Auto-Update: 2024-04-12T23:55:31.636306+00:00

2025-07-09 16:05:11 +00:00 · 2024-04-12 23:58:21 +00:00 · 2024-04-12 23:58:21 +00:00 · 3588cc5b01
commit 3588cc5b01
parent 440bd817e2
5 changed files with 245 additions and 16 deletions
--- a/CVE-2024/CVE-2024-288xx/CVE-2024-28869.json
+++ b/CVE-2024/CVE-2024-288xx/CVE-2024-28869.json
@ -0,0 +1,71 @@
 {
  "id": "CVE-2024-28869",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-04-12T22:15:07.080",
  "lastModified": "2024-04-12T22:15:07.080",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the \"Content-length\" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.\n"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/traefik/traefik/releases/tag/v2.11.2",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw",
      "source": "security-advisories@github.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-314xx/CVE-2024-31462.json
+++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31462.json
@ -0,0 +1,91 @@
 {
  "id": "CVE-2024-31462",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-04-12T22:15:07.320",
  "lastModified": "2024-04-12T22:15:07.320",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "LOW",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/",
      "source": "security-advisories@github.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-320xx/CVE-2024-32028.json
+++ b/CVE-2024/CVE-2024-320xx/CVE-2024-32028.json
@ -0,0 +1,67 @@
 {
  "id": "CVE-2024-32028",
  "sourceIdentifier": "security-advisories@github.com",
  "published": "2024-04-12T23:15:06.643",
  "lastModified": "2024-04-12T23:15:06.643",
  "vulnStatus": "Received",
  "descriptions": [
    {
      "lang": "en",
      "value": "OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII - End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "security-advisories@github.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
          "attackVector": "ADJACENT_NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "security-advisories@github.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-201"
        },
        {
          "lang": "en",
          "value": "CWE-212"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/open-telemetry/opentelemetry-dotnet/commit/e222ecb5942d4ce1cadfd4306c39e3f4933a5c42",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-vh2m-22xx-q94f",
      "source": "security-advisories@github.com"
    },
    {
      "url": "https://github.com/open-telemetry/semantic-conventions/blob/main/docs/http/http-spans.md",
      "source": "security-advisories@github.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-04-12T22:00:38.048889+00:00
+2024-04-12T23:55:31.636306+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-04-12T21:15:12.133000+00:00
+2024-04-12T23:15:06.643000+00:00
 ```
 ### Last Data Feed Release
@ -33,19 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-245397
+245400
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `6`
