diff --git a/CVE-2024/CVE-2024-30xx/CVE-2024-3094.json b/CVE-2024/CVE-2024-30xx/CVE-2024-3094.json index 5dea9a34cd9..002a67ca68d 100644 --- a/CVE-2024/CVE-2024-30xx/CVE-2024-3094.json +++ b/CVE-2024/CVE-2024-30xx/CVE-2024-3094.json @@ -2,12 +2,16 @@ "id": "CVE-2024-3094", "sourceIdentifier": "secalert@redhat.com", "published": "2024-03-29T17:15:21.150", - "lastModified": "2024-04-01T17:23:05.317", - "vulnStatus": "Analyzed", + "lastModified": "2024-04-01T18:15:08.130", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "Malicious code was discovered in the upstream tarballs of xz, starting with version 5.6.0. \r\nThrough a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific functions in the liblzma code. This results in a modified liblzma library that can be used by any software linked against this library, intercepting and modifying the data interaction with this library." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 c\u00f3digo malicioso en los archivos tar ascendentes de xz, a partir de la versi\u00f3n 5.6.0. A trav\u00e9s de una serie de ofuscaciones complejas, el proceso de compilaci\u00f3n de liblzma extrae un archivo objeto premanipulado de un archivo de prueba disfrazado existente en el c\u00f3digo fuente, que luego se utiliza para modificar funciones espec\u00edficas en el c\u00f3digo de liblzma. Esto da como resultado una librer\u00eda liblzma modificada que puede ser utilizada por cualquier software vinculado a esta librer\u00eda, interceptando y modificando la interacci\u00f3n de datos con esta librer\u00eda." } ], "metrics": { @@ -170,6 +174,10 @@ "Third Party Advisory" ] }, + { + "url": "https://github.com/amlweems/xzbot", + "source": "secalert@redhat.com" + }, { "url": "https://github.com/karcherm/xz-malware", "source": "secalert@redhat.com", @@ -223,6 +231,10 @@ "Issue Tracking" ] }, + { + "url": "https://news.ycombinator.com/item?id=39895344", + "source": "secalert@redhat.com" + }, { "url": "https://openssf.org/blog/2024/03/30/xz-backdoor-cve-2024-3094/", "source": "secalert@redhat.com", @@ -337,6 +349,10 @@ "Press/Media Coverage" ] }, + { + "url": "https://www.vicarius.io/vsociety/vulnerabilities/cve-2024-3094", + "source": "secalert@redhat.com" + }, { "url": "https://xeiaso.net/notes/2024/xz-vuln/", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json b/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json new file mode 100644 index 00000000000..bf66d0a9bfb --- /dev/null +++ b/CVE-2024/CVE-2024-31xx/CVE-2024-3135.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-3135", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-04-01T19:15:46.257", + "lastModified": "2024-04-01T19:15:46.257", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The web server lacked CSRF tokens allowing an attacker to host malicious JavaScript on a host that when visited by a LocalAI user, could allow the attacker to fill disk space to deny service or abuse credits." