Auto-Update: 2024-04-12T23:55:31.636306+00:00

This commit is contained in:
cad-safe-bot 2024-04-12 23:58:21 +00:00
parent 440bd817e2
commit 3588cc5b01
5 changed files with 245 additions and 16 deletions

View File

@ -0,0 +1,71 @@
{
"id": "CVE-2024-28869",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-12T22:15:07.080",
"lastModified": "2024-04-12T22:15:07.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the \"Content-length\" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,91 @@
{
"id": "CVE-2024-31462",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-12T22:15:07.320",
"lastModified": "2024-04-12T22:15:07.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/",
"source": "security-advisories@github.com"
}
]
}

View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-32028",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-12T23:15:06.643",
"lastModified": "2024-04-12T23:15:06.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII - End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-201"
},
{
"lang": "en",
"value": "CWE-212"
}
]
}
],
"references": [
{
"url": "https://github.com/open-telemetry/opentelemetry-dotnet/commit/e222ecb5942d4ce1cadfd4306c39e3f4933a5c42",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-vh2m-22xx-q94f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/semantic-conventions/blob/main/docs/http/http-spans.md",
"source": "security-advisories@github.com"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-04-12T22:00:38.048889+00:00 2024-04-12T23:55:31.636306+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-04-12T21:15:12.133000+00:00 2024-04-12T23:15:06.643000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,19 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
245397 245400
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `6` Recently added CVEs: `3`
- [CVE-2024-29022](CVE-2024/CVE-2024-290xx/CVE-2024-29022.json) (`2024-04-12T21:15:11.213`) - [CVE-2024-28869](CVE-2024/CVE-2024-288xx/CVE-2024-28869.json) (`2024-04-12T22:15:07.080`)
- [CVE-2024-29023](CVE-2024/CVE-2024-290xx/CVE-2024-29023.json) (`2024-04-12T21:15:11.403`) - [CVE-2024-31462](CVE-2024/CVE-2024-314xx/CVE-2024-31462.json) (`2024-04-12T22:15:07.320`)
- [CVE-2024-32000](CVE-2024/CVE-2024-320xx/CVE-2024-32000.json) (`2024-04-12T20:15:53.250`) - [CVE-2024-32028](CVE-2024/CVE-2024-320xx/CVE-2024-32028.json) (`2024-04-12T23:15:06.643`)
- [CVE-2024-32003](CVE-2024/CVE-2024-320xx/CVE-2024-32003.json) (`2024-04-12T21:15:11.617`)
- [CVE-2024-32005](CVE-2024/CVE-2024-320xx/CVE-2024-32005.json) (`2024-04-12T21:15:11.823`)
- [CVE-2024-32019](CVE-2024/CVE-2024-320xx/CVE-2024-32019.json) (`2024-04-12T21:15:12.133`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit

