diff --git a/cves/2019/8xxx/CVE-2019-8761.json b/cves/2019/8xxx/CVE-2019-8761.json
index 9fe0b90d2a2..6a55a1190e6 100644
--- a/cves/2019/8xxx/CVE-2019-8761.json
+++ b/cves/2019/8xxx/CVE-2019-8761.json
@@ -1,147 +1,65 @@
{
"containers": {
"cna": {
+ "providerMetadata": {
+ "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
+ "shortName": "apple",
+ "dateUpdated": "2024-07-08T12:08:20.890217"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information."
+ }
+ ],
"affected": [
{
- "product": "macOS",
"vendor": "Apple",
+ "product": "macOS",
"versions": [
{
+ "version": "unspecified",
"lessThan": "10.15",
"status": "affected",
- "version": "unspecified",
"versionType": "custom"
}
]
},
{
- "product": "macOS",
"vendor": "Apple",
+ "product": "macOS",
"versions": [
{
+ "version": "unspecified",
"lessThan": "10.15",
"status": "affected",
- "version": "unspecified",
"versionType": "custom"
}
]
}
],
- "descriptions": [
- {
- "lang": "en",
- "value": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information."
- }
- ],
- "problemTypes": [
- {
- "descriptions": [
- {
- "description": "Parsing a maliciously crafted text file may lead to disclosure of user information",
- "lang": "en",
- "type": "text"
- }
- ]
- }
- ],
- "providerMetadata": {
- "dateUpdated": "2020-10-27T19:49:03",
- "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
- "shortName": "apple"
- },
"references": [
{
- "tags": [
- "x_refsource_MISC"
- ],
"url": "https://support.apple.com/en-us/HT210634"
},
{
- "tags": [
- "x_refsource_MISC"
- ],
"url": "https://support.apple.com/en-us/HT210722"
+ },
+ {
+ "url": "https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html"
}
],
- "x_legacyV4Record": {
- "CVE_data_meta": {
- "ASSIGNER": "product-security@apple.com",
- "ID": "CVE-2019-8761",
- "STATE": "PUBLIC"
- },
- "affects": {
- "vendor": {
- "vendor_data": [
- {
- "product": {
- "product_data": [
- {
- "product_name": "macOS",
- "version": {
- "version_data": [
- {
- "version_affected": "<",
- "version_value": "10.15"
- }
- ]
- }
- },
- {
- "product_name": "macOS",
- "version": {
- "version_data": [
- {
- "version_affected": "<",
- "version_value": "10.15"
- }
- ]
- }
- }
- ]
- },
- "vendor_name": "Apple"
- }
- ]
- }
- },
- "data_format": "MITRE",
- "data_type": "CVE",
- "data_version": "4.0",
- "description": {
- "description_data": [
- {
- "lang": "eng",
- "value": "This issue was addressed with improved checks. This issue is fixed in macOS Catalina 10.15.1, Security Update 2019-001, and Security Update 2019-006, macOS Catalina 10.15. Parsing a maliciously crafted text file may lead to disclosure of user information."
- }
- ]
- },
- "problemtype": {
- "problemtype_data": [
- {
- "description": [
- {
- "lang": "eng",
- "value": "Parsing a maliciously crafted text file may lead to disclosure of user information"
- }
- ]
- }
- ]
- },
- "references": {
- "reference_data": [
- {
- "name": "https://support.apple.com/en-us/HT210634",
- "refsource": "MISC",
- "url": "https://support.apple.com/en-us/HT210634"
- },
+ "problemTypes": [
+ {
+ "descriptions": [
{
- "name": "https://support.apple.com/en-us/HT210722",
- "refsource": "MISC",
- "url": "https://support.apple.com/en-us/HT210722"
+ "type": "text",
+ "lang": "en",
+ "description": "Parsing a maliciously crafted text file may lead to disclosure of user information"
}
]
}
- }
+ ]
},
"adp": [
{
@@ -184,13 +102,13 @@
]
},
"cveMetadata": {
+ "state": "PUBLISHED",
+ "cveId": "CVE-2019-8761",
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
- "cveId": "CVE-2019-8761",
- "datePublished": "2020-10-27T19:49:03",
+ "dateUpdated": "2024-07-08T12:08:20.890217",
"dateReserved": "2019-02-18T00:00:00",
- "dateUpdated": "2024-07-02T18:39:35.493Z",
- "state": "PUBLISHED"
+ "datePublished": "2020-10-27T19:49:03"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
diff --git a/cves/2021/47xxx/CVE-2021-47242.json b/cves/2021/47xxx/CVE-2021-47242.json
index 3d4fd737ef6..f2895473714 100644
--- a/cves/2021/47xxx/CVE-2021-47242.json
+++ b/cves/2021/47xxx/CVE-2021-47242.json
@@ -8,7 +8,7 @@
"assignerShortName": "Linux",
"dateReserved": "2024-04-10T18:59:19.532Z",
"datePublished": "2024-05-21T14:19:41.665Z",
- "dateUpdated": "2024-07-04T00:07:57.519Z"
+ "dateUpdated": "2024-07-07T19:44:05.240Z"
},
"containers": {
"cna": {
diff --git a/cves/2022/0xxx/CVE-2022-0028.json b/cves/2022/0xxx/CVE-2022-0028.json
index 25e6cc1b42d..8bc8c511397 100644
--- a/cves/2022/0xxx/CVE-2022-0028.json
+++ b/cves/2022/0xxx/CVE-2022-0028.json
@@ -681,7 +681,7 @@
"cveId": "CVE-2022-0028",
"datePublished": "2022-08-10T00:00:00",
"dateReserved": "2021-12-28T00:00:00",
- "dateUpdated": "2024-07-04T00:38:08.426Z",
+ "dateUpdated": "2024-07-06T13:45:09.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
diff --git a/cves/2022/22xxx/CVE-2022-22076.json b/cves/2022/22xxx/CVE-2022-22076.json
index d456b655ab8..fe2bb605442 100644
--- a/cves/2022/22xxx/CVE-2022-22076.json
+++ b/cves/2022/22xxx/CVE-2022-22076.json
@@ -8,7 +8,7 @@
"assignerShortName": "qualcomm",
"dateReserved": "2021-12-21T09:16:35.470Z",
"datePublished": "2023-06-06T07:38:33.401Z",
- "dateUpdated": "2024-07-04T02:38:47.345Z"
+ "dateUpdated": "2024-07-05T20:13:39.805Z"
},
"containers": {
"cna": {
diff --git a/cves/2022/29xxx/CVE-2022-29420.json b/cves/2022/29xxx/CVE-2022-29420.json
index 252a20caa5c..9c549deb6e1 100644
--- a/cves/2022/29xxx/CVE-2022-29420.json
+++ b/cves/2022/29xxx/CVE-2022-29420.json
@@ -254,7 +254,7 @@
"cveId": "CVE-2022-29420",
"datePublished": "2022-04-28T00:00:00",
"dateReserved": "2022-04-18T00:00:00",
- "dateUpdated": "2024-07-04T05:36:24.992Z",
+ "dateUpdated": "2024-07-06T02:51:20.485Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
diff --git a/cves/2022/2xxx/CVE-2022-2856.json b/cves/2022/2xxx/CVE-2022-2856.json
index 6ab5db1a30a..2d0fe488e60 100644
--- a/cves/2022/2xxx/CVE-2022-2856.json
+++ b/cves/2022/2xxx/CVE-2022-2856.json
@@ -258,7 +258,7 @@
"cveId": "CVE-2022-2856",
"datePublished": "2022-09-26T15:01:12",
"dateReserved": "2022-08-16T00:00:00",
- "dateUpdated": "2024-07-04T06:21:35.005Z",
+ "dateUpdated": "2024-07-06T13:57:27.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
diff --git a/cves/2022/33xxx/CVE-2022-33251.json b/cves/2022/33xxx/CVE-2022-33251.json
index 450b0793510..ee0ac12a13c 100644
--- a/cves/2022/33xxx/CVE-2022-33251.json
+++ b/cves/2022/33xxx/CVE-2022-33251.json
@@ -8,7 +8,7 @@
"assignerShortName": "qualcomm",
"dateReserved": "2022-06-14T10:44:39.588Z",
"datePublished": "2023-06-06T07:38:42.631Z",
- "dateUpdated": "2024-07-04T07:41:57.660Z"
+ "dateUpdated": "2024-07-05T20:14:21.382Z"
},
"containers": {
"cna": {
diff --git a/cves/2022/33xxx/CVE-2022-33307.json b/cves/2022/33xxx/CVE-2022-33307.json
index 9727b48dd5f..29ef273e18d 100644
--- a/cves/2022/33xxx/CVE-2022-33307.json
+++ b/cves/2022/33xxx/CVE-2022-33307.json
@@ -8,7 +8,7 @@
"assignerShortName": "qualcomm",
"dateReserved": "2022-06-14T10:44:39.617Z",
"datePublished": "2023-06-06T07:38:50.743Z",
- "dateUpdated": "2024-07-04T07:41:57.694Z"
+ "dateUpdated": "2024-07-06T14:10:34.481Z"
},
"containers": {
"cna": {
diff --git a/cves/2022/34xxx/CVE-2022-34144.json b/cves/2022/34xxx/CVE-2022-34144.json
index fc06dfb9c59..c70ac9dae39 100644
--- a/cves/2022/34xxx/CVE-2022-34144.json
+++ b/cves/2022/34xxx/CVE-2022-34144.json
@@ -8,7 +8,7 @@
"assignerShortName": "qualcomm",
"dateReserved": "2022-06-20T05:51:02.535Z",
"datePublished": "2023-05-02T05:08:49.075Z",
- "dateUpdated": "2024-07-04T07:52:49.223Z"
+ "dateUpdated": "2024-07-05T20:11:11.752Z"
},
"containers": {
"cna": {
diff --git a/cves/2022/47xxx/CVE-2022-47420.json b/cves/2022/47xxx/CVE-2022-47420.json
index bd28f0469dc..79334c831c3 100644
--- a/cves/2022/47xxx/CVE-2022-47420.json
+++ b/cves/2022/47xxx/CVE-2022-47420.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2022-12-15T00:08:08.872Z",
"datePublished": "2023-11-06T07:41:14.661Z",
- "dateUpdated": "2024-07-04T13:04:43.209Z"
+ "dateUpdated": "2024-07-08T09:27:25.880Z"
},
"containers": {
"cna": {
@@ -21,7 +21,13 @@
"vendor": "Online ADA",
"versions": [
{
- "lessThanOrEqual": "4.11",
+ "changes": [
+ {
+ "at": "4.13",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "4.12",
"status": "affected",
"version": "n/a",
"versionType": "custom"
@@ -44,10 +50,10 @@
{
"base64": false,
"type": "text/html",
- "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.
"
+ "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12.
"
}
],
- "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.\n\n"
+ "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12."
}
],
"impacts": [
@@ -76,7 +82,7 @@
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
- "dateUpdated": "2023-11-06T07:41:14.661Z"
+ "dateUpdated": "2024-07-08T09:27:25.880Z"
},
"references": [
{
@@ -86,10 +92,23 @@
"url": "https://patchstack.com/database/vulnerability/online-accessibility/wordpress-accessibility-suite-by-online-ada-plugin-4-11-sql-injection?_s_id=cve"
}
],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 4.13 or a higher version."
+ }
+ ],
+ "value": "Update to 4.13 or a higher version."
+ }
+ ],
"source": {
"discovery": "EXTERNAL"
},
- "title": "WordPress Accessibility Suite by Online ADA Plugin <= 4.11 is vulnerable to SQL Injection",
+ "title": "WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
diff --git a/cves/2023/21xxx/CVE-2023-21237.json b/cves/2023/21xxx/CVE-2023-21237.json
index e8e7437c694..c3b08fd6c0b 100644
--- a/cves/2023/21xxx/CVE-2023-21237.json
+++ b/cves/2023/21xxx/CVE-2023-21237.json
@@ -6,7 +6,7 @@
"cveId": "CVE-2023-21237",
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
- "dateUpdated": "2024-07-04T15:30:38.846Z",
+ "dateUpdated": "2024-07-06T13:35:47.045Z",
"dateReserved": "2022-11-03T00:00:00",
"datePublished": "2023-06-28T00:00:00"
},
diff --git a/cves/2023/21xxx/CVE-2023-21657.json b/cves/2023/21xxx/CVE-2023-21657.json
index 4081ee24570..5448255a959 100644
--- a/cves/2023/21xxx/CVE-2023-21657.json
+++ b/cves/2023/21xxx/CVE-2023-21657.json
@@ -8,7 +8,7 @@
"assignerShortName": "qualcomm",
"dateReserved": "2022-12-07T02:58:25.868Z",
"datePublished": "2023-06-06T07:39:11.763Z",
- "dateUpdated": "2024-07-04T15:45:39.579Z"
+ "dateUpdated": "2024-07-06T14:09:27.138Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/21xxx/CVE-2023-21939.json b/cves/2023/21xxx/CVE-2023-21939.json
index 607ab59e6f7..8f63967c9f2 100644
--- a/cves/2023/21xxx/CVE-2023-21939.json
+++ b/cves/2023/21xxx/CVE-2023-21939.json
@@ -8,7 +8,7 @@
"assignerShortName": "oracle",
"dateReserved": "2022-12-17T19:26:00.722Z",
"datePublished": "2023-04-18T19:54:26.274Z",
- "dateUpdated": "2024-07-04T15:55:50.649Z"
+ "dateUpdated": "2024-07-05T19:26:49.370Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/25xxx/CVE-2023-25790.json b/cves/2023/25xxx/CVE-2023-25790.json
index 6d48d847dc9..8fdd9325da5 100644
--- a/cves/2023/25xxx/CVE-2023-25790.json
+++ b/cves/2023/25xxx/CVE-2023-25790.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2023-02-15T12:10:40.367Z",
"datePublished": "2024-04-24T15:44:12.870Z",
- "dateUpdated": "2024-07-04T17:25:35.025Z"
+ "dateUpdated": "2024-07-06T02:49:35.000Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/26xxx/CVE-2023-26531.json b/cves/2023/26xxx/CVE-2023-26531.json
index 2aa4f3dd8f3..1c860865ab4 100644
--- a/cves/2023/26xxx/CVE-2023-26531.json
+++ b/cves/2023/26xxx/CVE-2023-26531.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2023-02-24T11:22:42.568Z",
"datePublished": "2023-11-12T23:58:57.681Z",
- "dateUpdated": "2024-07-04T17:45:31.141Z"
+ "dateUpdated": "2024-07-08T08:55:36.709Z"
},
"containers": {
"cna": {
@@ -21,6 +21,12 @@
"vendor": "闪电博",
"versions": [
{
+ "changes": [
+ {
+ "at": "4.2.8",
+ "status": "unaffected"
+ }
+ ],
"lessThanOrEqual": "4.2.7",
"status": "affected",
"version": "n/a",
@@ -44,10 +50,10 @@
{
"base64": false,
"type": "text/html",
- "value": "Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 plugin <= 4.2.7 versions."
+ "value": "Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from n/a through 4.2.7.
"
}
],
- "value": "Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 plugin <= 4.2.7 versions."
+ "value": "Cross-Site Request Forgery (CSRF) vulnerability in 闪电博 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条 allows Cross Site Request Forgery.This issue affects 多合一搜索自动推送管理插件-支持Baidu/Google/Bing/IndexNow/Yandex/头条: from n/a through 4.2.7."
}
],
"impacts": [
@@ -101,7 +107,7 @@
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
- "dateUpdated": "2023-11-12T23:58:57.681Z"
+ "dateUpdated": "2024-07-08T08:55:36.709Z"
},
"references": [
{
@@ -111,6 +117,19 @@
"url": "https://patchstack.com/database/vulnerability/baidu-submit-link/wordpress-baidu-google-bing-indexnow-yandex-plugin-4-2-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 4.2.8 or a higher version."
+ }
+ ],
+ "value": "Update to 4.2.8 or a higher version."
+ }
+ ],
"source": {
"discovery": "EXTERNAL"
},
diff --git a/cves/2023/26xxx/CVE-2023-26756.json b/cves/2023/26xxx/CVE-2023-26756.json
index c6f382d3eb7..28d56e948c7 100644
--- a/cves/2023/26xxx/CVE-2023-26756.json
+++ b/cves/2023/26xxx/CVE-2023-26756.json
@@ -6,7 +6,7 @@
"cveId": "CVE-2023-26756",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
- "dateUpdated": "2024-07-04T17:45:31.632Z",
+ "dateUpdated": "2024-07-05T19:24:23.501Z",
"dateReserved": "2023-02-27T00:00:00",
"datePublished": "2023-04-14T00:00:00"
},
diff --git a/cves/2023/27xxx/CVE-2023-27330.json b/cves/2023/27xxx/CVE-2023-27330.json
index afade67d3f9..cab40024577 100644
--- a/cves/2023/27xxx/CVE-2023-27330.json
+++ b/cves/2023/27xxx/CVE-2023-27330.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-02-28T17:58:45.478Z",
"datePublished": "2024-05-03T01:55:53.993Z",
- "dateUpdated": "2024-07-04T18:33:45.007Z"
+ "dateUpdated": "2024-07-05T21:07:19.996Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/27xxx/CVE-2023-27359.json b/cves/2023/27xxx/CVE-2023-27359.json
index 81409dab96d..45f0ee60fb3 100644
--- a/cves/2023/27xxx/CVE-2023-27359.json
+++ b/cves/2023/27xxx/CVE-2023-27359.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-02-28T17:58:45.482Z",
"datePublished": "2024-05-03T01:56:11.459Z",
- "dateUpdated": "2024-07-04T18:33:44.718Z"
+ "dateUpdated": "2024-07-05T21:06:51.750Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/28xxx/CVE-2023-28334.json b/cves/2023/28xxx/CVE-2023-28334.json
index a682638f682..db613129813 100644
--- a/cves/2023/28xxx/CVE-2023-28334.json
+++ b/cves/2023/28xxx/CVE-2023-28334.json
@@ -6,7 +6,7 @@
"cveId": "CVE-2023-28334",
"assignerOrgId": "92fb86c3-55a5-4fb5-9c3f-4757b9e96dc5",
"assignerShortName": "fedora",
- "dateUpdated": "2024-07-04T18:59:22.209Z",
+ "dateUpdated": "2024-07-07T19:29:26.140Z",
"dateReserved": "2023-03-14T00:00:00",
"datePublished": "2023-03-23T00:00:00"
},
diff --git a/cves/2023/28xxx/CVE-2023-28696.json b/cves/2023/28xxx/CVE-2023-28696.json
index df91fce91e0..949f32e0922 100644
--- a/cves/2023/28xxx/CVE-2023-28696.json
+++ b/cves/2023/28xxx/CVE-2023-28696.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2023-03-21T07:14:41.939Z",
"datePublished": "2023-11-12T21:40:12.162Z",
- "dateUpdated": "2024-07-04T19:09:10.289Z"
+ "dateUpdated": "2024-07-08T10:36:17.054Z"
},
"containers": {
"cna": {
@@ -21,6 +21,12 @@
"vendor": "Harish Chouhan, Themeist",
"versions": [
{
+ "changes": [
+ {
+ "at": "3.9.1",
+ "status": "unaffected"
+ }
+ ],
"lessThanOrEqual": "3.9.0",
"status": "affected",
"version": "n/a",
@@ -44,10 +50,10 @@
{
"base64": false,
"type": "text/html",
- "value": "Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend Tplugin <= 3.9.0 versions."
+ "value": "Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0.
"
}
],
- "value": "Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend Tplugin <= 3.9.0 versions."
+ "value": "Cross-Site Request Forgery (CSRF) vulnerability in Harish Chouhan, Themeist I Recommend This allows Cross Site Request Forgery.This issue affects I Recommend This: from n/a through 3.9.0."
}
],
"impacts": [
@@ -101,7 +107,7 @@
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
- "dateUpdated": "2023-11-12T21:40:12.162Z"
+ "dateUpdated": "2024-07-08T10:36:17.054Z"
},
"references": [
{
@@ -111,6 +117,19 @@
"url": "https://patchstack.com/database/vulnerability/i-recommend-this/wordpress-i-recommend-this-plugin-3-8-3-cross-site-request-forgery-csrf?_s_id=cve"
}
],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 3.9.1 or a higher version."
+ }
+ ],
+ "value": "Update to 3.9.1 or a higher version."
+ }
+ ],
"source": {
"discovery": "EXTERNAL"
},
diff --git a/cves/2023/29xxx/CVE-2023-29346.json b/cves/2023/29xxx/CVE-2023-29346.json
index dd3061c1729..8dcad098d92 100644
--- a/cves/2023/29xxx/CVE-2023-29346.json
+++ b/cves/2023/29xxx/CVE-2023-29346.json
@@ -8,7 +8,7 @@
"assignerShortName": "microsoft",
"dateReserved": "2023-04-04T22:34:18.381Z",
"datePublished": "2023-06-13T23:26:00.457Z",
- "dateUpdated": "2024-07-04T19:29:10.035Z"
+ "dateUpdated": "2024-07-05T20:18:51.821Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/29xxx/CVE-2023-29361.json b/cves/2023/29xxx/CVE-2023-29361.json
index fb4adc688cc..b9a8c66a814 100644
--- a/cves/2023/29xxx/CVE-2023-29361.json
+++ b/cves/2023/29xxx/CVE-2023-29361.json
@@ -8,7 +8,7 @@
"assignerShortName": "microsoft",
"dateReserved": "2023-04-04T22:34:18.384Z",
"datePublished": "2023-06-13T23:26:05.123Z",
- "dateUpdated": "2024-07-04T19:29:07.749Z"
+ "dateUpdated": "2024-07-05T20:21:38.873Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/29xxx/CVE-2023-29369.json b/cves/2023/29xxx/CVE-2023-29369.json
index 69b4b37ee19..823dc1ade8e 100644
--- a/cves/2023/29xxx/CVE-2023-29369.json
+++ b/cves/2023/29xxx/CVE-2023-29369.json
@@ -8,7 +8,7 @@
"assignerShortName": "microsoft",
"dateReserved": "2023-04-04T22:34:18.386Z",
"datePublished": "2023-06-13T23:26:09.722Z",
- "dateUpdated": "2024-07-04T19:29:10.391Z"
+ "dateUpdated": "2024-07-05T20:22:16.308Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/2xxx/CVE-2023-2597.json b/cves/2023/2xxx/CVE-2023-2597.json
index 003b1f1ff7d..167c4502ff9 100644
--- a/cves/2023/2xxx/CVE-2023-2597.json
+++ b/cves/2023/2xxx/CVE-2023-2597.json
@@ -6,7 +6,7 @@
"cveId": "CVE-2023-2597",
"assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
"assignerShortName": "eclipse",
- "dateUpdated": "2024-07-04T19:59:21.579Z",
+ "dateUpdated": "2024-07-05T20:11:57.497Z",
"dateReserved": "2023-05-09T00:00:00",
"datePublished": "2023-05-22T00:00:00"
},
diff --git a/cves/2023/30xxx/CVE-2023-30402.json b/cves/2023/30xxx/CVE-2023-30402.json
index 355b78230f8..48dfd0ad1b9 100644
--- a/cves/2023/30xxx/CVE-2023-30402.json
+++ b/cves/2023/30xxx/CVE-2023-30402.json
@@ -6,7 +6,7 @@
"cveId": "CVE-2023-30402",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
- "dateUpdated": "2024-07-04T20:14:26.014Z",
+ "dateUpdated": "2024-07-05T20:10:28.830Z",
"dateReserved": "2023-04-07T00:00:00",
"datePublished": "2023-04-25T00:00:00"
},
diff --git a/cves/2023/32xxx/CVE-2023-32175.json b/cves/2023/32xxx/CVE-2023-32175.json
index 336fba589e0..65cb281d9fe 100644
--- a/cves/2023/32xxx/CVE-2023-32175.json
+++ b/cves/2023/32xxx/CVE-2023-32175.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-05-03T20:10:47.066Z",
"datePublished": "2024-05-03T01:56:51.643Z",
- "dateUpdated": "2024-07-04T20:55:17.277Z"
+ "dateUpdated": "2024-07-05T21:06:24.727Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/33xxx/CVE-2023-33281.json b/cves/2023/33xxx/CVE-2023-33281.json
index 74b49c1f1f1..1acaeb76bcf 100644
--- a/cves/2023/33xxx/CVE-2023-33281.json
+++ b/cves/2023/33xxx/CVE-2023-33281.json
@@ -6,7 +6,7 @@
"cveId": "CVE-2023-33281",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
- "dateUpdated": "2024-07-04T21:25:35.047Z",
+ "dateUpdated": "2024-07-05T20:12:57.542Z",
"dateReserved": "2023-05-22T00:00:00",
"datePublished": "2023-05-22T00:00:00"
},
diff --git a/cves/2023/33xxx/CVE-2023-33919.json b/cves/2023/33xxx/CVE-2023-33919.json
index 70b391f1ae2..1297e735e54 100644
--- a/cves/2023/33xxx/CVE-2023-33919.json
+++ b/cves/2023/33xxx/CVE-2023-33919.json
@@ -8,7 +8,7 @@
"assignerShortName": "siemens",
"dateReserved": "2023-05-23T10:09:31.037Z",
"datePublished": "2023-06-13T08:17:18.755Z",
- "dateUpdated": "2024-07-04T21:35:35.444Z"
+ "dateUpdated": "2024-07-06T14:12:00.475Z"
},
"containers": {
"cna": {
@@ -78,6 +78,9 @@
},
{
"url": "http://packetstormsecurity.com/files/173370/Siemens-A8000-CP-8050-CP-8031-Code-Execution-Command-Injection.html"
+ },
+ {
+ "url": "http://seclists.org/fulldisclosure/2024/Jul/4"
}
]
},
diff --git a/cves/2023/35xxx/CVE-2023-35722.json b/cves/2023/35xxx/CVE-2023-35722.json
index 62e057b2eb0..a928407918f 100644
--- a/cves/2023/35xxx/CVE-2023-35722.json
+++ b/cves/2023/35xxx/CVE-2023-35722.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-06-15T20:23:02.753Z",
"datePublished": "2024-05-03T01:57:42.315Z",
- "dateUpdated": "2024-07-04T22:06:45.462Z"
+ "dateUpdated": "2024-07-05T21:01:40.570Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/37xxx/CVE-2023-37358.json b/cves/2023/37xxx/CVE-2023-37358.json
index b3a7438ee7a..1cd4b524cc7 100644
--- a/cves/2023/37xxx/CVE-2023-37358.json
+++ b/cves/2023/37xxx/CVE-2023-37358.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-06-30T17:27:13.604Z",
"datePublished": "2024-05-03T01:58:42.822Z",
- "dateUpdated": "2024-07-04T22:46:57.640Z"
+ "dateUpdated": "2024-07-05T21:00:54.727Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/38xxx/CVE-2023-38109.json b/cves/2023/38xxx/CVE-2023-38109.json
index a4014a3ea32..5cc226188b9 100644
--- a/cves/2023/38xxx/CVE-2023-38109.json
+++ b/cves/2023/38xxx/CVE-2023-38109.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-07-12T15:22:20.621Z",
"datePublished": "2024-05-03T01:59:08.997Z",
- "dateUpdated": "2024-07-04T23:02:19.703Z"
+ "dateUpdated": "2024-07-05T21:00:40.754Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/39xxx/CVE-2023-39471.json b/cves/2023/39xxx/CVE-2023-39471.json
index 8b6602c0fc6..b1ee82acfbe 100644
--- a/cves/2023/39xxx/CVE-2023-39471.json
+++ b/cves/2023/39xxx/CVE-2023-39471.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-08-02T21:37:23.124Z",
"datePublished": "2024-05-03T02:10:38.498Z",
- "dateUpdated": "2024-07-04T23:37:19.229Z"
+ "dateUpdated": "2024-07-05T21:00:28.982Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/39xxx/CVE-2023-39473.json b/cves/2023/39xxx/CVE-2023-39473.json
index 63b3e43738f..87f101baa85 100644
--- a/cves/2023/39xxx/CVE-2023-39473.json
+++ b/cves/2023/39xxx/CVE-2023-39473.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-08-02T21:37:23.124Z",
"datePublished": "2024-05-03T02:10:39.937Z",
- "dateUpdated": "2024-07-04T23:37:19.310Z"
+ "dateUpdated": "2024-07-05T21:00:08.201Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/39xxx/CVE-2023-39475.json b/cves/2023/39xxx/CVE-2023-39475.json
index 5faf0b8bb71..00a2e94e4ec 100644
--- a/cves/2023/39xxx/CVE-2023-39475.json
+++ b/cves/2023/39xxx/CVE-2023-39475.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-08-02T21:37:23.124Z",
"datePublished": "2024-05-03T02:10:41.406Z",
- "dateUpdated": "2024-07-04T23:37:20.505Z"
+ "dateUpdated": "2024-07-05T20:59:42.213Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/39xxx/CVE-2023-39476.json b/cves/2023/39xxx/CVE-2023-39476.json
index d146c0e8b4a..6218f66b604 100644
--- a/cves/2023/39xxx/CVE-2023-39476.json
+++ b/cves/2023/39xxx/CVE-2023-39476.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-08-02T21:37:23.124Z",
"datePublished": "2024-05-03T02:10:42.122Z",
- "dateUpdated": "2024-07-04T23:37:20.466Z"
+ "dateUpdated": "2024-07-05T20:59:53.039Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/42xxx/CVE-2023-42116.json b/cves/2023/42xxx/CVE-2023-42116.json
index cb8bfa5793b..b4d29561c07 100644
--- a/cves/2023/42xxx/CVE-2023-42116.json
+++ b/cves/2023/42xxx/CVE-2023-42116.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-09-06T21:14:24.436Z",
"datePublished": "2024-05-03T02:13:24.558Z",
- "dateUpdated": "2024-07-05T01:07:45.627Z"
+ "dateUpdated": "2024-07-05T20:58:17.152Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/42xxx/CVE-2023-42119.json b/cves/2023/42xxx/CVE-2023-42119.json
index 6979656cc54..ad5be3ca933 100644
--- a/cves/2023/42xxx/CVE-2023-42119.json
+++ b/cves/2023/42xxx/CVE-2023-42119.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-09-06T21:14:24.436Z",
"datePublished": "2024-05-03T02:13:26.751Z",
- "dateUpdated": "2024-07-05T01:07:45.566Z"
+ "dateUpdated": "2024-07-05T20:58:39.448Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/44xxx/CVE-2023-44449.json b/cves/2023/44xxx/CVE-2023-44449.json
index 9cfa0d5a9ff..6a7f5db52ba 100644
--- a/cves/2023/44xxx/CVE-2023-44449.json
+++ b/cves/2023/44xxx/CVE-2023-44449.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2023-09-28T18:02:49.776Z",
"datePublished": "2024-05-03T02:14:11.010Z",
- "dateUpdated": "2024-07-05T01:53:00.892Z"
+ "dateUpdated": "2024-07-05T20:57:57.804Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/45xxx/CVE-2023-45830.json b/cves/2023/45xxx/CVE-2023-45830.json
index 0f77e0de91a..e823a04a1e1 100644
--- a/cves/2023/45xxx/CVE-2023-45830.json
+++ b/cves/2023/45xxx/CVE-2023-45830.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2023-10-13T13:20:17.574Z",
"datePublished": "2023-11-06T08:57:32.818Z",
- "dateUpdated": "2024-07-05T02:13:48.050Z"
+ "dateUpdated": "2024-07-08T09:26:08.845Z"
},
"containers": {
"cna": {
@@ -21,7 +21,13 @@
"vendor": "Online ADA",
"versions": [
{
- "lessThanOrEqual": "4.11",
+ "changes": [
+ {
+ "at": "4.13",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "4.12",
"status": "affected",
"version": "n/a",
"versionType": "custom"
@@ -44,10 +50,10 @@
{
"base64": false,
"type": "text/html",
- "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.
"
+ "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12.
"
}
],
- "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.11.\n\n"
+ "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Online ADA Accessibility Suite by Online ADA allows SQL Injection.This issue affects Accessibility Suite by Online ADA: from n/a through 4.12."
}
],
"impacts": [
@@ -61,6 +67,31 @@
]
}
],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 8.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
"problemTypes": [
{
"descriptions": [
@@ -76,7 +107,7 @@
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
- "dateUpdated": "2023-11-06T08:57:32.818Z"
+ "dateUpdated": "2024-07-08T09:26:08.845Z"
},
"references": [
{
@@ -86,10 +117,23 @@
"url": "https://patchstack.com/database/vulnerability/online-accessibility/wordpress-accessibility-suite-by-online-ada-plugin-4-11-sql-injection-vulnerability?_s_id=cve"
}
],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 4.13 or a higher version."
+ }
+ ],
+ "value": "Update to 4.13 or a higher version."
