admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-23T10:00:18.545097+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-23 10:03:13 +00:00
parent ab7623d832
commit 1bde62e107
6 changed files with 86 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
CVE-2024/CVE-2024-290xx/CVE-2024-29070.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-29070",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-23T09:15:02.503",
"lastModified": "2024-07-23T09:15:02.503",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "On versions before 2.1.4,\u00a0session is not invalidated after logout. When the user logged in successfully, the Backend service returns \"Authorization\" as the front-end authentication credential. \"Authorization\" can still initiate requests and access data even after logout.\n\nMitigation:\n\nall users should upgrade to 2.1.4\n\n"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/zslblrz1l0n9t67mqdv42yv75ncfn9zl",
"source": "security@apache.org"
}
]
}

6
CVE-2024/CVE-2024-35xx/CVE-2024-3596.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3596",
"sourceIdentifier": "cret@cert.org",
"published": "2024-07-09T12:15:20.700",
"lastModified": "2024-07-09T22:15:03.657",
"lastModified": "2024-07-23T09:15:02.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -33,6 +33,10 @@
"url": "https://networkradius.com/assets/pdf/radius_and_md5_collisions.pdf",
"source": "cret@cert.org"
},
{
"url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0014",
"source": "cret@cert.org"
},
{
"url": "https://www.blastradius.fail/",
"source": "cret@cert.org"

29
CVE-2024/CVE-2024-410xx/CVE-2024-41012.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-41012",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-23T08:15:01.877",
"lastModified": "2024-07-23T08:15:01.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilelock: Remove locks reliably when fcntl/close race is detected\n\nWhen fcntl_setlk() races with close(), it removes the created lock with\ndo_lock_file_wait().\nHowever, LSMs can allow the first do_lock_file_wait() that created the lock\nwhile denying the second do_lock_file_wait() that tries to remove the lock.\nSeparately, posix_lock_file() could also fail to\nremove a lock due to GFP_KERNEL allocation failure (when splitting a range\nin the middle).\n\nAfter the bug has been triggered, use-after-free reads will occur in\nlock_get_status() when userspace reads /proc/locks. This can likely be used\nto read arbitrary kernel memory, but can't corrupt kernel memory.\n\nFix it by calling locks_remove_posix() instead, which is designed to\nreliably get rid of POSIX locks associated with the given file and\nfiles_struct and is also used by filp_flush()."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: filelock: Elimina bloqueos de manera confiable cuando se detecta fcntl/close race Cuando fcntl_setlk() corre con close(), elimina el bloqueo creado con do_lock_file_wait(). Sin embargo, los LSM pueden permitir el primer do_lock_file_wait() que cre\u00f3 el bloqueo y al mismo tiempo negar el segundo do_lock_file_wait() que intenta eliminar el bloqueo. Por separado, posix_lock_file() tambi\u00e9n podr\u00eda no eliminar un bloqueo debido a un fallo en la asignaci\u00f3n de GFP_KERNEL (al dividir un rango por la mitad). Despu\u00e9s de que se haya activado el error, se producir\u00e1n lecturas de use-after-free en lock_get_status() cuando el espacio de usuario lea /proc/locks. Es probable que esto se pueda usar para leer memoria del kernel arbitraria, pero no puede da\u00f1ar la memoria del kernel. Solucionelo llamando a locks_remove_posix() en su lugar, que est\u00e1 dise\u00f1ado para deshacerse de manera confiable de los bloqueos POSIX asociados con el archivo dado y files_struct y tambi\u00e9n lo usa filp_flush()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/3cad1bc010416c6dd780643476bc59ed742436b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b6d223942c34057fdfd8f149e763fa823731b224",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

4
CVE-2024/CVE-2024-64xx/CVE-2024-6420.json
View File

@ -9,6 +9,10 @@
{
"lang": "en",
"value": "The Hide My WP Ghost WordPress plugin before 5.2.02 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the hidden login page."
},
{
"lang": "es",
"value": " El complemento de WordPress Hide My WP Ghost anterior a 5.2.02 no impide las redirecciones a la p\u00e1gina de inicio de sesi\u00f3n a trav\u00e9s de la funci\u00f3n auth_redirect de WordPress, lo que permite que un visitante no autenticado acceda a la p\u00e1gina de inicio de sesi\u00f3n oculta."
}
],
"metrics": {},

17
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-07-23T08:00:17.665086+00:00
2024-07-23T10:00:18.545097+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-07-23T06:15:11.413000+00:00
2024-07-23T09:15:02.697000+00:00
```
### Last Data Feed Release
@ -33,22 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
257823
257825
```
### CVEs added in the last Commit
Recently added CVEs: `3`
Recently added CVEs: `2`
- [CVE-2024-4260](CVE-2024/CVE-2024-42xx/CVE-2024-4260.json) (`2024-07-23T06:15:09.907`)
- [CVE-2024-6231](CVE-2024/CVE-2024-62xx/CVE-2024-6231.json) (`2024-07-23T06:15:11.330`)
- [CVE-2024-6420](CVE-2024/CVE-2024-64xx/CVE-2024-6420.json) (`2024-07-23T06:15:11.413`)
- [CVE-2024-29070](CVE-2024/CVE-2024-290xx/CVE-2024-29070.json) (`2024-07-23T09:15:02.503`)
- [CVE-2024-41012](CVE-2024/CVE-2024-410xx/CVE-2024-41012.json) (`2024-07-23T08:15:01.877`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `2`
- [CVE-2024-3596](CVE-2024/CVE-2024-35xx/CVE-2024-3596.json) (`2024-07-23T09:15:02.697`)
- [CVE-2024-6420](CVE-2024/CVE-2024-64xx/CVE-2024-6420.json) (`2024-07-23T06:15:11.413`)
## Download and Usage

