diff --git a/CVE-2024/CVE-2024-301xx/CVE-2024-30130.json b/CVE-2024/CVE-2024-301xx/CVE-2024-30130.json new file mode 100644 index 00000000000..c2435b5a764 --- /dev/null +++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30130.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-30130", + "sourceIdentifier": "psirt@hcl.com", + "published": "2024-07-19T02:15:13.900", + "lastModified": "2024-07-19T02:15:13.900", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@hcl.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-525" + } + ] + } + ], + "references": [ + { + "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114184", + "source": "psirt@hcl.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35198.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35198.json new file mode 100644 index 00000000000..b6f70bddf34 --- /dev/null +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35198.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-35198", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-07-19T02:15:14.150", + "lastModified": "2024-07-19T02:15:14.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as \"..\" but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed by validating the URL without characters such as \"..\" before downloading see PR #3082. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-706" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pytorch/serve/pull/3082", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pytorch/serve/releases/tag/v0.11.0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pytorch/serve/security/advisories/GHSA-wxcx-gg9c-fwp2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35199.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35199.json new file mode 100644 index 00000000000..108b8857e7c --- /dev/null +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35199.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-35199", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-07-19T02:15:14.777", + "lastModified": "2024-07-19T02:15:14.777", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhost/) by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed in PR #3083. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/pytorch/serve/pull/3083", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pytorch/serve/releases/tag/v0.11.0", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/pytorch/serve/security/advisories/GHSA-hhpg-v63p-wp7w", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-381xx/CVE-2024-38156.json b/CVE-2024/CVE-2024-381xx/CVE-2024-38156.json new file mode 100644 index 00000000000..ab90f452e4b --- /dev/null +++ b/CVE-2024/CVE-2024-381xx/CVE-2024-38156.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38156", + "sourceIdentifier": "secure@microsoft.com", + "published": "2024-07-19T02:15:18.140", + "lastModified": "2024-07-19T02:15:18.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "secure@microsoft.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38156", + "source": "secure@microsoft.