+ }
+ ],
"source": {
"discovery": "EXTERNAL"
},
- "title": "WordPress Accessibility Suite by Online ADA Plugin <= 4.11 is vulnerable to SQL Injection",
+ "title": "WordPress Accessibility Suite by Online ADA Plugin <= 4.12 is vulnerable to SQL Injection",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
diff --git a/cves/2023/47xxx/CVE-2023-47246.json b/cves/2023/47xxx/CVE-2023-47246.json
index 83c0012b337..f25b30593da 100644
--- a/cves/2023/47xxx/CVE-2023-47246.json
+++ b/cves/2023/47xxx/CVE-2023-47246.json
@@ -6,7 +6,7 @@
"cveId": "CVE-2023-47246",
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
- "dateUpdated": "2024-07-05T02:43:16.805Z",
+ "dateUpdated": "2024-07-06T13:52:50.136Z",
"dateReserved": "2023-11-04T00:00:00",
"datePublished": "2023-11-10T00:00:00"
},
diff --git a/cves/2023/47xxx/CVE-2023-47663.json b/cves/2023/47xxx/CVE-2023-47663.json
index 8401738c0eb..7d0345abe85 100644
--- a/cves/2023/47xxx/CVE-2023-47663.json
+++ b/cves/2023/47xxx/CVE-2023-47663.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2023-11-07T17:36:32.259Z",
"datePublished": "2024-06-04T09:48:16.038Z",
- "dateUpdated": "2024-07-05T02:48:18.807Z"
+ "dateUpdated": "2024-07-06T02:47:58.795Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/49xxx/CVE-2023-49188.json b/cves/2023/49xxx/CVE-2023-49188.json
index 982b7f34b43..3076a564615 100644
--- a/cves/2023/49xxx/CVE-2023-49188.json
+++ b/cves/2023/49xxx/CVE-2023-49188.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2023-11-22T23:36:56.847Z",
"datePublished": "2023-12-15T15:05:27.588Z",
- "dateUpdated": "2024-07-05T06:49:42.859Z"
+ "dateUpdated": "2024-07-08T09:01:56.157Z"
},
"containers": {
"cna": {
@@ -21,7 +21,13 @@
"vendor": "ZealousWeb",
"versions": [
{
- "lessThanOrEqual": "1.4",
+ "changes": [
+ {
+ "at": "2.1",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "2.0",
"status": "affected",
"version": "n/a",
"versionType": "custom"
@@ -44,10 +50,10 @@
{
"base64": false,
"type": "text/html",
- "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4.
"
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0.
"
}
],
- "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 1.4.\n\n"
+ "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZealousWeb Track Geolocation Of Users Using Contact Form 7 allows Stored XSS.This issue affects Track Geolocation Of Users Using Contact Form 7: from n/a through 2.0."
}
],
"impacts": [
@@ -101,7 +107,7 @@
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
- "dateUpdated": "2023-12-15T15:05:27.588Z"
+ "dateUpdated": "2024-07-08T09:01:56.157Z"
},
"references": [
{
@@ -111,10 +117,23 @@
"url": "https://patchstack.com/database/vulnerability/track-geolocation-of-users-using-contact-form-7/wordpress-track-geolocation-of-users-using-contact-form-7-plugin-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve"
}
],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 2.1 or a higher version."
+ }
+ ],
+ "value": "Update to 2.1 or a higher version."
+ }
+ ],
"source": {
"discovery": "EXTERNAL"
},
- "title": "WordPress Track Geolocation Of Users Using Contact Form 7 Plugin <= 1.4 is vulnerable to Cross Site Scripting (XSS)",
+ "title": "WordPress Track Geolocation Of Users Using Contact Form 7 Plugin <= 2.0 is vulnerable to Cross Site Scripting (XSS)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
diff --git a/cves/2023/51xxx/CVE-2023-51482.json b/cves/2023/51xxx/CVE-2023-51482.json
index 99f1af35361..411191f2d88 100644
--- a/cves/2023/51xxx/CVE-2023-51482.json
+++ b/cves/2023/51xxx/CVE-2023-51482.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2023-12-20T15:32:18.053Z",
"datePublished": "2024-04-25T08:16:31.790Z",
- "dateUpdated": "2024-07-05T07:55:07.439Z"
+ "dateUpdated": "2024-07-05T21:22:38.321Z"
},
"containers": {
"cna": {
diff --git a/cves/2023/52xxx/CVE-2023-52168.json b/cves/2023/52xxx/CVE-2023-52168.json
new file mode 100644
index 00000000000..5ca9b12f96b
--- /dev/null
+++ b/cves/2023/52xxx/CVE-2023-52168.json
@@ -0,0 +1,69 @@
+{
+ "dataType": "CVE_RECORD",
+ "cveMetadata": {
+ "state": "PUBLISHED",
+ "cveId": "CVE-2023-52168",
+ "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "assignerShortName": "mitre",
+ "dateUpdated": "2024-07-05T22:38:46.412103",
+ "dateReserved": "2023-12-29T00:00:00",
+ "datePublished": "2024-07-03T00:00:00"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "shortName": "mitre",
+ "dateUpdated": "2024-07-05T22:38:46.412103"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains a heap-based buffer overflow that allows an attacker to overwrite two bytes at multiple offsets beyond the allocated buffer size: buffer+512*i-2, for i=9, i=10, i=11, etc."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "n/a",
+ "product": "n/a",
+ "versions": [
+ {
+ "version": "n/a",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://sourceforge.net/p/sevenzip/bugs/2402/"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2024/07/03/10"
+ },
+ {
+ "name": "[oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver",
+ "tags": [
+ "mailing-list"
+ ],
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/03/10"
+ },
+ {
+ "url": "https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "text",
+ "lang": "en",
+ "description": "n/a"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "dataVersion": "5.1"
+}
\ No newline at end of file
diff --git a/cves/2023/52xxx/CVE-2023-52169.json b/cves/2023/52xxx/CVE-2023-52169.json
new file mode 100644
index 00000000000..e19f2c1ccb5
--- /dev/null
+++ b/cves/2023/52xxx/CVE-2023-52169.json
@@ -0,0 +1,69 @@
+{
+ "dataType": "CVE_RECORD",
+ "cveMetadata": {
+ "state": "PUBLISHED",
+ "cveId": "CVE-2023-52169",
+ "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "assignerShortName": "mitre",
+ "dateUpdated": "2024-07-05T22:39:09.936493",
+ "dateReserved": "2023-12-29T00:00:00",
+ "datePublished": "2024-07-03T00:00:00"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "shortName": "mitre",
+ "dateUpdated": "2024-07-05T22:39:09.936493"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "n/a",
+ "product": "n/a",
+ "versions": [
+ {
+ "version": "n/a",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://sourceforge.net/p/sevenzip/bugs/2402/"
+ },
+ {
+ "url": "https://www.openwall.com/lists/oss-security/2024/07/03/10"
+ },
+ {
+ "name": "[oss-security] 20240703 CVE-2023-52168, CVE-2023-52169: buffer overflow, over-read vulnerabilities in the 7-Zip archiver",
+ "tags": [
+ "mailing-list"
+ ],
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/03/10"
+ },
+ {
+ "url": "https://dfir.ru/2024/06/19/vulnerabilities-in-7-zip-and-ntfs3/"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "text",
+ "lang": "en",
+ "description": "n/a"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "dataVersion": "5.1"
+}
\ No newline at end of file
diff --git a/cves/2023/5xxx/CVE-2023-5090.json b/cves/2023/5xxx/CVE-2023-5090.json
index 77c30385936..d0664eee643 100644
--- a/cves/2023/5xxx/CVE-2023-5090.json
+++ b/cves/2023/5xxx/CVE-2023-5090.json
@@ -8,7 +8,7 @@
"assignerShortName": "redhat",
"dateReserved": "2023-09-20T15:29:32.106Z",
"datePublished": "2023-11-06T10:56:57.062Z",
- "dateUpdated": "2024-07-05T08:30:23.800Z"
+ "dateUpdated": "2024-07-08T04:38:07.892Z"
},
"containers": {
"cna": {
@@ -48,6 +48,44 @@
}
],
"affected": [
+ {
+ "vendor": "Red Hat",
+ "product": "Red Hat Enterprise Linux 8",
+ "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
+ "packageName": "kernel-rt",
+ "defaultStatus": "affected",
+ "versions": [
+ {
+ "version": "0:4.18.0-553.8.1.rt7.349.el8_10",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "cpes": [
+ "cpe:/a:redhat:enterprise_linux:8::realtime",
+ "cpe:/a:redhat:enterprise_linux:8::nfv"
+ ]
+ },
+ {
+ "vendor": "Red Hat",
+ "product": "Red Hat Enterprise Linux 8",
+ "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
+ "packageName": "kernel",
+ "defaultStatus": "affected",
+ "versions": [
+ {
+ "version": "0:4.18.0-553.8.1.el8_10",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "cpes": [
+ "cpe:/o:redhat:enterprise_linux:8::baseos",
+ "cpe:/a:redhat:enterprise_linux:8::crb"
+ ]
+ },
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
@@ -63,9 +101,9 @@
}
],
"cpes": [
+ "cpe:/a:redhat:rhel_eus:9.2::crb",
"cpe:/a:redhat:rhel_eus:9.2::appstream",
- "cpe:/o:redhat:rhel_eus:9.2::baseos",
- "cpe:/a:redhat:rhel_eus:9.2::crb"
+ "cpe:/o:redhat:rhel_eus:9.2::baseos"
]
},
{
@@ -83,8 +121,8 @@
}
],
"cpes": [
- "cpe:/a:redhat:rhel_eus:9.2::nfv",
- "cpe:/a:redhat:rhel_eus:9.2::realtime"
+ "cpe:/a:redhat:rhel_eus:9.2::realtime",
+ "cpe:/a:redhat:rhel_eus:9.2::nfv"
]
},
{
@@ -117,26 +155,6 @@
"cpe:/o:redhat:enterprise_linux:7"
]
},
- {
- "vendor": "Red Hat",
- "product": "Red Hat Enterprise Linux 8",
- "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
- "packageName": "kernel",
- "defaultStatus": "affected",
- "cpes": [
- "cpe:/o:redhat:enterprise_linux:8"
- ]
- },
- {
- "vendor": "Red Hat",
- "product": "Red Hat Enterprise Linux 8",
- "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
- "packageName": "kernel-rt",
- "defaultStatus": "affected",
- "cpes": [
- "cpe:/o:redhat:enterprise_linux:8"
- ]
- },
{
"vendor": "Red Hat",
"product": "Red Hat Enterprise Linux 9",
@@ -175,6 +193,22 @@
"x_refsource_REDHAT"
]
},
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:4211",
+ "name": "RHSA-2024:4211",
+ "tags": [
+ "vendor-advisory",
+ "x_refsource_REDHAT"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:4352",
+ "name": "RHSA-2024:4352",
+ "tags": [
+ "vendor-advisory",
+ "x_refsource_REDHAT"
+ ]
+ },
{
"url": "https://access.redhat.com/security/cve/CVE-2023-5090",
"tags": [
@@ -232,7 +266,7 @@
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
- "dateUpdated": "2024-06-12T09:31:47.782Z"
+ "dateUpdated": "2024-07-08T04:38:07.892Z"
}
},
"adp": [
diff --git a/cves/2024/0xxx/CVE-2024-0042.json b/cves/2024/0xxx/CVE-2024-0042.json
index c0c617e4f3b..a56fe78a202 100644
--- a/cves/2024/0xxx/CVE-2024-0042.json
+++ b/cves/2024/0xxx/CVE-2024-0042.json
@@ -8,7 +8,7 @@
"assignerShortName": "google_android",
"dateReserved": "2023-11-16T22:59:21.064Z",
"datePublished": "2024-05-07T21:01:29.018Z",
- "dateUpdated": "2024-07-05T09:35:43.828Z"
+ "dateUpdated": "2024-07-07T19:21:28.222Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/0xxx/CVE-2024-0905.json b/cves/2024/0xxx/CVE-2024-0905.json
index 5a020a78c47..92d1a1eedcc 100644
--- a/cves/2024/0xxx/CVE-2024-0905.json
+++ b/cves/2024/0xxx/CVE-2024-0905.json
@@ -8,7 +8,7 @@
"assignerShortName": "WPScan",
"dateReserved": "2024-01-25T19:59:26.093Z",
"datePublished": "2024-04-26T05:00:01.958Z",
- "dateUpdated": "2024-07-05T10:00:56.259Z"
+ "dateUpdated": "2024-07-05T21:22:15.290Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/0xxx/CVE-2024-0986.json b/cves/2024/0xxx/CVE-2024-0986.json
index 35ca668975d..1e155aa6d58 100644
--- a/cves/2024/0xxx/CVE-2024-0986.json
+++ b/cves/2024/0xxx/CVE-2024-0986.json
@@ -124,6 +124,9 @@
"tags": [
"exploit"
]
+ },
+ {
+ "url": "https://www.vicarius.io/vsociety/posts/issabel-authenticated-remote-code-execution-cve-2024-0986"
}
]
},
diff --git a/cves/2024/1xxx/CVE-2024-1386.json b/cves/2024/1xxx/CVE-2024-1386.json
index 2708ef1e002..0d6423ce488 100644
--- a/cves/2024/1xxx/CVE-2024-1386.json
+++ b/cves/2024/1xxx/CVE-2024-1386.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-02-08T21:17:00.517Z",
"datePublished": "2024-05-02T16:52:17.385Z",
- "dateUpdated": "2024-07-05T10:15:58.313Z"
+ "dateUpdated": "2024-07-07T13:53:03.431Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/1xxx/CVE-2024-1567.json b/cves/2024/1xxx/CVE-2024-1567.json
index 6d41a89ede6..88f2db819aa 100644
--- a/cves/2024/1xxx/CVE-2024-1567.json
+++ b/cves/2024/1xxx/CVE-2024-1567.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-02-15T20:15:56.171Z",
"datePublished": "2024-05-02T16:52:15.495Z",
- "dateUpdated": "2024-07-05T10:21:00.379Z"
+ "dateUpdated": "2024-07-05T21:11:23.918Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/1xxx/CVE-2024-1677.json b/cves/2024/1xxx/CVE-2024-1677.json
index e879fe9dcee..7adfeb69e8d 100644
--- a/cves/2024/1xxx/CVE-2024-1677.json
+++ b/cves/2024/1xxx/CVE-2024-1677.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-02-20T17:20:02.475Z",
"datePublished": "2024-05-02T16:52:13.585Z",
- "dateUpdated": "2024-07-05T10:21:01.840Z"
+ "dateUpdated": "2024-07-05T21:11:42.038Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/1xxx/CVE-2024-1679.json b/cves/2024/1xxx/CVE-2024-1679.json
index 003914944f8..70d3f296065 100644
--- a/cves/2024/1xxx/CVE-2024-1679.json
+++ b/cves/2024/1xxx/CVE-2024-1679.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-02-20T18:07:55.420Z",
"datePublished": "2024-05-02T16:52:35.334Z",
- "dateUpdated": "2024-07-05T10:21:01.774Z"
+ "dateUpdated": "2024-07-05T21:07:37.435Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/1xxx/CVE-2024-1809.json b/cves/2024/1xxx/CVE-2024-1809.json
index 1b3b9892a63..258623d3748 100644
--- a/cves/2024/1xxx/CVE-2024-1809.json
+++ b/cves/2024/1xxx/CVE-2024-1809.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-02-22T22:03:52.084Z",
"datePublished": "2024-05-02T16:52:16.449Z",
- "dateUpdated": "2024-07-05T10:31:03.688Z"
+ "dateUpdated": "2024-07-05T21:09:40.244Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/1xxx/CVE-2024-1993.json b/cves/2024/1xxx/CVE-2024-1993.json
index ab0632de3d2..18af48151e2 100644
--- a/cves/2024/1xxx/CVE-2024-1993.json
+++ b/cves/2024/1xxx/CVE-2024-1993.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-02-28T20:49:36.546Z",
"datePublished": "2024-05-02T16:52:14.044Z",
- "dateUpdated": "2024-07-05T10:31:06.615Z"
+ "dateUpdated": "2024-07-07T13:53:08.521Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/1xxx/CVE-2024-1994.json b/cves/2024/1xxx/CVE-2024-1994.json
index 6512cdf4763..4ba17cc52c0 100644
--- a/cves/2024/1xxx/CVE-2024-1994.json
+++ b/cves/2024/1xxx/CVE-2024-1994.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-02-28T20:54:46.795Z",
"datePublished": "2024-04-06T01:54:50.208Z",
- "dateUpdated": "2024-07-05T10:31:06.616Z"
+ "dateUpdated": "2024-07-06T13:28:56.785Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/20xxx/CVE-2024-20852.json b/cves/2024/20xxx/CVE-2024-20852.json
index 409ba96e95a..0432d46de14 100644
--- a/cves/2024/20xxx/CVE-2024-20852.json
+++ b/cves/2024/20xxx/CVE-2024-20852.json
@@ -8,7 +8,7 @@
"assignerShortName": "SamsungMobile",
"dateReserved": "2023-12-05T04:57:52.539Z",
"datePublished": "2024-04-02T02:59:48.487Z",
- "dateUpdated": "2024-07-05T10:46:08.598Z"
+ "dateUpdated": "2024-07-08T13:31:15.663Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/20xxx/CVE-2024-20890.json b/cves/2024/20xxx/CVE-2024-20890.json
new file mode 100644
index 00000000000..c6f1b0d0a0c
--- /dev/null
+++ b/cves/2024/20xxx/CVE-2024-20890.json
@@ -0,0 +1,109 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-20890",
+ "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
+ "state": "PUBLISHED",
+ "assignerShortName": "SamsungMobile",
+ "dateReserved": "2023-12-05T04:57:52.559Z",
+ "datePublished": "2024-07-02T09:20:40.447Z",
+ "dateUpdated": "2024-07-06T02:34:23.959Z"
+ },
+ "containers": {
+ "cna": {
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "description": "CWE-20 Improper Input Validation"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Samsung Mobile",
+ "product": "Samsung Mobile Devices",
+ "versions": [
+ {
+ "status": "unaffected",
+ "version": "SMR Jul-2024 Release in Android 12, 13, 14 Mediatek devices"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior."
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07"
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "ADJACENT_NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseSeverity": "MEDIUM",
+ "baseScore": 5.3,
+ "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"
+ }
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
+ "shortName": "SamsungMobile",
+ "dateUpdated": "2024-07-02T09:20:40.447Z"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-06T02:34:16.838603Z",
+ "id": "CVE-2024-20890",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-06T02:34:23.959Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/23xxx/CVE-2024-23519.json b/cves/2024/23xxx/CVE-2024-23519.json
index e8c261d59cc..127c3384c16 100644
--- a/cves/2024/23xxx/CVE-2024-23519.json
+++ b/cves/2024/23xxx/CVE-2024-23519.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-01-17T18:18:40.120Z",
"datePublished": "2024-02-28T16:27:34.627Z",
- "dateUpdated": "2024-07-05T11:31:29.252Z"
+ "dateUpdated": "2024-07-08T09:48:21.482Z"
},
"containers": {
"cna": {
@@ -21,6 +21,12 @@
"vendor": "M&S Consulting",
"versions": [
{
+ "changes": [
+ {
+ "at": "6.9.8",
+ "status": "unaffected"
+ }
+ ],
"lessThanOrEqual": "6.9.7",
"status": "affected",
"version": "n/a",
@@ -47,7 +53,7 @@
"value": "Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7.
"
}
],
- "value": "Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7.\n\n"
+ "value": "Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7."
}
],
"metrics": [
@@ -90,7 +96,7 @@
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
- "dateUpdated": "2024-02-28T16:27:34.627Z"
+ "dateUpdated": "2024-07-08T09:48:21.482Z"
},
"references": [
{
@@ -100,6 +106,19 @@
"url": "https://patchstack.com/database/vulnerability/email-before-download/wordpress-email-before-download-plugin-6-9-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
}
],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 6.9.8 or a higher version."
+ }
+ ],
+ "value": "Update to 6.9.8 or a higher version."
+ }
+ ],
"source": {
"discovery": "EXTERNAL"
},
diff --git a/cves/2024/24xxx/CVE-2024-24974.json b/cves/2024/24xxx/CVE-2024-24974.json
new file mode 100644
index 00000000000..85e111defa2
--- /dev/null
+++ b/cves/2024/24xxx/CVE-2024-24974.json
@@ -0,0 +1,70 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-24974",
+ "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
+ "state": "PUBLISHED",
+ "assignerShortName": "OpenVPN",
+ "dateReserved": "2024-03-12T18:26:01.713Z",
+ "datePublished": "2024-07-08T10:20:34.520Z",
+ "dateUpdated": "2024-07-08T10:22:24.212Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
+ "shortName": "OpenVPN",
+ "dateUpdated": "2024-07-08T10:22:24.212Z"
+ },
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "cweId": "CWE-923",
+ "description": "Improper Restriction of Communication Channel to Intended Endpoints",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "OpenVPN",
+ "product": "OpenVPN 2",
+ "platforms": [
+ "Windows"
+ ],
+ "modules": [
+ "Interactive Service"
+ ],
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.6.9 and earlier"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The interactive service in OpenVPN 2.6.9 and earlier allows the OpenVPN service pipe to be accessed remotely, which allows a remote attacker to interact with the privileged OpenVPN interactive service."
+ }
+ ],
+ "references": [
+ {
+ "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-24974"
+ },
+ {
+ "url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/"
+ },
+ {
+ "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/25xxx/CVE-2024-25928.json b/cves/2024/25xxx/CVE-2024-25928.json
index a23e2f347e4..01c8ea34693 100644
--- a/cves/2024/25xxx/CVE-2024-25928.json
+++ b/cves/2024/25xxx/CVE-2024-25928.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-02-12T08:35:19.125Z",
"datePublished": "2024-02-23T11:52:37.331Z",
- "dateUpdated": "2024-07-05T12:11:41.447Z"
+ "dateUpdated": "2024-07-08T09:28:54.359Z"
},
"containers": {
"cna": {
@@ -21,6 +21,12 @@
"vendor": "Sitepact",
"versions": [
{
+ "changes": [
+ {
+ "at": "3.0.0",
+ "status": "unaffected"
+ }
+ ],
"lessThanOrEqual": "1.0.5",
"status": "affected",
"version": "n/a",
@@ -47,7 +53,7 @@
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5.
"
}
],
- "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5.\n\n"
+ "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5."
}
],
"metrics": [
@@ -90,7 +96,7 @@
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
- "dateUpdated": "2024-02-23T11:52:37.331Z"
+ "dateUpdated": "2024-07-08T09:28:54.359Z"
},
"references": [
{
@@ -100,6 +106,19 @@
"url": "https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve"
}
],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 3.0.0 or a higher version."
+ }
+ ],
+ "value": "Update to 3.0.0 or a higher version."
+ }
+ ],
"source": {
"discovery": "EXTERNAL"
},
diff --git a/cves/2024/26xxx/CVE-2024-26621.json b/cves/2024/26xxx/CVE-2024-26621.json
index cb39b4c58d0..98d94e7fddf 100644
--- a/cves/2024/26xxx/CVE-2024-26621.json
+++ b/cves/2024/26xxx/CVE-2024-26621.json
@@ -102,6 +102,9 @@
},
{
"url": "https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d"
+ },
+ {
+ "url": "https://zolutal.github.io/aslrnt/"
}
],
"title": "mm: huge_memory: don't force huge page alignment on 32 bit",
diff --git a/cves/2024/27xxx/CVE-2024-27459.json b/cves/2024/27xxx/CVE-2024-27459.json
new file mode 100644
index 00000000000..11da3e33ff8
--- /dev/null
+++ b/cves/2024/27xxx/CVE-2024-27459.json
@@ -0,0 +1,67 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-27459",
+ "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
+ "state": "PUBLISHED",
+ "assignerShortName": "OpenVPN",
+ "dateReserved": "2024-03-12T18:26:01.720Z",
+ "datePublished": "2024-07-08T10:14:06.208Z",
+ "dateUpdated": "2024-07-08T10:14:38.971Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
+ "shortName": "OpenVPN",
+ "dateUpdated": "2024-07-08T10:14:38.971Z"
+ },
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "cweId": "CWE-121",
+ "description": "Stack-based Buffer Overflow",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "OpenVPN",
+ "product": "OpenVPN GUI",
+ "platforms": [
+ "Windows"
+ ],
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.6.9 and earlier"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The interactive service in OpenVPN 2.6.9 and earlier allows an attacker to send data causing a stack overflow which can be used to execute arbitrary code with more privileges."
+ }
+ ],
+ "references": [
+ {
+ "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27459"
+ },
+ {
+ "url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/"
+ },
+ {
+ "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/27xxx/CVE-2024-27715.json b/cves/2024/27xxx/CVE-2024-27715.json
new file mode 100644
index 00000000000..e59c5bdb520
--- /dev/null
+++ b/cves/2024/27xxx/CVE-2024-27715.json
@@ -0,0 +1,136 @@
+{
+ "dataType": "CVE_RECORD",
+ "cveMetadata": {
+ "state": "PUBLISHED",
+ "cveId": "CVE-2024-27715",
+ "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "assignerShortName": "mitre",
+ "dateUpdated": "2024-07-07T14:06:34.120Z",
+ "dateReserved": "2024-02-26T00:00:00",
+ "datePublished": "2024-07-05T00:00:00"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "shortName": "mitre",
+ "dateUpdated": "2024-07-05T16:27:24.798977"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An issue in Eskooly Free Online School management Software v.3.0 and before allows a remote attacker to escalate privileges via a crafted request to the Password Change mechanism."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "n/a",
+ "product": "n/a",
+ "versions": [
+ {
+ "version": "n/a",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.be-hacktive.com/eskooly-cve/cve-2024-27715-inadequate-password-update-verification-in-eskooly-web-product-less-than-v3.0"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "text",
+ "lang": "en",
+ "description": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "adp": [
+ {
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "CWE",
+ "cweId": "CWE-620",
+ "lang": "en",
+ "description": "CWE-620 Unverified Password Change"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "eskooly",
+ "product": "web_product",
+ "cpes": [
+ "cpe:2.3:a:eskooly:web_product:*:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThanOrEqual": "3.0.0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "scope": "UNCHANGED",
+ "version": "3.1",
+ "baseScore": 8.2,
+ "attackVector": "NETWORK",
+ "baseSeverity": "HIGH",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
+ "integrityImpact": "HIGH",
+ "userInteraction": "NONE",
+ "attackComplexity": "LOW",
+ "availabilityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "confidentialityImpact": "LOW"
+ }
+ },
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-07T14:03:52.219579Z",
+ "id": "CVE-2024-27715",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "yes"
+ },
+ {
+ "Technical Impact": "total"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-07T14:06:34.120Z"
+ }
+ }
+ ]
+ },
+ "dataVersion": "5.1"
+}
\ No newline at end of file
diff --git a/cves/2024/27xxx/CVE-2024-27716.json b/cves/2024/27xxx/CVE-2024-27716.json
new file mode 100644
index 00000000000..ebf7661f15c
--- /dev/null
+++ b/cves/2024/27xxx/CVE-2024-27716.json
@@ -0,0 +1,136 @@
+{
+ "dataType": "CVE_RECORD",
+ "cveMetadata": {
+ "state": "PUBLISHED",
+ "cveId": "CVE-2024-27716",
+ "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "assignerShortName": "mitre",
+ "dateUpdated": "2024-07-07T14:08:41.854Z",
+ "dateReserved": "2024-02-26T00:00:00",
+ "datePublished": "2024-07-05T00:00:00"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "shortName": "mitre",
+ "dateUpdated": "2024-07-05T16:27:51.729732"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "n/a",
+ "product": "n/a",
+ "versions": [
+ {
+ "version": "n/a",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.be-hacktive.com/eskooly-cve/cve-2024-27716-cross-site-scripting-xss-in-eskooly-web-product-less-than-v3.0"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "text",
+ "lang": "en",
+ "description": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "adp": [
+ {
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "CWE",
+ "cweId": "CWE-80",
+ "lang": "en",
+ "description": "CWE-80 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "eskooly",
+ "product": "web_product",
+ "cpes": [
+ "cpe:2.3:a:eskooly:web_product:*:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThanOrEqual": "3.0.0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "scope": "UNCHANGED",
+ "version": "3.1",
+ "baseScore": 5.4,
+ "attackVector": "NETWORK",
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
+ "integrityImpact": "LOW",
+ "userInteraction": "REQUIRED",
+ "attackComplexity": "LOW",
+ "availabilityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "confidentialityImpact": "LOW"
+ }
+ },
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-07T14:07:53.391600Z",
+ "id": "CVE-2024-27716",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-07T14:08:41.854Z"
+ }
+ }
+ ]
+ },
+ "dataVersion": "5.1"
+}
\ No newline at end of file
diff --git a/cves/2024/27xxx/CVE-2024-27717.json b/cves/2024/27xxx/CVE-2024-27717.json
new file mode 100644
index 00000000000..e2244554090
--- /dev/null
+++ b/cves/2024/27xxx/CVE-2024-27717.json
@@ -0,0 +1,136 @@
+{
+ "dataType": "CVE_RECORD",
+ "cveMetadata": {
+ "state": "PUBLISHED",
+ "cveId": "CVE-2024-27717",
+ "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "assignerShortName": "mitre",
+ "dateUpdated": "2024-07-07T14:07:36.569Z",
+ "dateReserved": "2024-02-26T00:00:00",
+ "datePublished": "2024-07-05T00:00:00"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "shortName": "mitre",
+ "dateUpdated": "2024-07-05T16:28:23.076877"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Cross Site Request Forgery vulnerability in Eskooly Free Online School Management Software v.3.0 and before allows a remote attacker to escalate privileges via the Token Handling component."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "n/a",
+ "product": "n/a",
+ "versions": [
+ {
+ "version": "n/a",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://blog.be-hacktive.com/eskooly-cve/cve-2024-27717-cross-site-request-forgery-csrf-in-eskooly-web-product-less-than-v3.0"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "text",
+ "lang": "en",
+ "description": "n/a"
+ }
+ ]
+ }
+ ]
+ },
+ "adp": [
+ {
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "CWE",
+ "cweId": "CWE-352",
+ "lang": "en",
+ "description": "CWE-352 Cross-Site Request Forgery (CSRF)"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "eskooly",
+ "product": "web_product",
+ "cpes": [
+ "cpe:2.3:a:eskooly:web_product:*:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThanOrEqual": "3.0.0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "scope": "UNCHANGED",
+ "version": "3.1",
+ "baseScore": 6.5,
+ "attackVector": "NETWORK",
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
+ "integrityImpact": "LOW",
+ "userInteraction": "NONE",
+ "attackComplexity": "LOW",
+ "availabilityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "confidentialityImpact": "LOW"
+ }
+ },
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-07T14:05:17.003353Z",
+ "id": "CVE-2024-27717",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "yes"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-07T14:07:36.569Z"
+ }
+ }
+ ]
+ },
+ "dataVersion": "5.1"
+}
\ No newline at end of file
diff --git a/cves/2024/27xxx/CVE-2024-27903.json b/cves/2024/27xxx/CVE-2024-27903.json
new file mode 100644
index 00000000000..9466e57cc59
--- /dev/null
+++ b/cves/2024/27xxx/CVE-2024-27903.json
@@ -0,0 +1,70 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-27903",
+ "assignerOrgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
+ "state": "PUBLISHED",
+ "assignerShortName": "OpenVPN",
+ "dateReserved": "2024-03-12T18:26:01.705Z",
+ "datePublished": "2024-07-08T10:27:40.125Z",
+ "dateUpdated": "2024-07-08T10:27:40.125Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "36a55730-e66d-4d39-8ca6-3c3b3017965e",
+ "shortName": "OpenVPN",
+ "dateUpdated": "2024-07-08T10:27:40.125Z"
+ },
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "cweId": "CWE-283",
+ "description": "Unverified Ownership",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "OpenVPN",
+ "product": "OpenVPN 2",
+ "platforms": [
+ "Windows"
+ ],
+ "modules": [
+ "Core"
+ ],
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.6.9 and earlier"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "OpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitrary plug-in which can be used to interact with the privileged OpenVPN interactive service."