10
_state.csv
View File

@ -248713,6 +248713,7 @@ CVE-2024-29063,0,0,a8033ce9e699f35cb65dc8d63268bfdd99aa16f594ad08413d90e8003a22b
CVE-2024-29064,0,0,88daf3a7de89b464600feb0ee044529e05b02bc2ba2ebf4683d236ef22e3a252,2024-04-10T13:24:00.070000
CVE-2024-29066,0,0,b57916d53c87b911e1996a4619a92f6e3a854e8931117c8efeb51360c73379e4,2024-04-10T13:24:00.070000
CVE-2024-2907,0,0,bd4e59455721fd47a3f3bf4cc54009a430bac090133efd0393d311456e4d173d,2024-04-25T13:18:13.537000
CVE-2024-29070,1,1,658c5d4744dd1a3fb2b6b00c1f6f1676244532e9076a8efb82759dd47c030e95,2024-07-23T09:15:02.503000
CVE-2024-29071,0,0,06a4c013d7966a06671f5afa3de9f823a9a7634e70711b0ea0f16d92c424f917,2024-03-25T13:47:14.087000
CVE-2024-29072,0,0,50e2db556663c43fd665c3ae801a5bd36f73f0e7479a230bf4ff9553f9fcd995,2024-06-10T18:15:30.110000
CVE-2024-29073,0,0,5c3ae86874769801c4eb11bcdfeb51908893e8039c75c17f2607c942f1e7b0de,2024-07-22T17:15:03.340000
@ -253240,7 +253241,7 @@ CVE-2024-35956,0,0,6daaa17f6daf5c1e7dbe25b31d8f284c6d8eb8dc7456f0a10055a1b94b729
CVE-2024-35957,0,0,e141b1b9097a7806a00bb0c48ac64502ac9af857ac6124b5c3fe838aeabb39c1,2024-05-20T13:00:04.957000
CVE-2024-35958,0,0,27da5fd588ac3ce8332b6e492c398e6df1c5790844fbe400bee825d71b601890,2024-06-25T21:15:59.560000
CVE-2024-35959,0,0,dedb0d273081072306561ee363e733e771e14b093e6ca1312bedc816a5a31709,2024-05-20T13:00:04.957000
CVE-2024-3596,0,0,8d90cf19ea04bba5898a9d37810f767737a5dc94a88fc368b38d7805b5af326a,2024-07-09T22:15:03.657000
CVE-2024-3596,0,1,cb33925615133cc12f1d779362e2e2cf3367c987c4531f8ee95e198d5de65bd7,2024-07-23T09:15:02.697000
CVE-2024-35960,0,0,11d604c76d60dfaa78f70c27cc242617c170ee1b403a8338bbdc80eef71892f9,2024-07-03T02:02:30.127000
CVE-2024-35961,0,0,ab8b5634b4fd57a716b21f414efc630229092d81a22f18d25247af536cced718,2024-05-20T13:00:04.957000
CVE-2024-35962,0,0,4b628f3f57455942301b439ab908f4e8ff039f128cecf651c9be39d0756f5760,2024-06-25T22:15:33.823000
@ -255745,6 +255746,7 @@ CVE-2024-41008,0,0,86de6e2be092cac70f5596fb96d0253f26291855f34ae4ddc015775261181
CVE-2024-41009,0,0,b973764a3f5390614759bf6dad52e86dad86b20c98263f759698c0703f8fb179,2024-07-19T15:06:23.827000
CVE-2024-41010,0,0,ae8d1d1b3ebaab40dc6ac6afde49ce66895bb7f4e7ee92f295ff5ca1fa79b217,2024-07-19T15:24:59.137000
CVE-2024-41011,0,0,4c2c460e7d99f33158a9c285f2b0882c56a6716b8d689bc4bd4c6463e3fba1ea,2024-07-18T12:28:43.707000
CVE-2024-41012,1,1,3f793aee33c6103136a4bb12c753a217c33e47d2b00b5d4520ea39a5dee1fc4c,2024-07-23T08:15:01.877000
CVE-2024-4102,0,0,1b0aaa7efbf772a3034d5138f2cde018af6a8f41a0229b0c5f36e4d66092a2a3,2024-07-09T18:19:14.047000
CVE-2024-4103,0,0,ff27f3988e30e41f465bfc5b7800f7ae2f96b1e2cd71c1414de16617b75fe4fe,2024-05-14T16:11:39.510000
CVE-2024-4104,0,0,069e7afb1610585640d00d566d3fc4756dff3571ed269cd2ef1d63c8e8ce45e5,2024-05-14T16:11:39.510000
@ -255913,7 +255915,7 @@ CVE-2024-4255,0,0,35fd058a4cc0a80e19d25400a3e944345c636d8ef400085f905d7b019af7ed