+Recently added CVEs: `3`
- [CVE-2024-29022](CVE-2024/CVE-2024-290xx/CVE-2024-29022.json) (`2024-04-12T21:15:11.213`)
+- [CVE-2024-28869](CVE-2024/CVE-2024-288xx/CVE-2024-28869.json) (`2024-04-12T22:15:07.080`)
- [CVE-2024-29023](CVE-2024/CVE-2024-290xx/CVE-2024-29023.json) (`2024-04-12T21:15:11.403`)
+- [CVE-2024-31462](CVE-2024/CVE-2024-314xx/CVE-2024-31462.json) (`2024-04-12T22:15:07.320`)
- [CVE-2024-32000](CVE-2024/CVE-2024-320xx/CVE-2024-32000.json) (`2024-04-12T20:15:53.250`)
+- [CVE-2024-32028](CVE-2024/CVE-2024-320xx/CVE-2024-32028.json) (`2024-04-12T23:15:06.643`)
 - [CVE-2024-32003](CVE-2024/CVE-2024-320xx/CVE-2024-32003.json) (`2024-04-12T21:15:11.617`)
 - [CVE-2024-32005](CVE-2024/CVE-2024-320xx/CVE-2024-32005.json) (`2024-04-12T21:15:11.823`)
 - [CVE-2024-32019](CVE-2024/CVE-2024-320xx/CVE-2024-32019.json) (`2024-04-12T21:15:12.133`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -243929,6 +243929,7 @@ CVE-2024-28864,0,0,6556868d08f3b43cf56ee8c0e31629a1275e8137bc2387bf2430488f9854b
 CVE-2024-28865,0,0,346bb195552b29118071ab302fbe331daaaa3a5da7b31ab976886613f922d084,2024-03-19T13:26:46
 CVE-2024-28867,0,0,a2663eb7659e9fb153cbffc3c6774d69ca0c4039f52756d8a5671465d9404705,2024-04-01T01:12:59.077000
 CVE-2024-28868,0,0,148f39496eb50fd19cf01404a0af3408bd44ce8d437a837fa99cdad3557f99f1,2024-03-21T12:58:51.093000
 CVE-2024-28869,1,1,4774d6773fde99216d7ad0a5f05827cc11015093d5972f35fe08a60e1f2569d9,2024-04-12T22:15:07.080000
 CVE-2024-2887,0,0,2797f3580910b2ccb8b3f25b6a77410f5acecf7fa931702ac72d99637f4042cf,2024-03-29T04:15:09.423000
 CVE-2024-28870,0,0,0cf8b42440c9130608dacb5605e29ce5ef5a35c267c5a5fa0e99bf26d2d0161c,2024-04-04T12:48:41.700000
 CVE-2024-28871,0,0,afc28d49a83d8eabefecf413603caf0043f414fa513c9500837e2c75462e6216,2024-04-04T16:33:06.610000
@ -244007,8 +244008,8 @@ CVE-2024-29018,0,0,a31ea156ee4a30b6d7535cfe30928ed9f90e655143b9cf9c902aa0e59ea88
 CVE-2024-29019,0,0,fe2de4afc3940e547c647135fa914dde2bc9fce5b46dec96e6b4c47b6599bdc4,2024-04-11T12:47:44.137000
 CVE-2024-2902,0,0,2d02b49d0a0f4faf9868b4e8f1580c2d8e78273885ff259f71459545682341a8,2024-04-11T01:25:40.740000
 CVE-2024-29020,0,0,09b8bf1bab85d116480c11745c3336d8516989d8662545abc8d0da389a848945,2024-04-01T01:12:59.077000
-CVE-2024-29022,1,1,5499011cf2d92151613b734ef471cb43be2af97f2fad87dafeb973cb6288febe,2024-04-12T21:15:11.213000
+CVE-2024-29022,0,0,5499011cf2d92151613b734ef471cb43be2af97f2fad87dafeb973cb6288febe,2024-04-12T21:15:11.213000
-CVE-2024-29023,1,1,ea95d463ddf4100482838e7d2f4a9d50e3cc6c4c9c90623f478b9db47db930ee,2024-04-12T21:15:11.403000
+CVE-2024-29023,0,0,ea95d463ddf4100482838e7d2f4a9d50e3cc6c4c9c90623f478b9db47db930ee,2024-04-12T21:15:11.403000
 CVE-2024-29024,0,0,956c59560b7cf752c83fc101e3db1baf7896ab3619a15c2cec1bf122c43cd6a6,2024-04-01T01:12:59.077000
 CVE-2024-29025,0,0,2135a02640a8fe43b6f6ca4c5bc68a475f73ee669a9a1a5af697f30fa738d887,2024-03-26T12:55:05.010000
