178d06b968843ed951ce2e90e73776691214,2024-11-21T08:58:44.607000
@ -261352,7 +261353,7 @@ CVE-2024-4089,0,0,7a035608d08862b8a3927991cbc7bcfd8e0cb13815d39b3b58eaf685ec21d6
 CVE-2024-40892,0,0,0bef0c096de1fd9b74596dba063b1cf9ffb172ff0abd417611d342278b46245f,2024-08-21T18:15:09.710000
 CVE-2024-40893,0,0,291c1cc414cfaa66f88e6f282a2cb52f9787a1f732797e904eca670adbd8e574,2024-08-21T18:15:09.803000
 CVE-2024-40895,0,0,9bfbe451c0a62cc469c348ecf829cab564e06b39ab7ab75fbb9a00c7abd49483,2024-11-21T09:31:48.250000
-CVE-2024-40896,0,0,99cd60873be66345887580cd246a9786d55d0f242caaa835b8f113819f38ab35,2024-12-23T18:15:06.940000
+CVE-2024-40896,0,1,4926cdf67fbc9b49af58d3bfc3b7316338055693dabf3e4f11e44bcc02a7dcf6,2024-12-24T03:15:06.727000
 CVE-2024-40897,0,0,5de984c0ce0b5f00f148c2d87f9ba7398ed21388187cb055a9d01cc9ee9adfcc,2024-11-21T09:31:48.450000
 CVE-2024-40898,0,0,b930bfc2025b86aea21c8f0fe9e9b6f374f54a09bbb3f9c81abb259ea87ff81c,2024-11-21T09:31:48.670000
 CVE-2024-40899,0,0,27efc19ced00bac32be0c727e443e10ff312f5514ad1f8ef8ce233abd9e28b76,2024-11-21T09:31:48.870000
@ -265970,6 +265971,7 @@ CVE-2024-47507,0,0,4b5526bca6993d370893c5c6161e096044990d9b0b51024d2cb9be1f9cc10
 CVE-2024-47508,0,0,9eb24349b682be71035d07f35bdd0e3c44d0149390ddd7778db3308d79b627b6,2024-10-15T12:58:51.050000
 CVE-2024-47509,0,0,94c229801bddb8ce94388d34ff206e5f012170cf995eff5bd6f1382afdd7a27e,2024-10-15T12:58:51.050000
 CVE-2024-4751,0,0,323d34e4e60f2c798f82031d559639fb459a06390325463f51ec0a8dd20e430a,2024-11-21T09:43:31.213000
 CVE-2024-47515,1,1,8603992d38cd4ce3c095abe0a5f631e2655cc84a74600a54a87d12d9f7d4333b,2024-12-24T04:15:05.750000
 CVE-2024-4752,0,0,710c56921216e1d7aca081e59c40f51db5ad035f8f7076b00214ce955a44b36f,2024-11-21T09:43:31.400000
 CVE-2024-47522,0,0,c02f34b0206a3beffa01319045412a788f423598c15fe9aabedbdbabe223631f,2024-10-22T13:51:02.710000
 CVE-2024-47523,0,0,c97d6eb97cc8d0172f2511cd438bb91b754c178ebc143b911ae3b2c8f936379d,2024-10-07T19:07:30.287000
@ -269723,8 +269725,8 @@ CVE-2024-53271,0,0,bf343792418ea9791cab65636364e42817a58c9fbdd6d31284460cca28c34
 CVE-2024-53272,0,0,f3ae5c3af00a8a1ede971886e8407e0fd8e6e8ff1a7606066ce068e53ea18328,2024-12-12T02:15:28.670000
 CVE-2024-53273,0,0,4be201cb4a2a2818369414ac4a638086038f7b2129c8882fb2f8ed84d4b3ca40,2024-12-12T02:15:28.813000
 CVE-2024-53274,0,0,1b082934bf5e9b4005ba0f77ebbc282458901418112daa847bcdad246d3a28e8,2024-12-12T02:15:28.940000