+ }
+ ],
+ "references": [
+ {
+ "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27903"
+ },
+ {
+ "url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/"
+ },
+ {
+ "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html"
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/29xxx/CVE-2024-29824.json b/cves/2024/29xxx/CVE-2024-29824.json
index b7bf3c2fb5c..99bec59f849 100644
--- a/cves/2024/29xxx/CVE-2024-29824.json
+++ b/cves/2024/29xxx/CVE-2024-29824.json
@@ -8,7 +8,7 @@
"assignerShortName": "hackerone",
"dateReserved": "2024-03-20T01:04:06.689Z",
"datePublished": "2024-05-31T17:38:31.331Z",
- "dateUpdated": "2024-07-05T13:29:45.828Z"
+ "dateUpdated": "2024-07-06T03:55:43.773Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/2xxx/CVE-2024-2040.json b/cves/2024/2xxx/CVE-2024-2040.json
new file mode 100644
index 00000000000..94df2c243b8
--- /dev/null
+++ b/cves/2024/2xxx/CVE-2024-2040.json
@@ -0,0 +1,151 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-2040",
+ "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
+ "state": "PUBLISHED",
+ "assignerShortName": "WPScan",
+ "dateReserved": "2024-02-29T20:46:24.025Z",
+ "datePublished": "2024-07-03T06:00:02.427Z",
+ "dateUpdated": "2024-07-05T20:07:13.216Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
+ "shortName": "WPScan",
+ "dateUpdated": "2024-07-03T06:00:02.427Z"
+ },
+ "title": " Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Unknown",
+ "product": "Himer",
+ "versions": [
+ {
+ "status": "affected",
+ "versionType": "semver",
+ "version": "0",
+ "lessThan": "2.1.1"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack"
+ }
+ ],
+ "references": [
+ {
+ "url": "https://wpscan.com/vulnerability/1b97bbf0-c7d1-4e6c-bb80-f9bf45fbfe1e/",
+ "tags": [
+ "exploit",
+ "vdb-entry",
+ "technical-description"
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Sushmita Poudel",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "WPScan",
+ "type": "coordinator"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "x_generator": {
+ "engine": "WPScan CVE Generator"
+ }
+ },
+ "adp": [
+ {
+ "affected": [
+ {
+ "vendor": "2codethemes",
+ "product": "himer",
+ "cpes": [
+ "cpe:2.3:a:2codethemes:himer:*:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThan": "2.1.1",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "scope": "UNCHANGED",
+ "version": "3.1",
+ "baseScore": 6.3,
+ "attackVector": "NETWORK",
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "integrityImpact": "LOW",
+ "userInteraction": "REQUIRED",
+ "attackComplexity": "LOW",
+ "availabilityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "confidentialityImpact": "LOW"
+ }
+ },
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-03T13:31:10.122201Z",
+ "id": "CVE-2024-2040",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "total"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-05T20:07:13.216Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/2xxx/CVE-2024-2084.json b/cves/2024/2xxx/CVE-2024-2084.json
index e876b104704..2bfd75abdfb 100644
--- a/cves/2024/2xxx/CVE-2024-2084.json
+++ b/cves/2024/2xxx/CVE-2024-2084.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-03-01T14:51:11.393Z",
"datePublished": "2024-05-02T16:52:23.686Z",
- "dateUpdated": "2024-07-05T14:11:39.060Z"
+ "dateUpdated": "2024-07-07T13:52:58.356Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/2xxx/CVE-2024-2191.json b/cves/2024/2xxx/CVE-2024-2191.json
index edfffb741a2..d2c3a2cdcfe 100644
--- a/cves/2024/2xxx/CVE-2024-2191.json
+++ b/cves/2024/2xxx/CVE-2024-2191.json
@@ -8,7 +8,7 @@
"assignerShortName": "GitLab",
"dateReserved": "2024-03-05T14:30:39.468Z",
"datePublished": "2024-06-26T23:31:45.431Z",
- "dateUpdated": "2024-07-05T14:11:39.685Z"
+ "dateUpdated": "2024-07-05T20:17:35.161Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/2xxx/CVE-2024-2233.json b/cves/2024/2xxx/CVE-2024-2233.json
new file mode 100644
index 00000000000..2a592ed112a
--- /dev/null
+++ b/cves/2024/2xxx/CVE-2024-2233.json
@@ -0,0 +1,151 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-2233",
+ "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
+ "state": "PUBLISHED",
+ "assignerShortName": "WPScan",
+ "dateReserved": "2024-03-06T19:45:30.124Z",
+ "datePublished": "2024-07-03T06:00:03.458Z",
+ "dateUpdated": "2024-07-05T20:06:57.435Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
+ "shortName": "WPScan",
+ "dateUpdated": "2024-07-03T06:00:03.458Z"
+ },
+ "title": " Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Unknown",
+ "product": "Himer",
+ "versions": [
+ {
+ "status": "affected",
+ "versionType": "semver",
+ "version": "0",
+ "lessThan": "2.1.1"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group"
+ }
+ ],
+ "references": [
+ {
+ "url": "https://wpscan.com/vulnerability/51d0311a-673b-4538-9427-a48e8c89e38b/",
+ "tags": [
+ "exploit",
+ "vdb-entry",
+ "technical-description"
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Sushmita Poudel",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "WPScan",
+ "type": "coordinator"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "x_generator": {
+ "engine": "WPScan CVE Generator"
+ }
+ },
+ "adp": [
+ {
+ "affected": [
+ {
+ "vendor": "2codethemes",
+ "product": "himer",
+ "cpes": [
+ "cpe:2.3:a:2codethemes:himer:*:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThan": "2.1.1",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "scope": "UNCHANGED",
+ "version": "3.1",
+ "baseScore": 6.3,
+ "attackVector": "NETWORK",
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "integrityImpact": "LOW",
+ "userInteraction": "REQUIRED",
+ "attackComplexity": "LOW",
+ "availabilityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "confidentialityImpact": "LOW"
+ }
+ },
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-03T18:37:54.074138Z",
+ "id": "CVE-2024-2233",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-05T20:06:57.435Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/2xxx/CVE-2024-2234.json b/cves/2024/2xxx/CVE-2024-2234.json
new file mode 100644
index 00000000000..91ea894d6e3
--- /dev/null
+++ b/cves/2024/2xxx/CVE-2024-2234.json
@@ -0,0 +1,151 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-2234",
+ "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
+ "state": "PUBLISHED",
+ "assignerShortName": "WPScan",
+ "dateReserved": "2024-03-06T19:45:34.998Z",
+ "datePublished": "2024-07-03T06:00:03.688Z",
+ "dateUpdated": "2024-07-05T20:03:58.807Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
+ "shortName": "WPScan",
+ "dateUpdated": "2024-07-03T06:00:03.688Z"
+ },
+ "title": " Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-79 Cross-Site Scripting (XSS)",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Unknown",
+ "product": "Himer",
+ "versions": [
+ {
+ "status": "affected",
+ "versionType": "semver",
+ "version": "0",
+ "lessThan": "2.1.1"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks"
+ }
+ ],
+ "references": [
+ {
+ "url": "https://wpscan.com/vulnerability/37018a3f-895f-48f7-b033-c051e2462830/",
+ "tags": [
+ "exploit",
+ "vdb-entry",
+ "technical-description"
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Bob Matyas",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "WPScan",
+ "type": "coordinator"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "x_generator": {
+ "engine": "WPScan CVE Generator"
+ }
+ },
+ "adp": [
+ {
+ "affected": [
+ {
+ "vendor": "2codethemes",
+ "product": "himer",
+ "cpes": [
+ "cpe:2.3:a:2codethemes:himer:*:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThan": "2.1.1",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "scope": "UNCHANGED",
+ "version": "3.1",
+ "baseScore": 6.3,
+ "attackVector": "NETWORK",
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "integrityImpact": "LOW",
+ "userInteraction": "REQUIRED",
+ "attackComplexity": "LOW",
+ "availabilityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "confidentialityImpact": "LOW"
+ }
+ },
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-05T20:03:00.734912Z",
+ "id": "CVE-2024-2234",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-05T20:03:58.807Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/2xxx/CVE-2024-2235.json b/cves/2024/2xxx/CVE-2024-2235.json
new file mode 100644
index 00000000000..a51361805d1
--- /dev/null
+++ b/cves/2024/2xxx/CVE-2024-2235.json
@@ -0,0 +1,151 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-2235",
+ "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
+ "state": "PUBLISHED",
+ "assignerShortName": "WPScan",
+ "dateReserved": "2024-03-06T19:45:41.389Z",
+ "datePublished": "2024-07-03T06:00:03.922Z",
+ "dateUpdated": "2024-07-05T20:07:29.077Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
+ "shortName": "WPScan",
+ "dateUpdated": "2024-07-03T06:00:03.922Z"
+ },
+ "title": " Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Unknown",
+ "product": "Himer",
+ "versions": [
+ {
+ "status": "affected",
+ "versionType": "semver",
+ "version": "0",
+ "lessThan": "2.1.1"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack"
+ }
+ ],
+ "references": [
+ {
+ "url": "https://wpscan.com/vulnerability/62c8a564-225e-4202-9bb0-03029fa4fd42/",
+ "tags": [
+ "exploit",
+ "vdb-entry",
+ "technical-description"
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "Sushmita Poudel",
+ "type": "finder"
+ },
+ {
+ "lang": "en",
+ "value": "WPScan",
+ "type": "coordinator"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "x_generator": {
+ "engine": "WPScan CVE Generator"
+ }
+ },
+ "adp": [
+ {
+ "affected": [
+ {
+ "vendor": "2codethemes",
+ "product": "himer",
+ "cpes": [
+ "cpe:2.3:a:2codethemes:himer:*:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThan": "2.1.1",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "scope": "UNCHANGED",
+ "version": "3.1",
+ "baseScore": 6.3,
+ "attackVector": "NETWORK",
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
+ "integrityImpact": "LOW",
+ "userInteraction": "REQUIRED",
+ "attackComplexity": "LOW",
+ "availabilityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "confidentialityImpact": "LOW"
+ }
+ },
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-03T19:13:53.133417Z",
+ "id": "CVE-2024-2235",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-05T20:07:29.077Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/2xxx/CVE-2024-2542.json b/cves/2024/2xxx/CVE-2024-2542.json
index 01c3dfa4536..b8b329e43dd 100644
--- a/cves/2024/2xxx/CVE-2024-2542.json
+++ b/cves/2024/2xxx/CVE-2024-2542.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-03-15T18:40:19.053Z",
"datePublished": "2024-05-02T16:52:24.636Z",
- "dateUpdated": "2024-07-05T14:21:37.765Z"
+ "dateUpdated": "2024-07-05T21:08:41.890Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/2xxx/CVE-2024-2752.json b/cves/2024/2xxx/CVE-2024-2752.json
index 5db64f53ac2..14a0b481699 100644
--- a/cves/2024/2xxx/CVE-2024-2752.json
+++ b/cves/2024/2xxx/CVE-2024-2752.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-03-20T21:56:34.161Z",
"datePublished": "2024-05-02T16:52:53.708Z",
- "dateUpdated": "2024-07-05T14:26:39.873Z"
+ "dateUpdated": "2024-07-07T13:52:49.459Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/2xxx/CVE-2024-2840.json b/cves/2024/2xxx/CVE-2024-2840.json
index 7e9607788b0..950bb02d803 100644
--- a/cves/2024/2xxx/CVE-2024-2840.json
+++ b/cves/2024/2xxx/CVE-2024-2840.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-03-22T19:24:49.722Z",
"datePublished": "2024-05-02T16:51:48.753Z",
- "dateUpdated": "2024-07-05T14:31:58.027Z"
+ "dateUpdated": "2024-07-05T21:17:19.212Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/2xxx/CVE-2024-2926.json b/cves/2024/2xxx/CVE-2024-2926.json
new file mode 100644
index 00000000000..9066ad25ddc
--- /dev/null
+++ b/cves/2024/2xxx/CVE-2024-2926.json
@@ -0,0 +1,141 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-2926",
+ "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
+ "state": "PUBLISHED",
+ "assignerShortName": "Wordfence",
+ "dateReserved": "2024-03-26T15:34:17.755Z",
+ "datePublished": "2024-07-04T03:32:24.045Z",
+ "dateUpdated": "2024-07-06T02:59:15.418Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
+ "shortName": "Wordfence",
+ "dateUpdated": "2024-07-04T03:32:24.045Z"
+ },
+ "affected": [
+ {
+ "vendor": "livemesh",
+ "product": "Elementor Addons by Livemesh",
+ "versions": [
+ {
+ "version": "*",
+ "status": "affected",
+ "lessThanOrEqual": "8.3.7",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "title": "Elementor Addons by Livemesh <= 8.3.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Various Widgets",
+ "references": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/78e9beef-4d2b-4004-8db7-4963882e405b?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.6/templates/addons/carousel/loop.php#L47"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.6/templates/addons/posts-slider/loop-start.php#L36"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.6/templates/addons/posts-multislider/loop-start.php#L45"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.6/templates/addons/posts-gridbox-slider/loop-start.php#L32"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.6/templates/addons/posts-carousel/loop-start.php#L44"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.6/templates/addons/device-slider/loop.php#L34"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.6/templates/addons/animated-text/loop.php#L45"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/addons-for-elementor/tags/8.3.6/templates/addons/animated-text/loop.php#L40"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "wesley"
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2024-07-03T14:51:15.000+00:00",
+ "lang": "en",
+ "value": "Disclosed"
+ }
+ ]
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-06T02:58:56.798688Z",
+ "id": "CVE-2024-2926",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-06T02:59:15.418Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/2xxx/CVE-2024-2958.json b/cves/2024/2xxx/CVE-2024-2958.json
index 1e870e3ef69..2eeaa79be1c 100644
--- a/cves/2024/2xxx/CVE-2024-2958.json
+++ b/cves/2024/2xxx/CVE-2024-2958.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-03-26T19:26:00.854Z",
"datePublished": "2024-05-02T16:52:11.744Z",
- "dateUpdated": "2024-07-05T14:51:51.386Z"
+ "dateUpdated": "2024-07-05T21:11:51.020Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/2xxx/CVE-2024-2970.json b/cves/2024/2xxx/CVE-2024-2970.json
index b421917060b..5f3915f93d4 100644
--- a/cves/2024/2xxx/CVE-2024-2970.json
+++ b/cves/2024/2xxx/CVE-2024-2970.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-03-26T20:28:36.845Z",
"datePublished": "2024-03-29T06:43:57.638Z",
- "dateUpdated": "2024-07-05T14:51:50.664Z"
+ "dateUpdated": "2024-07-07T13:48:39.411Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/31xxx/CVE-2024-31086.json b/cves/2024/31xxx/CVE-2024-31086.json
index 9303ddbeeb5..272673c9521 100644
--- a/cves/2024/31xxx/CVE-2024-31086.json
+++ b/cves/2024/31xxx/CVE-2024-31086.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-03-28T06:57:31.066Z",
"datePublished": "2024-04-15T07:46:20.046Z",
- "dateUpdated": "2024-07-05T15:11:58.395Z"
+ "dateUpdated": "2024-07-06T02:50:17.659Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/31xxx/CVE-2024-31093.json b/cves/2024/31xxx/CVE-2024-31093.json
index 1670ae7473b..0fc1dda2f7a 100644
--- a/cves/2024/31xxx/CVE-2024-31093.json
+++ b/cves/2024/31xxx/CVE-2024-31093.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-03-28T06:57:31.067Z",
"datePublished": "2024-04-15T07:45:07.415Z",
- "dateUpdated": "2024-07-05T15:11:58.487Z"
+ "dateUpdated": "2024-07-06T02:50:39.444Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/31xxx/CVE-2024-31288.json b/cves/2024/31xxx/CVE-2024-31288.json
index 58522bedb06..01520c015c8 100644
--- a/cves/2024/31xxx/CVE-2024-31288.json
+++ b/cves/2024/31xxx/CVE-2024-31288.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-03-29T16:49:21.490Z",
"datePublished": "2024-04-07T17:18:47.447Z",
- "dateUpdated": "2024-07-05T15:17:18.846Z"
+ "dateUpdated": "2024-07-06T13:28:04.659Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/31xxx/CVE-2024-31299.json b/cves/2024/31xxx/CVE-2024-31299.json
index 4a8549e05cb..9328c437225 100644
--- a/cves/2024/31xxx/CVE-2024-31299.json
+++ b/cves/2024/31xxx/CVE-2024-31299.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-03-29T17:34:07.668Z",
"datePublished": "2024-04-10T16:27:48.253Z",
- "dateUpdated": "2024-07-05T15:17:18.832Z"
+ "dateUpdated": "2024-07-06T02:51:01.696Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/31xxx/CVE-2024-31897.json b/cves/2024/31xxx/CVE-2024-31897.json
new file mode 100644
index 00000000000..1d35be12e9c
--- /dev/null
+++ b/cves/2024/31xxx/CVE-2024-31897.json
@@ -0,0 +1,119 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-31897",
+ "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "state": "PUBLISHED",
+ "assignerShortName": "ibm",
+ "dateReserved": "2024-04-07T12:44:57.196Z",
+ "datePublished": "2024-07-08T02:01:23.947Z",
+ "dateUpdated": "2024-07-08T02:01:23.947Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.0:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.0:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unaffected",
+ "product": "Cloud Pak for Business Automation",
+ "vendor": "IBM",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, 23.0.2"
+ }
+ ]
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178."
+ }
+ ],
+ "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 288178."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-918",
+ "description": "CWE-918 Server-Side Request Forgery (SSRF)",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "shortName": "ibm",
+ "dateUpdated": "2024-07-08T02:01:23.947Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://www.ibm.com/support/pages/node/7159332"
+ },
+ {
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288178"
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "title": "IBM Cloud Pak for Business Automation server-side request forgery",
+ "x_generator": {
+ "engine": "Vulnogram 0.2.0"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/32xxx/CVE-2024-32513.json b/cves/2024/32xxx/CVE-2024-32513.json
index 0d85228611e..19d13286d9c 100644
--- a/cves/2024/32xxx/CVE-2024-32513.json
+++ b/cves/2024/32xxx/CVE-2024-32513.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-04-15T09:12:58.412Z",
"datePublished": "2024-04-17T08:03:24.412Z",
- "dateUpdated": "2024-07-05T16:06:26.342Z"
+ "dateUpdated": "2024-07-05T21:23:18.822Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/32xxx/CVE-2024-32785.json b/cves/2024/32xxx/CVE-2024-32785.json
index 6d47ae5e138..aecc2a7db6e 100644
--- a/cves/2024/32xxx/CVE-2024-32785.json
+++ b/cves/2024/32xxx/CVE-2024-32785.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-04-18T09:15:22.752Z",
"datePublished": "2024-04-24T10:22:25.213Z",
- "dateUpdated": "2024-07-05T16:16:50.465Z"
+ "dateUpdated": "2024-07-06T02:49:56.587Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/33xxx/CVE-2024-33584.json b/cves/2024/33xxx/CVE-2024-33584.json
index 01ac5bd41e5..d7e56736061 100644
--- a/cves/2024/33xxx/CVE-2024-33584.json
+++ b/cves/2024/33xxx/CVE-2024-33584.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-04-24T15:01:58.367Z",
"datePublished": "2024-04-29T07:39:57.041Z",
- "dateUpdated": "2024-07-05T16:34:35.077Z"
+ "dateUpdated": "2024-07-05T21:21:34.720Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/33xxx/CVE-2024-33589.json b/cves/2024/33xxx/CVE-2024-33589.json
index af30c8978e3..69ec55e1c45 100644
--- a/cves/2024/33xxx/CVE-2024-33589.json
+++ b/cves/2024/33xxx/CVE-2024-33589.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-04-24T15:01:58.367Z",
"datePublished": "2024-04-29T10:15:31.650Z",
- "dateUpdated": "2024-07-05T16:34:35.197Z"
+ "dateUpdated": "2024-07-05T21:21:21.210Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/33xxx/CVE-2024-33862.json b/cves/2024/33xxx/CVE-2024-33862.json
new file mode 100644
index 00000000000..c0fa78cdc00
--- /dev/null
+++ b/cves/2024/33xxx/CVE-2024-33862.json
@@ -0,0 +1,56 @@
+{
+ "dataType": "CVE_RECORD",
+ "cveMetadata": {
+ "state": "PUBLISHED",
+ "cveId": "CVE-2024-33862",
+ "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "assignerShortName": "mitre",
+ "dateUpdated": "2024-07-05T22:11:30.347785",
+ "dateReserved": "2024-04-27T00:00:00",
+ "datePublished": "2024-07-05T00:00:00"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "shortName": "mitre",
+ "dateUpdated": "2024-07-05T22:11:30.347785"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "n/a",
+ "product": "n/a",
+ "versions": [
+ {
+ "version": "n/a",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://files.opcfoundation.org/SecurityBulletins/OPC%20Foundation%20Security%20Bulletin%20CVE-2024-33862.pdf"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "text",
+ "lang": "en",
+ "description": "n/a"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "dataVersion": "5.1"
+}
\ No newline at end of file
diff --git a/cves/2024/34xxx/CVE-2024-34349.json b/cves/2024/34xxx/CVE-2024-34349.json
index e03e96ee79a..6e8cf120861 100644
--- a/cves/2024/34xxx/CVE-2024-34349.json
+++ b/cves/2024/34xxx/CVE-2024-34349.json
@@ -8,7 +8,7 @@
"assignerShortName": "GitHub_M",
"dateReserved": "2024-05-02T06:36:32.437Z",
"datePublished": "2024-05-10T15:29:39.791Z",
- "dateUpdated": "2024-07-05T16:44:45.483Z"
+ "dateUpdated": "2024-07-08T12:35:38.149Z"
},
"containers": {
"cna": {
@@ -31,14 +31,14 @@
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
- "baseScore": 6.1,
+ "baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
- "privilegesRequired": "NONE",
+ "privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
- "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
@@ -78,7 +78,7 @@
"providerMetadata": {
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M",
- "dateUpdated": "2024-05-10T15:29:39.791Z"
+ "dateUpdated": "2024-07-08T12:35:38.149Z"
},
"descriptions": [
{
diff --git a/cves/2024/34xxx/CVE-2024-34361.json b/cves/2024/34xxx/CVE-2024-34361.json
new file mode 100644
index 00000000000..6adb5bcc063
--- /dev/null
+++ b/cves/2024/34xxx/CVE-2024-34361.json
@@ -0,0 +1,143 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-34361",
+ "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
+ "state": "PUBLISHED",
+ "assignerShortName": "GitHub_M",
+ "dateReserved": "2024-05-02T06:36:32.439Z",
+ "datePublished": "2024-07-05T18:30:01.314Z",
+ "dateUpdated": "2024-07-08T13:23:14.983Z"
+ },
+ "containers": {
+ "cna": {
+ "title": "Pi-hole Blind Server-Side Request Forgery (SSRF) vulnerability can lead to Remote Code Execution (RCE)",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-918",
+ "lang": "en",
+ "description": "CWE-918: Server-Side Request Forgery (SSRF)",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.6,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
+ "version": "3.1"
+ }
+ }
+ ],
+ "references": [
+ {
+ "name": "https://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6",
+ "tags": [
+ "x_refsource_CONFIRM"
+ ],
+ "url": "https://github.com/pi-hole/pi-hole/security/advisories/GHSA-jg6g-rrj6-xfg6"
+ },
+ {
+ "name": "https://github.com/pi-hole/pi-hole/commit/2c497a9a3ea099079bbcd1eb21725b0ed54b529d",
+ "tags": [
+ "x_refsource_MISC"
+ ],
+ "url": "https://github.com/pi-hole/pi-hole/commit/2c497a9a3ea099079bbcd1eb21725b0ed54b529d"
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "pi-hole",
+ "product": "pi-hole",
+ "versions": [
+ {
+ "version": "< 5.18.3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
+ "shortName": "GitHub_M",
+ "dateUpdated": "2024-07-05T18:30:01.314Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. A vulnerability in versions prior to 5.18.3 allows an authenticated user to make internal requests to the server via the `gravity_DownloadBlocklistFromUrl()` function. Depending on some circumstances, the vulnerability could lead to remote command execution. Version 5.18.3 contains a patch for this issue."
+ }
+ ],
+ "source": {
+ "advisory": "GHSA-jg6g-rrj6-xfg6",
+ "discovery": "UNKNOWN"
+ }
+ },
+ "adp": [
+ {
+ "affected": [
+ {
+ "vendor": "pi-hole",
+ "product": "pi-hole",
+ "cpes": [
+ "cpe:2.3:a:pi-hole:pi-hole:5.1:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThan": "5.18.3",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-08T13:20:46.513461Z",
+ "id": "CVE-2024-34361",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "total"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-08T13:23:14.983Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/34xxx/CVE-2024-34385.json b/cves/2024/34xxx/CVE-2024-34385.json
index 4fa38feb4f5..dcf5105df6d 100644
--- a/cves/2024/34xxx/CVE-2024-34385.json
+++ b/cves/2024/34xxx/CVE-2024-34385.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-02T11:32:47.762Z",
"datePublished": "2024-06-03T11:41:00.230Z",
- "dateUpdated": "2024-07-05T16:44:42.981Z"
+ "dateUpdated": "2024-07-06T02:48:23.220Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/34xxx/CVE-2024-34591.json b/cves/2024/34xxx/CVE-2024-34591.json
new file mode 100644
index 00000000000..a6560287404
--- /dev/null
+++ b/cves/2024/34xxx/CVE-2024-34591.json
@@ -0,0 +1,109 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-34591",
+ "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
+ "state": "PUBLISHED",
+ "assignerShortName": "SamsungMobile",
+ "dateReserved": "2024-05-07T04:43:27.828Z",
+ "datePublished": "2024-07-02T09:23:30.429Z",
+ "dateUpdated": "2024-07-06T02:33:49.091Z"
+ },
+ "containers": {
+ "cna": {
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "description": "CWE-1288: Improper Validation of Consistency within Input"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Samsung Mobile",
+ "product": "Samsung Mobile Devices",
+ "versions": [
+ {
+ "status": "unaffected",
+ "version": "SMR Jul-2024 Release in Android 12, 13, 14"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability."
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07"
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "NETWORK",
+ "attackComplexity": "HIGH",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "HIGH",
+ "baseSeverity": "MEDIUM",
+ "baseScore": 5.3,
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"
+ }
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
+ "shortName": "SamsungMobile",
+ "dateUpdated": "2024-07-02T09:23:30.429Z"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-06T02:33:44.071286Z",
+ "id": "CVE-2024-34591",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-06T02:33:49.091Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/34xxx/CVE-2024-34602.json b/cves/2024/34xxx/CVE-2024-34602.json
new file mode 100644
index 00000000000..d0072b78a2f
--- /dev/null
+++ b/cves/2024/34xxx/CVE-2024-34602.json
@@ -0,0 +1,75 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-34602",
+ "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
+ "state": "PUBLISHED",
+ "assignerShortName": "SamsungMobile",
+ "dateReserved": "2024-05-07T04:43:27.829Z",
+ "datePublished": "2024-07-08T06:12:39.337Z",
+ "dateUpdated": "2024-07-08T06:12:39.337Z"
+ },
+ "containers": {
+ "cna": {
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "description": "CWE-927 : Use of Implicit Intent for Sensitive Communication"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Samsung Mobile",
+ "product": "Samsung Mobile Devices",
+ "versions": [
+ {
+ "status": "unaffected",
+ "version": "SMR Jul-2024 Release in Android 12, 13, 14"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability."
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07"
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "REQUIRED",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseSeverity": "LOW",
+ "baseScore": 3.3,
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"
+ }
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
+ "shortName": "SamsungMobile",
+ "dateUpdated": "2024-07-08T06:12:39.337Z"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/34xxx/CVE-2024-34603.json b/cves/2024/34xxx/CVE-2024-34603.json
new file mode 100644
index 00000000000..3d328b1f4bb
--- /dev/null
+++ b/cves/2024/34xxx/CVE-2024-34603.json
@@ -0,0 +1,75 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-34603",
+ "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
+ "state": "PUBLISHED",
+ "assignerShortName": "SamsungMobile",
+ "dateReserved": "2024-05-07T04:43:27.829Z",
+ "datePublished": "2024-07-08T06:12:40.540Z",
+ "dateUpdated": "2024-07-08T06:12:40.540Z"
+ },
+ "containers": {
+ "cna": {
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "description": "CWE-284 Improper Access Control"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Samsung Mobile",
+ "product": "Samsung Mobile Devices",
+ "versions": [
+ {
+ "status": "unaffected",
+ "version": "SMR Jul-2024 Release in Android 13, 14"
+ }
+ ],
+ "defaultStatus": "affected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data."
+ }
+ ],
+ "references": [
+ {
+ "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07"
+ }
+ ],
+ "metrics": [
+ {
+ "format": "CVSS",
+ "cvssV3_1": {
+ "version": "3.1",
+ "attackVector": "LOCAL",
+ "attackComplexity": "LOW",
+ "privilegesRequired": "NONE",
+ "userInteraction": "NONE",
+ "scope": "UNCHANGED",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "availabilityImpact": "NONE",
+ "baseSeverity": "MEDIUM",
+ "baseScore": 4,
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"
+ }
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
+ "shortName": "SamsungMobile",
+ "dateUpdated": "2024-07-08T06:12:40.540Z"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/34xxx/CVE-2024-34759.json b/cves/2024/34xxx/CVE-2024-34759.json
index 0fbf7c2546b..3156cff2505 100644
--- a/cves/2024/34xxx/CVE-2024-34759.json
+++ b/cves/2024/34xxx/CVE-2024-34759.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-08T12:02:52.298Z",
"datePublished": "2024-06-04T18:49:14.765Z",
- "dateUpdated": "2024-07-05T16:52:20.556Z"
+ "dateUpdated": "2024-07-06T02:47:38.396Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/34xxx/CVE-2024-34793.json b/cves/2024/34xxx/CVE-2024-34793.json
index d3ee403ff8d..9fbf556ea2d 100644
--- a/cves/2024/34xxx/CVE-2024-34793.json
+++ b/cves/2024/34xxx/CVE-2024-34793.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-09T12:14:10.267Z",
"datePublished": "2024-06-03T10:52:01.570Z",
- "dateUpdated": "2024-07-05T16:52:20.391Z"
+ "dateUpdated": "2024-07-06T02:48:48.072Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/34xxx/CVE-2024-34801.json b/cves/2024/34xxx/CVE-2024-34801.json
index 4dc81b80725..7d41ff85799 100644
--- a/cves/2024/34xxx/CVE-2024-34801.json
+++ b/cves/2024/34xxx/CVE-2024-34801.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-09T12:14:23.897Z",
"datePublished": "2024-06-03T10:32:00.529Z",
- "dateUpdated": "2024-07-05T16:52:20.059Z"
+ "dateUpdated": "2024-07-06T02:49:13.558Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/34xxx/CVE-2024-34804.json b/cves/2024/34xxx/CVE-2024-34804.json
index d2d4b1e73d3..435076421f4 100644
--- a/cves/2024/34xxx/CVE-2024-34804.json
+++ b/cves/2024/34xxx/CVE-2024-34804.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-09T12:14:23.897Z",
"datePublished": "2024-06-11T16:23:48.408Z",
- "dateUpdated": "2024-07-05T16:52:17.912Z"
+ "dateUpdated": "2024-07-08T09:00:15.444Z"
},
"containers": {
"cna": {
@@ -21,7 +21,13 @@
"vendor": "Tagembed",
"versions": [
{
- "lessThanOrEqual": "5.5",
+ "changes": [
+ {
+ "at": "5.9",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "5.8",
"status": "affected",
"version": "n/a",
"versionType": "custom"
@@ -44,10 +50,10 @@
{
"base64": false,
"type": "text/html",
- "value": "Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.5.
"
+ "value": "Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8.
"
}
],
- "value": "Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.5."
+ "value": "Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8."
}
],
"metrics": [
@@ -90,7 +96,7 @@
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
- "dateUpdated": "2024-06-11T16:23:48.408Z"
+ "dateUpdated": "2024-07-08T09:00:15.444Z"
},
"references": [
{
@@ -100,10 +106,23 @@
"url": "https://patchstack.com/database/vulnerability/tagembed-widget/wordpress-tagembed-plugin-5-5-broken-access-control-vulnerability?_s_id=cve"
}
],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 5.9 or a higher version."
+ }
+ ],
+ "value": "Update to 5.9 or a higher version."
