mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-04-01T20:00:38.476040+00:00
This commit is contained in:
cad-safe-bot
parent
887dc1dbd5
commit
320cbd00d7
@ -2,12 +2,16 @@
|
||||
"id": "CVE-2024-3094",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-03-29T17:15:21.150",
|
||||
"lastModified": "2024-04-01T17:23:05.317",
|
||||
"vulnStatus": "Analyzed",
|
||||
"lastModified": "2024-04-01T18:15:08.130",
|
||||
"vulnStatus": "Modified",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. \r\nThrough a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library."
|
||||
},
|
||||
{
|
||||
"lang": "es",
|
||||
"value": "Se descubri\u00f3 c\u00f3digo malicioso en los archivos tar ascendentes de xz, a partir de la versi\u00f3n 5.6.0. A trav\u00e9s de una serie de ofuscaciones complejas, el proceso de compilaci\u00f3n de liblzma extrae un archivo objeto premanipulado de un archivo de prueba disfrazado existente en el c\u00f3digo fuente, que luego se utiliza para modificar funciones espec\u00edficas en el c\u00f3digo de liblzma. Esto da como resultado una librer\u00eda liblzma modificada que puede ser utilizada por cualquier software vinculado a esta librer\u00eda, interceptando y modificando la interacci\u00f3n de datos con esta librer\u00eda."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
@ -170,6 +174,10 @@
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/amlweems/xzbot",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://github.com/karcherm/xz-malware",
|
||||
"source": "secalert@redhat.com",
|
||||
@ -223,6 +231,10 @@
|
||||
"Issue Tracking"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://news.ycombinator.com/item?id=39895344",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/",
|
||||
"source": "secalert@redhat.com",
|
||||
@ -337,6 +349,10 @@
|
||||
"Press/Media Coverage"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://xeiaso.net/notes/2024/xz-vuln/",
|
||||
"source": "secalert@redhat.com",
|
||||
|
||||
55
CVE-2024/CVE-2024-31xx/CVE-2024-3135.json
Normal file
55
CVE-2024/CVE-2024-31xx/CVE-2024-3135.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2024-3135",
|
||||
"sourceIdentifier": "security@huntr.dev",
|
||||
"published": "2024-04-01T19:15:46.257",
|
||||
"lastModified": "2024-04-01T19:15:46.257",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The web server lacked CSRF tokens allowing an attacker to host malicious JavaScript on a host that when visited by a LocalAI user, could allow the attacker to fill disk space to deny service or abuse credits."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV30": [
|
||||
{
|
||||
"source": "security@huntr.dev",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@huntr.dev",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-352"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://huntr.com/bounties/7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8",
|
||||
"source": "security@huntr.dev"
|
||||
}
|
||||
]
|
||||
}
|
||||
22
README.md
22
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-04-01T18:00:30.327146+00:00
