From 314eae44e24dc63750046abd289341ad02722422 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 23 Jul 2024 02:03:13 +0000 Subject: [PATCH] Auto-Update: 2024-07-23T02:00:17.989091+00:00 --- CVE-2024/CVE-2024-39xx/CVE-2024-3904.json | 10 +++- CVE-2024/CVE-2024-67xx/CVE-2024-6717.json | 56 +++++++++++++++++++++++ README.md | 13 +++--- _state.csv | 5 +- 4 files changed, 75 insertions(+), 9 deletions(-) create mode 100644 CVE-2024/CVE-2024-67xx/CVE-2024-6717.json diff --git a/CVE-2024/CVE-2024-39xx/CVE-2024-3904.json b/CVE-2024/CVE-2024-39xx/CVE-2024-3904.json index dad172847dc..72e16164dfc 100644 --- a/CVE-2024/CVE-2024-39xx/CVE-2024-3904.json +++ b/CVE-2024/CVE-2024-39xx/CVE-2024-3904.json @@ -2,7 +2,7 @@ "id": "CVE-2024-3904", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2024-07-04T09:15:04.317", - "lastModified": "2024-07-05T12:55:51.367", + "lastModified": "2024-07-23T01:15:09.063", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -52,6 +52,14 @@ } ], "references": [ + { + "url": "https://jvn.jp/vu/JVNVU91215350/index.html", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, + { + "url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-191-02", + "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" + }, { "url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2024-003_en.pdf", "source": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp" diff --git a/CVE-2024/CVE-2024-67xx/CVE-2024-6717.json b/CVE-2024/CVE-2024-67xx/CVE-2024-6717.json new file mode 100644 index 00000000000..a70005df20f --- /dev/null +++ b/CVE-2024/CVE-2024-67xx/CVE-2024-6717.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-6717", + "sourceIdentifier": "security@hashicorp.com", + "published": "2024-07-23T01:15:09.190", + "lastModified": "2024-07-23T01:15:09.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "HashiCorp Nomad and Nomad Enterprise 1.6.12 up to 1.7.9, and 1.8.1 archive unpacking during migration is vulnerable to path escaping of the allocation directory. This vulnerability, CVE-2024-6717, is fixed in Nomad 1.6.13, 1.7.10, and 1.8.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@hashicorp.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-610" + } + ] + } + ], + "references": [ + { + "url": "https://discuss.hashicorp.com/t/hcsec-2024-15-nomad-vulnerable-to-allocation-directory-path-escape-through-archive-unpacking/68781", + "source": "security@hashicorp.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c576afbc0be..43462d5200e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-22T23:55:18.371296+00:00 +2024-07-23T02:00:17.989091+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-22T22:15:02.200000+00:00 +2024-07-23T01:15:09.190000+00:00 ``` ### Last Data Feed Release @@ -27,26 +27,27 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-07-22T00:00:08.651416+00:00 +2024-07-23T00:00:08.669403+00:00 ``` ### Total Number of included CVEs ```plain -257816 +257817 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-24507](CVE-2024/CVE-2024-245xx/CVE-2024-24507.json) (`2024-07-22T22:15:02.200`) +- [CVE-2024-6717](CVE-2024/CVE-2024-67xx/CVE-2024-6717.json) (`2024-07-23T01:15:09.190`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-3904](CVE-2024/CVE-2024-39xx/CVE-2024-3904.json) (`2024-07-23T01:15:09.063`) ## Download