+ }
+ ],
"source": {
"discovery": "EXTERNAL"
},
- "title": "WordPress Tagembed plugin <= 5.5 - Broken Access Control vulnerability",
+ "title": "WordPress Tagembed plugin <= 5.8 - Broken Access Control vulnerability",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
diff --git a/cves/2024/35xxx/CVE-2024-35698.json b/cves/2024/35xxx/CVE-2024-35698.json
index ae1441d25ad..80a62c76107 100644
--- a/cves/2024/35xxx/CVE-2024-35698.json
+++ b/cves/2024/35xxx/CVE-2024-35698.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-17T10:09:07.347Z",
"datePublished": "2024-06-08T14:19:22.304Z",
- "dateUpdated": "2024-07-05T17:02:04.170Z"
+ "dateUpdated": "2024-07-06T02:45:24.521Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/35xxx/CVE-2024-35708.json b/cves/2024/35xxx/CVE-2024-35708.json
index 4207cd9b13d..778ec7e34bb 100644
--- a/cves/2024/35xxx/CVE-2024-35708.json
+++ b/cves/2024/35xxx/CVE-2024-35708.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-17T10:09:21.572Z",
"datePublished": "2024-06-08T14:04:07.467Z",
- "dateUpdated": "2024-07-05T17:02:04.197Z"
+ "dateUpdated": "2024-07-06T02:46:24.857Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/35xxx/CVE-2024-35714.json b/cves/2024/35xxx/CVE-2024-35714.json
index 357ec835c64..436bc360e0b 100644
--- a/cves/2024/35xxx/CVE-2024-35714.json
+++ b/cves/2024/35xxx/CVE-2024-35714.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-17T10:09:21.574Z",
"datePublished": "2024-06-08T13:35:25.222Z",
- "dateUpdated": "2024-07-05T17:02:01.044Z"
+ "dateUpdated": "2024-07-06T02:46:46.919Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/35xxx/CVE-2024-35739.json b/cves/2024/35xxx/CVE-2024-35739.json
index 7f1bb26f0e3..8a5c45e2727 100644
--- a/cves/2024/35xxx/CVE-2024-35739.json
+++ b/cves/2024/35xxx/CVE-2024-35739.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-17T10:10:00.222Z",
"datePublished": "2024-06-08T12:42:20.044Z",
- "dateUpdated": "2024-07-05T17:02:04.228Z"
+ "dateUpdated": "2024-07-06T02:47:09.199Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/35xxx/CVE-2024-35763.json b/cves/2024/35xxx/CVE-2024-35763.json
index 9eed2e5205a..6497e6d8d50 100644
--- a/cves/2024/35xxx/CVE-2024-35763.json
+++ b/cves/2024/35xxx/CVE-2024-35763.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-17T10:10:41.867Z",
"datePublished": "2024-06-21T12:34:54.427Z",
- "dateUpdated": "2024-07-05T17:02:04.287Z"
+ "dateUpdated": "2024-07-06T02:43:53.906Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/35xxx/CVE-2024-35778.json b/cves/2024/35xxx/CVE-2024-35778.json
index bd4209c27d2..b4ea36d7176 100644
--- a/cves/2024/35xxx/CVE-2024-35778.json
+++ b/cves/2024/35xxx/CVE-2024-35778.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-17T10:11:07.601Z",
"datePublished": "2024-06-21T16:02:35.913Z",
- "dateUpdated": "2024-07-05T17:02:01.727Z"
+ "dateUpdated": "2024-07-08T09:47:24.727Z"
},
"containers": {
"cna": {
@@ -21,6 +21,12 @@
"vendor": "John West",
"versions": [
{
+ "changes": [
+ {
+ "at": "2.5.18",
+ "status": "unaffected"
+ }
+ ],
"lessThanOrEqual": "2.5.17",
"status": "affected",
"version": "n/a",
@@ -44,10 +50,10 @@
{
"base64": false,
"type": "text/html",
- "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17.
"
+ "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17.
"
}
],
- "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17."
+ "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through 2.5.17."
}
],
"impacts": [
@@ -101,7 +107,7 @@
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
- "dateUpdated": "2024-06-21T16:02:35.913Z"
+ "dateUpdated": "2024-07-08T09:47:24.727Z"
},
"references": [
{
@@ -111,6 +117,19 @@
"url": "https://patchstack.com/database/vulnerability/slideshow-se/wordpress-slideshow-se-plugin-2-5-17-author-limited-local-file-inclusion-vulnerability?_s_id=cve"
}
],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 2.5.18 or a higher version."
+ }
+ ],
+ "value": "Update to 2.5.18 or a higher version."
+ }
+ ],
"source": {
"discovery": "EXTERNAL"
},
diff --git a/cves/2024/35xxx/CVE-2024-35781.json b/cves/2024/35xxx/CVE-2024-35781.json
index 8850eade1fd..02dbd4fc3fd 100644
--- a/cves/2024/35xxx/CVE-2024-35781.json
+++ b/cves/2024/35xxx/CVE-2024-35781.json
@@ -8,7 +8,7 @@
"assignerShortName": "Patchstack",
"dateReserved": "2024-05-17T10:11:07.601Z",
"datePublished": "2024-06-21T16:04:41.034Z",
- "dateUpdated": "2024-07-05T17:02:04.336Z"
+ "dateUpdated": "2024-07-08T08:56:40.455Z"
},
"containers": {
"cna": {
@@ -21,6 +21,12 @@
"vendor": "YAHMAN",
"versions": [
{
+ "changes": [
+ {
+ "at": "4.22.0",
+ "status": "unaffected"
+ }
+ ],
"lessThanOrEqual": "4.21.1",
"status": "affected",
"version": "n/a",
@@ -101,7 +107,7 @@
"providerMetadata": {
"orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
"shortName": "Patchstack",
- "dateUpdated": "2024-06-21T16:04:41.034Z"
+ "dateUpdated": "2024-07-08T08:56:40.455Z"
},
"references": [
{
@@ -111,6 +117,19 @@
"url": "https://patchstack.com/database/vulnerability/word-balloon/wordpress-word-balloon-plugin-4-21-1-local-file-inclusion-vulnerability?_s_id=cve"
}
],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 4.22.0 or a higher version."
+ }
+ ],
+ "value": "Update to 4.22.0 or a higher version."
+ }
+ ],
"source": {
"discovery": "EXTERNAL"
},
diff --git a/cves/2024/36xxx/CVE-2024-36495.json b/cves/2024/36xxx/CVE-2024-36495.json
index 41254e0710b..044d2765ff4 100644
--- a/cves/2024/36xxx/CVE-2024-36495.json
+++ b/cves/2024/36xxx/CVE-2024-36495.json
@@ -8,7 +8,7 @@
"assignerShortName": "SEC-VLab",
"dateReserved": "2024-05-29T06:48:49.689Z",
"datePublished": "2024-06-24T08:50:07.161Z",
- "dateUpdated": "2024-07-05T17:16:17.842Z"
+ "dateUpdated": "2024-07-05T20:25:37.378Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/37xxx/CVE-2024-37208.json b/cves/2024/37xxx/CVE-2024-37208.json
new file mode 100644
index 00000000000..f52112fa277
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37208.json
@@ -0,0 +1,146 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37208",
+ "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "state": "PUBLISHED",
+ "assignerShortName": "Patchstack",
+ "dateReserved": "2024-06-04T16:45:55.565Z",
+ "datePublished": "2024-07-06T09:47:38.766Z",
+ "dateUpdated": "2024-07-06T13:28:20.963Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "defaultStatus": "unaffected",
+ "packageName": "wp-scraper",
+ "product": "WP Scraper",
+ "vendor": "Robert Macchi",
+ "versions": [
+ {
+ "lessThanOrEqual": "5.7",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "user": "00000000-0000-4000-9000-000000000000",
+ "value": "Majed Refaea (Patchstack Alliance)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7.
"
+ }
+ ],
+ "value": "Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.9,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-918",
+ "description": "CWE-918 Server-Side Request Forgery (SSRF)",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "shortName": "Patchstack",
+ "dateUpdated": "2024-07-06T09:47:38.766Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://patchstack.com/database/vulnerability/wp-scraper/wordpress-wp-scraper-plugin-5-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "title": "WordPress WP Scraper plugin <= 5.7 - Server Side Request Forgery (SSRF) vulnerability",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-06T13:28:15.596485Z",
+ "id": "CVE-2024-37208",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-06T13:28:20.963Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37234.json b/cves/2024/37xxx/CVE-2024-37234.json
new file mode 100644
index 00000000000..b35164ff21e
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37234.json
@@ -0,0 +1,112 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37234",
+ "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "state": "PUBLISHED",
+ "assignerShortName": "Patchstack",
+ "dateReserved": "2024-06-04T16:46:21.941Z",
+ "datePublished": "2024-07-06T09:52:47.795Z",
+ "dateUpdated": "2024-07-06T09:52:47.795Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "defaultStatus": "unaffected",
+ "packageName": "academy",
+ "product": "Academy LMS",
+ "vendor": "Kodezen Limited",
+ "versions": [
+ {
+ "lessThanOrEqual": "2.0.4",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "user": "00000000-0000-4000-9000-000000000000",
+ "value": "Mochamad Sofyan (Patchstack Alliance)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.
"
+ }
+ ],
+ "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 3.5,
+ "baseSeverity": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-601",
+ "description": "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "shortName": "Patchstack",
+ "dateUpdated": "2024-07-06T09:52:47.795Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-2-open-redirection-vulnerability?_s_id=cve"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "title": "WordPress Academy LMS plugin <= 2.0.4 - Open Redirection vulnerability",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37260.json b/cves/2024/37xxx/CVE-2024-37260.json
new file mode 100644
index 00000000000..e1407e487e9
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37260.json
@@ -0,0 +1,129 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37260",
+ "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "state": "PUBLISHED",
+ "assignerShortName": "Patchstack",
+ "dateReserved": "2024-06-04T16:46:57.740Z",
+ "datePublished": "2024-07-06T09:46:29.610Z",
+ "dateUpdated": "2024-07-06T09:46:29.610Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "product": "Foxiz",
+ "vendor": "Theme-Ruby",
+ "versions": [
+ {
+ "changes": [
+ {
+ "at": "2.3.6",
+ "status": "unaffected"
+ }
+ ],
+ "lessThanOrEqual": "2.3.5",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "user": "00000000-0000-4000-9000-000000000000",
+ "value": "Kursat Cetin (Patchstack)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5.
"
+ }
+ ],
+ "value": "Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-918",
+ "description": "CWE-918 Server-Side Request Forgery (SSRF)",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "shortName": "Patchstack",
+ "dateUpdated": "2024-07-06T09:46:29.610Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://patchstack.com/database/vulnerability/foxiz/wordpress-foxiz-theme-theme-2-3-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve"
+ }
+ ],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Update to 2.3.6 or a higher version."
+ }
+ ],
+ "value": "Update to 2.3.6 or a higher version."
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "title": "WordPress Foxiz Theme theme <= 2.3.5 - Server Side Request Forgery (SSRF) vulnerability",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37389.json b/cves/2024/37xxx/CVE-2024-37389.json
new file mode 100644
index 00000000000..fa19845c1f8
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37389.json
@@ -0,0 +1,170 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37389",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "state": "PUBLISHED",
+ "assignerShortName": "apache",
+ "dateReserved": "2024-06-07T21:09:31.675Z",
+ "datePublished": "2024-07-08T07:29:00.146Z",
+ "dateUpdated": "2024-07-08T13:39:29.650Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "packageName": "org.apache.nifi:nifi-web-ui",
+ "product": "Apache NiFi",
+ "vendor": "Apache Software Foundation",
+ "versions": [
+ {
+ "lessThanOrEqual": "1.26.0",
+ "status": "affected",
+ "version": "1.10.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "2.0.0-M3",
+ "status": "affected",
+ "version": "2.0.0-M1",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Akbar Kustirama"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.27.0 or 2.0.0-M4 is the recommended mitigation."
+ }
+ ],
+ "value": "Apache NiFi 1.10.0 through 1.26.0 and 2.0.0-M1 through 2.0.0-M3 support a description field in the Parameter Context configuration that is vulnerable to cross-site scripting. An authenticated user, authorized to configure a Parameter Context, can enter arbitrary JavaScript code, which the client browser will execute within the session context of the authenticated user. Upgrading to Apache NiFi 1.27.0 or 2.0.0-M4 is the recommended mitigation."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-79",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "shortName": "apache",
+ "dateUpdated": "2024-07-08T07:29:00.146Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://lists.apache.org/thread/yso9fr0wtff53nk046h1o83hdyb1lrxh"
+ }
+ ],
+ "source": {
+ "defect": [
+ "NIFI-13374"
+ ],
+ "discovery": "EXTERNAL"
+ },
+ "timeline": [
+ {
+ "lang": "en",
+ "time": "2024-06-07T11:15:00.000Z",
+ "value": "reported"
+ },
+ {
+ "lang": "en",
+ "time": "2024-06-07T12:00:00.000Z",
+ "value": "confirmed"
+ },
+ {
+ "lang": "en",
+ "time": "2024-06-07T13:45:00.000Z",
+ "value": "resolved"
+ }
+ ],
+ "title": "Apache NiFi: Improper Neutralization of Input in Parameter Context Description",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-08T13:38:24.193311Z",
+ "id": "CVE-2024-37389",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-08T13:39:29.650Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37528.json b/cves/2024/37xxx/CVE-2024-37528.json
new file mode 100644
index 00000000000..065e6b11c1d
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37528.json
@@ -0,0 +1,122 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37528",
+ "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "state": "PUBLISHED",
+ "assignerShortName": "ibm",
+ "dateReserved": "2024-06-09T13:59:02.606Z",
+ "datePublished": "2024-07-08T02:21:50.815Z",
+ "dateUpdated": "2024-07-08T02:21:50.815Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.1:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.0:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:19.0.2:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.0:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:20.0.2:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unaffected",
+ "product": "Cloud Pak for Business Automation",
+ "vendor": "IBM",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, 23.0.2"
+ }
+ ]
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293."
+ }
+ ],
+ "value": "IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, 22.0.2, 23.0.1, and 23.0.2 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 294293."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 4.8,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "HIGH",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-79",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "shortName": "ibm",
+ "dateUpdated": "2024-07-08T02:21:50.815Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://www.ibm.com/support/pages/node/7159332"
+ },
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294293"
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "title": "IBM Cloud Pak for Business Automation cross-site scripting",
+ "x_generator": {
+ "engine": "Vulnogram 0.2.0"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37539.json b/cves/2024/37xxx/CVE-2024-37539.json
new file mode 100644
index 00000000000..4f5e272e84f
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37539.json
@@ -0,0 +1,172 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37539",
+ "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "state": "PUBLISHED",
+ "assignerShortName": "Patchstack",
+ "dateReserved": "2024-06-09T18:16:46.936Z",
+ "datePublished": "2024-07-06T12:13:09.384Z",
+ "dateUpdated": "2024-07-07T13:46:20.642Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "defaultStatus": "unaffected",
+ "packageName": "wp-todo",
+ "product": "WP To Do",
+ "vendor": "Delower",
+ "versions": [
+ {
+ "lessThanOrEqual": "1.3.0",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "user": "00000000-0000-4000-9000-000000000000",
+ "value": "younsoung kim (Patchstack Alliance)"
+ },
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "SeoHyeon Lee (Patchstack Alliance)"
+ },
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "MyungJu Kim (Patchstack Alliance)"
+ },
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "SeoHee Kang (Patchstack Alliance)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0.
"
+ }
+ ],
+ "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0."
+ }
+ ],
+ "impacts": [
+ {
+ "capecId": "CAPEC-592",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CAPEC-592 Stored XSS"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-79",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "shortName": "Patchstack",
+ "dateUpdated": "2024-07-06T12:13:09.384Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://patchstack.com/database/vulnerability/wp-todo/wordpress-wp-to-do-plugin-1-3-0-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "title": "WordPress WP To Do plugin <= 1.3.0 - Cross Site Scripting (XSS) vulnerability",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-07T13:45:10.922825Z",
+ "id": "CVE-2024-37539",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-07T13:46:20.642Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37541.json b/cves/2024/37xxx/CVE-2024-37541.json
new file mode 100644
index 00000000000..9412c8758d4
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37541.json
@@ -0,0 +1,157 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37541",
+ "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "state": "PUBLISHED",
+ "assignerShortName": "Patchstack",
+ "dateReserved": "2024-06-09T18:16:46.936Z",
+ "datePublished": "2024-07-06T12:33:06.089Z",
+ "dateUpdated": "2024-07-07T13:46:08.645Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "defaultStatus": "unaffected",
+ "packageName": "stax-addons-for-elementor",
+ "product": "Elementor Addons, Widgets and Enhancements – Stax",
+ "vendor": "StaxWP",
+ "versions": [
+ {
+ "lessThanOrEqual": "1.4.4.1",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "user": "00000000-0000-4000-9000-000000000000",
+ "value": "Khalid (Patchstack Alliance)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through 1.4.4.1.
"
+ }
+ ],
+ "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through 1.4.4.1."
+ }
+ ],
+ "impacts": [
+ {
+ "capecId": "CAPEC-592",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CAPEC-592 Stored XSS"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-79",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "shortName": "Patchstack",
+ "dateUpdated": "2024-07-06T12:33:06.089Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://patchstack.com/database/vulnerability/stax-addons-for-elementor/wordpress-elementor-addons-widgets-and-enhancements-stax-plugin-1-4-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "title": "WordPress Elementor Addons, Widgets and Enhancements – Stax plugin <= 1.4.4.1 - Cross Site Scripting (XSS) vulnerability",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-07T13:45:06.114372Z",
+ "id": "CVE-2024-37541",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-07T13:46:08.645Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37542.json b/cves/2024/37xxx/CVE-2024-37542.json
new file mode 100644
index 00000000000..58b4ddc0e77
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37542.json
@@ -0,0 +1,112 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37542",
+ "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "state": "PUBLISHED",
+ "assignerShortName": "Patchstack",
+ "dateReserved": "2024-06-09T18:16:46.936Z",
+ "datePublished": "2024-07-06T12:40:29.105Z",
+ "dateUpdated": "2024-07-06T12:40:29.105Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "defaultStatus": "unaffected",
+ "packageName": "gallery-album",
+ "product": "Responsive Image Gallery, Gallery Album",
+ "vendor": "WpDevArt",
+ "versions": [
+ {
+ "lessThanOrEqual": "2.0.3",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "user": "00000000-0000-4000-9000-000000000000",
+ "value": "LVT-tholv2k (Patchstack Alliance)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
"
+ }
+ ],
+ "value": "Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 5.4,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-862",
+ "description": "CWE-862 Missing Authorization",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "shortName": "Patchstack",
+ "dateUpdated": "2024-07-06T12:40:29.105Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://patchstack.com/database/vulnerability/gallery-album/wordpress-gallery-image-and-video-gallery-with-thumbnails-plugin-2-0-3-broken-access-control-vulnerability-2?_s_id=cve"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "title": "WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Broken Access Control vulnerability",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37546.json b/cves/2024/37xxx/CVE-2024-37546.json
new file mode 100644
index 00000000000..3e336527a66
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37546.json
@@ -0,0 +1,157 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37546",
+ "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "state": "PUBLISHED",
+ "assignerShortName": "Patchstack",
+ "dateReserved": "2024-06-09T18:16:58.671Z",
+ "datePublished": "2024-07-06T14:29:19.782Z",
+ "dateUpdated": "2024-07-07T13:44:27.276Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "defaultStatus": "unaffected",
+ "packageName": "image-hover-effects-with-carousel",
+ "product": "Image Hover Effects - Caption Hover with Carousel",
+ "vendor": "biplob018",
+ "versions": [
+ {
+ "lessThanOrEqual": "3.0.2",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "user": "00000000-0000-4000-9000-000000000000",
+ "value": "Khalid (Patchstack Alliance)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Effects - Caption Hover with Carousel: from n/a through 3.0.2.
"
+ }
+ ],
+ "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in biplob018 Image Hover Effects - Caption Hover with Carousel allows Stored XSS.This issue affects Image Hover Effects - Caption Hover with Carousel: from n/a through 3.0.2."
+ }
+ ],
+ "impacts": [
+ {
+ "capecId": "CAPEC-592",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CAPEC-592 Stored XSS"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-79",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "shortName": "Patchstack",
+ "dateUpdated": "2024-07-06T14:29:19.782Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://patchstack.com/database/vulnerability/image-hover-effects-with-carousel/wordpress-image-hover-effects-for-elementor-with-lightbox-and-flipbox-plugin-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "title": "WordPress Image Hover Effects for Elementor with Lightbox and Flipbox plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-07T13:33:50.739570Z",
+ "id": "CVE-2024-37546",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-07T13:44:27.276Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37547.json b/cves/2024/37xxx/CVE-2024-37547.json
new file mode 100644
index 00000000000..c363d988ca1
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37547.json
@@ -0,0 +1,112 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37547",
+ "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "state": "PUBLISHED",
+ "assignerShortName": "Patchstack",
+ "dateReserved": "2024-06-09T18:16:58.671Z",
+ "datePublished": "2024-07-06T14:39:52.415Z",
+ "dateUpdated": "2024-07-06T14:39:52.415Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "defaultStatus": "unaffected",
+ "packageName": "addons-for-elementor",
+ "product": "Livemesh Addons for Elementor",
+ "vendor": "Livemesh",
+ "versions": [
+ {
+ "lessThanOrEqual": "8.3.7",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "user": "00000000-0000-4000-9000-000000000000",
+ "value": "NGÔ THIÊN AN / ancorn_ from VNPT-VCI (Patchstack Alliance)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.3.7.
"
+ }
+ ],
+ "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.3.7."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-22",
+ "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "shortName": "Patchstack",
+ "dateUpdated": "2024-07-06T14:39:52.415Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://patchstack.com/database/vulnerability/addons-for-elementor/wordpress-elementor-addons-by-livemesh-plugin-8-3-7-local-file-inclusion-vulnerability?_s_id=cve"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "title": "WordPress Elementor Addons by Livemesh plugin <= 8.3.7 - Local File Inclusion vulnerability",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37553.json b/cves/2024/37xxx/CVE-2024-37553.json
new file mode 100644
index 00000000000..155433cb052
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37553.json
@@ -0,0 +1,157 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37553",
+ "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "state": "PUBLISHED",
+ "assignerShortName": "Patchstack",
+ "dateReserved": "2024-06-09T18:16:58.672Z",
+ "datePublished": "2024-07-06T16:03:32.989Z",
+ "dateUpdated": "2024-07-07T13:37:52.546Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "defaultStatus": "unaffected",
+ "packageName": "testimonials-widget",
+ "product": "Testimonials Widget",
+ "vendor": "Axelerant",
+ "versions": [
+ {
+ "lessThanOrEqual": "4.0.4",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "user": "00000000-0000-4000-9000-000000000000",
+ "value": "Joshua Chan (Patchstack Alliance)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4.
"
+ }
+ ],
+ "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4."
+ }
+ ],
+ "impacts": [
+ {
+ "capecId": "CAPEC-592",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CAPEC-592 Stored XSS"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-79",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "shortName": "Patchstack",
+ "dateUpdated": "2024-07-06T16:03:32.989Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://patchstack.com/database/vulnerability/testimonials-widget/wordpress-testimonials-widget-plugin-4-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "title": "WordPress Testimonials Widget plugin <= 4.0.4 - Cross Site Scripting (XSS) vulnerability",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-07T13:33:46.170862Z",
+ "id": "CVE-2024-37553",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-07T13:37:52.546Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37554.json b/cves/2024/37xxx/CVE-2024-37554.json
new file mode 100644
index 00000000000..e497a3d8aac
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37554.json
@@ -0,0 +1,146 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37554",
+ "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "state": "PUBLISHED",
+ "assignerShortName": "Patchstack",
+ "dateReserved": "2024-06-09T18:16:58.672Z",
+ "datePublished": "2024-07-06T16:12:55.519Z",
+ "dateUpdated": "2024-07-07T13:37:42.687Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "collectionURL": "https://wordpress.org/plugins",
+ "defaultStatus": "unaffected",
+ "packageName": "ultraaddons-elementor-lite",
+ "product": "UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode)",
+ "vendor": "CodeAstrology Team",
+ "versions": [
+ {
+ "lessThanOrEqual": "1.1.6",
+ "status": "affected",
+ "version": "n/a",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "user": "00000000-0000-4000-9000-000000000000",
+ "value": "Khalid (Patchstack Alliance)"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6.
"
+ }
+ ],
+ "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CodeAstrology Team UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode).This issue affects UltraAddons Elementor Lite (Header & Footer Builder, Menu Builder, Cart Icon, Shortcode): from n/a through 1.1.6."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "baseScore": 6.5,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-79",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
+ "shortName": "Patchstack",
+ "dateUpdated": "2024-07-06T16:12:55.519Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://patchstack.com/database/vulnerability/ultraaddons-elementor-lite/wordpress-ultraaddons-elementor-addons-header-footer-builder-custom-font-custom-css-woo-widget-menu-builder-anywhere-elementor-shortcode-plugin-1-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve"
+ }
+ ],
+ "source": {
+ "discovery": "EXTERNAL"
+ },
+ "title": "WordPress UltraAddons plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability",
+ "x_generator": {
+ "engine": "Vulnogram 0.1.0-dev"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-07T13:33:41.723802Z",
+ "id": "CVE-2024-37554",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-07T13:37:42.687Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/37xxx/CVE-2024-37999.json b/cves/2024/37xxx/CVE-2024-37999.json
new file mode 100644
index 00000000000..a44215cb288
--- /dev/null
+++ b/cves/2024/37xxx/CVE-2024-37999.json
@@ -0,0 +1,130 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-37999",
+ "assignerOrgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
+ "state": "PUBLISHED",
+ "assignerShortName": "siemens",
+ "dateReserved": "2024-06-11T12:53:52.369Z",
+ "datePublished": "2024-07-08T10:29:56.906Z",
+ "dateUpdated": "2024-07-08T13:00:33.067Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "cec7a2ec-15b4-4faf-bd53-b40f371f3a77",
+ "shortName": "siemens",
+ "dateUpdated": "2024-07-08T10:29:56.906Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability has been identified in Medicalis Workflow Orchestrator (All versions). The affected application executes as a trusted account with high privileges and network access. This could allow an authenticated local attacker to escalate privileges."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Siemens",
+ "product": "Medicalis Workflow Orchestrator",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "0",
+ "lessThan": "*",
+ "versionType": "custom"
+ }
+ ],
+ "defaultStatus": "unknown"
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C",
+ "baseScore": 7.8,
+ "baseSeverity": "HIGH"
+ }
+ },
+ {
+ "cvssV4_0": {
+ "version": "4.0",
+ "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+ "baseScore": 8.5,
+ "baseSeverity": "HIGH"
+ }
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "cweId": "CWE-282",
+ "description": "CWE-282: Improper Ownership Management",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-501799"
+ }
+ ]
+ },
+ "adp": [
+ {
+ "affected": [
+ {
+ "vendor": "siemens",
+ "product": "medicalis_workflow_orchestrator",
+ "cpes": [
+ "cpe:2.3:a:siemens:medicalis_workflow_orchestrator:*:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThanOrEqual": "*",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-08T13:00:30.371968Z",
+ "id": "CVE-2024-37999",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "total"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-08T13:00:33.067Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/38xxx/CVE-2024-38330.json b/cves/2024/38xxx/CVE-2024-38330.json
new file mode 100644
index 00000000000..b9644f4df1d
--- /dev/null
+++ b/cves/2024/38xxx/CVE-2024-38330.json
@@ -0,0 +1,152 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-38330",
+ "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "state": "PUBLISHED",
+ "assignerShortName": "ibm",
+ "dateReserved": "2024-06-13T21:43:59.170Z",
+ "datePublished": "2024-07-08T01:12:50.812Z",
+ "dateUpdated": "2024-07-08T12:55:11.732Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
+ "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unaffected",
+ "product": "i",
+ "vendor": "IBM",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "7.2, 7.3, 7.4"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Zoltan Panczel"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227."
+ }
+ ],
+ "value": "IBM System Management for i 7.2, 7.3, and 7.4 could allow a local user to gain elevated privileges due to an unqualified library program call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 295227."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "HIGH",
+ "attackVector": "LOCAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 7,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-427",
+ "description": "CWE-427 Uncontrolled Search Path Element",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "shortName": "ibm",
+ "dateUpdated": "2024-07-08T01:12:50.812Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://www.ibm.com/support/pages/node/7159615"
+ },
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295227"
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "title": "IBM i privilege escalation",
+ "x_generator": {
+ "engine": "Vulnogram 0.2.0"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-08T12:54:47.131647Z",
+ "id": "CVE-2024-38330",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "total"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-08T12:55:11.732Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/38xxx/CVE-2024-38373.json b/cves/2024/38xxx/CVE-2024-38373.json
index 9ceb60041c2..659c92d005e 100644
--- a/cves/2024/38xxx/CVE-2024-38373.json
+++ b/cves/2024/38xxx/CVE-2024-38373.json
@@ -8,7 +8,7 @@
"assignerShortName": "GitHub_M",
"dateReserved": "2024-06-14T14:16:16.466Z",
"datePublished": "2024-06-24T16:23:00.162Z",
- "dateUpdated": "2024-07-05T17:33:25.764Z"
+ "dateUpdated": "2024-07-05T20:19:11.301Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/39xxx/CVE-2024-39182.json b/cves/2024/39xxx/CVE-2024-39182.json
new file mode 100644
index 00000000000..5edefbcdb09
--- /dev/null
+++ b/cves/2024/39xxx/CVE-2024-39182.json
@@ -0,0 +1,56 @@
+{
+ "dataType": "CVE_RECORD",
+ "cveMetadata": {
+ "state": "PUBLISHED",
+ "cveId": "CVE-2024-39182",
+ "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "assignerShortName": "mitre",
+ "dateUpdated": "2024-07-05T22:16:05.593503",
+ "dateReserved": "2024-06-21T00:00:00",
+ "datePublished": "2024-07-05T00:00:00"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+ "shortName": "mitre",
+ "dateUpdated": "2024-07-05T22:16:05.593503"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "An information disclosure vulnerability in ISPmanager v6.98.0 allows attackers to access sensitive details of the root user's session via an arbitrary command (ISP6-1779)."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "n/a",
+ "product": "n/a",
+ "versions": [
+ {
+ "version": "n/a",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://ispmanager.com/changelog"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "text",
+ "lang": "en",
+ "description": "n/a"
+ }
+ ]
+ }
+ ]
+ }
+ },
+ "dataVersion": "5.1"
+}
\ No newline at end of file
diff --git a/cves/2024/39xxx/CVE-2024-39321.json b/cves/2024/39xxx/CVE-2024-39321.json
new file mode 100644
index 00000000000..3d65a274b33
--- /dev/null
+++ b/cves/2024/39xxx/CVE-2024-39321.json
@@ -0,0 +1,147 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-39321",
+ "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
+ "state": "PUBLISHED",
+ "assignerShortName": "GitHub_M",
+ "dateReserved": "2024-06-21T18:15:22.263Z",
+ "datePublished": "2024-07-05T17:32:06.688Z",
+ "dateUpdated": "2024-07-05T20:07:14.424Z"
+ },
+ "containers": {
+ "cna": {
+ "title": "Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-639",
+ "lang": "en",
+ "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "version": "3.1"
+ }
+ }
+ ],
+ "references": [
+ {
+ "name": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9",
+ "tags": [
+ "x_refsource_CONFIRM"
+ ],
+ "url": "https://github.com/traefik/traefik/security/advisories/GHSA-gxrv-wf35-62w9"
+ },
+ {
+ "name": "https://github.com/traefik/traefik/releases/tag/v2.11.6",
+ "tags": [
+ "x_refsource_MISC"
+ ],
+ "url": "https://github.com/traefik/traefik/releases/tag/v2.11.6"
+ },
+ {
+ "name": "https://github.com/traefik/traefik/releases/tag/v3.0.4",
+ "tags": [
+ "x_refsource_MISC"
+ ],
+ "url": "https://github.com/traefik/traefik/releases/tag/v3.0.4"
+ },
+ {
+ "name": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3",
+ "tags": [
+ "x_refsource_MISC"
+ ],
+ "url": "https://github.com/traefik/traefik/releases/tag/v3.1.0-rc3"
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "traefik",
+ "product": "traefik",
+ "versions": [
+ {
+ "version": "< 2.11.6",
+ "status": "affected"
+ },
+ {
+ "version": ">= 3.0.0-beta3, < 3.0.4",
+ "status": "affected"
+ },
+ {
+ "version": ">= 3.1.0-rc1, < 3.1.0-rc3",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
+ "shortName": "GitHub_M",
+ "dateUpdated": "2024-07-05T17:32:06.688Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Traefik is an HTTP reverse proxy and load balancer. Versions prior to 2.11.6, 3.0.4, and 3.1.0-rc3 have a vulnerability that allows bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes sent with spoofed IP addresses. Versions 2.11.6, 3.0.4, and 3.1.0-rc3 contain a patch for this issue. No known workarounds are available."