 CVE-2024-29026,0,0,7a7fbf8ee06d6c65b29d9a77f81f2fa0ae26dbe8caea4211ae9fe81298d43766,2024-03-21T12:58:51.093000
@ -245103,6 +245104,7 @@ CVE-2024-31455,0,0,b40b7111c3a48ebfbdcdf983ca30b058e509485964899acad9986b778f0be
 CVE-2024-31457,0,0,2a3df56afd0a6a9934427214a76e8de40165fd02e6f2532ac344e6e6c96b32d7,2024-04-10T13:24:00.070000
 CVE-2024-3146,0,0,1cbea39c0b5c8d0d8af37ab4c1019f1ec3a190542aee7f2e86ced34d06f5796b,2024-04-11T01:25:55.180000
 CVE-2024-31461,0,0,78d12ab3381b5c3fda69b1f5421edfe2ff30f397a9794d52b313ced0ec0ec1d3,2024-04-10T19:49:51.183000
 CVE-2024-31462,1,1,ffec336beab32da0013759172ac1a993559e46741c900a03b9be41d3d33d85e4,2024-04-12T22:15:07.320000
 CVE-2024-31464,0,0,0e334e051a2f53edc57cbce800fcc17540fa9d746f3833bb6b1e894dc6dae023,2024-04-10T19:49:51.183000
 CVE-2024-31465,0,0,7ae621b5bb3e2d5ca764c6c0d871f243fb170c90532de5ed0a082c19d20607c3,2024-04-11T12:47:44.137000
 CVE-2024-3147,0,0,f05061e9d718b866336ceef3f83885c168403f8d387cf11dbe00ac736df3588d,2024-04-11T01:25:55.257000
@ -245194,12 +245196,13 @@ CVE-2024-31995,0,0,0e5def9562ee94ed48a169892b3848eaf3f1290369f887e8c90b47252d203
 CVE-2024-31996,0,0,e24d5f35520152a575d0b387a0e03b07f8f08674e8900a7785f4d664526f0cf9,2024-04-11T12:47:44.137000
 CVE-2024-31997,0,0,61dac244e651bc6c61af5e05e4f98d7a67ba974bf43d259012e51027543cefb5,2024-04-11T12:47:44.137000
 CVE-2024-31999,0,0,3d05e65777a23debeb414c98ba0a52ab93f79fb79d762dd13a2fa2b08be73de7,2024-04-11T12:47:44.137000
-CVE-2024-32000,1,1,b04dc47293dea10741b41444c1d47c616114bf633039dc146c8dc9becc3f472e,2024-04-12T20:15:53.250000
+CVE-2024-32000,0,0,b04dc47293dea10741b41444c1d47c616114bf633039dc146c8dc9becc3f472e,2024-04-12T20:15:53.250000
 CVE-2024-32001,0,0,aec83e93c22b7562690e81525f06acd5c9d0a8b8d891e5c7df2b6774b872fec6,2024-04-11T12:47:44.137000
-CVE-2024-32003,1,1,39f637f7b69fa4a76c60746a7f75f4944fee1e18bc092436acc9e8cdf6b6bf3b,2024-04-12T21:15:11.617000
+CVE-2024-32003,0,0,39f637f7b69fa4a76c60746a7f75f4944fee1e18bc092436acc9e8cdf6b6bf3b,2024-04-12T21:15:11.617000
-CVE-2024-32005,1,1,8997601436b35b734a0763f2653e43aec0f032ee4b9b18916829a3d0114b212f,2024-04-12T21:15:11.823000
+CVE-2024-32005,0,0,8997601436b35b734a0763f2653e43aec0f032ee4b9b18916829a3d0114b212f,2024-04-12T21:15:11.823000
-CVE-2024-32019,1,1,1c33789ce54afc68900434ffc0a69ad446dbaf9eddde6bd29cb94c877e484159,2024-04-12T21:15:12.133000
+CVE-2024-32019,0,0,1c33789ce54afc68900434ffc0a69ad446dbaf9eddde6bd29cb94c877e484159,2024-04-12T21:15:12.133000
 CVE-2024-3202,0,0,3543d902eafc8c4c40bfe450a4b784b21d5eb2e30d7be93129e4c6731c6d0980,2024-04-11T01:25:55.733000
 CVE-2024-32028,1,1,0ab9533dfa473a23bf17832c76c7a2c028c0cdb8780eb47f8171fc5e3339a7ba,2024-04-12T23:15:06.643000
 CVE-2024-3203,0,0,d460cfbc8661b4424cc0984f526a676bb0961256fc9d04a7d500e89187029830,2024-04-11T01:25:55.810000
 CVE-2024-3204,0,0,2a2a133d829052d72380a6f7a45e32f6ecd96ec6da65fdbadcbe92a1f79d774f,2024-04-11T01:25:55.933000
 CVE-2024-3205,0,0,befb48df2bb5e20af3b4383c1ef82865b9f9fb3145e096ffb7e0098ff096b4f8,2024-04-11T01:25:56.010000