admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-04-12T23:55:31.636306+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-04-12 23:58:21 +00:00
parent 440bd817e2
commit 3588cc5b01
5 changed files with 245 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

71
CVE-2024/CVE-2024-288xx/CVE-2024-28869.json Normal file
View File

@ -0,0 +1,71 @@
{
"id": "CVE-2024-28869",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-12T22:15:07.080",
"lastModified": "2024-04-12T22:15:07.080",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Traefik is an HTTP reverse proxy and load balancer. In affected versions sending a GET request to any Traefik endpoint with the \"Content-length\" request header results in an indefinite hang with the default configuration. This vulnerability can be exploited by attackers to induce a denial of service. This vulnerability has been addressed in version 2.11.2 and 3.0.0-rc5. Users are advised to upgrade. For affected versions, this vulnerability can be mitigated by configuring the readTimeout option.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://doc.traefik.io/traefik/routing/entrypoints/#respondingtimeouts",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/commit/240b83b77351dfd8cadb91c305b84e9d22e0f9c6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/releases/tag/v3.0.0-rc5",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-4vwx-54mw-vqfw",
"source": "security-advisories@github.com"
}
]
}

91
CVE-2024/CVE-2024-314xx/CVE-2024-31462.json Normal file
View File

@ -0,0 +1,91 @@
{
"id": "CVE-2024-31462",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-12T22:15:07.320",
"lastModified": "2024-04-12T22:15:07.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "stable-diffusion-webui is a web interface for Stable Diffusion, implemented using Gradio library. Stable-diffusion-webui 1.7.0 is vulnerable to a limited file write affecting Windows systems. The create_ui method (Backup/Restore tab) in modules/ui_extensions.py takes user input into the config_save_name variable on line 653. This user input is later used in the save_config_state method and used to create a file path on line 65, which is afterwards opened for writing on line 67, which leads to a limited file write exploitable on Windows systems. This issue may lead to limited file write. It allows for writing json files anywhere on the server where the web server has access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L59",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L646-L660",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L65",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L653",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/cf2772fab0af5573da775e7437e6acdca424f26e/modules/ui_extensions.py#L67",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/blob/v1.7.0/modules/ui_extensions.py",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/commit/d9708c92b444894bce8070e4dcfaa093f8eb8d43",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/AUTOMATIC1111/stable-diffusion-webui/discussions/15461",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui",
"source": "security-advisories@github.com"
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2024-010_stable-diffusion-webui/",
"source": "security-advisories@github.com"
}
]
}

67
CVE-2024/CVE-2024-320xx/CVE-2024-32028.json Normal file
View File

@ -0,0 +1,67 @@
{
"id": "CVE-2024-32028",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-12T23:15:06.643",
"lastModified": "2024-04-12T23:15:06.643",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag on spans (`Activity`) when tracing is enabled for outgoing http requests and `OpenTelemetry.Instrumentation.AspNetCore` writes the `url.query` attribute/tag on spans (`Activity`) when tracing is enabled for incoming http requests. These attributes are defined by the Semantic Conventions for HTTP Spans. Up until version `1.8.1` the values written by `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will pass-through the raw query string as was sent or received (respectively). This may lead to sensitive information (e.g. EUII - End User Identifiable Information, credentials, etc.) being leaked into telemetry backends (depending on the application(s) being instrumented) which could cause privacy and/or security incidents. Note: Older versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` may use different tag names but have the same vulnerability. The `1.8.1` versions of `OpenTelemetry.Instrumentation.Http` & `OpenTelemetry.Instrumentation.AspNetCore` will now redact by default all values detected on transmitted or received query strings. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-201"
},
{
"lang": "en",
"value": "CWE-212"
}
]
}
],
"references": [
{
"url": "https://github.com/open-telemetry/opentelemetry-dotnet/commit/e222ecb5942d4ce1cadfd4306c39e3f4933a5c42",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/opentelemetry-dotnet/security/advisories/GHSA-vh2m-22xx-q94f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/open-telemetry/semantic-conventions/blob/main/docs/http/http-spans.md",
"source": "security-advisories@github.com"
}
]
}