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/7afdc4d3-4b68-45ea-96d0-cf9ed3712ae8", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 00ad0469a20..8c274d1ca0e 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-01T18:00:30.327146+00:00 +2024-04-01T20:00:38.476040+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-01T17:23:05.317000+00:00 +2024-04-01T19:15:46.257000+00:00 ``` ### Last Data Feed Release @@ -33,31 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -243578 +243579 ``` ### CVEs added in the last Commit -Recently added CVEs: `11` +Recently added CVEs: `1` -- [CVE-2024-25574](CVE-2024/CVE-2024-255xx/CVE-2024-25574.json) (`2024-04-01T16:15:07.823`) -- [CVE-2024-28232](CVE-2024/CVE-2024-282xx/CVE-2024-28232.json) (`2024-04-01T17:15:45.543`) -- [CVE-2024-30858](CVE-2024/CVE-2024-308xx/CVE-2024-30858.json) (`2024-04-01T16:15:09.530`) -- [CVE-2024-30859](CVE-2024/CVE-2024-308xx/CVE-2024-30859.json) (`2024-04-01T16:15:20.407`) -- [CVE-2024-30860](CVE-2024/CVE-2024-308xx/CVE-2024-30860.json) (`2024-04-01T16:15:31.403`) -- [CVE-2024-30861](CVE-2024/CVE-2024-308xx/CVE-2024-30861.json) (`2024-04-01T16:15:38.207`) -- [CVE-2024-30862](CVE-2024/CVE-2024-308xx/CVE-2024-30862.json) (`2024-04-01T16:15:43.537`) -- [CVE-2024-30863](CVE-2024/CVE-2024-308xx/CVE-2024-30863.json) (`2024-04-01T16:15:48.983`) -- [CVE-2024-30867](CVE-2024/CVE-2024-308xx/CVE-2024-30867.json) (`2024-04-01T16:15:54.380`) -- [CVE-2024-3129](CVE-2024/CVE-2024-31xx/CVE-2024-3129.json) (`2024-04-01T16:15:59.810`) -- [CVE-2024-3131](CVE-2024/CVE-2024-31xx/CVE-2024-3131.json) (`2024-04-01T17:16:19.970`) +- [CVE-2024-3135](CVE-2024/CVE-2024-31xx/CVE-2024-3135.json) (`2024-04-01T19:15:46.257`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2024-3094](CVE-2024/CVE-2024-30xx/CVE-2024-3094.json) (`2024-04-01T17:23:05.317`) +- [CVE-2024-3094](CVE-2024/CVE-2024-30xx/CVE-2024-3094.json) (`2024-04-01T18:15:08.130`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8651c83f4b1..661aaf831a7 100644 --- a/_state.csv +++ b/_state.csv @@ -241751,7 +241751,7 @@ CVE-2024-25559,0,0,621d2089e4066088e4f2e7151d4c52b797349073e2e5f4d074059dc172fb6 CVE-2024-2556,0,0,7dda608d4c973332c242425a23922df86f3028261d216807853df92150e28261,2024-03-21T02:52:37.803000 CVE-2024-25567,0,0,bbb8c64eb3dcee3e8e89951734f837d0c3bea66c11459a30529f4c9133593805,2024-03-22T12:45:36.130000 CVE-2024-2557,0,0,bd3cbcd6fdd2bc53d05ad0a21dcf76dc9100645c8cd39cc3bfd0cd796821c2ef,2024-03-21T02:52:37.887000 -CVE-2024-25574,1,1,d1773acbf41d98ae45efd9607de2f20ec292301589bc65d461240d2bb5cb6de4,2024-04-01T16:15:07.823000 +CVE-2024-25574,0,0,d1773acbf41d98ae45efd9607de2f20ec292301589bc65d461240d2bb5cb6de4,2024-04-01T16:15:07.823000 CVE-2024-25578,0,0,ff68f9ee0e3394b3fa83fe8766f2e044325a5fd043b437de063c0cd80654c610,2024-03-01T14:04:26.010000 CVE-2024-25579,0,0,91953a88eab65ef3b6eb3b0fbea08ce09211ffa83ae8783d4b439f2092b924fc,2024-02-29T13:49:47.277000 CVE-2024-2558,0,0,9b2e64cc1dfa18aa6ab6ed26c2435de053f445557e20541392c5e86001c65488,2024-03-21T02:52:37.973000 @@ -242742,7 +242742,7 @@ CVE-2024-28229,0,0,7bfc3b59e790a5126732ec4d8d480f9938166a41475488b32e066c1e064cc CVE-2024-2823,0,0,1867dc09c5e833da359a0c14ac91c9482d72bb78f2ce80c84c0309fdaa923bfc,2024-03-22T19:02:10.300000 CVE-2024-28230,0,0,3036aa70102b53b9cc695265dc4a11e5a4f5b8d26f6120835dbd1a9c3d93e7ec,2024-03-07T13:52:27.110000 CVE-2024-28231,0,0,f41f4c1605399e97b52547261c763ca0d059815d5c55e921912a149cd091acde,2024-03-21T12:58:51.093000 -CVE-2024-28232,1,1,03c9d1a52549a6573b91e36d7f0b14d769d06ab3474eef5cde5a9711af7e7f1a,2024-04-01T17:15:45.543000 +CVE-2024-28232,0,0,03c9d1a52549a6573b91e36d7f0b14d769d06ab3474eef5cde5a9711af7e7f1a,2024-04-01T17:15:45.543000 CVE-2024-28233,0,0,accd19653e4fb87965492361d5e3e83a58cd9545ef54fcd1230d21b32b8e2d7d,2024-03-28T02:01:21.693000 CVE-2024-28236,0,0,ea7d34bffb060eb0191757ceb4c446ee8bfa4166cb7d1e0d8e67e75c651ba966,2024-03-13T12:33:51.697000 CVE-2024-28237,0,0,e54564ebce9f53fbf47a1a617d4c2539d1d06a16522000543afac14f934cf25f,2024-03-19T13:26:46 @@ -243504,17 +243504,17 @@ CVE-2024-3078,0,0,07ca6090eecfc88a41afb186ab370517deca7caa0d1280cb8ed031f58d59e1 CVE-2024-3081,0,0,2da3854fbeb6cca4614d6d24296040277ca88e6d0ed030c01a359068a030ddfa,2024-04-01T01:12:59.077000 CVE-2024-3084,0,0,6f0c7586a3c88534f00ba59a47aa9dd0680a2cdafb1300626661076bb837900c,2024-04-01T01:12:59.077000 CVE-2024-3085,0,0,1d168a308d02b592b28c789f045dddc210cf1939a65b734054cdda3096d46101,2024-04-01T01:12:59.077000 -CVE-2024-30858,1,1,4e37b088ed4f6420023ae129185c8d34a582963965690e296d72f5f4468df863,2024-04-01T16:15:09.530000 -CVE-2024-30859,1,1,e40057413bfd1bc9e9e29d5a7f6ddd953ba96f63030c96ea8e062eba2df29e93,2024-04-01T16:15:20.407000 +CVE-2024-30858,0,0,4e37b088ed4f6420023ae129185c8d34a582963965690e296d72f5f4468df863,2024-04-01T16:15:09.530000 +CVE-2024-30859,0,0,e40057413bfd1bc9e9e29d5a7f6ddd953ba96f63030c96ea8e062eba2df29e93,2024-04-01T16:15:20.407000 CVE-2024-3086,0,0,6334a746419e037dd4d37c75047c90551e4ae0f5163f1eb23629374c352bfd8e,2024-04-01T01:12:59.077000 -CVE-2024-30860,1,1,56f0d8b59f32b26859edda29995cda3ed85f7320103f3c21a4232e132bda01b7,2024-04-01T16:15:31.403000 -CVE-2024-30861,1,1,2d952966bd4e3ebf0f870e3dd1ab638d6fc4299e6e574e323c679804051182d8,2024-04-01T16:15:38.207000 -CVE-2024-30862,1,1,b2eb5ffc486884f8aac09ac6d53ee72a0d35d30f4a2ea6bb040073a7ed5dcda6,2024-04-01T16:15:43.537000 -CVE-2024-30863,1,1,9a52bad0f947acba91e795354c8437fc6c41629e1557565babf2cf909049a806,2024-04-01T16:15:48.983000 +CVE-2024-30860,0,0,56f0d8b59f32b26859edda29995cda3ed85f7320103f3c21a4232e132bda01b7,2024-04-01T16:15:31.403000 +CVE-2024-30861,0,0,2d952966bd4e3ebf0f870e3dd1ab638d6fc4299e6e574e323c679804051182d8,2024-04-01T16:15:38.207000 +CVE-2024-30862,0,0,b2eb5ffc486884f8aac09ac6d53ee72a0d35d30f4a2ea6bb040073a7ed5dcda6,2024-04-01T16:15:43.537000 +CVE-2024-30863,0,0,9a52bad0f947acba91e795354c8437fc6c41629e1557565babf2cf909049a806,2024-04-01T16:15:48.983000 