+ }
+ ],
+ "source": {
+ "advisory": "GHSA-gxrv-wf35-62w9",
+ "discovery": "UNKNOWN"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-05T20:07:02.660742Z",
+ "id": "CVE-2024-39321",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-05T20:07:14.424Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/39xxx/CVE-2024-39458.json b/cves/2024/39xxx/CVE-2024-39458.json
index 01da692ef8d..e261f7cee9f 100644
--- a/cves/2024/39xxx/CVE-2024-39458.json
+++ b/cves/2024/39xxx/CVE-2024-39458.json
@@ -8,7 +8,7 @@
"assignerShortName": "jenkins",
"dateReserved": "2024-06-25T08:12:57.626Z",
"datePublished": "2024-06-26T17:06:26.399Z",
- "dateUpdated": "2024-07-05T17:38:20.275Z"
+ "dateUpdated": "2024-07-05T20:18:50.446Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/39xxx/CVE-2024-39473.json b/cves/2024/39xxx/CVE-2024-39473.json
new file mode 100644
index 00000000000..b12c916b2da
--- /dev/null
+++ b/cves/2024/39xxx/CVE-2024-39473.json
@@ -0,0 +1,147 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-39473",
+ "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+ "state": "PUBLISHED",
+ "assignerShortName": "Linux",
+ "dateReserved": "2024-06-25T14:23:23.745Z",
+ "datePublished": "2024-07-05T06:55:04.363Z",
+ "dateUpdated": "2024-07-05T20:08:25.422Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+ "shortName": "Linux",
+ "dateUpdated": "2024-07-05T06:55:04.363Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension\n\nIf a process module does not have base config extension then the same\nformat applies to all of it's inputs and the process->base_config_ext is\nNULL, causing NULL dereference when specifically crafted topology and\nsequences used."
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "programFiles": [
+ "sound/soc/sof/ipc4-topology.c"
+ ],
+ "versions": [
+ {
+ "version": "648fea128476",
+ "lessThan": "e3ae00ee238b",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "648fea128476",
+ "lessThan": "9e16f17a2a0e",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "648fea128476",
+ "lessThan": "ffa077b2f6ad",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "programFiles": [
+ "sound/soc/sof/ipc4-topology.c"
+ ],
+ "versions": [
+ {
+ "version": "6.4",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "6.4",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6.34",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.9.5",
+ "lessThanOrEqual": "6.9.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.10-rc2",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/e3ae00ee238bce6cfa5ad935c921181c14d18fd6"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/9e16f17a2a0e97b43538b272e7071537a3e03368"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/ffa077b2f6ad124ec3d23fbddc5e4b0ff2647af8"
+ }
+ ],
+ "title": "ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension",
+ "x_generator": {
+ "engine": "bippy-7d53e8ef8be4"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-05T20:08:14.080925Z",
+ "id": "CVE-2024-39473",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-05T20:08:25.422Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/39xxx/CVE-2024-39481.json b/cves/2024/39xxx/CVE-2024-39481.json
new file mode 100644
index 00000000000..16d4f844927
--- /dev/null
+++ b/cves/2024/39xxx/CVE-2024-39481.json
@@ -0,0 +1,162 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-39481",
+ "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+ "state": "PUBLISHED",
+ "assignerShortName": "Linux",
+ "dateReserved": "2024-06-25T14:23:23.746Z",
+ "datePublished": "2024-07-05T06:55:09.916Z",
+ "dateUpdated": "2024-07-05T20:07:53.742Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+ "shortName": "Linux",
+ "dateUpdated": "2024-07-05T06:55:09.916Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: mc: Fix graph walk in media_pipeline_start\n\nThe graph walk tries to follow all links, even if they are not between\npads. This causes a crash with, e.g. a MEDIA_LNK_FL_ANCILLARY_LINK link.\n\nFix this by allowing the walk to proceed only for MEDIA_LNK_FL_DATA_LINK\nlinks."
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "programFiles": [
+ "drivers/media/mc/mc-entity.c"
+ ],
+ "versions": [
+ {
+ "version": "ae219872834a",
+ "lessThan": "788fd0f11e45",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "ae219872834a",
+ "lessThan": "e80d9db99b7b",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "ae219872834a",
+ "lessThan": "bee9440bc0b6",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "ae219872834a",
+ "lessThan": "8a9d420149c4",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "programFiles": [
+ "drivers/media/mc/mc-entity.c"
+ ],
+ "versions": [
+ {
+ "version": "6.1",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "6.1",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.1.94",
+ "lessThanOrEqual": "6.1.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6.34",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.9.5",
+ "lessThanOrEqual": "6.9.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.10-rc1",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/788fd0f11e45ae8d3a8ebbd3452a6e83f92db376"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/e80d9db99b7b6c697d8d952dfd25c3425cf61499"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/bee9440bc0b6b3b7432f7bfde28656262a3484a2"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/8a9d420149c477e7c97fbd6453704e4612bdd3fa"
+ }
+ ],
+ "title": "media: mc: Fix graph walk in media_pipeline_start",
+ "x_generator": {
+ "engine": "bippy-7d53e8ef8be4"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-05T20:07:40.257709Z",
+ "id": "CVE-2024-39481",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-05T20:07:53.742Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/39xxx/CVE-2024-39486.json b/cves/2024/39xxx/CVE-2024-39486.json
new file mode 100644
index 00000000000..fbb00798d4c
--- /dev/null
+++ b/cves/2024/39xxx/CVE-2024-39486.json
@@ -0,0 +1,113 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-39486",
+ "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+ "state": "PUBLISHED",
+ "assignerShortName": "Linux",
+ "dateReserved": "2024-06-25T14:23:23.747Z",
+ "datePublished": "2024-07-06T09:25:21.514Z",
+ "dateUpdated": "2024-07-06T09:25:21.514Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
+ "shortName": "Linux",
+ "dateUpdated": "2024-07-06T09:25:21.514Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drm_file: Fix pid refcounting race\n\n\nfilp->pid is supposed to be a refcounted pointer; however, before this\npatch, drm_file_update_pid() only increments the refcount of a struct\npid after storing a pointer to it in filp->pid and dropping the\ndev->filelist_mutex, making the following race possible:\n\nprocess A process B\n========= =========\n begin drm_file_update_pid\n mutex_lock(&dev->filelist_mutex)\n rcu_replace_pointer(filp->pid, , 1)\n mutex_unlock(&dev->filelist_mutex)\nbegin drm_file_update_pid\nmutex_lock(&dev->filelist_mutex)\nrcu_replace_pointer(filp->pid, , 1)\nmutex_unlock(&dev->filelist_mutex)\nget_pid()\nsynchronize_rcu()\nput_pid() *** pid B reaches refcount 0 and is freed here ***\n get_pid() *** UAF ***\n synchronize_rcu()\n put_pid()\n\nAs far as I know, this race can only occur with CONFIG_PREEMPT_RCU=y\nbecause it requires RCU to detect a quiescent state in code that is not\nexplicitly calling into the scheduler.\n\nThis race leads to use-after-free of a \"struct pid\".\nIt is probably somewhat hard to hit because process A has to pass\nthrough a synchronize_rcu() operation while process B is between\nmutex_unlock() and get_pid().\n\nFix it by ensuring that by the time a pointer to the current task's pid\nis stored in the file, an extra reference to the pid has been taken.\n\nThis fix also removes the condition for synchronize_rcu(); I think\nthat optimization is unnecessary complexity, since in that case we\nwould usually have bailed out on the lockless check above."
+ }
+ ],
+ "affected": [
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "unaffected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "programFiles": [
+ "drivers/gpu/drm/drm_file.c"
+ ],
+ "versions": [
+ {
+ "version": "031ddd280089",
+ "lessThan": "16682588ead4",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "1c7a387ffef8",
+ "lessThan": "0acce2a5c619",
+ "status": "affected",
+ "versionType": "git"
+ },
+ {
+ "version": "1c7a387ffef8",
+ "lessThan": "4f2a129b33a2",
+ "status": "affected",
+ "versionType": "git"
+ }
+ ]
+ },
+ {
+ "product": "Linux",
+ "vendor": "Linux",
+ "defaultStatus": "affected",
+ "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
+ "programFiles": [
+ "drivers/gpu/drm/drm_file.c"
+ ],
+ "versions": [
+ {
+ "version": "6.7",
+ "status": "affected"
+ },
+ {
+ "version": "0",
+ "lessThan": "6.7",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.6.37",
+ "lessThanOrEqual": "6.6.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.9.8",
+ "lessThanOrEqual": "6.9.*",
+ "status": "unaffected",
+ "versionType": "custom"
+ },
+ {
+ "version": "6.10-rc6",
+ "lessThanOrEqual": "*",
+ "status": "unaffected",
+ "versionType": "original_commit_for_fix"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://git.kernel.org/stable/c/16682588ead4a593cf1aebb33b36df4d1e9e4ffa"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/0acce2a5c619ef1abdee783d7fea5eac78ce4844"
+ },
+ {
+ "url": "https://git.kernel.org/stable/c/4f2a129b33a2054e62273edd5a051c34c08d96e9"
+ }
+ ],
+ "title": "drm/drm_file: Fix pid refcounting race",
+ "x_generator": {
+ "engine": "bippy-7d53e8ef8be4"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/39xxx/CVE-2024-39689.json b/cves/2024/39xxx/CVE-2024-39689.json
new file mode 100644
index 00000000000..bcccd99d27e
--- /dev/null
+++ b/cves/2024/39xxx/CVE-2024-39689.json
@@ -0,0 +1,132 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-39689",
+ "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
+ "state": "PUBLISHED",
+ "assignerShortName": "GitHub_M",
+ "dateReserved": "2024-06-27T18:44:13.035Z",
+ "datePublished": "2024-07-05T18:39:33.202Z",
+ "dateUpdated": "2024-07-05T20:06:22.343Z"
+ },
+ "containers": {
+ "cna": {
+ "title": "Certifi removes GLOBALTRUST root certificate",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-345",
+ "lang": "en",
+ "description": "CWE-345: Insufficient Verification of Data Authenticity",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
+ "version": "3.1"
+ }
+ }
+ ],
+ "references": [
+ {
+ "name": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc",
+ "tags": [
+ "x_refsource_CONFIRM"
+ ],
+ "url": "https://github.com/certifi/python-certifi/security/advisories/GHSA-248v-346w-9cwc"
+ },
+ {
+ "name": "https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463",
+ "tags": [
+ "x_refsource_MISC"
+ ],
+ "url": "https://github.com/certifi/python-certifi/commit/bd8153872e9c6fc98f4023df9c2deaffea2fa463"
+ },
+ {
+ "name": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI",
+ "tags": [
+ "x_refsource_MISC"
+ ],
+ "url": "https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/XpknYMPO8dI"
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "certifi",
+ "product": "python-certifi",
+ "versions": [
+ {
+ "version": ">= 2021.05.30, < 2024.07.04",
+ "status": "affected"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
+ "shortName": "GitHub_M",
+ "dateUpdated": "2024-07-05T18:39:33.202Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.05.30 and prior to 2024.07.4 recognized root certificates from `GLOBALTRUST`. Certifi 2024.07.04 removes root certificates from `GLOBALTRUST` from the root store. These are in the process of being removed from Mozilla's trust store. `GLOBALTRUST`'s root certificates are being removed pursuant to an investigation which identified \"long-running and unresolved compliance issues.\""
+ }
+ ],
+ "source": {
+ "advisory": "GHSA-248v-346w-9cwc",
+ "discovery": "UNKNOWN"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-05T20:06:09.735041Z",
+ "id": "CVE-2024-39689",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-05T20:06:22.343Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/39xxx/CVE-2024-39723.json b/cves/2024/39xxx/CVE-2024-39723.json
new file mode 100644
index 00000000000..983bbb64c2c
--- /dev/null
+++ b/cves/2024/39xxx/CVE-2024-39723.json
@@ -0,0 +1,143 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-39723",
+ "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "state": "PUBLISHED",
+ "assignerShortName": "ibm",
+ "dateReserved": "2024-06-28T09:34:20.322Z",
+ "datePublished": "2024-07-08T00:38:47.786Z",
+ "dateUpdated": "2024-07-08T13:38:50.715Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "cpes": [
+ "cpe:2.3:a:ibm:storage_virtualize:8.6:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unaffected",
+ "product": "Storage Virtualize",
+ "vendor": "IBM",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "8.6"
+ }
+ ]
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
+ }
+ ],
+ "value": "IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "PHYSICAL",
+ "availabilityImpact": "HIGH",
+ "baseScore": 4.6,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-1299",
+ "description": "CWE-1299 Missing Protection Mechanism for Alternate Hardware Interface",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "shortName": "ibm",
+ "dateUpdated": "2024-07-08T00:38:47.786Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://www.ibm.com/support/pages/node/7159333"
+ },
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295935"
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "title": "IBM FlashSystem denial of service",
+ "x_generator": {
+ "engine": "Vulnogram 0.2.0"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-08T13:38:32.682285Z",
+ "id": "CVE-2024-39723",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-08T13:38:50.715Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/39xxx/CVE-2024-39742.json b/cves/2024/39xxx/CVE-2024-39742.json
new file mode 100644
index 00000000000..82aab542b61
--- /dev/null
+++ b/cves/2024/39xxx/CVE-2024-39742.json
@@ -0,0 +1,106 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-39742",
+ "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "state": "PUBLISHED",
+ "assignerShortName": "ibm",
+ "dateReserved": "2024-06-28T09:34:35.183Z",
+ "datePublished": "2024-07-08T13:16:10.090Z",
+ "dateUpdated": "2024-07-08T13:16:10.090Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "product": "MQ Operator",
+ "vendor": "IBM",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.0.24, 3.2.2"
+ }
+ ]
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
+ }
+ ],
+ "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to bypass authentication under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297169."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-187",
+ "description": "CWE-187 Partial Comparison",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "shortName": "ibm",
+ "dateUpdated": "2024-07-08T13:16:10.090Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://www.ibm.com/support/pages/node/7159714"
+ },
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297169"
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "title": "IBM MQ Container authentication bypass",
+ "x_generator": {
+ "engine": "Vulnogram 0.2.0"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/39xxx/CVE-2024-39743.json b/cves/2024/39xxx/CVE-2024-39743.json
new file mode 100644
index 00000000000..2c698eccdf5
--- /dev/null
+++ b/cves/2024/39xxx/CVE-2024-39743.json
@@ -0,0 +1,106 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-39743",
+ "assignerOrgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "state": "PUBLISHED",
+ "assignerShortName": "ibm",
+ "dateReserved": "2024-06-28T09:34:46.056Z",
+ "datePublished": "2024-07-08T13:14:43.915Z",
+ "dateUpdated": "2024-07-08T13:14:43.915Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "product": "MQ Operator",
+ "vendor": "IBM",
+ "versions": [
+ {
+ "status": "affected",
+ "version": "2.0.24, 3.2.2"
+ }
+ ]
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to cause a denial of service under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297172."
+ }
+ ],
+ "value": "IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24 could allow a user to cause a denial of service under certain configurations due to a partial string comparison vulnerability. IBM X-Force ID: 297172."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 5.9,
+ "baseSeverity": "MEDIUM",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-187",
+ "description": "CWE-187 Partial Comparison",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "9a959283-ebb5-44b6-b705-dcc2bbced522",
+ "shortName": "ibm",
+ "dateUpdated": "2024-07-08T13:14:43.915Z"
+ },
+ "references": [
+ {
+ "tags": [
+ "vendor-advisory"
+ ],
+ "url": "https://www.ibm.com/support/pages/node/7159714"
+ },
+ {
+ "tags": [
+ "vdb-entry"
+ ],
+ "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297172"
+ }
+ ],
+ "source": {
+ "discovery": "UNKNOWN"
+ },
+ "title": "IBM MQ Container denial of service",
+ "x_generator": {
+ "engine": "Vulnogram 0.2.0"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/39xxx/CVE-2024-39864.json b/cves/2024/39xxx/CVE-2024-39864.json
new file mode 100644
index 00000000000..f546109aaf5
--- /dev/null
+++ b/cves/2024/39xxx/CVE-2024-39864.json
@@ -0,0 +1,211 @@
+{
+ "dataType": "CVE_RECORD",
+ "cveMetadata": {
+ "cveId": "CVE-2024-39864",
+ "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
+ "state": "PUBLISHED",
+ "assignerShortName": "apache",
+ "dateReserved": "2024-07-01T10:59:29.245Z",
+ "datePublished": "2024-07-05T13:40:37.937Z",
+ "dateUpdated": "2024-07-08T13:44:39.748Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "product": "Apache CloudStack",
+ "vendor": "Apache Software Foundation",
+ "versions": [
+ {
+ "lessThanOrEqual": "4.18.2.0",
+ "status": "affected",
+ "version": "4.0.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "4.19.0.1",
+ "status": "affected",
+ "version": "4.19.0.0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Adam Pond of Apple Services Engineering Security"
+ },
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Terry Thibault of Apple Services Engineering Security"
+ },
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Damon Smith of Apple Services Engineering Security"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "The CloudStack integration API service allows running its unauthenticated API server (usually on port 8096 when configured and enabled via integration.api.port global setting) for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is considered disabled when integration.api.port is set to 0 or negative. Due to an improper initialisation logic, the integration API service would listen on a random port when its port value is set to 0 (default value). An attacker that can access the CloudStack management network could scan and find the randomised integration API service port and exploit it to perform unauthorised administrative actions and perform remote code execution on CloudStack managed hosts and result in complete compromise of the confidentiality, integrity, and availability of CloudStack managed infrastructure.
Users are recommended to restrict the network access on the CloudStack management server hosts to only essential ports. Users are recommended to upgrade to version 4.18.2.1, 4.19.0.2 or later, which addresses this issue.
This issue affects Extreme XDS: before 3928.
"
+ }
+ ],
+ "value": "Improper Privilege Management vulnerability in Ekstrem Bir Bilgisayar Danismanlik Ic Ve Dis Ticaret Ltd. Sti. Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928."
+ }
+ ],
+ "impacts": [
+ {
+ "capecId": "CAPEC-569",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CAPEC-569 Collect Data as Provided by Users"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "baseScore": 7.2,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "LOW",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-269",
+ "description": "CWE-269 Improper Privilege Management",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
+ "shortName": "TR-CERT",
+ "dateUpdated": "2024-07-08T13:46:12.791Z"
+ },
+ "references": [
+ {
+ "url": "https://www.usom.gov.tr/bildirim/tr-24-0893"
+ }
+ ],
+ "source": {
+ "advisory": "TR-24-0893",
+ "defect": [
+ "TR-24-0893"
+ ],
+ "discovery": "UNKNOWN"
+ },
+ "title": "Information Disclosure in ExtremePacs's Extreme XDS",
+ "x_generator": {
+ "engine": "Vulnogram 0.2.0"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/4xxx/CVE-2024-4418.json b/cves/2024/4xxx/CVE-2024-4418.json
index 22d81a67e6f..3e99d3abece 100644
--- a/cves/2024/4xxx/CVE-2024-4418.json
+++ b/cves/2024/4xxx/CVE-2024-4418.json
@@ -8,7 +8,7 @@
"assignerShortName": "redhat",
"dateReserved": "2024-05-02T10:52:32.129Z",
"datePublished": "2024-05-08T03:03:05.135Z",
- "dateUpdated": "2024-07-05T18:34:12.851Z"
+ "dateUpdated": "2024-07-08T04:50:16.105Z"
},
"containers": {
"cna": {
@@ -50,32 +50,60 @@
"affected": [
{
"vendor": "Red Hat",
- "product": "Red Hat Enterprise Linux 6",
+ "product": "Red Hat Enterprise Linux 8",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
- "packageName": "libvirt",
- "defaultStatus": "unknown",
+ "packageName": "virt-devel:rhel",
+ "defaultStatus": "affected",
+ "versions": [
+ {
+ "version": "8100020240606142719.489197e6",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
"cpes": [
- "cpe:/o:redhat:enterprise_linux:6"
+ "cpe:/a:redhat:enterprise_linux:8::appstream",
+ "cpe:/a:redhat:enterprise_linux:8::crb"
]
},
{
"vendor": "Red Hat",
- "product": "Red Hat Enterprise Linux 7",
+ "product": "Red Hat Enterprise Linux 8",
+ "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
+ "packageName": "virt:rhel",
+ "defaultStatus": "affected",
+ "versions": [
+ {
+ "version": "8100020240606142719.489197e6",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "cpes": [
+ "cpe:/a:redhat:enterprise_linux:8::appstream",
+ "cpe:/a:redhat:enterprise_linux:8::crb"
+ ]
+ },
+ {
+ "vendor": "Red Hat",
+ "product": "Red Hat Enterprise Linux 6",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"packageName": "libvirt",
"defaultStatus": "unknown",
"cpes": [
- "cpe:/o:redhat:enterprise_linux:7"
+ "cpe:/o:redhat:enterprise_linux:6"
]
},
{
"vendor": "Red Hat",
- "product": "Red Hat Enterprise Linux 8",
+ "product": "Red Hat Enterprise Linux 7",
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
- "packageName": "virt:rhel/libvirt",
- "defaultStatus": "affected",
+ "packageName": "libvirt",
+ "defaultStatus": "unknown",
"cpes": [
- "cpe:/o:redhat:enterprise_linux:8"
+ "cpe:/o:redhat:enterprise_linux:7"
]
},
{
@@ -100,6 +128,14 @@
}
],
"references": [
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:4351",
+ "name": "RHSA-2024:4351",
+ "tags": [
+ "vendor-advisory",
+ "x_refsource_REDHAT"
+ ]
+ },
{
"url": "https://access.redhat.com/security/cve/CVE-2024-4418",
"tags": [
@@ -157,7 +193,7 @@
"providerMetadata": {
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat",
- "dateUpdated": "2024-05-08T03:03:05.135Z"
+ "dateUpdated": "2024-07-08T04:50:16.105Z"
}
},
"adp": [
diff --git a/cves/2024/4xxx/CVE-2024-4541.json b/cves/2024/4xxx/CVE-2024-4541.json
index 9e937be1d94..b6fdb7e06a1 100644
--- a/cves/2024/4xxx/CVE-2024-4541.json
+++ b/cves/2024/4xxx/CVE-2024-4541.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-05-06T11:18:52.824Z",
"datePublished": "2024-06-19T03:12:29.630Z",
- "dateUpdated": "2024-07-05T18:34:15.299Z"
+ "dateUpdated": "2024-07-06T03:11:12.252Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/4xxx/CVE-2024-4708.json b/cves/2024/4xxx/CVE-2024-4708.json
new file mode 100644
index 00000000000..6460dd9d79e
--- /dev/null
+++ b/cves/2024/4xxx/CVE-2024-4708.json
@@ -0,0 +1,208 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-4708",
+ "assignerOrgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
+ "state": "PUBLISHED",
+ "assignerShortName": "icscert",
+ "dateReserved": "2024-05-09T20:45:17.755Z",
+ "datePublished": "2024-07-02T23:06:21.045Z",
+ "dateUpdated": "2024-07-05T21:23:04.236Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "product": "myPRO",
+ "vendor": "mySCADA",
+ "versions": [
+ {
+ "lessThan": "8.31.0",
+ "status": "affected",
+ "version": "0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Nassim Asrir working with Trend Micro Zero Day Initiative reported this vulnerability to CISA."
+ }
+ ],
+ "datePublic": "2024-07-02T16:00:00.000Z",
+ "descriptions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "mySCADA myPRO \n\nuses a hard-coded password which could allow an attacker to remotely execute code on the affected device.\n\n
"
+ }
+ ],
+ "value": "mySCADA myPRO \n\nuses a hard-coded password which could allow an attacker to remotely execute code on the affected device."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV4_0": {
+ "Automatable": "NOT_DEFINED",
+ "Recovery": "NOT_DEFINED",
+ "Safety": "NOT_DEFINED",
+ "attackComplexity": "LOW",
+ "attackRequirements": "NONE",
+ "attackVector": "NETWORK",
+ "baseScore": 9.3,
+ "baseSeverity": "CRITICAL",
+ "privilegesRequired": "NONE",
+ "providerUrgency": "NOT_DEFINED",
+ "subAvailabilityImpact": "NONE",
+ "subConfidentialityImpact": "NONE",
+ "subIntegrityImpact": "NONE",
+ "userInteraction": "NONE",
+ "valueDensity": "NOT_DEFINED",
+ "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
+ "version": "4.0",
+ "vulnAvailabilityImpact": "HIGH",
+ "vulnConfidentialityImpact": "HIGH",
+ "vulnIntegrityImpact": "HIGH",
+ "vulnerabilityResponseEffort": "NOT_DEFINED"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ },
+ {
+ "cvssV3_1": {
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 9.8,
+ "baseSeverity": "CRITICAL",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
+ },
+ "format": "CVSS",
+ "scenarios": [
+ {
+ "lang": "en",
+ "value": "GENERAL"
+ }
+ ]
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-259",
+ "description": "CWE-259 Use of Hard-coded Password",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "7d14cffa-0d7d-4270-9dc0-52cabd5a23a6",
+ "shortName": "icscert",
+ "dateUpdated": "2024-07-02T23:06:21.045Z"
+ },
+ "references": [
+ {
+ "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-184-02"
+ },
+ {
+ "url": "https://www.myscada.org/mypro/"
+ }
+ ],
+ "solutions": [
+ {
+ "lang": "en",
+ "supportingMedia": [
+ {
+ "base64": false,
+ "type": "text/html",
+ "value": "mySCADA recommends updating myPRO to v8.31.0.\n\n
"
+ }
+ ],
+ "value": "mySCADA recommends updating myPRO to v8.31.0 https://www.myscada.org/mypro/ ."