View File

@ -243929,6 +243929,7 @@ CVE-2024-28864,0,0,6556868d08f3b43cf56ee8c0e31629a1275e8137bc2387bf2430488f9854b
CVE-2024-28865,0,0,346bb195552b29118071ab302fbe331daaaa3a5da7b31ab976886613f922d084,2024-03-19T13:26:46 CVE-2024-28865,0,0,346bb195552b29118071ab302fbe331daaaa3a5da7b31ab976886613f922d084,2024-03-19T13:26:46
CVE-2024-28867,0,0,a2663eb7659e9fb153cbffc3c6774d69ca0c4039f52756d8a5671465d9404705,2024-04-01T01:12:59.077000 CVE-2024-28867,0,0,a2663eb7659e9fb153cbffc3c6774d69ca0c4039f52756d8a5671465d9404705,2024-04-01T01:12:59.077000
CVE-2024-28868,0,0,148f39496eb50fd19cf01404a0af3408bd44ce8d437a837fa99cdad3557f99f1,2024-03-21T12:58:51.093000 CVE-2024-28868,0,0,148f39496eb50fd19cf01404a0af3408bd44ce8d437a837fa99cdad3557f99f1,2024-03-21T12:58:51.093000
CVE-2024-28869,1,1,4774d6773fde99216d7ad0a5f05827cc11015093d5972f35fe08a60e1f2569d9,2024-04-12T22:15:07.080000
CVE-2024-2887,0,0,2797f3580910b2ccb8b3f25b6a77410f5acecf7fa931702ac72d99637f4042cf,2024-03-29T04:15:09.423000 CVE-2024-2887,0,0,2797f3580910b2ccb8b3f25b6a77410f5acecf7fa931702ac72d99637f4042cf,2024-03-29T04:15:09.423000
CVE-2024-28870,0,0,0cf8b42440c9130608dacb5605e29ce5ef5a35c267c5a5fa0e99bf26d2d0161c,2024-04-04T12:48:41.700000 CVE-2024-28870,0,0,0cf8b42440c9130608dacb5605e29ce5ef5a35c267c5a5fa0e99bf26d2d0161c,2024-04-04T12:48:41.700000
CVE-2024-28871,0,0,afc28d49a83d8eabefecf413603caf0043f414fa513c9500837e2c75462e6216,2024-04-04T16:33:06.610000 CVE-2024-28871,0,0,afc28d49a83d8eabefecf413603caf0043f414fa513c9500837e2c75462e6216,2024-04-04T16:33:06.610000
@ -244007,8 +244008,8 @@ CVE-2024-29018,0,0,a31ea156ee4a30b6d7535cfe30928ed9f90e655143b9cf9c902aa0e59ea88
CVE-2024-29019,0,0,fe2de4afc3940e547c647135fa914dde2bc9fce5b46dec96e6b4c47b6599bdc4,2024-04-11T12:47:44.137000 CVE-2024-29019,0,0,fe2de4afc3940e547c647135fa914dde2bc9fce5b46dec96e6b4c47b6599bdc4,2024-04-11T12:47:44.137000
CVE-2024-2902,0,0,2d02b49d0a0f4faf9868b4e8f1580c2d8e78273885ff259f71459545682341a8,2024-04-11T01:25:40.740000 CVE-2024-2902,0,0,2d02b49d0a0f4faf9868b4e8f1580c2d8e78273885ff259f71459545682341a8,2024-04-11T01:25:40.740000
CVE-2024-29020,0,0,09b8bf1bab85d116480c11745c3336d8516989d8662545abc8d0da389a848945,2024-04-01T01:12:59.077000 CVE-2024-29020,0,0,09b8bf1bab85d116480c11745c3336d8516989d8662545abc8d0da389a848945,2024-04-01T01:12:59.077000
CVE-2024-29022,1,1,5499011cf2d92151613b734ef471cb43be2af97f2fad87dafeb973cb6288febe,2024-04-12T21:15:11.213000 CVE-2024-29022,0,0,5499011cf2d92151613b734ef471cb43be2af97f2fad87dafeb973cb6288febe,2024-04-12T21:15:11.213000
