From 24b2bf7b601c604c6a8952b599fa9818e1def993 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 1 Jun 2024 18:03:31 +0000 Subject: [PATCH] Auto-Update: 2024-06-01T18:00:37.734875+00:00 --- CVE-2024/CVE-2024-41xx/CVE-2024-4148.json | 55 +++++++++++++++++++++++ README.md | 16 +++---- _state.csv | 15 ++++--- 3 files changed, 68 insertions(+), 18 deletions(-) create mode 100644 CVE-2024/CVE-2024-41xx/CVE-2024-4148.json diff --git a/CVE-2024/CVE-2024-41xx/CVE-2024-4148.json b/CVE-2024/CVE-2024-41xx/CVE-2024-4148.json new file mode 100644 index 00000000000..7812ba55f60 --- /dev/null +++ b/CVE-2024/CVE-2024-41xx/CVE-2024-4148.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-4148", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-06-01T16:15:07.563", + "lastModified": "2024-06-01T16:15:07.563", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially render it completely non-functional. Specifically, the vulnerability can be triggered by sending a specially crafted request to the application, leading to a denial of service where the application crashes." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/eca4ad45-2a38-4f3c-9ec1-8205cd51be31", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index f5296357415..4f0cc0dd3a6 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-01T10:00:37.360702+00:00 +2024-06-01T18:00:37.734875+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-01T09:15:10.063000+00:00 +2024-06-01T16:15:07.563000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,14 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -252361 +252362 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `1` -- [CVE-2024-2295](CVE-2024/CVE-2024-22xx/CVE-2024-2295.json) (`2024-06-01T08:15:08.407`) -- [CVE-2024-3200](CVE-2024/CVE-2024-32xx/CVE-2024-3200.json) (`2024-06-01T09:15:09.453`) -- [CVE-2024-35636](CVE-2024/CVE-2024-356xx/CVE-2024-35636.json) (`2024-06-01T09:15:08.983`) -- [CVE-2024-3820](CVE-2024/CVE-2024-38xx/CVE-2024-3820.json) (`2024-06-01T09:15:09.660`) -- [CVE-2024-3821](CVE-2024/CVE-2024-38xx/CVE-2024-3821.json) (`2024-06-01T09:15:09.863`) -- [CVE-2024-4958](CVE-2024/CVE-2024-49xx/CVE-2024-4958.json) (`2024-06-01T08:15:08.637`) -- [CVE-2024-5348](CVE-2024/CVE-2024-53xx/CVE-2024-5348.json) (`2024-06-01T09:15:10.063`) +- [CVE-2024-4148](CVE-2024/CVE-2024-41xx/CVE-2024-4148.json) (`2024-06-01T16:15:07.563`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 9b5d48bde43..2c074c7f423 100644 --- a/_state.csv +++ b/_state.csv @@ -243526,7 +243526,7 @@ CVE-2024-22939,0,0,98ae5450b25ceaff1169d7851ac12cb3d1f8ed4212f5c71a0110eb042c52a CVE-2024-2294,0,0,7adaa24a33704366500d65a38c52ba5d5887ad22bed1bd0562d7b36efb6d901e,2024-03-17T22:38:29.433000 CVE-2024-22942,0,0,79bd7e0ad33fd20869abd839387d8922f33a08a9a291fa28b02d1093824080e6,2024-01-18T15:15:47.273000 CVE-2024-22949,0,0,422e733b9623e1850b76f79b7039472b307e7fc9b4786b379cdd80ebbc4b56bf,2024-05-17T02:36:27.340000 -CVE-2024-2295,1,1,0c554dc1ce9c659b30b867d7a62eb8efeced95148247bab8b5248e28d5b0efa4,2024-06-01T08:15:08.407000 +CVE-2024-2295,0,0,0c554dc1ce9c659b30b867d7a62eb8efeced95148247bab8b5248e28d5b0efa4,2024-06-01T08:15:08.407000 