+ }
+ ],
+ "source": {
+ "advisory": "ICSA-24-184-02",
+ "discovery": "EXTERNAL"
+ },
+ "title": "mySCADA myPRO Use of Hard-coded Password",
+ "x_generator": {
+ "engine": "Vulnogram 0.2.0"
+ }
+ },
+ "adp": [
+ {
+ "affected": [
+ {
+ "vendor": "myscada",
+ "product": "mypro",
+ "cpes": [
+ "cpe:2.3:a:myscada:mypro:-:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unaffected",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThan": "8.31.0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-05T20:10:12.733058Z",
+ "id": "CVE-2024-4708",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "yes"
+ },
+ {
+ "Technical Impact": "total"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-05T21:23:04.236Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/5xxx/CVE-2024-5215.json b/cves/2024/5xxx/CVE-2024-5215.json
index 3ab20a1ef04..216582a499e 100644
--- a/cves/2024/5xxx/CVE-2024-5215.json
+++ b/cves/2024/5xxx/CVE-2024-5215.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-05-22T18:07:18.156Z",
"datePublished": "2024-06-26T06:56:03.593Z",
- "dateUpdated": "2024-07-05T18:54:32.002Z"
+ "dateUpdated": "2024-07-06T03:09:52.446Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/5xxx/CVE-2024-5419.json b/cves/2024/5xxx/CVE-2024-5419.json
new file mode 100644
index 00000000000..7f26cc60039
--- /dev/null
+++ b/cves/2024/5xxx/CVE-2024-5419.json
@@ -0,0 +1,123 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-5419",
+ "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
+ "state": "PUBLISHED",
+ "assignerShortName": "Wordfence",
+ "dateReserved": "2024-05-27T13:20:14.788Z",
+ "datePublished": "2024-07-02T03:14:52.242Z",
+ "dateUpdated": "2024-07-06T03:06:35.218Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
+ "shortName": "Wordfence",
+ "dateUpdated": "2024-07-02T03:14:52.242Z"
+ },
+ "affected": [
+ {
+ "vendor": "voidthemes",
+ "product": "Void Contact Form 7 Widget For Elementor Page Builder",
+ "versions": [
+ {
+ "version": "*",
+ "status": "affected",
+ "lessThanOrEqual": "2.4",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "title": "Void Contact Form 7 Widget For Elementor Page Builder <= 2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via cf7_redirect_page Attribute",
+ "references": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2837c9b2-419e-453a-b011-5ec1ef050d62?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/cf7-widget-elementor/tags/2.4/widgets/void-section-cf7.php#L1672"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/3109802/#file6"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "wesley"
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2024-07-01T15:08:51.000+00:00",
+ "lang": "en",
+ "value": "Disclosed"
+ }
+ ]
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-06T03:06:18.374947Z",
+ "id": "CVE-2024-5419",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-06T03:06:35.218Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/5xxx/CVE-2024-5424.json b/cves/2024/5xxx/CVE-2024-5424.json
index 6e0730d5e1c..ab4b9b4c639 100644
--- a/cves/2024/5xxx/CVE-2024-5424.json
+++ b/cves/2024/5xxx/CVE-2024-5424.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-05-27T14:43:30.500Z",
"datePublished": "2024-06-28T08:33:28.105Z",
- "dateUpdated": "2024-07-05T19:04:39.804Z"
+ "dateUpdated": "2024-07-06T03:09:24.121Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/5xxx/CVE-2024-5504.json b/cves/2024/5xxx/CVE-2024-5504.json
new file mode 100644
index 00000000000..6714267d3ef
--- /dev/null
+++ b/cves/2024/5xxx/CVE-2024-5504.json
@@ -0,0 +1,126 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-5504",
+ "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
+ "state": "PUBLISHED",
+ "assignerShortName": "Wordfence",
+ "dateReserved": "2024-05-29T21:17:02.171Z",
+ "datePublished": "2024-07-02T07:37:03.053Z",
+ "dateUpdated": "2024-07-06T03:06:23.535Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
+ "shortName": "Wordfence",
+ "dateUpdated": "2024-07-02T07:37:03.053Z"
+ },
+ "affected": [
+ {
+ "vendor": "apollo13themes",
+ "product": "Rife Elementor Extensions & Templates",
+ "versions": [
+ {
+ "version": "*",
+ "status": "affected",
+ "lessThanOrEqual": "1.2.1",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute within the plugin's Writing Effect Headline widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "title": "Rife Elementor Extensions & Templates <= 1.2.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Writing Effect Headline Widget",
+ "references": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2bc0b654-5174-41bc-9e8a-40257ceb7ded?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/rife-elementor-extensions/trunk/includes/elementor/widgets/writing-effect-headline.php#L264"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset/3109903/#file1"
+ },
+ {
+ "url": "https://wordpress.org/plugins/rife-elementor-extensions/#developers"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "wesley"
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2024-07-01T19:26:57.000+00:00",
+ "lang": "en",
+ "value": "Disclosed"
+ }
+ ]
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-06T03:06:13.291754Z",
+ "id": "CVE-2024-5504",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-06T03:06:23.535Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/5xxx/CVE-2024-5507.json b/cves/2024/5xxx/CVE-2024-5507.json
index 06337d6d712..1c48ffe9847 100644
--- a/cves/2024/5xxx/CVE-2024-5507.json
+++ b/cves/2024/5xxx/CVE-2024-5507.json
@@ -8,7 +8,7 @@
"assignerShortName": "zdi",
"dateReserved": "2024-05-29T21:48:44.855Z",
"datePublished": "2024-06-06T17:51:43.852Z",
- "dateUpdated": "2024-07-05T19:10:08.421Z"
+ "dateUpdated": "2024-07-05T20:16:52.183Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/5xxx/CVE-2024-5616.json b/cves/2024/5xxx/CVE-2024-5616.json
new file mode 100644
index 00000000000..3d3c811b643
--- /dev/null
+++ b/cves/2024/5xxx/CVE-2024-5616.json
@@ -0,0 +1,85 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-5616",
+ "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
+ "state": "PUBLISHED",
+ "assignerShortName": "@huntr_ai",
+ "dateReserved": "2024-06-04T02:49:35.920Z",
+ "datePublished": "2024-07-06T08:38:02.339Z",
+ "dateUpdated": "2024-07-06T08:38:02.339Z"
+ },
+ "containers": {
+ "cna": {
+ "title": "CSRF Vulnerability in mudler/LocalAI",
+ "providerMetadata": {
+ "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
+ "shortName": "@huntr_ai",
+ "dateUpdated": "2024-07-06T08:38:02.339Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview', without the victim's consent. The vulnerability is due to insufficient CSRF protection mechanisms on the model deletion functionality."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "mudler",
+ "product": "mudler/localai",
+ "versions": [
+ {
+ "version": "unspecified",
+ "lessThan": "2.17",
+ "status": "affected",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://huntr.com/bounties/fd753fb6-ba04-4dd8-abef-918fb97120af"
+ },
+ {
+ "url": "https://github.com/mudler/localai/commit/4e1463fec291612a59a16db60b3fd12d4c49d64b"
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_0": {
+ "version": "3.0",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "LOW",
+ "confidentialityImpact": "NONE",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+ "baseScore": 4.3,
+ "baseSeverity": "MEDIUM"
+ }
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "CWE",
+ "lang": "en",
+ "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
+ "cweId": "CWE-352"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "advisory": "fd753fb6-ba04-4dd8-abef-918fb97120af",
+ "discovery": "EXTERNAL"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/5xxx/CVE-2024-5711.json b/cves/2024/5xxx/CVE-2024-5711.json
new file mode 100644
index 00000000000..3a83d75c39c
--- /dev/null
+++ b/cves/2024/5xxx/CVE-2024-5711.json
@@ -0,0 +1,137 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-5711",
+ "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
+ "state": "PUBLISHED",
+ "assignerShortName": "@huntr_ai",
+ "dateReserved": "2024-06-06T18:22:37.495Z",
+ "datePublished": "2024-07-08T00:00:13.917Z",
+ "dateUpdated": "2024-07-08T13:49:41.638Z"
+ },
+ "containers": {
+ "cna": {
+ "title": "Cross-site Scripting (XSS) - Stored in stitionai/devika",
+ "providerMetadata": {
+ "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
+ "shortName": "@huntr_ai",
+ "dateUpdated": "2024-07-08T00:00:13.917Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Cross-site Scripting (XSS) - Stored in GitHub repository stitionai/devika prior to -."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "stitionai",
+ "product": "stitionai/devika",
+ "versions": [
+ {
+ "version": "unspecified",
+ "lessThan": "-",
+ "status": "affected",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://huntr.com/bounties/6c00ff84-574b-4b4f-bd58-aa7ec1809662"
+ },
+ {
+ "url": "https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2"
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_0": {
+ "version": "3.0",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH"
+ }
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "CWE",
+ "lang": "en",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "advisory": "6c00ff84-574b-4b4f-bd58-aa7ec1809662",
+ "discovery": "EXTERNAL"
+ }
+ },
+ "adp": [
+ {
+ "affected": [
+ {
+ "vendor": "stitionai",
+ "product": "devika",
+ "cpes": [
+ "cpe:2.3:a:stitionai:devika:*:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0",
+ "status": "affected",
+ "lessThan": "6acce21",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-08T13:44:25.892919Z",
+ "id": "CVE-2024-5711",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-08T13:49:41.638Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/5xxx/CVE-2024-5753.json b/cves/2024/5xxx/CVE-2024-5753.json
new file mode 100644
index 00000000000..0fdad7d7c11
--- /dev/null
+++ b/cves/2024/5xxx/CVE-2024-5753.json
@@ -0,0 +1,82 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-5753",
+ "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
+ "state": "PUBLISHED",
+ "assignerShortName": "@huntr_ai",
+ "dateReserved": "2024-06-07T16:34:29.184Z",
+ "datePublished": "2024-07-05T19:27:22.046Z",
+ "dateUpdated": "2024-07-05T19:27:22.046Z"
+ },
+ "containers": {
+ "cna": {
+ "title": "Local File Read (LFI) by Prompt Injection via Postgres SQL in vanna-ai/vanna",
+ "providerMetadata": {
+ "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
+ "shortName": "@huntr_ai",
+ "dateUpdated": "2024-07-05T19:27:22.046Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by exploiting the exposed SQL queries via a Python Flask API."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "vanna-ai",
+ "product": "vanna-ai/vanna",
+ "versions": [
+ {
+ "version": "unspecified",
+ "status": "affected",
+ "versionType": "custom",
+ "lessThanOrEqual": "latest"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://huntr.com/bounties/a3f913d6-c717-4528-b974-26d8d9e839ca"
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_0": {
+ "version": "3.0",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
+ "baseScore": 7.5,
+ "baseSeverity": "HIGH"
+ }
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "CWE",
+ "lang": "en",
+ "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
+ "cweId": "CWE-200"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "advisory": "a3f913d6-c717-4528-b974-26d8d9e839ca",
+ "discovery": "EXTERNAL"
+ }
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/5xxx/CVE-2024-5788.json b/cves/2024/5xxx/CVE-2024-5788.json
index ed948f88c47..ec820cb6780 100644
--- a/cves/2024/5xxx/CVE-2024-5788.json
+++ b/cves/2024/5xxx/CVE-2024-5788.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-06-10T10:40:52.031Z",
"datePublished": "2024-06-28T06:57:45.277Z",
- "dateUpdated": "2024-07-05T19:10:11.180Z"
+ "dateUpdated": "2024-07-06T03:09:44.023Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/5xxx/CVE-2024-5859.json b/cves/2024/5xxx/CVE-2024-5859.json
index ef853def155..ec9d2171550 100644
--- a/cves/2024/5xxx/CVE-2024-5859.json
+++ b/cves/2024/5xxx/CVE-2024-5859.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-06-11T13:14:28.178Z",
"datePublished": "2024-06-21T08:39:43.499Z",
- "dateUpdated": "2024-07-05T19:23:52.760Z"
+ "dateUpdated": "2024-07-06T03:10:40.691Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/6xxx/CVE-2024-6095.json b/cves/2024/6xxx/CVE-2024-6095.json
new file mode 100644
index 00000000000..ef1c43b6024
--- /dev/null
+++ b/cves/2024/6xxx/CVE-2024-6095.json
@@ -0,0 +1,137 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-6095",
+ "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
+ "state": "PUBLISHED",
+ "assignerShortName": "@huntr_ai",
+ "dateReserved": "2024-06-17T18:56:07.507Z",
+ "datePublished": "2024-07-06T17:48:46.735Z",
+ "dateUpdated": "2024-07-07T19:18:06.138Z"
+ },
+ "containers": {
+ "cna": {
+ "title": "SSRF and Partial LFI in /models/apply Endpoint in mudler/localai",
+ "providerMetadata": {
+ "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
+ "shortName": "@huntr_ai",
+ "dateUpdated": "2024-07-06T17:48:46.735Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability in the /models/apply endpoint of mudler/localai versions 2.15.0 allows for Server-Side Request Forgery (SSRF) and partial Local File Inclusion (LFI). The endpoint supports both http(s):// and file:// schemes, where the latter can lead to LFI. However, the output is limited due to the length of the error message. This vulnerability can be exploited by an attacker with network access to the LocalAI instance, potentially allowing unauthorized access to internal HTTP(s) servers and partial reading of local files. The issue is fixed in version 2.17."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "mudler",
+ "product": "mudler/localai",
+ "versions": [
+ {
+ "version": "unspecified",
+ "lessThan": "2.17",
+ "status": "affected",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://huntr.com/bounties/4799262d-72dc-43c8-bc99-81d0dce996dc"
+ },
+ {
+ "url": "https://github.com/mudler/localai/commit/2fc6fe806b903ac0a70218b21b5c84443a1b0866"
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_0": {
+ "version": "3.0",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "LOW",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "NONE",
+ "scope": "CHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
+ "baseScore": 5.8,
+ "baseSeverity": "MEDIUM"
+ }
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "CWE",
+ "lang": "en",
+ "description": "CWE-918 Server-Side Request Forgery (SSRF)",
+ "cweId": "CWE-918"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "advisory": "4799262d-72dc-43c8-bc99-81d0dce996dc",
+ "discovery": "EXTERNAL"
+ }
+ },
+ "adp": [
+ {
+ "affected": [
+ {
+ "vendor": "mudler",
+ "product": "localai",
+ "cpes": [
+ "cpe:2.3:a:mudler:localai:2.15.0:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "2.15.0",
+ "status": "affected",
+ "lessThan": "2.17.0",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-07T19:17:19.197506Z",
+ "id": "CVE-2024-6095",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "yes"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-07T19:18:06.138Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/6xxx/CVE-2024-6120.json b/cves/2024/6xxx/CVE-2024-6120.json
index d12e4b54729..75b4ebfa5fe 100644
--- a/cves/2024/6xxx/CVE-2024-6120.json
+++ b/cves/2024/6xxx/CVE-2024-6120.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-06-18T11:26:18.203Z",
"datePublished": "2024-06-21T23:33:48.423Z",
- "dateUpdated": "2024-07-05T19:23:54.787Z"
+ "dateUpdated": "2024-07-06T03:10:11.691Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/6xxx/CVE-2024-6163.json b/cves/2024/6xxx/CVE-2024-6163.json
new file mode 100644
index 00000000000..b4da9ec91f9
--- /dev/null
+++ b/cves/2024/6xxx/CVE-2024-6163.json
@@ -0,0 +1,107 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-6163",
+ "assignerOrgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
+ "state": "PUBLISHED",
+ "assignerShortName": "Checkmk",
+ "dateReserved": "2024-06-19T14:29:48.101Z",
+ "datePublished": "2024-07-08T13:01:38.306Z",
+ "dateUpdated": "2024-07-08T13:01:38.306Z"
+ },
+ "containers": {
+ "cna": {
+ "affected": [
+ {
+ "defaultStatus": "unaffected",
+ "product": "Checkmk",
+ "vendor": "Checkmk GmbH",
+ "versions": [
+ {
+ "lessThan": "2.3.0p10",
+ "status": "affected",
+ "version": "2.3.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "2.2.0p31",
+ "status": "affected",
+ "version": "2.2.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThan": "2.1.0p46",
+ "status": "affected",
+ "version": "2.1.0",
+ "versionType": "semver"
+ },
+ {
+ "lessThanOrEqual": "2.0.0p39",
+ "status": "affected",
+ "version": "2.0.0",
+ "versionType": "semver"
+ }
+ ]
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "reporter",
+ "value": "PS Positive Security GmbH"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data"
+ }
+ ],
+ "impacts": [
+ {
+ "capecId": "CAPEC-22",
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "CAPEC-22: Exploiting Trust in Client"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "baseScore": 5.3,
+ "baseSeverity": "MEDIUM",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
+ "version": "3.1"
+ }
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-290",
+ "description": "CWE-290: Authentication Bypass by Spoofing",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "f7d6281c-4801-44ce-ace2-493291dedb0f",
+ "shortName": "Checkmk",
+ "dateUpdated": "2024-07-08T13:01:38.306Z"
+ },
+ "references": [
+ {
+ "url": "https://checkmk.com/werk/17011"
+ }
+ ],
+ "title": "local IP restriction of internal HTTP endpoints"
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/6xxx/CVE-2024-6229.json b/cves/2024/6xxx/CVE-2024-6229.json
new file mode 100644
index 00000000000..7957eecac42
--- /dev/null
+++ b/cves/2024/6xxx/CVE-2024-6229.json
@@ -0,0 +1,134 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-6229",
+ "assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
+ "state": "PUBLISHED",
+ "assignerShortName": "@huntr_ai",
+ "dateReserved": "2024-06-20T20:29:12.955Z",
+ "datePublished": "2024-07-07T15:22:38.743Z",
+ "dateUpdated": "2024-07-07T19:15:38.350Z"
+ },
+ "containers": {
+ "cna": {
+ "title": "Stored XSS in stangirard/quivr",
+ "providerMetadata": {
+ "orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
+ "shortName": "@huntr_ai",
+ "dateUpdated": "2024-07-07T15:22:38.743Z"
+ },
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A stored cross-site scripting (XSS) vulnerability exists in the 'Upload Knowledge' feature of stangirard/quivr, affecting the latest version. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads are stored on the server and executed whenever any user clicks on a link containing the payload, leading to potential data theft, session hijacking, and reputation damage."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "stangirard",
+ "product": "stangirard/quivr",
+ "versions": [
+ {
+ "version": "unspecified",
+ "status": "affected",
+ "versionType": "custom",
+ "lessThanOrEqual": "latest"
+ }
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "https://huntr.com/bounties/2ee71e9e-2cf5-41a4-8440-d75758018786"
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_0": {
+ "version": "3.0",
+ "attackComplexity": "LOW",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "NONE",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "NONE",
+ "privilegesRequired": "LOW",
+ "scope": "CHANGED",
+ "userInteraction": "REQUIRED",
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
+ "baseScore": 6.8,
+ "baseSeverity": "MEDIUM"
+ }
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "CWE",
+ "lang": "en",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
+ "cweId": "CWE-79"
+ }
+ ]
+ }
+ ],
+ "source": {
+ "advisory": "2ee71e9e-2cf5-41a4-8440-d75758018786",
+ "discovery": "EXTERNAL"
+ }
+ },
+ "adp": [
+ {
+ "affected": [
+ {
+ "vendor": "stangirard",
+ "product": "quivr",
+ "cpes": [
+ "cpe:2.3:a:stangirard:quivr:0.0.259:*:*:*:*:*:*:*"
+ ],
+ "defaultStatus": "unknown",
+ "versions": [
+ {
+ "version": "0.0.259",
+ "status": "affected",
+ "lessThanOrEqual": "*",
+ "versionType": "custom"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-07T19:13:05.804340Z",
+ "id": "CVE-2024-6229",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-07T19:15:38.350Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/6xxx/CVE-2024-6263.json b/cves/2024/6xxx/CVE-2024-6263.json
new file mode 100644
index 00000000000..0237c6baf57
--- /dev/null
+++ b/cves/2024/6xxx/CVE-2024-6263.json
@@ -0,0 +1,123 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-6263",
+ "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
+ "state": "PUBLISHED",
+ "assignerShortName": "Wordfence",
+ "dateReserved": "2024-06-21T22:09:38.152Z",
+ "datePublished": "2024-07-03T07:32:38.112Z",
+ "dateUpdated": "2024-07-06T02:33:08.495Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
+ "shortName": "Wordfence",
+ "dateUpdated": "2024-07-03T07:32:38.112Z"
+ },
+ "affected": [
+ {
+ "vendor": "smub",
+ "product": "WP Lightbox 2",
+ "versions": [
+ {
+ "version": "*",
+ "status": "affected",
+ "lessThanOrEqual": "3.0.6.6",
+ "versionType": "semver"
+ }
+ ],
+ "defaultStatus": "unaffected"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "The WP Lightbox 2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ parameter in all versions up to, and including, 3.0.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
+ }
+ ],
+ "title": "WP Lightbox 2 <= 3.0.6.6 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting",
+ "references": [
+ {
+ "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fe275351-a547-440d-9e8c-c464ed333aa9?source=cve"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/browser/wp-lightbox-2/trunk/wp-lightbox-2.js"
+ },
+ {
+ "url": "https://plugins.trac.wordpress.org/changeset?new=3108386%40wp-lightbox-2&old=3046989%40wp-lightbox-2"
+ }
+ ],
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "lang": "en",
+ "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
+ }
+ ]
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV3_1": {
+ "version": "3.1",
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
+ "baseScore": 6.4,
+ "baseSeverity": "MEDIUM"
+ }
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "type": "finder",
+ "value": "Craig Smith"
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2024-07-02T00:00:00.000+00:00",
+ "lang": "en",
+ "value": "Disclosed"
+ }
+ ]
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-06T02:33:01.245989Z",
+ "id": "CVE-2024-6263",
+ "options": [
+ {
+ "Exploitation": "none"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "partial"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-06T02:33:08.495Z"
+ }
+ }
+ ]
+ }
+}
\ No newline at end of file
diff --git a/cves/2024/6xxx/CVE-2024-6288.json b/cves/2024/6xxx/CVE-2024-6288.json
index 802939971a3..c32559cd153 100644
--- a/cves/2024/6xxx/CVE-2024-6288.json
+++ b/cves/2024/6xxx/CVE-2024-6288.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-06-24T17:44:52.421Z",
"datePublished": "2024-06-28T06:57:47.429Z",
- "dateUpdated": "2024-07-05T19:23:55.354Z"
+ "dateUpdated": "2024-07-06T03:09:33.805Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/6xxx/CVE-2024-6307.json b/cves/2024/6xxx/CVE-2024-6307.json
index a2a0fdd5e25..a9101d3dea3 100644
--- a/cves/2024/6xxx/CVE-2024-6307.json
+++ b/cves/2024/6xxx/CVE-2024-6307.json
@@ -8,7 +8,7 @@
"assignerShortName": "Wordfence",
"dateReserved": "2024-06-25T11:09:22.494Z",
"datePublished": "2024-06-25T11:09:23.005Z",
- "dateUpdated": "2024-07-05T19:28:50.444Z"
+ "dateUpdated": "2024-07-06T03:10:01.568Z"
},
"containers": {
"cna": {
diff --git a/cves/2024/6xxx/CVE-2024-6387.json b/cves/2024/6xxx/CVE-2024-6387.json
new file mode 100644
index 00000000000..d611782cac6
--- /dev/null
+++ b/cves/2024/6xxx/CVE-2024-6387.json
@@ -0,0 +1,378 @@
+{
+ "dataType": "CVE_RECORD",
+ "cveMetadata": {
+ "cveId": "CVE-2024-6387",
+ "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
+ "state": "PUBLISHED",
+ "assignerShortName": "redhat",
+ "dateReserved": "2024-06-27T13:41:03.421Z",
+ "datePublished": "2024-07-01T12:37:25.431Z",
+ "dateUpdated": "2024-07-05T23:08:15.094Z"
+ },
+ "containers": {
+ "cna": {
+ "title": "Openssh: possible remote code execution due to a race condition in signal handling",
+ "metrics": [
+ {
+ "other": {
+ "content": {
+ "value": "Important",
+ "namespace": "https://access.redhat.com/security/updates/classification/"
+ },
+ "type": "Red Hat severity rating"
+ }
+ },
+ {
+ "cvssV3_1": {
+ "attackComplexity": "HIGH",
+ "attackVector": "NETWORK",
+ "availabilityImpact": "HIGH",
+ "baseScore": 8.1,
+ "baseSeverity": "HIGH",
+ "confidentialityImpact": "HIGH",
+ "integrityImpact": "HIGH",
+ "privilegesRequired": "NONE",
+ "scope": "UNCHANGED",
+ "userInteraction": "NONE",
+ "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
+ "version": "3.1"
+ },
+ "format": "CVSS"
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time period."
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "Red Hat",
+ "product": "Red Hat Enterprise Linux 9",
+ "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
+ "packageName": "openssh",
+ "defaultStatus": "affected",
+ "versions": [
+ {
+ "version": "0:8.7p1-38.el9_4.1",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "cpes": [
+ "cpe:/a:redhat:enterprise_linux:9::appstream",
+ "cpe:/o:redhat:enterprise_linux:9::baseos"
+ ]
+ },
+ {
+ "vendor": "Red Hat",
+ "product": "Red Hat Enterprise Linux 9",
+ "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
+ "packageName": "openssh",
+ "defaultStatus": "affected",
+ "versions": [
+ {
+ "version": "0:8.7p1-38.el9_4.1",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "cpes": [
+ "cpe:/a:redhat:enterprise_linux:9::appstream",
+ "cpe:/o:redhat:enterprise_linux:9::baseos"
+ ]
+ },
+ {
+ "vendor": "Red Hat",
+ "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
+ "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
+ "packageName": "openssh",
+ "defaultStatus": "affected",
+ "versions": [
+ {
+ "version": "0:8.7p1-30.el9_2.4",
+ "lessThan": "*",
+ "versionType": "rpm",
+ "status": "unaffected"
+ }
+ ],
+ "cpes": [
+ "cpe:/a:redhat:rhel_eus:9.2::appstream",
+ "cpe:/o:redhat:rhel_eus:9.2::baseos"
+ ]
+ },
+ {
+ "vendor": "Red Hat",
+ "product": "Red Hat Enterprise Linux 6",
+ "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
+ "packageName": "openssh",
+ "defaultStatus": "unaffected",
+ "cpes": [
+ "cpe:/o:redhat:enterprise_linux:6"
+ ]
+ },
+ {
+ "vendor": "Red Hat",
+ "product": "Red Hat Enterprise Linux 7",
+ "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
+ "packageName": "openssh",
+ "defaultStatus": "unaffected",
+ "cpes": [
+ "cpe:/o:redhat:enterprise_linux:7"
+ ]
+ },
+ {
+ "vendor": "Red Hat",
+ "product": "Red Hat Enterprise Linux 8",
+ "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
+ "packageName": "openssh",
+ "defaultStatus": "unaffected",
+ "cpes": [
+ "cpe:/o:redhat:enterprise_linux:8"
+ ]
+ },
+ {
+ "vendor": "Red Hat",
+ "product": "Red Hat OpenShift Container Platform 4",
+ "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
+ "packageName": "rhcos",
+ "defaultStatus": "affected",
+ "cpes": [
+ "cpe:/a:redhat:openshift:4"
+ ]
+ }
+ ],
+ "references": [
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/01/12"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/01/13"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/02/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/03/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/03/11"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/03/2"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/03/3"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/03/4"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/03/5"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/04/1"
+ },
+ {
+ "url": "http://www.openwall.com/lists/oss-security/2024/07/04/2"
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:4312",
+ "name": "RHSA-2024:4312",
+ "tags": [
+ "vendor-advisory",
+ "x_refsource_REDHAT"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/errata/RHSA-2024:4340",
+ "name": "RHSA-2024:4340",
+ "tags": [
+ "vendor-advisory",
+ "x_refsource_REDHAT"
+ ]
+ },
+ {
+ "url": "https://access.redhat.com/security/cve/CVE-2024-6387",
+ "tags": [
+ "vdb-entry",
+ "x_refsource_REDHAT"
+ ]
+ },
+ {
+ "url": "https://archlinux.org/news/the-sshd-service-needs-to-be-restarted-after-upgrading-to-openssh-98p1/"
+ },
+ {
+ "url": "https://arstechnica.com/security/2024/07/regresshion-vulnerability-in-openssh-gives-attackers-root-on-linux/"
+ },
+ {
+ "url": "https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server"
+ },
+ {
+ "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2294604",
+ "name": "RHBZ#2294604",
+ "tags": [
+ "issue-tracking",
+ "x_refsource_REDHAT"
+ ]
+ },
+ {
+ "url": "https://explore.alas.aws.amazon.com/CVE-2024-6387.html"
+ },
+ {
+ "url": "https://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2024-002.txt.asc"
+ },
+ {
+ "url": "https://github.com/AlmaLinux/updates/issues/629"
+ },
+ {
+ "url": "https://github.com/Azure/AKS/issues/4379"
+ },
+ {
+ "url": "https://github.com/PowerShell/Win32-OpenSSH/discussions/2248"
+ },
+ {
+ "url": "https://github.com/PowerShell/Win32-OpenSSH/issues/2249"
+ },
+ {
+ "url": "https://github.com/microsoft/azurelinux/issues/9555"
+ },
+ {
+ "url": "https://github.com/oracle/oracle-linux/issues/149"
+ },
+ {
+ "url": "https://github.com/rapier1/hpn-ssh/issues/87"
+ },
+ {
+ "url": "https://github.com/zgzhang/cve-2024-6387-poc"
+ },
+ {
+ "url": "https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-July/000158.html"
+ },
+ {
+ "url": "https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-July/041431.html"
+ },
+ {
+ "url": "https://news.ycombinator.com/item?id=40843778"
+ },
+ {
+ "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0010"
+ },
+ {
+ "url": "https://security-tracker.debian.org/tracker/CVE-2024-6387"
+ },
+ {
+ "url": "https://security.netapp.com/advisory/ntap-20240701-0001/"
+ },
+ {
+ "url": "https://sig-security.rocky.page/issues/CVE-2024-6387/"
+ },
+ {
+ "url": "https://stackdiary.com/openssh-race-condition-in-sshd-allows-remote-code-execution/"
+ },
+ {
+ "url": "https://ubuntu.com/security/CVE-2024-6387"
+ },
+ {
+ "url": "https://ubuntu.com/security/notices/USN-6859-1"
+ },
+ {
+ "url": "https://www.freebsd.org/security/advisories/FreeBSD-SA-24:04.openssh.asc"
+ },
+ {
+ "url": "https://www.openssh.com/txt/release-9.8"
+ },
+ {
+ "url": "https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt"
+ },
+ {
+ "url": "https://www.suse.com/security/cve/CVE-2024-6387.html"
+ },
+ {
+ "url": "https://www.theregister.com/2024/07/01/regresshion_openssh/"
+ },
+ {
+ "url": "https://www.splunk.com/en_us/blog/security/cve-2024-6387-regresshion-vulnerability.html"
+ },
+ {
+ "url": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=9132"
+ }
+ ],
+ "datePublic": "2024-07-01T08:00:00+00:00",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "cweId": "CWE-364",
+ "description": "Signal Handler Race Condition",
+ "lang": "en",
+ "type": "CWE"
+ }
+ ]
+ }
+ ],
+ "x_redhatCweChain": "CWE-364: Signal Handler Race Condition",
+ "workarounds": [
+ {
+ "lang": "en",
+ "value": "The below process can protect against a Remote Code Execution attack by disabling the LoginGraceTime parameter. However, the sshd server is still vulnerable to a Denial of Service as an attacker could still exhaust all the connections.\n\n1) As root user, open the /etc/ssh/sshd_config\n2) Add or edit the parameter configuration:\n~~~\nLoginGraceTime 0\n~~~\n3) Save and close the file\n4) Restart the sshd daemon:\n~~~\nsystemctl restart sshd.service\n~~~"
+ }
+ ],
+ "timeline": [
+ {
+ "lang": "en",
+ "time": "2024-06-27T00:00:00+00:00",
+ "value": "Reported to Red Hat."
+ },
+ {
+ "lang": "en",
+ "time": "2024-07-01T08:00:00+00:00",
+ "value": "Made public."
+ }
+ ],
+ "providerMetadata": {
+ "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
+ "shortName": "redhat",
+ "dateUpdated": "2024-07-05T23:08:15.094Z"
+ }
+ },
+ "adp": [
+ {
+ "metrics": [
+ {
+ "other": {
+ "type": "ssvc",
+ "content": {
+ "timestamp": "2024-07-02T13:18:34.695298Z",
+ "id": "CVE-2024-6387",
+ "options": [
+ {
+ "Exploitation": "poc"
+ },
+ {
+ "Automatable": "no"
+ },
+ {
+ "Technical Impact": "total"
+ }
+ ],
+ "role": "CISA Coordinator",
+ "version": "2.0.3"
+ }
+ }
+ }
+ ],
+ "title": "CISA ADP Vulnrichment",
+ "providerMetadata": {
+ "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+ "shortName": "CISA-ADP",
+ "dateUpdated": "2024-07-02T13:18:46.662Z"
+ }
+ }
+ ]
+ },
+ "dataVersion": "5.1"
+}
\ No newline at end of file
diff --git a/cves/2024/6xxx/CVE-2024-6539.json b/cves/2024/6xxx/CVE-2024-6539.json
new file mode 100644
index 00000000000..b9f219b7239
--- /dev/null
+++ b/cves/2024/6xxx/CVE-2024-6539.json
@@ -0,0 +1,142 @@
+{
+ "dataType": "CVE_RECORD",
+ "dataVersion": "5.1",
+ "cveMetadata": {
+ "cveId": "CVE-2024-6539",
+ "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
+ "state": "PUBLISHED",
+ "assignerShortName": "VulDB",
+ "dateReserved": "2024-07-07T15:07:11.929Z",
+ "datePublished": "2024-07-07T22:31:07.456Z",
+ "dateUpdated": "2024-07-07T22:31:07.456Z"
+ },
+ "containers": {
+ "cna": {
+ "providerMetadata": {
+ "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
+ "shortName": "VulDB",
+ "dateUpdated": "2024-07-07T22:31:07.456Z"
+ },
+ "title": "heyewei SpringBootCMS Guestbook guestbook cross site scripting",
+ "problemTypes": [
+ {
+ "descriptions": [
+ {
+ "type": "CWE",
+ "cweId": "CWE-79",
+ "lang": "en",
+ "description": "CWE-79 Cross Site Scripting"
+ }
+ ]
+ }
+ ],
+ "affected": [
+ {
+ "vendor": "heyewei",
+ "product": "SpringBootCMS",
+ "versions": [
+ {
+ "version": "2024-05-28",
+ "status": "affected"
+ }
+ ],
+ "modules": [
+ "Guestbook Handler"
+ ]
+ }
+ ],
+ "descriptions": [
+ {
+ "lang": "en",
+ "value": "A vulnerability classified as problematic has been found in heyewei SpringBootCMS up to 2024-05-28. Affected is an unknown function of the file /guestbook of the component Guestbook Handler. The manipulation of the argument Content leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-270450 is the identifier assigned to this vulnerability."
+ },
+ {
+ "lang": "de",
+ "value": "Es wurde eine problematische Schwachstelle in heyewei SpringBootCMS bis 2024-05-28 entdeckt. Es betrifft eine unbekannte Funktion der Datei /guestbook der Komponente Guestbook Handler. Durch Manipulation des Arguments Content mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung."