|
||||
2024-04-01T20:00:38.476040+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-04-01T17:23:05.317000+00:00
|
||||
2024-04-01T19:15:46.257000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -33,31 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
243578
|
||||
243579
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `11`
|
||||
Recently added CVEs: `1`
|
||||
|
||||
- [CVE-2024-25574](CVE-2024/CVE-2024-255xx/CVE-2024-25574.json) (`2024-04-01T16:15:07.823`)
|
||||
- [CVE-2024-28232](CVE-2024/CVE-2024-282xx/CVE-2024-28232.json) (`2024-04-01T17:15:45.543`)
|
||||
- [CVE-2024-30858](CVE-2024/CVE-2024-308xx/CVE-2024-30858.json) (`2024-04-01T16:15:09.530`)
|
||||
- [CVE-2024-30859](CVE-2024/CVE-2024-308xx/CVE-2024-30859.json) (`2024-04-01T16:15:20.407`)
|
||||
- [CVE-2024-30860](CVE-2024/CVE-2024-308xx/CVE-2024-30860.json) (`2024-04-01T16:15:31.403`)
|
||||
- [CVE-2024-30861](CVE-2024/CVE-2024-308xx/CVE-2024-30861.json) (`2024-04-01T16:15:38.207`)
|
||||
- [CVE-2024-30862](CVE-2024/CVE-2024-308xx/CVE-2024-30862.json) (`2024-04-01T16:15:43.537`)
|
||||
- [CVE-2024-30863](CVE-2024/CVE-2024-308xx/CVE-2024-30863.json) (`2024-04-01T16:15:48.983`)
|
||||
- [CVE-2024-30867](CVE-2024/CVE-2024-308xx/CVE-2024-30867.json) (`2024-04-01T16:15:54.380`)
|
||||
- [CVE-2024-3129](CVE-2024/CVE-2024-31xx/CVE-2024-3129.json) (`2024-04-01T16:15:59.810`)
|
||||
- [CVE-2024-3131](CVE-2024/CVE-2024-31xx/CVE-2024-3131.json) (`2024-04-01T17:16:19.970`)
|
||||
- [CVE-2024-3135](CVE-2024/CVE-2024-31xx/CVE-2024-3135.json) (`2024-04-01T19:15:46.257`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `1`
|
||||
|
||||
- [CVE-2024-3094](CVE-2024/CVE-2024-30xx/CVE-2024-3094.json) (`2024-04-01T17:23:05.317`)
|
||||
- [CVE-2024-3094](CVE-2024/CVE-2024-30xx/CVE-2024-3094.json) (`2024-04-01T18:15:08.130`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
||||
25
_state.csv
25
_state.csv
@ -241751,7 +241751,7 @@ CVE-2024-25559,0,0,621d2089e4066088e4f2e7151d4c52b797349073e2e5f4d074059dc172fb6
|
||||
CVE-2024-2556,0,0,7dda608d4c973332c242425a23922df86f3028261d216807853df92150e28261,2024-03-21T02:52:37.803000
|
||||
CVE-2024-25567,0,0,bbb8c64eb3dcee3e8e89951734f837d0c3bea66c11459a30529f4c9133593805,2024-03-22T12:45:36.130000
|
||||
CVE-2024-2557,0,0,bd3cbcd6fdd2bc53d05ad0a21dcf76dc9100645c8cd39cc3bfd0cd796821c2ef,2024-03-21T02:52:37.887000
|
||||
CVE-2024-25574,1,1,d1773acbf41d98ae45efd9607de2f20ec292301589bc65d461240d2bb5cb6de4,2024-04-01T16:15:07.823000
|
||||
CVE-2024-25574,0,0,d1773acbf41d98ae45efd9607de2f20ec292301589bc65d461240d2bb5cb6de4,2024-04-01T16:15:07.823000
|
||||
CVE-2024-25578,0,0,ff68f9ee0e3394b3fa83fe8766f2e044325a5fd043b437de063c0cd80654c610,2024-03-01T14:04:26.010000
|
||||
CVE-2024-25579,0,0,91953a88eab65ef3b6eb3b0fbea08ce09211ffa83ae8783d4b439f2092b924fc,2024-02-29T13:49:47.277000
|
||||
CVE-2024-2558,0,0,9b2e64cc1dfa18aa6ab6ed26c2435de053f445557e20541392c5e86001c65488,2024-03-21T02:52:37.973000
|
||||
@ -242742,7 +242742,7 @@ CVE-2024-28229,0,0,7bfc3b59e790a5126732ec4d8d480f9938166a41475488b32e066c1e064cc
|
||||