CVE-2024-4256,0,0,2885dad709315de5112b738946979afcb06c4d717b1b754bf7bfd87477f08c3d,2024-06-04T19:20:34.517000
CVE-2024-4257,0,0,e0d599f1bfc48408556261adebbc05066e8b6b86cdfabfa8d99484b6710fdc92,2024-05-17T02:40:21.330000
CVE-2024-4258,0,0,cedc452cf08b1d582601f74b54055702e4527b179d19ae6d21e1fa7a35e392d8,2024-06-17T12:42:04.623000
CVE-2024-4260,1,1,3673a1c9921cf50170657755292e4f73fc40b3418acf23ec0120037fce9bf21d,2024-07-23T06:15:09.907000
CVE-2024-4260,0,0,3673a1c9921cf50170657755292e4f73fc40b3418acf23ec0120037fce9bf21d,2024-07-23T06:15:09.907000
CVE-2024-4261,0,0,cad163d5402c8383e323c083e324c4342bcfec07494a0960d776456fb2ab221b,2024-05-22T14:30:41.953000
CVE-2024-4262,0,0,eb43fbaec8efb92a09683be8d89079c39bc088d0014f0d5047c7a435bf15c8e4,2024-05-22T12:46:53.887000
CVE-2024-4263,0,0,ca3576d1d67e220dba5bd29258a281021ffe39453fa0c4f20e91ad0ccbfbb40c,2024-05-16T13:03:05.353000
@ -257476,7 +257478,7 @@ CVE-2024-6222,0,0,7da69ce6fbc5989cf8dc00c0967cc47c0670f03447330ea36d4de40ed4ce08
CVE-2024-6225,0,0,510a69cec2d5d6c6d036e0951030f27f3f34bcc77e3448a2bbf2dbc18120fe93,2024-06-24T19:21:28.450000
CVE-2024-6227,0,0,6448b237469b4af8add5bea6ce3efd3ec79e9126dca5090705d4ceeb86be54e2,2024-07-09T18:19:14.047000
CVE-2024-6229,0,0,54fd6bf3998b843838fdb7fbe8cf0772e5599fcd948d9cf2d47de13f2ccb011e,2024-07-11T15:03:15.233000
CVE-2024-6231,1,1,53c37ff918556246c27eee143f1467c8a873be16ccc7256e2859edede55e976d,2024-07-23T06:15:11.330000
CVE-2024-6231,0,0,53c37ff918556246c27eee143f1467c8a873be16ccc7256e2859edede55e976d,2024-07-23T06:15:11.330000
CVE-2024-6235,0,0,3389c73a6ea8d57ad4659a54003738203401403add7f113413f0341ee66fc3c4,2024-07-11T15:06:34.163000
CVE-2024-6236,0,0,294d07111f47e2594afccb77d041edde3630ac9799928242bfa797180655c347,2024-07-11T13:05:54.930000
CVE-2024-6237,0,0,46541712e840180b3223b10d698baa69ce4ae4ad2290c1cfff1ca39481f71f37,2024-07-12T17:14:19.130000
@ -257597,7 +257599,7 @@ CVE-2024-6416,0,0,1d3038bca30e2041aec4c6f6e9ac2c7cb38b0b032dbc11dcdc7f3d31ad18d0
CVE-2024-6417,0,0,29f9a4ce41522fa0140910babecf0fc99e85f4d49ac0eb1b6a99dc830b0f22e3,2024-07-01T12:37:24.220000
CVE-2024-6418,0,0,b63bb78bc20fc7c9074df0590cf44ede2aa2ea9145f7e2ea976342cbbc9ede3c,2024-07-01T12:37:24.220000
CVE-2024-6419,0,0,e1f22570d75c49fa5726171947ce4e56ea60b543707fecfaebe18f84b2ff48d5,2024-07-01T12:37:24.220000
CVE-2024-6420,1,1,cf55afd6f85d97419493e7abe5fec6d0a8a9bb1366ae2934dd5a26c2aea639ea,2024-07-23T06:15:11.413000
CVE-2024-6420,0,1,64215060acb97216fb3e5f51210b9092431c1ec12ab745bb0cb2067837b1b2b9,2024-07-23T06:15:11.413000
CVE-2024-6421,0,0,2fe6e0b05086ec8fe1614a33f3714b1b7412a68316b06964410d48a53c099378,2024-07-11T13:05:54.930000
CVE-2024-6422,0,0,55d1b4b5125b3e6420c56faceebe4743e983319ac647dfed74960e28bff876d9,2024-07-11T13:05:54.930000
CVE-2024-6424,0,0,a4271c75a6c97806333e2d8d45edb2537cf0684790d84aeb8788fc5848fb2e64,2024-07-01T16:37:39.040000

Can't render this file because it is too large.