+ }
+ ],
+ "metrics": [
+ {
+ "cvssV4_0": {
+ "version": "4.0",
+ "baseScore": 5.3,
+ "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
+ "baseSeverity": "MEDIUM"
+ }
+ },
+ {
+ "cvssV3_1": {
+ "version": "3.1",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ }
+ },
+ {
+ "cvssV3_0": {
+ "version": "3.0",
+ "baseScore": 3.5,
+ "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
+ "baseSeverity": "LOW"
+ }
+ },
+ {
+ "cvssV2_0": {
+ "version": "2.0",
+ "baseScore": 4,
+ "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N"
+ }
+ }
+ ],
+ "timeline": [
+ {
+ "time": "2024-07-07T00:00:00.000Z",
+ "lang": "en",
+ "value": "Advisory disclosed"
+ },
+ {
+ "time": "2024-07-07T02:00:00.000Z",
+ "lang": "en",
+ "value": "VulDB entry created"
+ },
+ {
+ "time": "2024-07-07T17:12:25.000Z",
+ "lang": "en",
+ "value": "VulDB entry last update"
+ }
+ ],
+ "credits": [
+ {
+ "lang": "en",
+ "value": "VulDB Gitee Analyzer",
+ "type": "tool"
+ }
+ ],
+ "references": [
+ {
+ "url": "https://vuldb.com/?id.270450",
+ "name": "VDB-270450 | heyewei SpringBootCMS Guestbook guestbook cross site scripting",
+ "tags": [
+ "vdb-entry",
+ "technical-description"
+ ]
+ },
+ {
+ "url": "https://vuldb.com/?ctiid.270450",
+ "name": "VDB-270450 | CTI Indicators (IOB, IOC, TTP, IOA)",
+ "tags": [
+ "signature",
+ "permissions-required"
+ ]
+ },
+ {
+ "url": "https://gitee.com/heyewei/SpringBootCMS/issues/IA9D7F",
+ "tags": [
+ "exploit",
+ "issue-tracking"
+ ]
+ }
+ ]
+ }
+ }
+}
\ No newline at end of file
diff --git a/cves/delta.json b/cves/delta.json
index d49dd5932ab..9f8d31b9ce4 100644
--- a/cves/delta.json
+++ b/cves/delta.json
@@ -1,181 +1,1118 @@
{
- "fetchTime": "2024-07-05T19:32:52.191Z",
- "numberOfChanges": 29,
- "new": [],
+ "fetchTime": "2024-07-08T15:08:52.190Z",
+ "numberOfChanges": 185,
+ "new": [
+ {
+ "cveId": "CVE-2023-52168",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-52168",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/52xxx/CVE-2023-52168.json",
+ "dateUpdated": "2024-07-05T22:38:46.412103"
+ },
+ {
+ "cveId": "CVE-2023-52169",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-52169",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/52xxx/CVE-2023-52169.json",
+ "dateUpdated": "2024-07-05T22:39:09.936493"
+ },
+ {
+ "cveId": "CVE-2024-20890",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20890",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20890.json",
+ "dateUpdated": "2024-07-06T02:34:23.959Z"
+ },
+ {
+ "cveId": "CVE-2024-24974",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24974",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24974.json",
+ "dateUpdated": "2024-07-08T10:22:24.212Z"
+ },
+ {
+ "cveId": "CVE-2024-27459",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27459",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27459.json",
+ "dateUpdated": "2024-07-08T10:14:38.971Z"
+ },
+ {
+ "cveId": "CVE-2024-27715",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27715",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27715.json",
+ "dateUpdated": "2024-07-07T14:06:34.120Z"
+ },
+ {
+ "cveId": "CVE-2024-27716",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27716",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27716.json",
+ "dateUpdated": "2024-07-07T14:08:41.854Z"
+ },
+ {
+ "cveId": "CVE-2024-27717",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27717",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27717.json",
+ "dateUpdated": "2024-07-07T14:07:36.569Z"
+ },
+ {
+ "cveId": "CVE-2024-27903",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27903",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27903.json",
+ "dateUpdated": "2024-07-08T10:27:40.125Z"
+ },
+ {
+ "cveId": "CVE-2024-2040",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2040",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2040.json",
+ "dateUpdated": "2024-07-05T20:07:13.216Z"
+ },
+ {
+ "cveId": "CVE-2024-2233",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2233",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2233.json",
+ "dateUpdated": "2024-07-05T20:06:57.435Z"
+ },
+ {
+ "cveId": "CVE-2024-2234",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2234",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2234.json",
+ "dateUpdated": "2024-07-05T20:03:58.807Z"
+ },
+ {
+ "cveId": "CVE-2024-2235",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2235",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2235.json",
+ "dateUpdated": "2024-07-05T20:07:29.077Z"
+ },
+ {
+ "cveId": "CVE-2024-2926",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2926",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2926.json",
+ "dateUpdated": "2024-07-06T02:59:15.418Z"
+ },
+ {
+ "cveId": "CVE-2024-31897",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-31897",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/31xxx/CVE-2024-31897.json",
+ "dateUpdated": "2024-07-08T02:01:23.947Z"
+ },
+ {
+ "cveId": "CVE-2024-33862",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-33862",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/33xxx/CVE-2024-33862.json",
+ "dateUpdated": "2024-07-05T22:11:30.347785"
+ },
+ {
+ "cveId": "CVE-2024-34361",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34361",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34361.json",
+ "dateUpdated": "2024-07-08T13:23:14.983Z"
+ },
+ {
+ "cveId": "CVE-2024-34591",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34591",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34591.json",
+ "dateUpdated": "2024-07-06T02:33:49.091Z"
+ },
+ {
+ "cveId": "CVE-2024-34602",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34602",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34602.json",
+ "dateUpdated": "2024-07-08T06:12:39.337Z"
+ },
+ {
+ "cveId": "CVE-2024-34603",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34603",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34603.json",
+ "dateUpdated": "2024-07-08T06:12:40.540Z"
+ },
+ {
+ "cveId": "CVE-2024-37208",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37208",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37208.json",
+ "dateUpdated": "2024-07-06T13:28:20.963Z"
+ },
+ {
+ "cveId": "CVE-2024-37234",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37234",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37234.json",
+ "dateUpdated": "2024-07-06T09:52:47.795Z"
+ },
+ {
+ "cveId": "CVE-2024-37260",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37260",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37260.json",
+ "dateUpdated": "2024-07-06T09:46:29.610Z"
+ },
+ {
+ "cveId": "CVE-2024-37389",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37389",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37389.json",
+ "dateUpdated": "2024-07-08T13:39:29.650Z"
+ },
+ {
+ "cveId": "CVE-2024-37528",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37528",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37528.json",
+ "dateUpdated": "2024-07-08T02:21:50.815Z"
+ },
+ {
+ "cveId": "CVE-2024-37539",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37539",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37539.json",
+ "dateUpdated": "2024-07-07T13:46:20.642Z"
+ },
+ {
+ "cveId": "CVE-2024-37541",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37541",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37541.json",
+ "dateUpdated": "2024-07-07T13:46:08.645Z"
+ },
+ {
+ "cveId": "CVE-2024-37542",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37542",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37542.json",
+ "dateUpdated": "2024-07-06T12:40:29.105Z"
+ },
+ {
+ "cveId": "CVE-2024-37546",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37546",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37546.json",
+ "dateUpdated": "2024-07-07T13:44:27.276Z"
+ },
+ {
+ "cveId": "CVE-2024-37547",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37547",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37547.json",
+ "dateUpdated": "2024-07-06T14:39:52.415Z"
+ },
+ {
+ "cveId": "CVE-2024-37553",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37553",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37553.json",
+ "dateUpdated": "2024-07-07T13:37:52.546Z"
+ },
+ {
+ "cveId": "CVE-2024-37554",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37554",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37554.json",
+ "dateUpdated": "2024-07-07T13:37:42.687Z"
+ },
+ {
+ "cveId": "CVE-2024-37999",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37999",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37999.json",
+ "dateUpdated": "2024-07-08T13:00:33.067Z"
+ },
+ {
+ "cveId": "CVE-2024-38330",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38330",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38330.json",
+ "dateUpdated": "2024-07-08T12:55:11.732Z"
+ },
+ {
+ "cveId": "CVE-2024-39182",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39182",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39182.json",
+ "dateUpdated": "2024-07-05T22:16:05.593503"
+ },
+ {
+ "cveId": "CVE-2024-39321",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39321",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39321.json",
+ "dateUpdated": "2024-07-05T20:07:14.424Z"
+ },
+ {
+ "cveId": "CVE-2024-39473",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39473",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39473.json",
+ "dateUpdated": "2024-07-05T20:08:25.422Z"
+ },
+ {
+ "cveId": "CVE-2024-39481",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39481",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39481.json",
+ "dateUpdated": "2024-07-05T20:07:53.742Z"
+ },
+ {
+ "cveId": "CVE-2024-39486",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39486",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39486.json",
+ "dateUpdated": "2024-07-06T09:25:21.514Z"
+ },
+ {
+ "cveId": "CVE-2024-39689",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39689",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39689.json",
+ "dateUpdated": "2024-07-05T20:06:22.343Z"
+ },
+ {
+ "cveId": "CVE-2024-39723",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39723",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39723.json",
+ "dateUpdated": "2024-07-08T13:38:50.715Z"
+ },
+ {
+ "cveId": "CVE-2024-39742",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39742",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39742.json",
+ "dateUpdated": "2024-07-08T13:16:10.090Z"
+ },
+ {
+ "cveId": "CVE-2024-39743",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39743",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39743.json",
+ "dateUpdated": "2024-07-08T13:14:43.915Z"
+ },
+ {
+ "cveId": "CVE-2024-39864",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39864",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39864.json",
+ "dateUpdated": "2024-07-08T13:44:39.748Z"
+ },
+ {
+ "cveId": "CVE-2024-3651",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3651",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3651.json",
+ "dateUpdated": "2024-07-07T19:07:50.996Z"
+ },
+ {
+ "cveId": "CVE-2024-40594",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40594",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40594.json",
+ "dateUpdated": "2024-07-06T04:35:21.178506"
+ },
+ {
+ "cveId": "CVE-2024-40596",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40596",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40596.json",
+ "dateUpdated": "2024-07-08T13:45:52.034Z"
+ },
+ {
+ "cveId": "CVE-2024-40597",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40597",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40597.json",
+ "dateUpdated": "2024-07-08T13:18:11.587Z"
+ },
+ {
+ "cveId": "CVE-2024-40598",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40598",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40598.json",
+ "dateUpdated": "2024-07-06T23:26:12.746473"
+ },
+ {
+ "cveId": "CVE-2024-40599",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40599",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40599.json",
+ "dateUpdated": "2024-07-06T23:26:21.269053"
+ },
+ {
+ "cveId": "CVE-2024-40600",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40600",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40600.json",
+ "dateUpdated": "2024-07-06T23:26:28.514530"
+ },
+ {
+ "cveId": "CVE-2024-40601",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40601",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40601.json",
+ "dateUpdated": "2024-07-06T23:26:36.043771"
+ },
+ {
+ "cveId": "CVE-2024-40602",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40602",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40602.json",
+ "dateUpdated": "2024-07-06T23:26:55.969727"
+ },
+ {
+ "cveId": "CVE-2024-40603",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40603",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40603.json",
+ "dateUpdated": "2024-07-08T13:45:03.104Z"
+ },
+ {
+ "cveId": "CVE-2024-40604",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40604",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40604.json",
+ "dateUpdated": "2024-07-08T13:06:43.501Z"
+ },
+ {
+ "cveId": "CVE-2024-40605",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40605",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40605.json",
+ "dateUpdated": "2024-07-06T23:27:19.876020"
+ },
+ {
+ "cveId": "CVE-2024-40614",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40614",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40614.json",
+ "dateUpdated": "2024-07-07T15:03:21.266351"
+ },
+ {
+ "cveId": "CVE-2024-4341",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4341",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4341.json",
+ "dateUpdated": "2024-07-08T13:46:12.791Z"
+ },
+ {
+ "cveId": "CVE-2024-4708",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4708",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4708.json",
+ "dateUpdated": "2024-07-05T21:23:04.236Z"
+ },
+ {
+ "cveId": "CVE-2024-5419",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5419",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5419.json",
+ "dateUpdated": "2024-07-06T03:06:35.218Z"
+ },
+ {
+ "cveId": "CVE-2024-5504",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5504",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5504.json",
+ "dateUpdated": "2024-07-06T03:06:23.535Z"
+ },
+ {
+ "cveId": "CVE-2024-5616",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5616",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5616.json",
+ "dateUpdated": "2024-07-06T08:38:02.339Z"
+ },
+ {
+ "cveId": "CVE-2024-5711",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5711",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5711.json",
+ "dateUpdated": "2024-07-08T13:49:41.638Z"
+ },
+ {
+ "cveId": "CVE-2024-5753",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5753",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5753.json",
+ "dateUpdated": "2024-07-05T19:27:22.046Z"
+ },
+ {
+ "cveId": "CVE-2024-6095",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6095",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6095.json",
+ "dateUpdated": "2024-07-07T19:18:06.138Z"
+ },
+ {
+ "cveId": "CVE-2024-6163",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6163",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6163.json",
+ "dateUpdated": "2024-07-08T13:01:38.306Z"
+ },
+ {
+ "cveId": "CVE-2024-6229",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6229",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6229.json",
+ "dateUpdated": "2024-07-07T19:15:38.350Z"
+ },
+ {
+ "cveId": "CVE-2024-6263",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6263",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6263.json",
+ "dateUpdated": "2024-07-06T02:33:08.495Z"
+ },
+ {
+ "cveId": "CVE-2024-6387",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6387",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6387.json",
+ "dateUpdated": "2024-07-05T23:08:15.094Z"
+ },
+ {
+ "cveId": "CVE-2024-6539",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6539",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6539.json",
+ "dateUpdated": "2024-07-07T22:31:07.456Z"
+ }
+ ],
"updated": [
{
- "cveId": "CVE-2016-8878",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2016-8878",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2016/8xxx/CVE-2016-8878.json",
- "dateUpdated": "2024-07-05T19:28:51.536Z"
+ "cveId": "CVE-2019-8761",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2019-8761",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2019/8xxx/CVE-2019-8761.json",
+ "dateUpdated": "2024-07-08T12:08:20.890217"
},
{
- "cveId": "CVE-2019-0788",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2019-0788",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2019/0xxx/CVE-2019-0788.json",
- "dateUpdated": "2024-07-05T19:28:52.231Z"
+ "cveId": "CVE-2021-47242",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2021-47242",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2021/47xxx/CVE-2021-47242.json",
+ "dateUpdated": "2024-07-07T19:44:05.240Z"
},
{
- "cveId": "CVE-2024-6291",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6291",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6291.json",
- "dateUpdated": "2024-07-05T19:28:51.132Z"
+ "cveId": "CVE-2022-0028",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-0028",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/0xxx/CVE-2022-0028.json",
+ "dateUpdated": "2024-07-06T13:45:09.148Z"
},
{
- "cveId": "CVE-2024-6292",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6292",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6292.json",
- "dateUpdated": "2024-07-05T19:28:51.907Z"
+ "cveId": "CVE-2022-22076",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-22076",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/22xxx/CVE-2022-22076.json",
+ "dateUpdated": "2024-07-05T20:13:39.805Z"
},
{
- "cveId": "CVE-2024-6293",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6293",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6293.json",
- "dateUpdated": "2024-07-05T19:28:50.446Z"
+ "cveId": "CVE-2022-29420",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-29420",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/29xxx/CVE-2022-29420.json",
+ "dateUpdated": "2024-07-06T02:51:20.485Z"
},
{
- "cveId": "CVE-2024-6294",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6294",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6294.json",
- "dateUpdated": "2024-07-05T19:28:52.069Z"
+ "cveId": "CVE-2022-2856",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-2856",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/2xxx/CVE-2022-2856.json",
+ "dateUpdated": "2024-07-06T13:57:27.836Z"
},
{
- "cveId": "CVE-2024-6295",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6295",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6295.json",
- "dateUpdated": "2024-07-05T19:28:51.977Z"
+ "cveId": "CVE-2022-33251",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-33251",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/33xxx/CVE-2022-33251.json",
+ "dateUpdated": "2024-07-05T20:14:21.382Z"
},
{
- "cveId": "CVE-2024-6296",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6296",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6296.json",
- "dateUpdated": "2024-07-05T19:28:51.501Z"
+ "cveId": "CVE-2022-33307",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-33307",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/33xxx/CVE-2022-33307.json",
+ "dateUpdated": "2024-07-06T14:10:34.481Z"
},
{
- "cveId": "CVE-2024-6297",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6297",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6297.json",
- "dateUpdated": "2024-07-05T19:28:50.447Z"
+ "cveId": "CVE-2022-34144",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-34144",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/34xxx/CVE-2022-34144.json",
+ "dateUpdated": "2024-07-05T20:11:11.752Z"
},
{
- "cveId": "CVE-2024-6299",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6299",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6299.json",
- "dateUpdated": "2024-07-05T19:28:51.821Z"
+ "cveId": "CVE-2022-47420",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-47420",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/47xxx/CVE-2022-47420.json",
+ "dateUpdated": "2024-07-08T09:27:25.880Z"
},
{
- "cveId": "CVE-2024-6300",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6300",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6300.json",
- "dateUpdated": "2024-07-05T19:28:51.923Z"
+ "cveId": "CVE-2023-21237",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-21237",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/21xxx/CVE-2023-21237.json",
+ "dateUpdated": "2024-07-06T13:35:47.045Z"
},
{
- "cveId": "CVE-2024-6301",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6301",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6301.json",
- "dateUpdated": "2024-07-05T19:28:51.140Z"
+ "cveId": "CVE-2023-21657",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-21657",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/21xxx/CVE-2023-21657.json",
+ "dateUpdated": "2024-07-06T14:09:27.138Z"
},
{
- "cveId": "CVE-2024-6302",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6302",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6302.json",
- "dateUpdated": "2024-07-05T19:28:52.453Z"
+ "cveId": "CVE-2023-21939",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-21939",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/21xxx/CVE-2023-21939.json",
+ "dateUpdated": "2024-07-05T19:26:49.370Z"
},
{
- "cveId": "CVE-2024-6303",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6303",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6303.json",
- "dateUpdated": "2024-07-05T19:28:52.259Z"
+ "cveId": "CVE-2023-25790",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-25790",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/25xxx/CVE-2023-25790.json",
+ "dateUpdated": "2024-07-06T02:49:35.000Z"
},
{
- "cveId": "CVE-2024-6307",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6307",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6307.json",
- "dateUpdated": "2024-07-05T19:28:50.444Z"
+ "cveId": "CVE-2023-26531",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-26531",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/26xxx/CVE-2023-26531.json",
+ "dateUpdated": "2024-07-08T08:55:36.709Z"
+ },
+ {
+ "cveId": "CVE-2023-26756",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-26756",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/26xxx/CVE-2023-26756.json",
+ "dateUpdated": "2024-07-05T19:24:23.501Z"
+ },
+ {
+ "cveId": "CVE-2023-27330",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-27330",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/27xxx/CVE-2023-27330.json",
+ "dateUpdated": "2024-07-05T21:07:19.996Z"
+ },
+ {
+ "cveId": "CVE-2023-27359",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-27359",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/27xxx/CVE-2023-27359.json",
+ "dateUpdated": "2024-07-05T21:06:51.750Z"
+ },
+ {
+ "cveId": "CVE-2023-28334",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-28334",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/28xxx/CVE-2023-28334.json",
+ "dateUpdated": "2024-07-07T19:29:26.140Z"
+ },
+ {
+ "cveId": "CVE-2023-28696",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-28696",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/28xxx/CVE-2023-28696.json",
+ "dateUpdated": "2024-07-08T10:36:17.054Z"
+ },
+ {
+ "cveId": "CVE-2023-29346",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-29346",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/29xxx/CVE-2023-29346.json",
+ "dateUpdated": "2024-07-05T20:18:51.821Z"
+ },
+ {
+ "cveId": "CVE-2023-29361",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-29361",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/29xxx/CVE-2023-29361.json",
+ "dateUpdated": "2024-07-05T20:21:38.873Z"
+ },
+ {
+ "cveId": "CVE-2023-29369",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-29369",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/29xxx/CVE-2023-29369.json",
+ "dateUpdated": "2024-07-05T20:22:16.308Z"
},
{
- "cveId": "CVE-2024-6308",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6308",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6308.json",
- "dateUpdated": "2024-07-05T19:28:52.283Z"
+ "cveId": "CVE-2023-2597",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-2597",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/2xxx/CVE-2023-2597.json",
+ "dateUpdated": "2024-07-05T20:11:57.497Z"
},
{
- "cveId": "CVE-2024-6323",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6323",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6323.json",
- "dateUpdated": "2024-07-05T19:28:51.912Z"
+ "cveId": "CVE-2023-30402",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-30402",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/30xxx/CVE-2023-30402.json",
+ "dateUpdated": "2024-07-05T20:10:28.830Z"
},
{
- "cveId": "CVE-2024-6344",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6344",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6344.json",
- "dateUpdated": "2024-07-05T19:28:52.070Z"
+ "cveId": "CVE-2023-32175",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-32175",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/32xxx/CVE-2023-32175.json",
+ "dateUpdated": "2024-07-05T21:06:24.727Z"
},
{
- "cveId": "CVE-2024-6354",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6354",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6354.json",
- "dateUpdated": "2024-07-05T19:28:52.210Z"
+ "cveId": "CVE-2023-33281",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-33281",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/33xxx/CVE-2023-33281.json",
+ "dateUpdated": "2024-07-05T20:12:57.542Z"
},
{
- "cveId": "CVE-2024-6355",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6355",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6355.json",
- "dateUpdated": "2024-07-05T19:28:52.257Z"
+ "cveId": "CVE-2023-33919",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-33919",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/33xxx/CVE-2023-33919.json",
+ "dateUpdated": "2024-07-06T14:12:00.475Z"
},
{
- "cveId": "CVE-2024-6367",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6367",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6367.json",
- "dateUpdated": "2024-07-05T19:28:52.072Z"
+ "cveId": "CVE-2023-35722",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-35722",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/35xxx/CVE-2023-35722.json",
+ "dateUpdated": "2024-07-05T21:01:40.570Z"
},
{
- "cveId": "CVE-2024-6368",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6368",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6368.json",
- "dateUpdated": "2024-07-05T19:28:52.466Z"
+ "cveId": "CVE-2023-37358",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-37358",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/37xxx/CVE-2023-37358.json",
+ "dateUpdated": "2024-07-05T21:00:54.727Z"
},
{
- "cveId": "CVE-2024-6369",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6369",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6369.json",
- "dateUpdated": "2024-07-05T19:28:52.114Z"
+ "cveId": "CVE-2023-38109",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-38109",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/38xxx/CVE-2023-38109.json",
+ "dateUpdated": "2024-07-05T21:00:40.754Z"
},
{
- "cveId": "CVE-2024-6370",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6370",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6370.json",
- "dateUpdated": "2024-07-05T19:28:52.440Z"
+ "cveId": "CVE-2023-39471",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-39471",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/39xxx/CVE-2023-39471.json",
+ "dateUpdated": "2024-07-05T21:00:28.982Z"
},
{
- "cveId": "CVE-2024-6371",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6371",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6371.json",
- "dateUpdated": "2024-07-05T19:28:51.921Z"
+ "cveId": "CVE-2023-39473",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-39473",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/39xxx/CVE-2023-39473.json",
+ "dateUpdated": "2024-07-05T21:00:08.201Z"
},
{
- "cveId": "CVE-2024-6372",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6372",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6372.json",
- "dateUpdated": "2024-07-05T19:28:51.996Z"
+ "cveId": "CVE-2023-39475",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-39475",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/39xxx/CVE-2023-39475.json",
+ "dateUpdated": "2024-07-05T20:59:42.213Z"
},
{
- "cveId": "CVE-2024-6373",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6373",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6373.json",
- "dateUpdated": "2024-07-05T19:28:52.434Z"
+ "cveId": "CVE-2023-39476",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-39476",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/39xxx/CVE-2023-39476.json",
+ "dateUpdated": "2024-07-05T20:59:53.039Z"
},
{
- "cveId": "CVE-2024-6374",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6374",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6374.json",
- "dateUpdated": "2024-07-05T19:28:52.481Z"
+ "cveId": "CVE-2023-42116",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-42116",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/42xxx/CVE-2023-42116.json",
+ "dateUpdated": "2024-07-05T20:58:17.152Z"
},
{
- "cveId": "CVE-2024-6388",
- "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6388",
- "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6388.json",
- "dateUpdated": "2024-07-05T19:28:52.479Z"
+ "cveId": "CVE-2023-42119",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-42119",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/42xxx/CVE-2023-42119.json",
+ "dateUpdated": "2024-07-05T20:58:39.448Z"
+ },
+ {
+ "cveId": "CVE-2023-44449",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-44449",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/44xxx/CVE-2023-44449.json",
+ "dateUpdated": "2024-07-05T20:57:57.804Z"
+ },
+ {
+ "cveId": "CVE-2023-45830",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45830",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45830.json",
+ "dateUpdated": "2024-07-08T09:26:08.845Z"
+ },
+ {
+ "cveId": "CVE-2023-47246",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47246",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47246.json",
+ "dateUpdated": "2024-07-06T13:52:50.136Z"
+ },
+ {
+ "cveId": "CVE-2023-47663",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47663",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47663.json",
+ "dateUpdated": "2024-07-06T02:47:58.795Z"
+ },
+ {
+ "cveId": "CVE-2023-49188",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-49188",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/49xxx/CVE-2023-49188.json",
+ "dateUpdated": "2024-07-08T09:01:56.157Z"
+ },
+ {
+ "cveId": "CVE-2023-51482",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-51482",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/51xxx/CVE-2023-51482.json",
+ "dateUpdated": "2024-07-05T21:22:38.321Z"
+ },
+ {
+ "cveId": "CVE-2023-5090",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-5090",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/5xxx/CVE-2023-5090.json",
+ "dateUpdated": "2024-07-08T04:38:07.892Z"
+ },
+ {
+ "cveId": "CVE-2024-0042",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-0042",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/0xxx/CVE-2024-0042.json",
+ "dateUpdated": "2024-07-07T19:21:28.222Z"
+ },
+ {
+ "cveId": "CVE-2024-0905",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-0905",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/0xxx/CVE-2024-0905.json",
+ "dateUpdated": "2024-07-05T21:22:15.290Z"
+ },
+ {
+ "cveId": "CVE-2024-0986",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-0986",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/0xxx/CVE-2024-0986.json",
+ "dateUpdated": "2024-07-05T10:00:56.589Z"
+ },
+ {
+ "cveId": "CVE-2024-1386",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1386",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1386.json",
+ "dateUpdated": "2024-07-07T13:53:03.431Z"
+ },
+ {
+ "cveId": "CVE-2024-1567",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1567",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1567.json",
+ "dateUpdated": "2024-07-05T21:11:23.918Z"
+ },
+ {
+ "cveId": "CVE-2024-1677",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1677",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1677.json",
+ "dateUpdated": "2024-07-05T21:11:42.038Z"
+ },
+ {
+ "cveId": "CVE-2024-1679",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1679",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1679.json",
+ "dateUpdated": "2024-07-05T21:07:37.435Z"
+ },
+ {
+ "cveId": "CVE-2024-1809",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1809",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1809.json",
+ "dateUpdated": "2024-07-05T21:09:40.244Z"
+ },
+ {
+ "cveId": "CVE-2024-1993",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1993",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1993.json",
+ "dateUpdated": "2024-07-07T13:53:08.521Z"
+ },
+ {
+ "cveId": "CVE-2024-1994",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1994",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1994.json",
+ "dateUpdated": "2024-07-06T13:28:56.785Z"
+ },
+ {
+ "cveId": "CVE-2024-20852",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20852",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20852.json",
+ "dateUpdated": "2024-07-08T13:31:15.663Z"
+ },
+ {
+ "cveId": "CVE-2024-23519",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-23519",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/23xxx/CVE-2024-23519.json",
+ "dateUpdated": "2024-07-08T09:48:21.482Z"
+ },
+ {
+ "cveId": "CVE-2024-25928",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25928",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25928.json",
+ "dateUpdated": "2024-07-08T09:28:54.359Z"
+ },
+ {
+ "cveId": "CVE-2024-26621",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-26621",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/26xxx/CVE-2024-26621.json",
+ "dateUpdated": "2024-07-05T12:31:46.028Z"
+ },
+ {
+ "cveId": "CVE-2024-29824",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-29824",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/29xxx/CVE-2024-29824.json",
+ "dateUpdated": "2024-07-06T03:55:43.773Z"
+ },
+ {
+ "cveId": "CVE-2024-2084",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2084",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2084.json",
+ "dateUpdated": "2024-07-07T13:52:58.356Z"
+ },
+ {
+ "cveId": "CVE-2024-2191",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2191",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2191.json",
+ "dateUpdated": "2024-07-05T20:17:35.161Z"
+ },
+ {
+ "cveId": "CVE-2024-2542",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2542",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2542.json",
+ "dateUpdated": "2024-07-05T21:08:41.890Z"
+ },
+ {
+ "cveId": "CVE-2024-2752",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2752",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2752.json",
+ "dateUpdated": "2024-07-07T13:52:49.459Z"
+ },
+ {
+ "cveId": "CVE-2024-2840",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2840",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2840.json",
+ "dateUpdated": "2024-07-05T21:17:19.212Z"
+ },
+ {
+ "cveId": "CVE-2024-2958",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2958",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2958.json",
+ "dateUpdated": "2024-07-05T21:11:51.020Z"
+ },
+ {
+ "cveId": "CVE-2024-2970",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2970",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2970.json",
+ "dateUpdated": "2024-07-07T13:48:39.411Z"
+ },
+ {
+ "cveId": "CVE-2024-31086",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-31086",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/31xxx/CVE-2024-31086.json",
+ "dateUpdated": "2024-07-06T02:50:17.659Z"
+ },
+ {
+ "cveId": "CVE-2024-31093",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-31093",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/31xxx/CVE-2024-31093.json",
+ "dateUpdated": "2024-07-06T02:50:39.444Z"
+ },
+ {
+ "cveId": "CVE-2024-31288",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-31288",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/31xxx/CVE-2024-31288.json",
+ "dateUpdated": "2024-07-06T13:28:04.659Z"
+ },
+ {
+ "cveId": "CVE-2024-31299",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-31299",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/31xxx/CVE-2024-31299.json",
+ "dateUpdated": "2024-07-06T02:51:01.696Z"
+ },
+ {
+ "cveId": "CVE-2024-32513",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-32513",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/32xxx/CVE-2024-32513.json",
+ "dateUpdated": "2024-07-05T21:23:18.822Z"
+ },
+ {
+ "cveId": "CVE-2024-32785",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-32785",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/32xxx/CVE-2024-32785.json",
+ "dateUpdated": "2024-07-06T02:49:56.587Z"
+ },
+ {
+ "cveId": "CVE-2024-33584",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-33584",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/33xxx/CVE-2024-33584.json",
+ "dateUpdated": "2024-07-05T21:21:34.720Z"
+ },
+ {
+ "cveId": "CVE-2024-33589",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-33589",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/33xxx/CVE-2024-33589.json",
+ "dateUpdated": "2024-07-05T21:21:21.210Z"
+ },
+ {
+ "cveId": "CVE-2024-34349",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34349",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34349.json",
+ "dateUpdated": "2024-07-08T12:35:38.149Z"
+ },
+ {
+ "cveId": "CVE-2024-34385",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34385",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34385.json",
+ "dateUpdated": "2024-07-06T02:48:23.220Z"
+ },
+ {
+ "cveId": "CVE-2024-34759",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34759",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34759.json",
+ "dateUpdated": "2024-07-06T02:47:38.396Z"
+ },
+ {
+ "cveId": "CVE-2024-34793",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34793",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34793.json",
+ "dateUpdated": "2024-07-06T02:48:48.072Z"
+ },
+ {
+ "cveId": "CVE-2024-34801",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34801",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34801.json",
+ "dateUpdated": "2024-07-06T02:49:13.558Z"
+ },
+ {
+ "cveId": "CVE-2024-34804",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34804",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34804.json",
+ "dateUpdated": "2024-07-08T09:00:15.444Z"
+ },
+ {
+ "cveId": "CVE-2024-35698",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35698",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35698.json",
+ "dateUpdated": "2024-07-06T02:45:24.521Z"
+ },
+ {
+ "cveId": "CVE-2024-35708",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35708",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35708.json",
+ "dateUpdated": "2024-07-06T02:46:24.857Z"
+ },
+ {
+ "cveId": "CVE-2024-35714",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35714",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35714.json",
+ "dateUpdated": "2024-07-06T02:46:46.919Z"
+ },
+ {
+ "cveId": "CVE-2024-35739",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35739",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35739.json",
+ "dateUpdated": "2024-07-06T02:47:09.199Z"
+ },
+ {
+ "cveId": "CVE-2024-35763",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35763",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35763.json",
+ "dateUpdated": "2024-07-06T02:43:53.906Z"
+ },
+ {
+ "cveId": "CVE-2024-35778",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35778",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35778.json",
+ "dateUpdated": "2024-07-08T09:47:24.727Z"
+ },
+ {
+ "cveId": "CVE-2024-35781",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35781",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35781.json",
+ "dateUpdated": "2024-07-08T08:56:40.455Z"
+ },
+ {
+ "cveId": "CVE-2024-36495",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-36495",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/36xxx/CVE-2024-36495.json",
+ "dateUpdated": "2024-07-05T20:25:37.378Z"
+ },
+ {
+ "cveId": "CVE-2024-38373",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38373",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38373.json",
+ "dateUpdated": "2024-07-05T20:19:11.301Z"
+ },
+ {
+ "cveId": "CVE-2024-39458",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39458",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39458.json",
+ "dateUpdated": "2024-07-05T20:18:50.446Z"
+ },
+ {
+ "cveId": "CVE-2024-3023",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3023",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3023.json",
+ "dateUpdated": "2024-07-07T13:53:32.369Z"
+ },
+ {
+ "cveId": "CVE-2024-3188",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3188",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3188.json",
+ "dateUpdated": "2024-07-05T21:22:02.468Z"
+ },
+ {
+ "cveId": "CVE-2024-3312",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3312",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3312.json",
+ "dateUpdated": "2024-07-05T21:09:21.792Z"
+ },
+ {
+ "cveId": "CVE-2024-3341",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3341",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3341.json",
+ "dateUpdated": "2024-07-05T21:11:59.859Z"
+ },
+ {
+ "cveId": "CVE-2024-3585",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3585",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3585.json",
+ "dateUpdated": "2024-07-05T21:18:53.811Z"
+ },
+ {
+ "cveId": "CVE-2024-3650",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3650",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3650.json",
+ "dateUpdated": "2024-07-05T21:08:18.676Z"
+ },
+ {
+ "cveId": "CVE-2024-3674",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3674",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3674.json",
+ "dateUpdated": "2024-07-07T13:53:13.389Z"
+ },
+ {
+ "cveId": "CVE-2024-3678",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3678",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3678.json",
+ "dateUpdated": "2024-07-05T21:21:49.037Z"
+ },
+ {