17
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-04-12T22:00:38.048889+00:00
2024-04-12T23:55:31.636306+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-04-12T21:15:12.133000+00:00
2024-04-12T23:15:06.643000+00:00
```
### Last Data Feed Release
@ -33,19 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
245397
245400
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `3`
- [CVE-2024-29022](CVE-2024/CVE-2024-290xx/CVE-2024-29022.json) (`2024-04-12T21:15:11.213`)
- [CVE-2024-29023](CVE-2024/CVE-2024-290xx/CVE-2024-29023.json) (`2024-04-12T21:15:11.403`)
- [CVE-2024-32000](CVE-2024/CVE-2024-320xx/CVE-2024-32000.json) (`2024-04-12T20:15:53.250`)
- [CVE-2024-32003](CVE-2024/CVE-2024-320xx/CVE-2024-32003.json) (`2024-04-12T21:15:11.617`)
- [CVE-2024-32005](CVE-2024/CVE-2024-320xx/CVE-2024-32005.json) (`2024-04-12T21:15:11.823`)
- [CVE-2024-32019](CVE-2024/CVE-2024-320xx/CVE-2024-32019.json) (`2024-04-12T21:15:12.133`)
- [CVE-2024-28869](CVE-2024/CVE-2024-288xx/CVE-2024-28869.json) (`2024-04-12T22:15:07.080`)
- [CVE-2024-31462](CVE-2024/CVE-2024-314xx/CVE-2024-31462.json) (`2024-04-12T22:15:07.320`)
- [CVE-2024-32028](CVE-2024/CVE-2024-320xx/CVE-2024-32028.json) (`2024-04-12T23:15:06.643`)
### CVEs modified in the last Commit

15
_state.csv
View File

@ -243929,6 +243929,7 @@ CVE-2024-28864,0,0,6556868d08f3b43cf56ee8c0e31629a1275e8137bc2387bf2430488f9854b
CVE-2024-28865,0,0,346bb195552b29118071ab302fbe331daaaa3a5da7b31ab976886613f922d084,2024-03-19T13:26:46
CVE-2024-28867,0,0,a2663eb7659e9fb153cbffc3c6774d69ca0c4039f52756d8a5671465d9404705,2024-04-01T01:12:59.077000
CVE-2024-28868,0,0,148f39496eb50fd19cf01404a0af3408bd44ce8d437a837fa99cdad3557f99f1,2024-03-21T12:58:51.093000
CVE-2024-28869,1,1,4774d6773fde99216d7ad0a5f05827cc11015093d5972f35fe08a60e1f2569d9,2024-04-12T22:15:07.080000
CVE-2024-2887,0,0,2797f3580910b2ccb8b3f25b6a77410f5acecf7fa931702ac72d99637f4042cf,2024-03-29T04:15:09.423000
CVE-2024-28870,0,0,0cf8b42440c9130608dacb5605e29ce5ef5a35c267c5a5fa0e99bf26d2d0161c,2024-04-04T12:48:41.700000
CVE-2024-28871,0,0,afc28d49a83d8eabefecf413603caf0043f414fa513c9500837e2c75462e6216,2024-04-04T16:33:06.610000
@ -244007,8 +244008,8 @@ CVE-2024-29018,0,0,a31ea156ee4a30b6d7535cfe30928ed9f90e655143b9cf9c902aa0e59ea88
CVE-2024-29019,0,0,fe2de4afc3940e547c647135fa914dde2bc9fce5b46dec96e6b4c47b6599bdc4,2024-04-11T12:47:44.137000
CVE-2024-2902,0,0,2d02b49d0a0f4faf9868b4e8f1580c2d8e78273885ff259f71459545682341a8,2024-04-11T01:25:40.740000
CVE-2024-29020,0,0,09b8bf1bab85d116480c11745c3336d8516989d8662545abc8d0da389a848945,2024-04-01T01:12:59.077000
CVE-2024-29022,1,1,5499011cf2d92151613b734ef471cb43be2af97f2fad87dafeb973cb6288febe,2024-04-12T21:15:11.213000
CVE-2024-29023,1,1,ea95d463ddf4100482838e7d2f4a9d50e3cc6c4c9c90623f478b9db47db930ee,2024-04-12T21:15:11.403000
CVE-2024-29022,0,0,5499011cf2d92151613b734ef471cb43be2af97f2fad87dafeb973cb6288febe,2024-04-12T21:15:11.213000
CVE-2024-29023,0,0,ea95d463ddf4100482838e7d2f4a9d50e3cc6c4c9c90623f478b9db47db930ee,2024-04-12T21:15:11.403000
CVE-2024-29024,0,0,956c59560b7cf752c83fc101e3db1baf7896ab3619a15c2cec1bf122c43cd6a6,2024-04-01T01:12:59.077000