CVE-2024-29023,1,1,ea95d463ddf4100482838e7d2f4a9d50e3cc6c4c9c90623f478b9db47db930ee,2024-04-12T21:15:11.403000 CVE-2024-29023,0,0,ea95d463ddf4100482838e7d2f4a9d50e3cc6c4c9c90623f478b9db47db930ee,2024-04-12T21:15:11.403000
CVE-2024-29024,0,0,956c59560b7cf752c83fc101e3db1baf7896ab3619a15c2cec1bf122c43cd6a6,2024-04-01T01:12:59.077000 CVE-2024-29024,0,0,956c59560b7cf752c83fc101e3db1baf7896ab3619a15c2cec1bf122c43cd6a6,2024-04-01T01:12:59.077000
CVE-2024-29025,0,0,2135a02640a8fe43b6f6ca4c5bc68a475f73ee669a9a1a5af697f30fa738d887,2024-03-26T12:55:05.010000 CVE-2024-29025,0,0,2135a02640a8fe43b6f6ca4c5bc68a475f73ee669a9a1a5af697f30fa738d887,2024-03-26T12:55:05.010000
CVE-2024-29026,0,0,7a7fbf8ee06d6c65b29d9a77f81f2fa0ae26dbe8caea4211ae9fe81298d43766,2024-03-21T12:58:51.093000 CVE-2024-29026,0,0,7a7fbf8ee06d6c65b29d9a77f81f2fa0ae26dbe8caea4211ae9fe81298d43766,2024-03-21T12:58:51.093000
@ -245103,6 +245104,7 @@ CVE-2024-31455,0,0,b40b7111c3a48ebfbdcdf983ca30b058e509485964899acad9986b778f0be
CVE-2024-31457,0,0,2a3df56afd0a6a9934427214a76e8de40165fd02e6f2532ac344e6e6c96b32d7,2024-04-10T13:24:00.070000 CVE-2024-31457,0,0,2a3df56afd0a6a9934427214a76e8de40165fd02e6f2532ac344e6e6c96b32d7,2024-04-10T13:24:00.070000
CVE-2024-3146,0,0,1cbea39c0b5c8d0d8af37ab4c1019f1ec3a190542aee7f2e86ced34d06f5796b,2024-04-11T01:25:55.180000 CVE-2024-3146,0,0,1cbea39c0b5c8d0d8af37ab4c1019f1ec3a190542aee7f2e86ced34d06f5796b,2024-04-11T01:25:55.180000
CVE-2024-31461,0,0,78d12ab3381b5c3fda69b1f5421edfe2ff30f397a9794d52b313ced0ec0ec1d3,2024-04-10T19:49:51.183000 CVE-2024-31461,0,0,78d12ab3381b5c3fda69b1f5421edfe2ff30f397a9794d52b313ced0ec0ec1d3,2024-04-10T19:49:51.183000
CVE-2024-31462,1,1,ffec336beab32da0013759172ac1a993559e46741c900a03b9be41d3d33d85e4,2024-04-12T22:15:07.320000
CVE-2024-31464,0,0,0e334e051a2f53edc57cbce800fcc17540fa9d746f3833bb6b1e894dc6dae023,2024-04-10T19:49:51.183000 CVE-2024-31464,0,0,0e334e051a2f53edc57cbce800fcc17540fa9d746f3833bb6b1e894dc6dae023,2024-04-10T19:49:51.183000
CVE-2024-31465,0,0,7ae621b5bb3e2d5ca764c6c0d871f243fb170c90532de5ed0a082c19d20607c3,2024-04-11T12:47:44.137000 CVE-2024-31465,0,0,7ae621b5bb3e2d5ca764c6c0d871f243fb170c90532de5ed0a082c19d20607c3,2024-04-11T12:47:44.137000
CVE-2024-3147,0,0,f05061e9d718b866336ceef3f83885c168403f8d387cf11dbe00ac736df3588d,2024-04-11T01:25:55.257000 CVE-2024-3147,0,0,f05061e9d718b866336ceef3f83885c168403f8d387cf11dbe00ac736df3588d,2024-04-11T01:25:55.257000
@ -245194,12 +245196,13 @@ CVE-2024-31995,0,0,0e5def9562ee94ed48a169892b3848eaf3f1290369f887e8c90b47252d203
CVE-2024-31996,0,0,e24d5f35520152a575d0b387a0e03b07f8f08674e8900a7785f4d664526f0cf9,2024-04-11T12:47:44.137000 CVE-2024-31996,0,0,e24d5f35520152a575d0b387a0e03b07f8f08674e8900a7785f4d664526f0cf9,2024-04-11T12:47:44.137000