+ "cveId": "CVE-2024-3727",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3727",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3727.json",
+ "dateUpdated": "2024-07-08T09:50:31.588Z"
+ },
+ {
+ "cveId": "CVE-2024-3819",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3819",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3819.json",
+ "dateUpdated": "2024-07-07T13:53:18.411Z"
+ },
+ {
+ "cveId": "CVE-2024-3985",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3985",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3985.json",
+ "dateUpdated": "2024-07-07T13:53:23.818Z"
+ },
+ {
+ "cveId": "CVE-2024-4003",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4003",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4003.json",
+ "dateUpdated": "2024-07-05T21:12:15.779Z"
+ },
+ {
+ "cveId": "CVE-2024-4036",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4036",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4036.json",
+ "dateUpdated": "2024-07-07T13:52:53.488Z"
+ },
+ {
+ "cveId": "CVE-2024-4077",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4077",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4077.json",
+ "dateUpdated": "2024-07-05T21:22:28.395Z"
+ },
+ {
+ "cveId": "CVE-2024-4307",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4307",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4307.json",
+ "dateUpdated": "2024-07-05T21:20:27.229Z"
+ },
+ {
+ "cveId": "CVE-2024-4418",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4418",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4418.json",
+ "dateUpdated": "2024-07-08T04:50:16.105Z"
+ },
+ {
+ "cveId": "CVE-2024-4541",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4541",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4541.json",
+ "dateUpdated": "2024-07-06T03:11:12.252Z"
+ },
+ {
+ "cveId": "CVE-2024-5215",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5215",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5215.json",
+ "dateUpdated": "2024-07-06T03:09:52.446Z"
+ },
+ {
+ "cveId": "CVE-2024-5424",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5424",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5424.json",
+ "dateUpdated": "2024-07-06T03:09:24.121Z"
+ },
+ {
+ "cveId": "CVE-2024-5507",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5507",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5507.json",
+ "dateUpdated": "2024-07-05T20:16:52.183Z"
+ },
+ {
+ "cveId": "CVE-2024-5788",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5788",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5788.json",
+ "dateUpdated": "2024-07-06T03:09:44.023Z"
+ },
+ {
+ "cveId": "CVE-2024-5859",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5859",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5859.json",
+ "dateUpdated": "2024-07-06T03:10:40.691Z"
+ },
+ {
+ "cveId": "CVE-2024-6120",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6120",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6120.json",
+ "dateUpdated": "2024-07-06T03:10:11.691Z"
+ },
+ {
+ "cveId": "CVE-2024-6288",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6288",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6288.json",
+ "dateUpdated": "2024-07-06T03:09:33.805Z"
+ },
+ {
+ "cveId": "CVE-2024-6307",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6307",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6307.json",
+ "dateUpdated": "2024-07-06T03:10:01.568Z"
}
],
"error": []
diff --git a/cves/deltaLog.json b/cves/deltaLog.json
index f53b2a673be..69f8887a793 100644
--- a/cves/deltaLog.json
+++ b/cves/deltaLog.json
@@ -1,4 +1,1123 @@
[
+ {
+ "fetchTime": "2024-07-08T15:08:52.190Z",
+ "numberOfChanges": 185,
+ "new": [
+ {
+ "cveId": "CVE-2023-52168",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-52168",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/52xxx/CVE-2023-52168.json",
+ "dateUpdated": "2024-07-05T22:38:46.412103"
+ },
+ {
+ "cveId": "CVE-2023-52169",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-52169",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/52xxx/CVE-2023-52169.json",
+ "dateUpdated": "2024-07-05T22:39:09.936493"
+ },
+ {
+ "cveId": "CVE-2024-20890",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20890",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20890.json",
+ "dateUpdated": "2024-07-06T02:34:23.959Z"
+ },
+ {
+ "cveId": "CVE-2024-24974",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-24974",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/24xxx/CVE-2024-24974.json",
+ "dateUpdated": "2024-07-08T10:22:24.212Z"
+ },
+ {
+ "cveId": "CVE-2024-27459",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27459",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27459.json",
+ "dateUpdated": "2024-07-08T10:14:38.971Z"
+ },
+ {
+ "cveId": "CVE-2024-27715",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27715",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27715.json",
+ "dateUpdated": "2024-07-07T14:06:34.120Z"
+ },
+ {
+ "cveId": "CVE-2024-27716",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27716",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27716.json",
+ "dateUpdated": "2024-07-07T14:08:41.854Z"
+ },
+ {
+ "cveId": "CVE-2024-27717",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27717",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27717.json",
+ "dateUpdated": "2024-07-07T14:07:36.569Z"
+ },
+ {
+ "cveId": "CVE-2024-27903",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-27903",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/27xxx/CVE-2024-27903.json",
+ "dateUpdated": "2024-07-08T10:27:40.125Z"
+ },
+ {
+ "cveId": "CVE-2024-2040",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2040",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2040.json",
+ "dateUpdated": "2024-07-05T20:07:13.216Z"
+ },
+ {
+ "cveId": "CVE-2024-2233",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2233",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2233.json",
+ "dateUpdated": "2024-07-05T20:06:57.435Z"
+ },
+ {
+ "cveId": "CVE-2024-2234",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2234",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2234.json",
+ "dateUpdated": "2024-07-05T20:03:58.807Z"
+ },
+ {
+ "cveId": "CVE-2024-2235",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2235",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2235.json",
+ "dateUpdated": "2024-07-05T20:07:29.077Z"
+ },
+ {
+ "cveId": "CVE-2024-2926",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2926",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2926.json",
+ "dateUpdated": "2024-07-06T02:59:15.418Z"
+ },
+ {
+ "cveId": "CVE-2024-31897",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-31897",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/31xxx/CVE-2024-31897.json",
+ "dateUpdated": "2024-07-08T02:01:23.947Z"
+ },
+ {
+ "cveId": "CVE-2024-33862",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-33862",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/33xxx/CVE-2024-33862.json",
+ "dateUpdated": "2024-07-05T22:11:30.347785"
+ },
+ {
+ "cveId": "CVE-2024-34361",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34361",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34361.json",
+ "dateUpdated": "2024-07-08T13:23:14.983Z"
+ },
+ {
+ "cveId": "CVE-2024-34591",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34591",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34591.json",
+ "dateUpdated": "2024-07-06T02:33:49.091Z"
+ },
+ {
+ "cveId": "CVE-2024-34602",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34602",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34602.json",
+ "dateUpdated": "2024-07-08T06:12:39.337Z"
+ },
+ {
+ "cveId": "CVE-2024-34603",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34603",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34603.json",
+ "dateUpdated": "2024-07-08T06:12:40.540Z"
+ },
+ {
+ "cveId": "CVE-2024-37208",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37208",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37208.json",
+ "dateUpdated": "2024-07-06T13:28:20.963Z"
+ },
+ {
+ "cveId": "CVE-2024-37234",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37234",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37234.json",
+ "dateUpdated": "2024-07-06T09:52:47.795Z"
+ },
+ {
+ "cveId": "CVE-2024-37260",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37260",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37260.json",
+ "dateUpdated": "2024-07-06T09:46:29.610Z"
+ },
+ {
+ "cveId": "CVE-2024-37389",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37389",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37389.json",
+ "dateUpdated": "2024-07-08T13:39:29.650Z"
+ },
+ {
+ "cveId": "CVE-2024-37528",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37528",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37528.json",
+ "dateUpdated": "2024-07-08T02:21:50.815Z"
+ },
+ {
+ "cveId": "CVE-2024-37539",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37539",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37539.json",
+ "dateUpdated": "2024-07-07T13:46:20.642Z"
+ },
+ {
+ "cveId": "CVE-2024-37541",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37541",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37541.json",
+ "dateUpdated": "2024-07-07T13:46:08.645Z"
+ },
+ {
+ "cveId": "CVE-2024-37542",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37542",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37542.json",
+ "dateUpdated": "2024-07-06T12:40:29.105Z"
+ },
+ {
+ "cveId": "CVE-2024-37546",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37546",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37546.json",
+ "dateUpdated": "2024-07-07T13:44:27.276Z"
+ },
+ {
+ "cveId": "CVE-2024-37547",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37547",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37547.json",
+ "dateUpdated": "2024-07-06T14:39:52.415Z"
+ },
+ {
+ "cveId": "CVE-2024-37553",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37553",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37553.json",
+ "dateUpdated": "2024-07-07T13:37:52.546Z"
+ },
+ {
+ "cveId": "CVE-2024-37554",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37554",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37554.json",
+ "dateUpdated": "2024-07-07T13:37:42.687Z"
+ },
+ {
+ "cveId": "CVE-2024-37999",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-37999",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/37xxx/CVE-2024-37999.json",
+ "dateUpdated": "2024-07-08T13:00:33.067Z"
+ },
+ {
+ "cveId": "CVE-2024-38330",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38330",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38330.json",
+ "dateUpdated": "2024-07-08T12:55:11.732Z"
+ },
+ {
+ "cveId": "CVE-2024-39182",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39182",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39182.json",
+ "dateUpdated": "2024-07-05T22:16:05.593503"
+ },
+ {
+ "cveId": "CVE-2024-39321",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39321",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39321.json",
+ "dateUpdated": "2024-07-05T20:07:14.424Z"
+ },
+ {
+ "cveId": "CVE-2024-39473",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39473",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39473.json",
+ "dateUpdated": "2024-07-05T20:08:25.422Z"
+ },
+ {
+ "cveId": "CVE-2024-39481",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39481",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39481.json",
+ "dateUpdated": "2024-07-05T20:07:53.742Z"
+ },
+ {
+ "cveId": "CVE-2024-39486",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39486",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39486.json",
+ "dateUpdated": "2024-07-06T09:25:21.514Z"
+ },
+ {
+ "cveId": "CVE-2024-39689",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39689",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39689.json",
+ "dateUpdated": "2024-07-05T20:06:22.343Z"
+ },
+ {
+ "cveId": "CVE-2024-39723",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39723",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39723.json",
+ "dateUpdated": "2024-07-08T13:38:50.715Z"
+ },
+ {
+ "cveId": "CVE-2024-39742",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39742",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39742.json",
+ "dateUpdated": "2024-07-08T13:16:10.090Z"
+ },
+ {
+ "cveId": "CVE-2024-39743",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39743",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39743.json",
+ "dateUpdated": "2024-07-08T13:14:43.915Z"
+ },
+ {
+ "cveId": "CVE-2024-39864",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39864",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39864.json",
+ "dateUpdated": "2024-07-08T13:44:39.748Z"
+ },
+ {
+ "cveId": "CVE-2024-3651",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3651",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3651.json",
+ "dateUpdated": "2024-07-07T19:07:50.996Z"
+ },
+ {
+ "cveId": "CVE-2024-40594",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40594",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40594.json",
+ "dateUpdated": "2024-07-06T04:35:21.178506"
+ },
+ {
+ "cveId": "CVE-2024-40596",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40596",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40596.json",
+ "dateUpdated": "2024-07-08T13:45:52.034Z"
+ },
+ {
+ "cveId": "CVE-2024-40597",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40597",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40597.json",
+ "dateUpdated": "2024-07-08T13:18:11.587Z"
+ },
+ {
+ "cveId": "CVE-2024-40598",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40598",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40598.json",
+ "dateUpdated": "2024-07-06T23:26:12.746473"
+ },
+ {
+ "cveId": "CVE-2024-40599",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40599",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40599.json",
+ "dateUpdated": "2024-07-06T23:26:21.269053"
+ },
+ {
+ "cveId": "CVE-2024-40600",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40600",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40600.json",
+ "dateUpdated": "2024-07-06T23:26:28.514530"
+ },
+ {
+ "cveId": "CVE-2024-40601",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40601",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40601.json",
+ "dateUpdated": "2024-07-06T23:26:36.043771"
+ },
+ {
+ "cveId": "CVE-2024-40602",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40602",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40602.json",
+ "dateUpdated": "2024-07-06T23:26:55.969727"
+ },
+ {
+ "cveId": "CVE-2024-40603",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40603",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40603.json",
+ "dateUpdated": "2024-07-08T13:45:03.104Z"
+ },
+ {
+ "cveId": "CVE-2024-40604",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40604",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40604.json",
+ "dateUpdated": "2024-07-08T13:06:43.501Z"
+ },
+ {
+ "cveId": "CVE-2024-40605",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40605",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40605.json",
+ "dateUpdated": "2024-07-06T23:27:19.876020"
+ },
+ {
+ "cveId": "CVE-2024-40614",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-40614",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/40xxx/CVE-2024-40614.json",
+ "dateUpdated": "2024-07-07T15:03:21.266351"
+ },
+ {
+ "cveId": "CVE-2024-4341",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4341",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4341.json",
+ "dateUpdated": "2024-07-08T13:46:12.791Z"
+ },
+ {
+ "cveId": "CVE-2024-4708",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4708",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4708.json",
+ "dateUpdated": "2024-07-05T21:23:04.236Z"
+ },
+ {
+ "cveId": "CVE-2024-5419",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5419",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5419.json",
+ "dateUpdated": "2024-07-06T03:06:35.218Z"
+ },
+ {
+ "cveId": "CVE-2024-5504",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5504",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5504.json",
+ "dateUpdated": "2024-07-06T03:06:23.535Z"
+ },
+ {
+ "cveId": "CVE-2024-5616",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5616",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5616.json",
+ "dateUpdated": "2024-07-06T08:38:02.339Z"
+ },
+ {
+ "cveId": "CVE-2024-5711",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5711",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5711.json",
+ "dateUpdated": "2024-07-08T13:49:41.638Z"
+ },
+ {
+ "cveId": "CVE-2024-5753",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5753",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5753.json",
+ "dateUpdated": "2024-07-05T19:27:22.046Z"
+ },
+ {
+ "cveId": "CVE-2024-6095",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6095",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6095.json",
+ "dateUpdated": "2024-07-07T19:18:06.138Z"
+ },
+ {
+ "cveId": "CVE-2024-6163",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6163",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6163.json",
+ "dateUpdated": "2024-07-08T13:01:38.306Z"
+ },
+ {
+ "cveId": "CVE-2024-6229",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6229",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6229.json",
+ "dateUpdated": "2024-07-07T19:15:38.350Z"
+ },
+ {
+ "cveId": "CVE-2024-6263",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6263",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6263.json",
+ "dateUpdated": "2024-07-06T02:33:08.495Z"
+ },
+ {
+ "cveId": "CVE-2024-6387",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6387",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6387.json",
+ "dateUpdated": "2024-07-05T23:08:15.094Z"
+ },
+ {
+ "cveId": "CVE-2024-6539",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6539",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6539.json",
+ "dateUpdated": "2024-07-07T22:31:07.456Z"
+ }
+ ],
+ "updated": [
+ {
+ "cveId": "CVE-2019-8761",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2019-8761",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2019/8xxx/CVE-2019-8761.json",
+ "dateUpdated": "2024-07-08T12:08:20.890217"
+ },
+ {
+ "cveId": "CVE-2021-47242",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2021-47242",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2021/47xxx/CVE-2021-47242.json",
+ "dateUpdated": "2024-07-07T19:44:05.240Z"
+ },
+ {
+ "cveId": "CVE-2022-0028",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-0028",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/0xxx/CVE-2022-0028.json",
+ "dateUpdated": "2024-07-06T13:45:09.148Z"
+ },
+ {
+ "cveId": "CVE-2022-22076",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-22076",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/22xxx/CVE-2022-22076.json",
+ "dateUpdated": "2024-07-05T20:13:39.805Z"
+ },
+ {
+ "cveId": "CVE-2022-29420",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-29420",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/29xxx/CVE-2022-29420.json",
+ "dateUpdated": "2024-07-06T02:51:20.485Z"
+ },
+ {
+ "cveId": "CVE-2022-2856",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-2856",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/2xxx/CVE-2022-2856.json",
+ "dateUpdated": "2024-07-06T13:57:27.836Z"
+ },
+ {
+ "cveId": "CVE-2022-33251",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-33251",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/33xxx/CVE-2022-33251.json",
+ "dateUpdated": "2024-07-05T20:14:21.382Z"
+ },
+ {
+ "cveId": "CVE-2022-33307",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-33307",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/33xxx/CVE-2022-33307.json",
+ "dateUpdated": "2024-07-06T14:10:34.481Z"
+ },
+ {
+ "cveId": "CVE-2022-34144",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-34144",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/34xxx/CVE-2022-34144.json",
+ "dateUpdated": "2024-07-05T20:11:11.752Z"
+ },
+ {
+ "cveId": "CVE-2022-47420",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2022-47420",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2022/47xxx/CVE-2022-47420.json",
+ "dateUpdated": "2024-07-08T09:27:25.880Z"
+ },
+ {
+ "cveId": "CVE-2023-21237",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-21237",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/21xxx/CVE-2023-21237.json",
+ "dateUpdated": "2024-07-06T13:35:47.045Z"
+ },
+ {
+ "cveId": "CVE-2023-21657",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-21657",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/21xxx/CVE-2023-21657.json",
+ "dateUpdated": "2024-07-06T14:09:27.138Z"
+ },
+ {
+ "cveId": "CVE-2023-21939",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-21939",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/21xxx/CVE-2023-21939.json",
+ "dateUpdated": "2024-07-05T19:26:49.370Z"
+ },
+ {
+ "cveId": "CVE-2023-25790",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-25790",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/25xxx/CVE-2023-25790.json",
+ "dateUpdated": "2024-07-06T02:49:35.000Z"
+ },
+ {
+ "cveId": "CVE-2023-26531",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-26531",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/26xxx/CVE-2023-26531.json",
+ "dateUpdated": "2024-07-08T08:55:36.709Z"
+ },
+ {
+ "cveId": "CVE-2023-26756",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-26756",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/26xxx/CVE-2023-26756.json",
+ "dateUpdated": "2024-07-05T19:24:23.501Z"
+ },
+ {
+ "cveId": "CVE-2023-27330",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-27330",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/27xxx/CVE-2023-27330.json",
+ "dateUpdated": "2024-07-05T21:07:19.996Z"
+ },
+ {
+ "cveId": "CVE-2023-27359",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-27359",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/27xxx/CVE-2023-27359.json",
+ "dateUpdated": "2024-07-05T21:06:51.750Z"
+ },
+ {
+ "cveId": "CVE-2023-28334",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-28334",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/28xxx/CVE-2023-28334.json",
+ "dateUpdated": "2024-07-07T19:29:26.140Z"
+ },
+ {
+ "cveId": "CVE-2023-28696",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-28696",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/28xxx/CVE-2023-28696.json",
+ "dateUpdated": "2024-07-08T10:36:17.054Z"
+ },
+ {
+ "cveId": "CVE-2023-29346",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-29346",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/29xxx/CVE-2023-29346.json",
+ "dateUpdated": "2024-07-05T20:18:51.821Z"
+ },
+ {
+ "cveId": "CVE-2023-29361",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-29361",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/29xxx/CVE-2023-29361.json",
+ "dateUpdated": "2024-07-05T20:21:38.873Z"
+ },
+ {
+ "cveId": "CVE-2023-29369",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-29369",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/29xxx/CVE-2023-29369.json",
+ "dateUpdated": "2024-07-05T20:22:16.308Z"
+ },
+ {
+ "cveId": "CVE-2023-2597",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-2597",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/2xxx/CVE-2023-2597.json",
+ "dateUpdated": "2024-07-05T20:11:57.497Z"
+ },
+ {
+ "cveId": "CVE-2023-30402",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-30402",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/30xxx/CVE-2023-30402.json",
+ "dateUpdated": "2024-07-05T20:10:28.830Z"
+ },
+ {
+ "cveId": "CVE-2023-32175",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-32175",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/32xxx/CVE-2023-32175.json",
+ "dateUpdated": "2024-07-05T21:06:24.727Z"
+ },
+ {
+ "cveId": "CVE-2023-33281",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-33281",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/33xxx/CVE-2023-33281.json",
+ "dateUpdated": "2024-07-05T20:12:57.542Z"
+ },
+ {
+ "cveId": "CVE-2023-33919",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-33919",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/33xxx/CVE-2023-33919.json",
+ "dateUpdated": "2024-07-06T14:12:00.475Z"
+ },
+ {
+ "cveId": "CVE-2023-35722",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-35722",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/35xxx/CVE-2023-35722.json",
+ "dateUpdated": "2024-07-05T21:01:40.570Z"
+ },
+ {
+ "cveId": "CVE-2023-37358",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-37358",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/37xxx/CVE-2023-37358.json",
+ "dateUpdated": "2024-07-05T21:00:54.727Z"
+ },
+ {
+ "cveId": "CVE-2023-38109",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-38109",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/38xxx/CVE-2023-38109.json",
+ "dateUpdated": "2024-07-05T21:00:40.754Z"
+ },
+ {
+ "cveId": "CVE-2023-39471",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-39471",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/39xxx/CVE-2023-39471.json",
+ "dateUpdated": "2024-07-05T21:00:28.982Z"
+ },
+ {
+ "cveId": "CVE-2023-39473",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-39473",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/39xxx/CVE-2023-39473.json",
+ "dateUpdated": "2024-07-05T21:00:08.201Z"
+ },
+ {
+ "cveId": "CVE-2023-39475",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-39475",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/39xxx/CVE-2023-39475.json",
+ "dateUpdated": "2024-07-05T20:59:42.213Z"
+ },
+ {
+ "cveId": "CVE-2023-39476",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-39476",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/39xxx/CVE-2023-39476.json",
+ "dateUpdated": "2024-07-05T20:59:53.039Z"
+ },
+ {
+ "cveId": "CVE-2023-42116",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-42116",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/42xxx/CVE-2023-42116.json",
+ "dateUpdated": "2024-07-05T20:58:17.152Z"
+ },
+ {
+ "cveId": "CVE-2023-42119",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-42119",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/42xxx/CVE-2023-42119.json",
+ "dateUpdated": "2024-07-05T20:58:39.448Z"
+ },
+ {
+ "cveId": "CVE-2023-44449",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-44449",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/44xxx/CVE-2023-44449.json",
+ "dateUpdated": "2024-07-05T20:57:57.804Z"
+ },
+ {
+ "cveId": "CVE-2023-45830",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-45830",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/45xxx/CVE-2023-45830.json",
+ "dateUpdated": "2024-07-08T09:26:08.845Z"
+ },
+ {
+ "cveId": "CVE-2023-47246",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47246",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47246.json",
+ "dateUpdated": "2024-07-06T13:52:50.136Z"
+ },
+ {
+ "cveId": "CVE-2023-47663",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-47663",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/47xxx/CVE-2023-47663.json",
+ "dateUpdated": "2024-07-06T02:47:58.795Z"
+ },
+ {
+ "cveId": "CVE-2023-49188",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-49188",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/49xxx/CVE-2023-49188.json",
+ "dateUpdated": "2024-07-08T09:01:56.157Z"
+ },
+ {
+ "cveId": "CVE-2023-51482",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-51482",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/51xxx/CVE-2023-51482.json",
+ "dateUpdated": "2024-07-05T21:22:38.321Z"
+ },
+ {
+ "cveId": "CVE-2023-5090",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2023-5090",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2023/5xxx/CVE-2023-5090.json",
+ "dateUpdated": "2024-07-08T04:38:07.892Z"
+ },
+ {
+ "cveId": "CVE-2024-0042",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-0042",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/0xxx/CVE-2024-0042.json",
+ "dateUpdated": "2024-07-07T19:21:28.222Z"
+ },
+ {
+ "cveId": "CVE-2024-0905",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-0905",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/0xxx/CVE-2024-0905.json",
+ "dateUpdated": "2024-07-05T21:22:15.290Z"
+ },
+ {
+ "cveId": "CVE-2024-0986",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-0986",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/0xxx/CVE-2024-0986.json",
+ "dateUpdated": "2024-07-05T10:00:56.589Z"
+ },
+ {
+ "cveId": "CVE-2024-1386",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1386",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1386.json",
+ "dateUpdated": "2024-07-07T13:53:03.431Z"
+ },
+ {
+ "cveId": "CVE-2024-1567",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1567",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1567.json",
+ "dateUpdated": "2024-07-05T21:11:23.918Z"
+ },
+ {
+ "cveId": "CVE-2024-1677",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1677",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1677.json",
+ "dateUpdated": "2024-07-05T21:11:42.038Z"
+ },
+ {
+ "cveId": "CVE-2024-1679",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1679",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1679.json",
+ "dateUpdated": "2024-07-05T21:07:37.435Z"
+ },
+ {
+ "cveId": "CVE-2024-1809",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1809",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1809.json",
+ "dateUpdated": "2024-07-05T21:09:40.244Z"
+ },
+ {
+ "cveId": "CVE-2024-1993",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1993",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1993.json",
+ "dateUpdated": "2024-07-07T13:53:08.521Z"
+ },
+ {
+ "cveId": "CVE-2024-1994",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-1994",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/1xxx/CVE-2024-1994.json",
+ "dateUpdated": "2024-07-06T13:28:56.785Z"
+ },
+ {
+ "cveId": "CVE-2024-20852",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-20852",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/20xxx/CVE-2024-20852.json",
+ "dateUpdated": "2024-07-08T13:31:15.663Z"
+ },
+ {
+ "cveId": "CVE-2024-23519",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-23519",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/23xxx/CVE-2024-23519.json",
+ "dateUpdated": "2024-07-08T09:48:21.482Z"
+ },
+ {
+ "cveId": "CVE-2024-25928",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-25928",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/25xxx/CVE-2024-25928.json",
+ "dateUpdated": "2024-07-08T09:28:54.359Z"
+ },
+ {
+ "cveId": "CVE-2024-26621",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-26621",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/26xxx/CVE-2024-26621.json",
+ "dateUpdated": "2024-07-05T12:31:46.028Z"
+ },
+ {
+ "cveId": "CVE-2024-29824",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-29824",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/29xxx/CVE-2024-29824.json",
+ "dateUpdated": "2024-07-06T03:55:43.773Z"
+ },
+ {
+ "cveId": "CVE-2024-2084",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2084",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2084.json",
+ "dateUpdated": "2024-07-07T13:52:58.356Z"
+ },
+ {
+ "cveId": "CVE-2024-2191",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2191",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2191.json",
+ "dateUpdated": "2024-07-05T20:17:35.161Z"
+ },
+ {
+ "cveId": "CVE-2024-2542",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2542",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2542.json",
+ "dateUpdated": "2024-07-05T21:08:41.890Z"
+ },
+ {
+ "cveId": "CVE-2024-2752",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2752",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2752.json",
+ "dateUpdated": "2024-07-07T13:52:49.459Z"
+ },
+ {
+ "cveId": "CVE-2024-2840",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2840",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2840.json",
+ "dateUpdated": "2024-07-05T21:17:19.212Z"
+ },
+ {
+ "cveId": "CVE-2024-2958",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2958",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2958.json",
+ "dateUpdated": "2024-07-05T21:11:51.020Z"
+ },
+ {
+ "cveId": "CVE-2024-2970",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2970",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2970.json",
+ "dateUpdated": "2024-07-07T13:48:39.411Z"
+ },
+ {
+ "cveId": "CVE-2024-31086",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-31086",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/31xxx/CVE-2024-31086.json",
+ "dateUpdated": "2024-07-06T02:50:17.659Z"
+ },
+ {
+ "cveId": "CVE-2024-31093",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-31093",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/31xxx/CVE-2024-31093.json",
+ "dateUpdated": "2024-07-06T02:50:39.444Z"
+ },
+ {
+ "cveId": "CVE-2024-31288",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-31288",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/31xxx/CVE-2024-31288.json",
+ "dateUpdated": "2024-07-06T13:28:04.659Z"
+ },
+ {
+ "cveId": "CVE-2024-31299",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-31299",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/31xxx/CVE-2024-31299.json",
+ "dateUpdated": "2024-07-06T02:51:01.696Z"
+ },
+ {
+ "cveId": "CVE-2024-32513",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-32513",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/32xxx/CVE-2024-32513.json",
+ "dateUpdated": "2024-07-05T21:23:18.822Z"
+ },
+ {
+ "cveId": "CVE-2024-32785",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-32785",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/32xxx/CVE-2024-32785.json",
+ "dateUpdated": "2024-07-06T02:49:56.587Z"
+ },
+ {
+ "cveId": "CVE-2024-33584",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-33584",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/33xxx/CVE-2024-33584.json",
+ "dateUpdated": "2024-07-05T21:21:34.720Z"
+ },
+ {
+ "cveId": "CVE-2024-33589",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-33589",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/33xxx/CVE-2024-33589.json",
+ "dateUpdated": "2024-07-05T21:21:21.210Z"
+ },
+ {
+ "cveId": "CVE-2024-34349",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34349",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34349.json",
+ "dateUpdated": "2024-07-08T12:35:38.149Z"
+ },
+ {
+ "cveId": "CVE-2024-34385",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34385",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34385.json",
+ "dateUpdated": "2024-07-06T02:48:23.220Z"
+ },
+ {
+ "cveId": "CVE-2024-34759",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34759",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34759.json",
+ "dateUpdated": "2024-07-06T02:47:38.396Z"
+ },
+ {
+ "cveId": "CVE-2024-34793",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34793",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34793.json",
+ "dateUpdated": "2024-07-06T02:48:48.072Z"
+ },
+ {
+ "cveId": "CVE-2024-34801",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34801",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34801.json",
+ "dateUpdated": "2024-07-06T02:49:13.558Z"
+ },
+ {
+ "cveId": "CVE-2024-34804",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-34804",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/34xxx/CVE-2024-34804.json",
+ "dateUpdated": "2024-07-08T09:00:15.444Z"
+ },
+ {
+ "cveId": "CVE-2024-35698",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35698",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35698.json",
+ "dateUpdated": "2024-07-06T02:45:24.521Z"
+ },
+ {
+ "cveId": "CVE-2024-35708",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35708",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35708.json",
+ "dateUpdated": "2024-07-06T02:46:24.857Z"
+ },
+ {
+ "cveId": "CVE-2024-35714",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35714",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35714.json",
+ "dateUpdated": "2024-07-06T02:46:46.919Z"
+ },
+ {
+ "cveId": "CVE-2024-35739",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35739",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35739.json",
+ "dateUpdated": "2024-07-06T02:47:09.199Z"
+ },
+ {
+ "cveId": "CVE-2024-35763",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35763",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35763.json",
+ "dateUpdated": "2024-07-06T02:43:53.906Z"
+ },
+ {
+ "cveId": "CVE-2024-35778",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35778",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35778.json",
+ "dateUpdated": "2024-07-08T09:47:24.727Z"
+ },
+ {
+ "cveId": "CVE-2024-35781",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-35781",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/35xxx/CVE-2024-35781.json",
+ "dateUpdated": "2024-07-08T08:56:40.455Z"
+ },
+ {
+ "cveId": "CVE-2024-36495",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-36495",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/36xxx/CVE-2024-36495.json",
+ "dateUpdated": "2024-07-05T20:25:37.378Z"
+ },
+ {
+ "cveId": "CVE-2024-38373",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-38373",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/38xxx/CVE-2024-38373.json",
+ "dateUpdated": "2024-07-05T20:19:11.301Z"
+ },
+ {
+ "cveId": "CVE-2024-39458",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-39458",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/39xxx/CVE-2024-39458.json",
+ "dateUpdated": "2024-07-05T20:18:50.446Z"
+ },
+ {
+ "cveId": "CVE-2024-3023",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3023",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3023.json",
+ "dateUpdated": "2024-07-07T13:53:32.369Z"
+ },
+ {
+ "cveId": "CVE-2024-3188",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3188",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3188.json",
+ "dateUpdated": "2024-07-05T21:22:02.468Z"
+ },
+ {
+ "cveId": "CVE-2024-3312",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3312",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3312.json",
+ "dateUpdated": "2024-07-05T21:09:21.792Z"
+ },
+ {
+ "cveId": "CVE-2024-3341",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3341",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3341.json",
+ "dateUpdated": "2024-07-05T21:11:59.859Z"
+ },
+ {
+ "cveId": "CVE-2024-3585",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3585",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3585.json",
+ "dateUpdated": "2024-07-05T21:18:53.811Z"
+ },
+ {
+ "cveId": "CVE-2024-3650",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3650",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3650.json",
+ "dateUpdated": "2024-07-05T21:08:18.676Z"
+ },
+ {
+ "cveId": "CVE-2024-3674",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3674",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3674.json",
+ "dateUpdated": "2024-07-07T13:53:13.389Z"
+ },
+ {
+ "cveId": "CVE-2024-3678",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3678",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3678.json",
+ "dateUpdated": "2024-07-05T21:21:49.037Z"
+ },
+ {
+ "cveId": "CVE-2024-3727",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3727",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3727.json",
+ "dateUpdated": "2024-07-08T09:50:31.588Z"
+ },
+ {
+ "cveId": "CVE-2024-3819",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3819",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3819.json",
+ "dateUpdated": "2024-07-07T13:53:18.411Z"
+ },
+ {
+ "cveId": "CVE-2024-3985",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3985",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3985.json",
+ "dateUpdated": "2024-07-07T13:53:23.818Z"
+ },
+ {
+ "cveId": "CVE-2024-4003",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4003",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4003.json",
+ "dateUpdated": "2024-07-05T21:12:15.779Z"
+ },
+ {
+ "cveId": "CVE-2024-4036",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4036",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4036.json",
+ "dateUpdated": "2024-07-07T13:52:53.488Z"
+ },
+ {
+ "cveId": "CVE-2024-4077",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4077",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4077.json",
+ "dateUpdated": "2024-07-05T21:22:28.395Z"
+ },
+ {
+ "cveId": "CVE-2024-4307",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4307",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4307.json",
+ "dateUpdated": "2024-07-05T21:20:27.229Z"
+ },
+ {
+ "cveId": "CVE-2024-4418",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4418",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4418.json",
+ "dateUpdated": "2024-07-08T04:50:16.105Z"
+ },
+ {
+ "cveId": "CVE-2024-4541",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4541",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4541.json",
+ "dateUpdated": "2024-07-06T03:11:12.252Z"
+ },
+ {
+ "cveId": "CVE-2024-5215",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5215",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5215.json",
+ "dateUpdated": "2024-07-06T03:09:52.446Z"
+ },
+ {
+ "cveId": "CVE-2024-5424",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5424",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5424.json",
+ "dateUpdated": "2024-07-06T03:09:24.121Z"
+ },
+ {
+ "cveId": "CVE-2024-5507",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5507",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5507.json",
+ "dateUpdated": "2024-07-05T20:16:52.183Z"
+ },
+ {
+ "cveId": "CVE-2024-5788",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5788",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5788.json",
+ "dateUpdated": "2024-07-06T03:09:44.023Z"
+ },
+ {
+ "cveId": "CVE-2024-5859",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5859",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5859.json",
+ "dateUpdated": "2024-07-06T03:10:40.691Z"
+ },
+ {
+ "cveId": "CVE-2024-6120",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6120",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6120.json",
+ "dateUpdated": "2024-07-06T03:10:11.691Z"
+ },
+ {
+ "cveId": "CVE-2024-6288",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6288",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6288.json",
+ "dateUpdated": "2024-07-06T03:09:33.805Z"
+ },
+ {
+ "cveId": "CVE-2024-6307",
+ "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-6307",
+ "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/6xxx/CVE-2024-6307.json",
+ "dateUpdated": "2024-07-06T03:10:01.568Z"
+ }
+ ],
+ "error": []
+ },
{
"fetchTime": "2024-07-05T19:32:52.191Z",
"numberOfChanges": 29,