CVE-2024-30864,0,0,169a9955afbce8794653fada709c5e9c9d082ff7c90170525c4509d56957d834,2024-04-01T15:53:18.060000 CVE-2024-30865,0,0,ac757beda4e0780f377f34c7af2a62f253ecdd9471447daeffa300b86c5bc569,2024-04-01T15:53:18.060000 CVE-2024-30866,0,0,9bb403b2fb3caabd1a69b7ba95e14c855158cfcf28ba0ae1aeec586dd66a20f1,2024-04-01T15:53:18.060000 -CVE-2024-30867,1,1,cbef4f0bff81dd1eb1f935fe8a966587aa19f39f61b3bee59520671dcd59ce1f,2024-04-01T16:15:54.380000 +CVE-2024-30867,0,0,cbef4f0bff81dd1eb1f935fe8a966587aa19f39f61b3bee59520671dcd59ce1f,2024-04-01T16:15:54.380000 CVE-2024-30868,0,0,52ea6519b73e42cda48d711e6455a815c4f9267f523b50d6ab7ff567d93aa4cb,2024-04-01T15:53:18.060000 CVE-2024-3087,0,0,3e290cbe3daedc06f27bc42c4c0612a595430796c00d36c14ef77196402371ef,2024-04-01T01:12:59.077000 CVE-2024-30870,0,0,3a2ecb37aebc2eaf73fc0824a68a0468a7bc5646fe44ee4f32897d04fcb28a3b,2024-04-01T15:53:18.060000 @@ -243524,7 +243524,7 @@ CVE-2024-3088,0,0,17096f2cfa8fda09a8bb2b7c525c1938c5c418c0e3bd885f1d08a8c3953fe5 CVE-2024-3089,0,0,b4f31458bb9b11408f751c36503b5a78d4493afb2b414607628068f199bdcb01,2024-04-01T01:12:59.077000 CVE-2024-3090,0,0,e521b31492c960816f2b9672e6c814449ea6ce77dbc34054aeb4b3c679ad2119,2024-04-01T01:12:59.077000 CVE-2024-3091,0,0,e5161a5a2d0196ce39626dff7591f836486bee878683ee478a2b6a285b1e55df,2024-04-01T01:12:59.077000 -CVE-2024-3094,0,1,968f875b44f7c00fd5c1c551168cb3f3ae71dfcad8805a566c6c5a0c357b75e2,2024-04-01T17:23:05.317000 +CVE-2024-3094,0,1,90dd4a4fc9f3a1805900d0aa3c586a11abe50efccc342603e40885595ed200f2,2024-04-01T18:15:08.130000 CVE-2024-31032,0,0,c23457a1b61188b806e7f7013717ab2174a595288e28b36b486645ce08e16035,2024-04-01T01:12:59.077000 CVE-2024-31033,0,0,b68c0579ca8a1928aaa2c04420bd909e78d3dea0bf9cb7601dc000d4dad4d6ac,2024-04-01T12:49:09.583000 CVE-2024-31061,0,0,3a611478260a969dc7c268c913c4f396b21e3b4ebcb9a4cb4b0ae2a352b58da0,2024-03-28T20:53:20.813000 @@ -243574,6 +243574,7 @@ CVE-2024-3118,0,0,b5b75746c75ca563aa0406a7ceae7d271849851379d0c504abb280cf34775b CVE-2024-3124,0,0,88993a51b2813ba6d0852fe53b46f4e937239357a93a892f43356ecdbc8c4f4d,2024-04-01T15:53:18.060000 CVE-2024-3125,0,0,8233882821d0c860d7469b1c2fa1079e4ec121af79d847cb67ade60b401b87c0,2024-04-01T15:53:18.060000 CVE-2024-3128,0,0,056938c6a8b6ab390e58cb8172b91bb74a5a0631c1c821668ba50e075d1b96ef,2024-04-01T15:53:18.060000 -CVE-2024-3129,1,1,d56dc65048f8b5510a9b06891117a0b948b323d309c6396cedd8172433a25afd,2024-04-01T16:15:59.810000 +CVE-2024-3129,0,0,d56dc65048f8b5510a9b06891117a0b948b323d309c6396cedd8172433a25afd,2024-04-01T16:15:59.810000 CVE-2024-3130,0,0,ef2284dd9e84592c7cee32f0cffdd9950f2526390b774b97299e332f225b7f58,2024-04-01T12:49:00.877000 -CVE-2024-3131,1,1,7dfaa24c8b195badc25edb04d978f1a937b34743cf98489290336cba65db3832,2024-04-01T17:16:19.970000 +CVE-2024-3131,0,0,7dfaa24c8b195badc25edb04d978f1a937b34743cf98489290336cba65db3832,2024-04-01T17:16:19.970000 +CVE-2024-3135,1,1,9fd41b50098c6d32295984c9d56fe9e173835dcf05ebbef747e5073b9780d1d3,2024-04-01T19:15:46.257000