-CVE-2024-53275,0,1,b3847d880a6780208a9f693e576ca3b36c2adda95c5345e53e7ff73bf61d5fd1,2024-12-24T02:15:06.037000
+CVE-2024-53275,0,0,b3847d880a6780208a9f693e576ca3b36c2adda95c5345e53e7ff73bf61d5fd1,2024-12-24T02:15:06.037000
-CVE-2024-53276,0,1,51b803e4905e6fb62080dd322af7deb91ea3a8703a5cae47d042c3029322ad7d,2024-12-24T02:15:06.207000
+CVE-2024-53276,0,0,51b803e4905e6fb62080dd322af7deb91ea3a8703a5cae47d042c3029322ad7d,2024-12-24T02:15:06.207000
 CVE-2024-53278,0,0,6f30b711eaa2519505a8ae7e3cc5077447b747b2c4a9b5a5e0658f524894f224,2024-11-26T05:15:10.563000
 CVE-2024-53279,0,0,44033b042ffed7a89d7ff23520a85cac4516e857c657f0452265be9252a09d8c,2024-12-09T04:15:04.477000
 CVE-2024-5328,0,0,8c7cab73e73336a340952a9318c322c99389e6514b1340a59b208cd9ecb39030,2024-11-21T09:47:25.977000
@ -270154,7 +270156,7 @@ CVE-2024-54140,0,0,e331d2ac3dbd3b8a53d43f4b62020140bfe310c3ed6fc6689e9e07dc1c045
 CVE-2024-54141,0,0,03f51d6625a463b05e77ba75622f0e1fc489bf2648bf55da8aa1a94f754ed277,2024-12-06T15:15:09.530000
 CVE-2024-54143,0,0,39896e76381b970ed0c53caca39df9efa5206ded9e17479626eb381c775f3554,2024-12-06T17:15:12.687000
 CVE-2024-54147,0,0,31061631720e65f385fd359d47a289e6f20b86f9fad882040f751c79c06fbc19,2024-12-09T19:15:14.513000
-CVE-2024-54148,0,1,742d6ad775c872b1ad8da7c631ab5696b3273775b61e8688677d4875f069608d,2024-12-24T02:15:06.410000
+CVE-2024-54148,0,0,742d6ad775c872b1ad8da7c631ab5696b3273775b61e8688677d4875f069608d,2024-12-24T02:15:06.410000
 CVE-2024-54149,0,0,9e6d58019e13dfe4168259b606ef42fa170a7f5d925476003c46ba8914519715,2024-12-09T21:15:08.600000
 CVE-2024-5415,0,0,74eb25978de9e4a46066392a5c5808fd8612c02bf2d68d6ca3b049d5a2727bf3,2024-11-21T09:47:36.587000
 CVE-2024-54150,0,0,2df54d94caae27dd20c93dacb8da181f1ca94c7f90068ee4b0f13c650c491939,2024-12-20T18:15:29.847000
@ -270840,7 +270842,7 @@ CVE-2024-5618,0,0,d2d97c727c060ec84f3174901af9ab7b075641151198c4f29457077453fd0c
 CVE-2024-5619,0,0,847b29035ced8b12638c0c9edc7633e1fcbe758edecd5717d697d3abb49553ce,2024-11-21T09:48:01.807000
 CVE-2024-5620,0,0,240638ef58a29a459ed1037710fcf1b7e875e31a78e263978233bb4c4a8442da,2024-11-21T09:48:01.930000
 CVE-2024-56200,0,0,51120d87a10e515859753773432ee83776f25472dfafe8167b573d6b5892d131,2024-12-19T19:15:08.280000
-CVE-2024-56201,0,1,f0a34e4d6c3fbdf0e4b96db87921ad9a8f8768ce26c0de0f3d495a0c976c3e7c,2024-12-24T02:15:06.580000
+CVE-2024-56201,0,0,f0a34e4d6c3fbdf0e4b96db87921ad9a8f8768ce26c0de0f3d495a0c976c3e7c,2024-12-24T02:15:06.580000