CVE-2024-22955,0,0,4ae6e1e162ac27be2c1563f300454f76989ec1b9814e0f4be1652f56a6f11be5,2024-01-25T14:54:48.427000 CVE-2024-22956,0,0,2da6b272cb072bcb92b74c4c5c3faca0048e5b46583e9ffdd9571398ebecd789,2024-01-25T14:55:01.053000 CVE-2024-22957,0,0,045bad9ba8bb739147d8dcd83b4e5a0ded4b848e11c744629a53c265926b4f4e,2024-01-25T14:59:59.737000 @@ -249015,7 +249015,7 @@ CVE-2024-31995,0,0,66dfe11a273e9e10d102f877b390a578235479d84ca6da17689c27557fdb1 CVE-2024-31996,0,0,4bc228afb2f37b1ef8f323b1e059ab55f2f5ea66358ab4f20e2844a94396b7b8,2024-04-11T12:47:44.137000 CVE-2024-31997,0,0,d95ca9b47538ea73a196934e9c1064ac6bfd03df35a75cfa6de5a54ba7f14856,2024-04-11T12:47:44.137000 CVE-2024-31999,0,0,92063baa188f8d1eb46101bed0277138de32335b249687b065a40c476ebdada7,2024-04-11T12:47:44.137000 -CVE-2024-3200,1,1,c1352cf58376da334caf49545ca518e8dfdf66921c575a1da98714d4faf89d74,2024-06-01T09:15:09.453000 +CVE-2024-3200,0,0,c1352cf58376da334caf49545ca518e8dfdf66921c575a1da98714d4faf89d74,2024-06-01T09:15:09.453000 CVE-2024-32000,0,0,5a1773951b9e4056d222ee9010995a856338856d61b3ccc3a9db5455d3c02bfb,2024-04-15T13:15:31.997000 CVE-2024-32001,0,0,5f137f0e0d607eeec96c185575fc4489622e4c58e021858f7aee0551fd5f0547,2024-04-11T12:47:44.137000 CVE-2024-32002,0,0,48be14afa98a3d0838703e3a18294dea9901ede648690c195f851d5768397209,2024-05-23T20:40:28.707000 @@ -250780,7 +250780,7 @@ CVE-2024-3560,0,0,66c1a96b1f1d19ab8c2a91f30bb939a8ccde028ecd6951f27029cb1628de4d CVE-2024-35618,0,0,f4a659269990a7da5fc8a683283ab4936f111dc8d0577fd89324aa0b32252657,2024-05-24T18:09:20.027000 CVE-2024-35621,0,0,359bbde00ddda9bcf647c6b7e008c50b5044b1ab7e2482e3d77bfaec39975360,2024-05-28T17:11:47.007000 CVE-2024-35627,0,0,152f6a140367536a1e62d9a33b0213a3c0edb39ccbba33db112f0915411e954b,2024-05-24T01:15:30.977000 -CVE-2024-35636,1,1,50355c13300a6ac082e1c483b1ab0ef66d8d81a837d0b58fd86ac7bbb9fe7982,2024-06-01T09:15:08.983000 +CVE-2024-35636,0,0,50355c13300a6ac082e1c483b1ab0ef66d8d81a837d0b58fd86ac7bbb9fe7982,2024-06-01T09:15:08.983000 CVE-2024-3564,0,0,126b0ad745c05ac2b6e0879d574d7c57b3c5395a16548c8e712a48ce4bee21ab,2024-06-01T04:15:08.743000 CVE-2024-3565,0,0,e1b2000c5686d2ca445ed687220d6569396d5c02fc079146ba9e31752c24516d,2024-06-01T04:15:09 CVE-2024-3566,0,0,e417ef1ceca67d3a9a8ba800520d4a9974bcf4eba2e3e6325dafdfbfe6af8d6b,2024-04-10T19:49:51.183000 @@ -251372,8 +251372,8 @@ CVE-2024-3812,0,0,f751171253b8aec65ad3eb6d2474d3ee930fd7bd925f44cbf577354bd9ac3c CVE-2024-3817,0,0,46e4b3903939ad7f28eeb8afee28fc4c5b18be71847d60ae426ede3b66e11122,2024-04-18T13:04:28.900000 CVE-2024-3818,0,0,3b93c96d931c7712dba585285a5a0f954163c40c8ab2b4d2e42e74b7a416a166,2024-04-19T13:10:25.637000 CVE-2024-3819,0,0,070335cf0d21b4518c9cf130cbde224bb7db7bd3582033700dab419bc756cd20,2024-05-02T18:00:37.360000 -CVE-2024-3820,1,1,48d416ec6de0088cea36d5f27c3c88b33b9c9a808b213e785f402e355f2b1677,2024-06-01T09:15:09.660000 -CVE-2024-3821,1,1,acbaf7f547cb98d9d82a5dc597afe162d8e8477fbf56803e65654df99ac62d31,2024-06-01T09:15:09.863000 +CVE-2024-3820,0,0,48d416ec6de0088cea36d5f27c3c88b33b9c9a808b213e785f402e355f2b1677,2024-06-01T09:15:09.660000 +CVE-2024-3821,0,0,acbaf7f547cb98d9d82a5dc597afe162d8e8477fbf56803e65654df99ac62d31,2024-06-01T09:15:09.863000 