CVE-2024-31997,0,0,61dac244e651bc6c61af5e05e4f98d7a67ba974bf43d259012e51027543cefb5,2024-04-11T12:47:44.137000 CVE-2024-31997,0,0,61dac244e651bc6c61af5e05e4f98d7a67ba974bf43d259012e51027543cefb5,2024-04-11T12:47:44.137000
CVE-2024-31999,0,0,3d05e65777a23debeb414c98ba0a52ab93f79fb79d762dd13a2fa2b08be73de7,2024-04-11T12:47:44.137000 CVE-2024-31999,0,0,3d05e65777a23debeb414c98ba0a52ab93f79fb79d762dd13a2fa2b08be73de7,2024-04-11T12:47:44.137000
CVE-2024-32000,1,1,b04dc47293dea10741b41444c1d47c616114bf633039dc146c8dc9becc3f472e,2024-04-12T20:15:53.250000 CVE-2024-32000,0,0,b04dc47293dea10741b41444c1d47c616114bf633039dc146c8dc9becc3f472e,2024-04-12T20:15:53.250000
CVE-2024-32001,0,0,aec83e93c22b7562690e81525f06acd5c9d0a8b8d891e5c7df2b6774b872fec6,2024-04-11T12:47:44.137000 CVE-2024-32001,0,0,aec83e93c22b7562690e81525f06acd5c9d0a8b8d891e5c7df2b6774b872fec6,2024-04-11T12:47:44.137000
CVE-2024-32003,1,1,39f637f7b69fa4a76c60746a7f75f4944fee1e18bc092436acc9e8cdf6b6bf3b,2024-04-12T21:15:11.617000 CVE-2024-32003,0,0,39f637f7b69fa4a76c60746a7f75f4944fee1e18bc092436acc9e8cdf6b6bf3b,2024-04-12T21:15:11.617000
CVE-2024-32005,1,1,8997601436b35b734a0763f2653e43aec0f032ee4b9b18916829a3d0114b212f,2024-04-12T21:15:11.823000 CVE-2024-32005,0,0,8997601436b35b734a0763f2653e43aec0f032ee4b9b18916829a3d0114b212f,2024-04-12T21:15:11.823000
CVE-2024-32019,1,1,1c33789ce54afc68900434ffc0a69ad446dbaf9eddde6bd29cb94c877e484159,2024-04-12T21:15:12.133000 CVE-2024-32019,0,0,1c33789ce54afc68900434ffc0a69ad446dbaf9eddde6bd29cb94c877e484159,2024-04-12T21:15:12.133000
CVE-2024-3202,0,0,3543d902eafc8c4c40bfe450a4b784b21d5eb2e30d7be93129e4c6731c6d0980,2024-04-11T01:25:55.733000 CVE-2024-3202,0,0,3543d902eafc8c4c40bfe450a4b784b21d5eb2e30d7be93129e4c6731c6d0980,2024-04-11T01:25:55.733000
CVE-2024-32028,1,1,0ab9533dfa473a23bf17832c76c7a2c028c0cdb8780eb47f8171fc5e3339a7ba,2024-04-12T23:15:06.643000
CVE-2024-3203,0,0,d460cfbc8661b4424cc0984f526a676bb0961256fc9d04a7d500e89187029830,2024-04-11T01:25:55.810000 CVE-2024-3203,0,0,d460cfbc8661b4424cc0984f526a676bb0961256fc9d04a7d500e89187029830,2024-04-11T01:25:55.810000
CVE-2024-3204,0,0,2a2a133d829052d72380a6f7a45e32f6ecd96ec6da65fdbadcbe92a1f79d774f,2024-04-11T01:25:55.933000 CVE-2024-3204,0,0,2a2a133d829052d72380a6f7a45e32f6ecd96ec6da65fdbadcbe92a1f79d774f,2024-04-11T01:25:55.933000
CVE-2024-3205,0,0,befb48df2bb5e20af3b4383c1ef82865b9f9fb3145e096ffb7e0098ff096b4f8,2024-04-11T01:25:56.010000 CVE-2024-3205,0,0,befb48df2bb5e20af3b4383c1ef82865b9f9fb3145e096ffb7e0098ff096b4f8,2024-04-11T01:25:56.010000

Can't render this file because it is too large.