 CVE-2024-5622,0,0,48dd50139cd0fb0b9e32ff1d34b4004b39a7c87dde414648422613d43b5d51e5,2024-09-13T20:21:38.610000
 CVE-2024-5623,0,0,7a27a8a8bb2e29efe02be8c957247e288b25a39c8598c86d8533218d73dc7a15,2024-09-13T20:19:53.477000
 CVE-2024-5624,0,0,7f93c754c9c6e0a4611cd66d82be3519ca19fdbb2803818bcf7cbddb963f07b6,2024-09-13T20:23:28.787000
@ -270851,16 +270853,16 @@ CVE-2024-5628,0,0,755412ba03c7f502c54c635c9705b96a4154da09bb9bfca64f93d1d41d08cf
 CVE-2024-5629,0,0,f9daa1fe2950a7ccef0838fb6e6cae4a7319a3ab1da6174da12e5faf2c955f5a,2024-11-21T09:48:02.860000
 CVE-2024-5630,0,0,50874e31f2d6c9403bb3dbaf933b8b3f439196ea7c18b531eba9bc061324fe0f,2024-11-21T09:48:03.020000
 CVE-2024-5631,0,0,2a74e658158bae900a85436e92fd017c375ea2371e9ccb7b5a67e7bbd481f6b3,2024-11-21T09:48:03.210000
-CVE-2024-56310,0,0,fd778eb590d1fbb32130fffba54ed545129192edf10e26cf3a21b5e6459b501d,2024-12-22T21:15:16.433000
+CVE-2024-56310,0,1,52fb9787ce6d270fefb09f2575978be0fb95a84a154a0887a6718d274c54ad79,2024-12-24T03:15:07.440000
-CVE-2024-56311,0,0,e2eae5ad5d224b6d2217bcfe83f7bd65df83e28c0bec948bad3706d862749a90,2024-12-22T21:15:16.600000
+CVE-2024-56311,0,1,66e9c6fbb0050254b7557259672fd0233cf69bba8f8e828ea4035d56bf3a6933,2024-12-24T03:15:07.607000
-CVE-2024-56312,0,0,b3ff8a8f9068c3a156742e12a6bc627bc59e105684871a4faad004e80a37c8af,2024-12-22T22:15:05.630000
+CVE-2024-56312,0,1,cb86205520ef5db7c914d1a75ac3f5ba74360f863545f19038e07f9bcdb0703c,2024-12-24T03:15:07.770000
-CVE-2024-56313,0,0,bab8100491ae46d1acfcde4c0f557fb02ee2d8f1cf2ffae579d4a3928d2f1703,2024-12-22T22:15:06.540000
+CVE-2024-56313,0,1,77b550409f008b252773269f5c3c808c73df4beef9ebd650c5ec3a7771cae57b,2024-12-24T03:15:07.927000
-CVE-2024-56314,0,0,5c94b3924b2872303b1ac6d2c357e874b9bf8bb914ff58119e06c5cd125443ca,2024-12-22T22:15:06.670000
+CVE-2024-56314,0,1,6df7fe51a54001b033f35cf71e56a8c8648fba9702436f5b14cd4bfc37c84ea1,2024-12-24T03:15:08.083000
 CVE-2024-56317,0,0,b4a1e923d734c9748bfefb232cd94998c16ae77377149acd2e40ce01c1c90af8,2024-12-18T23:15:18.023000
 CVE-2024-56318,0,0,41fe9d7571c5ddeaf622da00eaaa1951e3cb55078c3acd81346bfd3e36464d15,2024-12-19T00:15:06.897000
 CVE-2024-56319,0,0,2db5aea7f2e2c0716ff3ae059d9992998ac87c8ff6e8b34fca05f1a112cb61c5,2024-12-18T23:15:18.373000
 CVE-2024-5632,0,0,79535ded485ce0fc041702b30ef936da2f13ebaec98ccb0306c2826a8b572585,2024-11-21T09:48:03.353000