CVE-2024-3822,0,0,fc2c97d17f172eec9f94cdc5060f4aab438cbcb9ae5ff2766add603f099f299e,2024-05-15T16:40:19.330000 CVE-2024-3823,0,0,cd28ea160a68276fdd70271b0ec926d19fdc3598e922bafa9bf05d9fdd41ea0b,2024-05-15T16:40:19.330000 CVE-2024-3824,0,0,8545575d3e734e1433cd4d7c91c77cd29907e6f5ee87d4739239efdf13c20f26,2024-05-15T16:40:19.330000 @@ -251580,6 +251580,7 @@ CVE-2024-4140,0,0,bb3e400fe6c4b8cf6821bf141f5d1d6536fc52c547337b85d936fc6d6f95cc CVE-2024-4141,0,0,569cd2fcd9188d9eabeb08d432690880975d5549c17482aa7e239fef9c6bb2e6,2024-04-24T19:58:40.710000 CVE-2024-4142,0,0,6297707db3df670a282f3d4e6720e4836d7467220b5fcc108ef053e6a6308f68,2024-05-02T13:27:25.103000 CVE-2024-4144,0,0,804f070eb7c147c92dd9f6be5c3d4dba7563c2bc35d2c208518fc5d01b232644,2024-05-14T19:17:55.627000 +CVE-2024-4148,1,1,cbbb4d86b7c31de850629fe3b4289393ee4372c301703b7606cd8deb8fb6b58d,2024-06-01T16:15:07.563000 CVE-2024-4150,0,0,faed1039ecc56269b946edc3dde84ea0ad72d4967895c1be6d39f317de75f649,2024-05-14T16:11:39.510000 CVE-2024-4151,0,0,500903b4f0f30e11a0df3621c175651eac21ce51d803c0af0322e88c41c92b80,2024-05-20T15:17:54.513000 CVE-2024-4153,0,0,386cd319331b14b67f8ea4c2295b017273490160f5e9e3d7b1210acdd79af2b6,2024-05-22T12:46:53.887000 @@ -252096,7 +252097,7 @@ CVE-2024-4948,0,0,2b5345a3a2ad0f0e256c8a9888ed4459968962a0ab1b7459292f31a2fc3a82 CVE-2024-4949,0,0,259df003248cd164c42bd8e14c2329886e112004798407d6615ac49c44fb7c83,2024-05-16T13:03:05.353000 CVE-2024-4950,0,0,ee7f090411e231f963c331a4d42c01705715794d425732d14831f9be8aa12a99,2024-05-16T13:03:05.353000 CVE-2024-4956,0,0,ee2bcf2dea357e2a10f3afc4aab6bf4b7aa596bd0271ebb4f60e3d58e4ce3e86,2024-05-17T18:36:31.297000 -CVE-2024-4958,1,1,04862eec13688fbded39d1b2f225094d393af4262309c9857a4e05cd2c33b531,2024-06-01T08:15:08.637000 +CVE-2024-4958,0,0,04862eec13688fbded39d1b2f225094d393af4262309c9857a4e05cd2c33b531,2024-06-01T08:15:08.637000 CVE-2024-4960,0,0,ef25dcb7666716cb0b96f37296443474114cea70a21d0ab39d740c2fd1ad7b47,2024-05-17T02:40:43.877000 CVE-2024-4961,0,0,0d2d4f4239c9a9f29742a2da2d8e79004d41b07adb750c3d0ef3c07228a3521b,2024-05-17T02:40:43.983000 CVE-2024-4962,0,0,8bdf0697ee3d9e144772b39a0ef2523a003c7f01f25c4eacca12a9d372d3285d,2024-05-17T02:40:44.093000 @@ -252272,7 +252273,7 @@ CVE-2024-5340,0,0,c66c0c9e55de3c725084d3080da1dc604d47daf703d95b2c548541ec6a3822 CVE-2024-5341,0,0,2b72dd4ef57e598a2469a1d6786a4762ce0fcb8187c35f2f4bd1ff39b4044b7e,2024-05-30T13:15:41.297000 CVE-2024-5345,0,0,4ef09b351c74f9d110d594e3f259309be3bb624b771ff16733d9a7bb289d18d1,2024-05-31T13:01:46.727000 CVE-2024-5347,0,0,9a2a71210aaa051d4636ad0136ca45d374f37b52e66a2ab59e561ff84b7f7ab3,2024-05-31T13:01:46.727000 -CVE-2024-5348,1,1,6ccd3ae4427fc8195f55f69e99352ba2924ed63eef7a8159374aab2a5e28fc1e,2024-06-01T09:15:10.063000 +CVE-2024-5348,0,0,6ccd3ae4427fc8195f55f69e99352ba2924ed63eef7a8159374aab2a5e28fc1e,2024-06-01T09:15:10.063000 CVE-2024-5350,0,0,60bbd22831ddecb115d40713a9dc768f9983e70563a63aa9f7486c68fbd4f9e1,2024-05-28T12:39:42.673000 CVE-2024-5351,0,0,75936f9a30b9b2678d667660507da4226e150a018add31c316ae6f6c8d9a34b8,2024-05-28T12:39:42.673000 CVE-2024-5352,0,0,436cc86ab2a56db91a02662bc69df77d88892fce705caf803e28ba33694f3f1c,2024-05-28T12:39:42.673000