and Usage diff --git a/_state.csv b/_state.csv index f9359c3b128..94a67a8ea9e 100644 --- a/_state.csv +++ b/_state.csv @@ -245475,7 +245475,7 @@ CVE-2024-24498,0,0,0aa227dc68d56b6857000c562a4cac27071ca2f47030d798b9bd4912ab131 CVE-2024-24499,0,0,e4ff37cd2db9d4d32f1157041bef41498f67a3696e29884293222c73e4e39b9b,2024-04-24T21:15:47.147000 CVE-2024-2450,0,0,755e866a7b0db6589d3e0a883887ca70c54bd78a033c510c6d171025dcde46e1,2024-03-15T12:53:06.423000 CVE-2024-24506,0,0,352f7b438b05b4fbf04fde226f661101b73c52d15d081ca65fec9f440b295fc5,2024-04-03T12:38:04.840000 -CVE-2024-24507,1,1,20493e0b83b92d513dcf2850c558e9822809c2d0b02020c54d3b4d23ef54525b,2024-07-22T22:15:02.200000 +CVE-2024-24507,0,0,20493e0b83b92d513dcf2850c558e9822809c2d0b02020c54d3b4d23ef54525b,2024-07-22T22:15:02.200000 CVE-2024-2451,0,0,ed8963260b73d0c2914199c7ccad86d4c10e40338037d43fae0b6a4b737eaa20,2024-05-28T17:11:55.903000 CVE-2024-24511,0,0,eae91992a4f8ae9aeded116229f78eeb98fc9499dd99da81c095e8822d970bce,2024-03-04T13:58:23.447000 CVE-2024-24512,0,0,5297ae1840ce088f7a7ad9c82816ab5d47fccf4784d399ef43fa4059b97a6a10,2024-03-04T13:58:23.447000 @@ -255020,7 +255020,7 @@ CVE-2024-39028,0,0,a2641222edcef12e310d06c15f66d85419ac0430d888fa7eecd56f4af8dd2 CVE-2024-3903,0,0,e1c6da3858ae6e8352eea69425b877e7a9386bde1a277b8207c331dc00d06d7a,2024-05-14T16:11:39.510000 CVE-2024-39031,0,0,e5520859a866921030fc1384c2ab2bf863abb5a11a15d9c4b232e5f035349aa7,2024-07-12T16:11:49.347000 CVE-2024-39036,0,0,8b0e3b7a757c7630c97609bf5affb9bafa3162d1af04d1ccd31492e6e46f7c28,2024-07-17T13:34:20.520000 -CVE-2024-3904,0,0,e776b30b1479be2ac2ba614a0e013b808dadbdf28dffb2a6f17cc6a76062926f,2024-07-05T12:55:51.367000 +CVE-2024-3904,0,1,b47d95974559a4f3b756535a5502c34ce174362aa3e2f750b6b7a9a829cd5533,2024-07-23T01:15:09.063000 CVE-2024-3905,0,0,67966257112781442fc6e512d6c151edda862eaaff35815fcc6adec0f7a08ca4,2024-06-04T19:20:26.357000 CVE-2024-3906,0,0,a3b427119bdbbda357983f8fdd52a145484ad89b344f08b8387b1c5f33e2d6f6,2024-06-04T19:20:26.463000 CVE-2024-39063,0,0,c1e0ac7f9481d76fe7fdb16a6eaacaab5e66b9b0a0a18edcff2fd308e8920150,2024-07-11T13:06:13.187000 @@ -257716,6 +257716,7 @@ CVE-2024-6689,0,0,d40d4a6e022419e83ed34bb3a74eb0d24556e6d76f7b0a592f90775a9d5287 CVE-2024-6694,0,0,7d61bbb6e4266a8c90354c9d0cb6da1ede156f667671ed3e7d5507b5e685e063,2024-07-22T13:00:53.287000 CVE-2024-6705,0,0,1e166467558902cf3ff2211f8b1aa347feb308f999c65053186e5a13806e8368,2024-07-18T12:28:43.707000 CVE-2024-6716,0,0,8ffb92442f0506288b44c8e147b3f474301f4b7d486d9477f8f7548823d67c07,2024-07-17T14:15:04.210000 +CVE-2024-6717,1,1,91d6e2e1e8d85821c6b836019c0c3e544427a23e07d8611904ae6a48961d3cf4,2024-07-23T01:15:09.190000 CVE-2024-6721,0,0,20bc3ac9fd25b0ef666ff8f606cfc8f742981337efa5a16bd2cfa701fac87a51,2024-07-15T16:15:03.467000 CVE-2024-6728,0,0,9abe0a9570ded71226f4ac9c9c5189516c258bbe0afa1c3fa1605041ef7aae25,2024-07-15T13:00:34.853000 CVE-2024-6729,0,0,b413856446136980bf68a32632989cec2f558712dbc6c4470999a635b3ec5394,2024-07-21T06:15:02.240000