-CVE-2024-56326,0,1,8bdf3f35df5871dcd7fa85d8087c69b253dee02ba058ceb7c368e918f3cd3594,2024-12-24T02:15:06.740000
+CVE-2024-56326,0,0,8bdf3f35df5871dcd7fa85d8087c69b253dee02ba058ceb7c368e918f3cd3594,2024-12-24T02:15:06.740000
 CVE-2024-56327,0,0,7f279bf8e8dad1abfccdde7f80cf3a1198eceeaed727f435a201d9524ff4caea,2024-12-20T18:15:31.083000
 CVE-2024-56329,0,0,1a706ee72fb5ffbcf058c8a20d98c3cc77e376296ceef183209bf8faa8566f9b,2024-12-20T20:15:23.987000
 CVE-2024-5633,0,0,6153dcce403090a22c66747e4beff2cb4e82934f4fa355dae1f3e5bcdf5cc4ba,2024-11-21T09:48:03.483000
@ -270889,7 +270891,7 @@ CVE-2024-56362,0,0,dd5033b04c0a04acaf53e636d0201cacb970804dce1ae28fdf600c92d6069
 CVE-2024-56363,0,0,f22bc17bbcbacc3d4c8946803bd76249d4162387d56a582274e363a9547d6b46,2024-12-23T18:15:07.767000
 CVE-2024-56364,0,0,b554e0df0a4ad57cd70c0d37933b45401c149826dc27d68ffb15442fe3902ff6,2024-12-23T16:15:07.770000
 CVE-2024-5637,0,0,a5e32b0dfdcc3b00fa1c534a6efa8caef39b80f083f1c956c246ad8a83c6df00,2024-11-21T09:48:04.030000
-CVE-2024-56375,0,0,2a34ccceff495c37ae84092fe8c0ad283727cd545575a5f30821495b0c5dc2ed,2024-12-22T23:15:06.613000
+CVE-2024-56375,0,1,a340f66ea2648ac2f29f86bc73c289c3920f7dbceb53953a8c12d3700fa25a7c,2024-12-24T03:15:08.247000
 CVE-2024-56378,0,0,6719f8ca56230694a59bc1f5e75e3ab9feb822f8501e080a6c8cff7081436ef7,2024-12-23T00:15:05.133000
 CVE-2024-5638,0,0,4a64496852c4ee147220588b5d1940917ce749a1b3dd56d16a77a8cf3ed54b84,2024-11-21T09:48:04.153000
 CVE-2024-5639,0,0,78123d59d6ff1062d5cdcc1456c84b89eb240e57bd822aee818d4edc5bb804e5,2024-11-21T09:48:04.290000
@ -274119,6 +274121,7 @@ CVE-2024-9422,0,0,84806a9eed518b06f6d8827496be4f70f3fd277675ce3978a293d23ef572b8
 CVE-2024-9423,0,0,ea2ceee1b3bf62e5f678d6840797f5ce1005e985008fd3d6ffca2317e3c41048,2024-10-04T13:50:43.727000
 CVE-2024-9425,0,0,c4a51c938acd490f609ca00d8a594cbbdbb46d48c8dc2d14a9f1cdc1520bf123,2024-10-22T13:55:04.537000
 CVE-2024-9426,0,0,7b6d0dd14cd82427723e29a8054a247cfe756a4bd65dbe78f3544bf76c1742a2,2024-11-13T17:01:16.850000
 CVE-2024-9427,1,1,1c6616ac33aa19661af89cba455c96327c2172b4ead3172e205a01d67c205bcd,2024-12-24T04:15:07.360000
 CVE-2024-9428,0,0,f750728263efb84ececce35e10a4ed9233c40717c73069be2b71a21b69aeb302,2024-12-12T18:15:28.120000
 CVE-2024-9429,0,0,62ece370cab73a52089a99a9ace0dce837bb7657fa2f1f40486fc49795e13a27,2024-10-07T20:15:10.567000
 CVE-2024-9430,0,0,522b5b97eca86036f3bb0b9124f71c5d5eb35666a2a3e869645b06a142ed7bc6,2024-11-01T12:57:03.417000