CVE-2024-2823,0,0,1867dc09c5e833da359a0c14ac91c9482d72bb78f2ce80c84c0309fdaa923bfc,2024-03-22T19:02:10.300000
|
||||
CVE-2024-28230,0,0,3036aa70102b53b9cc695265dc4a11e5a4f5b8d26f6120835dbd1a9c3d93e7ec,2024-03-07T13:52:27.110000
|
||||
CVE-2024-28231,0,0,f41f4c1605399e97b52547261c763ca0d059815d5c55e921912a149cd091acde,2024-03-21T12:58:51.093000
|
||||
CVE-2024-28232,1,1,03c9d1a52549a6573b91e36d7f0b14d769d06ab3474eef5cde5a9711af7e7f1a,2024-04-01T17:15:45.543000
|
||||
CVE-2024-28232,0,0,03c9d1a52549a6573b91e36d7f0b14d769d06ab3474eef5cde5a9711af7e7f1a,2024-04-01T17:15:45.543000
|
||||
CVE-2024-28233,0,0,accd19653e4fb87965492361d5e3e83a58cd9545ef54fcd1230d21b32b8e2d7d,2024-03-28T02:01:21.693000
|
||||
CVE-2024-28236,0,0,ea7d34bffb060eb0191757ceb4c446ee8bfa4166cb7d1e0d8e67e75c651ba966,2024-03-13T12:33:51.697000
|
||||
CVE-2024-28237,0,0,e54564ebce9f53fbf47a1a617d4c2539d1d06a16522000543afac14f934cf25f,2024-03-19T13:26:46
|
||||
@ -243504,17 +243504,17 @@ CVE-2024-3078,0,0,07ca6090eecfc88a41afb186ab370517deca7caa0d1280cb8ed031f58d59e1
|
||||
CVE-2024-3081,0,0,2da3854fbeb6cca4614d6d24296040277ca88e6d0ed030c01a359068a030ddfa,2024-04-01T01:12:59.077000
|
||||
CVE-2024-3084,0,0,6f0c7586a3c88534f00ba59a47aa9dd0680a2cdafb1300626661076bb837900c,2024-04-01T01:12:59.077000
|
||||
CVE-2024-3085,0,0,1d168a308d02b592b28c789f045dddc210cf1939a65b734054cdda3096d46101,2024-04-01T01:12:59.077000
|
||||
CVE-2024-30858,1,1,4e37b088ed4f6420023ae129185c8d34a582963965690e296d72f5f4468df863,2024-04-01T16:15:09.530000
|
||||
CVE-2024-30859,1,1,e40057413bfd1bc9e9e29d5a7f6ddd953ba96f63030c96ea8e062eba2df29e93,2024-04-01T16:15:20.407000
|
||||
CVE-2024-30858,0,0,4e37b088ed4f6420023ae129185c8d34a582963965690e296d72f5f4468df863,2024-04-01T16:15:09.530000
|
||||
CVE-2024-30859,0,0,e40057413bfd1bc9e9e29d5a7f6ddd953ba96f63030c96ea8e062eba2df29e93,2024-04-01T16:15:20.407000
|
||||
CVE-2024-3086,0,0,6334a746419e037dd4d37c75047c90551e4ae0f5163f1eb23629374c352bfd8e,2024-04-01T01:12:59.077000
|
||||
CVE-2024-30860,1,1,56f0d8b59f32b26859edda29995cda3ed85f7320103f3c21a4232e132bda01b7,2024-04-01T16:15:31.403000
|
||||
CVE-2024-30861,1,1,2d952966bd4e3ebf0f870e3dd1ab638d6fc4299e6e574e323c679804051182d8,2024-04-01T16:15:38.207000
|
||||
CVE-2024-30862,1,1,b2eb5ffc486884f8aac09ac6d53ee72a0d35d30f4a2ea6bb040073a7ed5dcda6,2024-04-01T16:15:43.537000
|
||||
CVE-2024-30863,1,1,9a52bad0f947acba91e795354c8437fc6c41629e1557565babf2cf909049a806,2024-04-01T16:15:48.983000
|
||||
CVE-2024-30860,0,0,56f0d8b59f32b26859edda29995cda3ed85f7320103f3c21a4232e132bda01b7,2024-04-01T16:15:31.403000
|
||||
CVE-2024-30861,0,0,2d952966bd4e3ebf0f870e3dd1ab638d6fc4299e6e574e323c679804051182d8,2024-04-01T16:15:38.207000
|
||||
CVE-2024-30862,0,0,b2eb5ffc486884f8aac09ac6d53ee72a0d35d30f4a2ea6bb040073a7ed5dcda6,2024-04-01T16:15:43.537000
|
||||
CVE-2024-30863,0,0,9a52bad0f947acba91e795354c8437fc6c41629e1557565babf2cf909049a806,2024-04-01T16:15:48.983000
|
||||
CVE-2024-30864,0,0,169a9955afbce8794653fada709c5e9c9d082ff7c90170525c4509d56957d834,2024-04-01T15:53:18.060000
|
||||