CVE-2024-29025,0,0,2135a02640a8fe43b6f6ca4c5bc68a475f73ee669a9a1a5af697f30fa738d887,2024-03-26T12:55:05.010000
CVE-2024-29026,0,0,7a7fbf8ee06d6c65b29d9a77f81f2fa0ae26dbe8caea4211ae9fe81298d43766,2024-03-21T12:58:51.093000
@ -245103,6 +245104,7 @@ CVE-2024-31455,0,0,b40b7111c3a48ebfbdcdf983ca30b058e509485964899acad9986b778f0be
CVE-2024-31457,0,0,2a3df56afd0a6a9934427214a76e8de40165fd02e6f2532ac344e6e6c96b32d7,2024-04-10T13:24:00.070000
CVE-2024-3146,0,0,1cbea39c0b5c8d0d8af37ab4c1019f1ec3a190542aee7f2e86ced34d06f5796b,2024-04-11T01:25:55.180000
CVE-2024-31461,0,0,78d12ab3381b5c3fda69b1f5421edfe2ff30f397a9794d52b313ced0ec0ec1d3,2024-04-10T19:49:51.183000
CVE-2024-31462,1,1,ffec336beab32da0013759172ac1a993559e46741c900a03b9be41d3d33d85e4,2024-04-12T22:15:07.320000
CVE-2024-31464,0,0,0e334e051a2f53edc57cbce800fcc17540fa9d746f3833bb6b1e894dc6dae023,2024-04-10T19:49:51.183000
CVE-2024-31465,0,0,7ae621b5bb3e2d5ca764c6c0d871f243fb170c90532de5ed0a082c19d20607c3,2024-04-11T12:47:44.137000
CVE-2024-3147,0,0,f05061e9d718b866336ceef3f83885c168403f8d387cf11dbe00ac736df3588d,2024-04-11T01:25:55.257000
@ -245194,12 +245196,13 @@ CVE-2024-31995,0,0,0e5def9562ee94ed48a169892b3848eaf3f1290369f887e8c90b47252d203
CVE-2024-31996,0,0,e24d5f35520152a575d0b387a0e03b07f8f08674e8900a7785f4d664526f0cf9,2024-04-11T12:47:44.137000
CVE-2024-31997,0,0,61dac244e651bc6c61af5e05e4f98d7a67ba974bf43d259012e51027543cefb5,2024-04-11T12:47:44.137000
CVE-2024-31999,0,0,3d05e65777a23debeb414c98ba0a52ab93f79fb79d762dd13a2fa2b08be73de7,2024-04-11T12:47:44.137000
CVE-2024-32000,1,1,b04dc47293dea10741b41444c1d47c616114bf633039dc146c8dc9becc3f472e,2024-04-12T20:15:53.250000
CVE-2024-32000,0,0,b04dc47293dea10741b41444c1d47c616114bf633039dc146c8dc9becc3f472e,2024-04-12T20:15:53.250000
CVE-2024-32001,0,0,aec83e93c22b7562690e81525f06acd5c9d0a8b8d891e5c7df2b6774b872fec6,2024-04-11T12:47:44.137000
CVE-2024-32003,1,1,39f637f7b69fa4a76c60746a7f75f4944fee1e18bc092436acc9e8cdf6b6bf3b,2024-04-12T21:15:11.617000
CVE-2024-32005,1,1,8997601436b35b734a0763f2653e43aec0f032ee4b9b18916829a3d0114b212f,2024-04-12T21:15:11.823000
CVE-2024-32019,1,1,1c33789ce54afc68900434ffc0a69ad446dbaf9eddde6bd29cb94c877e484159,2024-04-12T21:15:12.133000
CVE-2024-32003,0,0,39f637f7b69fa4a76c60746a7f75f4944fee1e18bc092436acc9e8cdf6b6bf3b,2024-04-12T21:15:11.617000
CVE-2024-32005,0,0,8997601436b35b734a0763f2653e43aec0f032ee4b9b18916829a3d0114b212f,2024-04-12T21:15:11.823000
CVE-2024-32019,0,0,1c33789ce54afc68900434ffc0a69ad446dbaf9eddde6bd29cb94c877e484159,2024-04-12T21:15:12.133000
CVE-2024-3202,0,0,3543d902eafc8c4c40bfe450a4b784b21d5eb2e30d7be93129e4c6731c6d0980,2024-04-11T01:25:55.733000
CVE-2024-32028,1,1,0ab9533dfa473a23bf17832c76c7a2c028c0cdb8780eb47f8171fc5e3339a7ba,2024-04-12T23:15:06.643000
CVE-2024-3203,0,0,d460cfbc8661b4424cc0984f526a676bb0961256fc9d04a7d500e89187029830,2024-04-11T01:25:55.810000
CVE-2024-3204,0,0,2a2a133d829052d72380a6f7a45e32f6ecd96ec6da65fdbadcbe92a1f79d774f,2024-04-11T01:25:55.933000
CVE-2024-3205,0,0,befb48df2bb5e20af3b4383c1ef82865b9f9fb3145e096ffb7e0098ff096b4f8,2024-04-11T01:25:56.010000

Can't render this file because it is too large.