CVE-2024-30865,0,0,ac757beda4e0780f377f34c7af2a62f253ecdd9471447daeffa300b86c5bc569,2024-04-01T15:53:18.060000
|
||||
CVE-2024-30866,0,0,9bb403b2fb3caabd1a69b7ba95e14c855158cfcf28ba0ae1aeec586dd66a20f1,2024-04-01T15:53:18.060000
|
||||
CVE-2024-30867,1,1,cbef4f0bff81dd1eb1f935fe8a966587aa19f39f61b3bee59520671dcd59ce1f,2024-04-01T16:15:54.380000
|
||||
CVE-2024-30867,0,0,cbef4f0bff81dd1eb1f935fe8a966587aa19f39f61b3bee59520671dcd59ce1f,2024-04-01T16:15:54.380000
|
||||
CVE-2024-30868,0,0,52ea6519b73e42cda48d711e6455a815c4f9267f523b50d6ab7ff567d93aa4cb,2024-04-01T15:53:18.060000
|
||||
CVE-2024-3087,0,0,3e290cbe3daedc06f27bc42c4c0612a595430796c00d36c14ef77196402371ef,2024-04-01T01:12:59.077000
|
||||
CVE-2024-30870,0,0,3a2ecb37aebc2eaf73fc0824a68a0468a7bc5646fe44ee4f32897d04fcb28a3b,2024-04-01T15:53:18.060000
|
||||
@ -243524,7 +243524,7 @@ CVE-2024-3088,0,0,17096f2cfa8fda09a8bb2b7c525c1938c5c418c0e3bd885f1d08a8c3953fe5
|
||||
CVE-2024-3089,0,0,b4f31458bb9b11408f751c36503b5a78d4493afb2b414607628068f199bdcb01,2024-04-01T01:12:59.077000
|
||||
CVE-2024-3090,0,0,e521b31492c960816f2b9672e6c814449ea6ce77dbc34054aeb4b3c679ad2119,2024-04-01T01:12:59.077000
|
||||
CVE-2024-3091,0,0,e5161a5a2d0196ce39626dff7591f836486bee878683ee478a2b6a285b1e55df,2024-04-01T01:12:59.077000
|
||||
CVE-2024-3094,0,1,968f875b44f7c00fd5c1c551168cb3f3ae71dfcad8805a566c6c5a0c357b75e2,2024-04-01T17:23:05.317000
|
||||
CVE-2024-3094,0,1,90dd4a4fc9f3a1805900d0aa3c586a11abe50efccc342603e40885595ed200f2,2024-04-01T18:15:08.130000
|
||||
CVE-2024-31032,0,0,c23457a1b61188b806e7f7013717ab2174a595288e28b36b486645ce08e16035,2024-04-01T01:12:59.077000
|
||||
CVE-2024-31033,0,0,b68c0579ca8a1928aaa2c04420bd909e78d3dea0bf9cb7601dc000d4dad4d6ac,2024-04-01T12:49:09.583000
|
||||
CVE-2024-31061,0,0,3a611478260a969dc7c268c913c4f396b21e3b4ebcb9a4cb4b0ae2a352b58da0,2024-03-28T20:53:20.813000
|
||||
@ -243574,6 +243574,7 @@ CVE-2024-3118,0,0,b5b75746c75ca563aa0406a7ceae7d271849851379d0c504abb280cf34775b
|
||||
CVE-2024-3124,0,0,88993a51b2813ba6d0852fe53b46f4e937239357a93a892f43356ecdbc8c4f4d,2024-04-01T15:53:18.060000
|
||||
CVE-2024-3125,0,0,8233882821d0c860d7469b1c2fa1079e4ec121af79d847cb67ade60b401b87c0,2024-04-01T15:53:18.060000
|
||||
CVE-2024-3128,0,0,056938c6a8b6ab390e58cb8172b91bb74a5a0631c1c821668ba50e075d1b96ef,2024-04-01T15:53:18.060000
|
||||
CVE-2024-3129,1,1,d56dc65048f8b5510a9b06891117a0b948b323d309c6396cedd8172433a25afd,2024-04-01T16:15:59.810000
|
||||
CVE-2024-3129,0,0,d56dc65048f8b5510a9b06891117a0b948b323d309c6396cedd8172433a25afd,2024-04-01T16:15:59.810000
|
||||
CVE-2024-3130,0,0,ef2284dd9e84592c7cee32f0cffdd9950f2526390b774b97299e332f225b7f58,2024-04-01T12:49:00.877000
|
||||
CVE-2024-3131,1,1,7dfaa24c8b195badc25edb04d978f1a937b34743cf98489290336cba65db3832,2024-04-01T17:16:19.970000
|
||||
CVE-2024-3131,0,0,7dfaa24c8b195badc25edb04d978f1a937b34743cf98489290336cba65db3832,2024-04-01T17:16:19.970000
|
||||
CVE-2024-3135,1,1,9fd41b50098c6d32295984c9d56fe9e173835dcf05ebbef747e5073b9780d1d3,2024-04-01T19:15:46.257000
|
||||
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user