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 731602a9124..9e2de2b4b37 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-18T23:55:18.172716+00:00 +2024-07-19T04:00:17.914996+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-18T23:15:02.280000+00:00 +2024-07-19T02:15:18.140000+00:00 ``` ### Last Data Feed Release @@ -27,30 +27,29 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-07-18T00:00:08.654145+00:00 +2024-07-19T00:00:08.658093+00:00 ``` ### Total Number of included CVEs ```plain -257468 +257472 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `4` -- [CVE-2024-40642](CVE-2024/CVE-2024-406xx/CVE-2024-40642.json) (`2024-07-18T23:15:02.000`) -- [CVE-2024-41111](CVE-2024/CVE-2024-411xx/CVE-2024-41111.json) (`2024-07-18T23:15:02.280`) -- [CVE-2024-5997](CVE-2024/CVE-2024-59xx/CVE-2024-5997.json) (`2024-07-18T22:15:03.037`) +- [CVE-2024-30130](CVE-2024/CVE-2024-301xx/CVE-2024-30130.json) (`2024-07-19T02:15:13.900`) +- [CVE-2024-35198](CVE-2024/CVE-2024-351xx/CVE-2024-35198.json) (`2024-07-19T02:15:14.150`) +- [CVE-2024-35199](CVE-2024/CVE-2024-351xx/CVE-2024-35199.json) (`2024-07-19T02:15:14.777`) +- [CVE-2024-38156](CVE-2024/CVE-2024-381xx/CVE-2024-38156.json) (`2024-07-19T02:15:18.140`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2024-5564](CVE-2024/CVE-2024-55xx/CVE-2024-5564.json) (`2024-07-18T22:15:02.603`) -- [CVE-2024-6387](CVE-2024/CVE-2024-63xx/CVE-2024-6387.json) (`2024-07-18T22:15:03.630`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 807272f0ed5..746fc91af17 100644 --- a/_state.csv +++ b/_state.csv @@ -249389,6 +249389,7 @@ CVE-2024-30120,0,0,f704816cf356d01bbdb53903a0b14bef34a589a7c9185030672ca3a1f14e4 CVE-2024-30125,0,0,50523713db6a7b2d1573a55e869643cc4e94e262a3d88db8abce5aaed3e23f27,2024-07-18T20:15:03.893000 CVE-2024-30126,0,0,303aee3570715910e878c35e3f9cd5e750bd8f6796f58f1137544879d831e182,2024-07-18T20:15:03.967000 CVE-2024-3013,0,0,6f68abb10d211d077c48c60372c20fba216cedafa08cc66982d3e5be234b2590,2024-05-17T02:39:40.710000 +CVE-2024-30130,1,1,75f7be8e3e90c38f4e50b354556d9f0d52b1da410eac684665bfcc773b8a0e94,2024-07-19T02:15:13.900000 CVE-2024-30135,0,0,434c5499719264a4e2ad07af1f36d8ed1af6151b19467e0009865806919aee63,2024-06-28T10:27:00.920000 CVE-2024-3014,0,0,c46983235075ad6c61a858c21d5be28ec226124df8363686d4a4d1cade05d3fc,2024-05-17T02:39:40.800000 CVE-2024-3015,0,0,cf3ef36018f814f81d7c4b278b721ac941c52c0f1c0bedc65491406707b51ee6,2024-05-17T02:39:40.887000 @@ -252649,6 +252650,8 @@ CVE-2024-35194,0,0,d148be956e67f415d7646ff65de5a97b2b79a6aea2b1221670c2eaf58e45c CVE-2024-35195,0,0,6c790b50c3e78a6333f9424d693f4919101146c76421c04d91f2b605ab56962b,2024-06-10T17:16:29.563000 CVE-2024-35196,0,0,3171bb6143cfc03b7b84aa8a6110c1e96e2a6c63c73dc2a2e171d187a366d6ee,2024-05-31T19:14:47.793000 CVE-2024-35197,0,0,80436d6dc6299a6bdf0d8897382a6e075fe7db1c6cb2ff2d7a12468a154bde4d,2024-05-24T01:15:30.977000 +CVE-2024-35198,1,1,ce827656bda278bd5a9163870e382c830ea4056e61575ab8d9080a0e6449fcb5,2024-07-19T02:15:14.150000 +CVE-2024-35199,1,1,67ae3f5d844a8c91db5d72f99e41e643c69d465cba20a74e243cb6f9647a934a,2024-07-19T02:15:14.777000 CVE-2024-3520,0,0,4d2ca8beda165968cfea3b64e955c18436397c1b54474f7a64b510b5eacd13fe,2024-05-02T18:00:37.360000 CVE-2024-35200,0,0,4e081bc266f3339c234fd0d9836610e298ca5ba3771760c1147fa5a32be6afdb,2024-06-10T18:15:34.983000 CVE-2024-35204,0,0,0248f812c6eb240110c4167110975a2b8317634bb6300a9657da495b3589cfbb,2024-07-03T02:01:28.703000 @@ -254437,6 +254440,7 @@ CVE-2024-3812,0,0,aee0c212c8bdd18b48eb1b3684691508393eebae6c9908dea995a90b32a5da CVE-2024-3813,0,0,255e2bbf5db93c0e3292fd35c927e47a1f392d6327b9d4c6707ef52776c11659,2024-06-17T12:42:04.623000 CVE-2024-3814,0,0,af559420ce1e3044689136ce469515a498db3d8c3f527cd805c49729f88c5c18,2024-06-17T12:42:04.623000 CVE-2024-3815,0,0,b8c8a85ee4e0df355cab9e3d8b72a412d3d9d1a29cf1232bd66e69ecee9ede27,2024-06-17T12:42:04.623000 +CVE-2024-38156,1,1,f7f21fb570d6c0ca94198f0ff871a07ed29cd48b417a871cc17dfe164ec39c8f,2024-07-19T02:15:18.140000 CVE-2024-3816,0,0,ca9c8b3746ea2ebbbc383e9aa135dd99550dbafdbe5ff9c69dbe15b33a0feabf,2024-07-03T14:37:07.750000 CVE-2024-3817,0,0,4cefb34eb15d4ef81a2470a00ac0f43601ef6263c0fd4425e7542c27d02dfa54,2024-04-18T13:04:28.900000 CVE-2024-3818,0,0,b4c982a18364880791124fa7ba25840b7eb37a53aa1551fa23324d948b6ddd3f,2024-04-19T13:10:25.637000 @@ -255349,7 +255353,7 @@ CVE-2024-40639,0,0,8bbb50b2a25542a9b7af4d56fa6e5b2d2c32a2fc32f95961ce4984af08c80 CVE-2024-4064,0,0,3a1a40467a64f04bfa80ae5c066454b06b4092014a9e47cc1a50eb6eb22d315c,2024-05-17T02:40:14.223000 CVE-2024-40640,0,0,7e1f28a17873c57850e387e604bc4923eccdf39126e84bd67e6dd03b6e2f6417,2024-07-18T12:28:43.707000 CVE-2024-40641,0,0,522a4579f3ed40c8409e84cbd3831ae35d4e964d4b63997db7ecee22d7238032,2024-07-18T12:28:43.707000 -CVE-2024-40642,1,1,5b142a0c23048bee352230e29bd9b6aea049a047c91d28a93e8e1bf9291dcc59,2024-07-18T23:15:02 +CVE-2024-40642,0,0,5b142a0c23048bee352230e29bd9b6aea049a047c91d28a93e8e1bf9291dcc59,2024-07-18T23:15:02 CVE-2024-40644,0,0,ec21deb8add2af254b8f5e6cd02ecd50eda5d4391710c6ebbfc8b842b6e6f777,2024-07-18T17:15:04.850000 CVE-2024-40647,0,0,712b06a6bbf111257b5f28b032afb53a747641abd080f16989b2ace08b660171,2024-07-18T17:15:05.193000 CVE-2024-40648,0,0,831fa76acd6e10bbb689b5d3b7c8a50809ee6494334c926a82963decaaa5dc76,2024-07-18T17:15:05.427000 @@ -255522,7 +255526,7 @@ CVE-2024-4105,0,0,5dcbaf8d64f37f58816de0666875f99544dc68f0a9ee2a9bf8d53a5a9c6019 CVE-2024-4106,0,0,3fc11eee434aa540a2e37440bd2e3ba6e18faae117022d3f68496d405f62ba7f,2024-06-26T12:44:29.693000 CVE-2024-4107,0,0,ce88498baf95f06d1267d29854f2a9888ac0ddfe7fc00ea3036ccad453e487fa,2024-05-14T16:11:39.510000 CVE-2024-4111,0,0,a3e4bcb39778569b3be84e8d38a6497dbc2fc6b5a3693d9cc21532b8df994ada,2024-06-04T19:20:29.827000 -CVE-2024-41111,1,1,76814d477046cd3d53fff306142e8831b629fe58621f00dcf7da741f8838d6eb,2024-07-18T23:15:02.280000 +CVE-2024-41111,0,0,76814d477046cd3d53fff306142e8831b629fe58621f00dcf7da741f8838d6eb,2024-07-18T23:15:02.280000 CVE-2024-4112,0,0,66f333e775e64b1480506fa97b6a827bfd5dac62e9e10520346f3a867cac6cdd,2024-05-17T02:40:15.740000 CVE-2024-4113,0,0,e0d06b1b449a5e3093ad238184a1fc3bb7c021d3199342ed4f77b54476531329,2024-05-17T02:40:15.830000 CVE-2024-4114,0,0,387f9ca6df27ba000d0f44d990ccd6bb074258bb946c87938379db9652dc0a14,2024-05-17T02:40:15.917000 @@ -256757,7 +256761,7 @@ CVE-2024-5557,0,0,e58f4a9974ae6a6ad512e69202e5dee259550c69c446c060784da606557be5 CVE-2024-5558,0,0,f5606f757a3846688e526f8e8c7b353ed841a6a8222c822314196faac2c09cd1,2024-06-13T18:36:09.010000 CVE-2024-5559,0,0,0c59604cbf219c2ba1c247f52c304752b12dd0f3c92c8b3c96e21ad233f99b0a,2024-06-13T18:36:09.010000 CVE-2024-5560,0,0,3f42aec8823e745767fb091b3297e1872303ba832aca849be344540d1aa59c5f,2024-06-13T18:36:09.010000 -CVE-2024-5564,0,1,48b3aa05acc355f2d607057679b53b78d9ae8ba82afb6b85a7c30394b0ea59fa,2024-07-18T22:15:02.603000 +CVE-2024-5564,0,0,48b3aa05acc355f2d607057679b53b78d9ae8ba82afb6b85a7c30394b0ea59fa,2024-07-18T22:15:02.603000 CVE-2024-5565,0,0,e1d36fa68b4a73d6b78bd8eb39c3f27f14d8d32dc884b4fdfa0f8545d690e8d1,2024-07-03T02:09:05.567000 CVE-2024-5566,0,0,a945a0a6dfd60ba4f2475074f739c9c903faf3b04e2fc6dbcbd43f919a80fa3c,2024-07-17T13:34:20.520000 CVE-2024-5569,0,0,b9fd3bed59b5f668c54b0264622201b8600e789b08e0f56eae05ce6b6e8c76ce,2024-07-09T18:19:14.047000 @@ -257047,7 +257051,7 @@ CVE-2024-5993,0,0,b45a0ae570b278a2a66647d60174ec8036c753d27cba9d6e9660698bbc3fa2 CVE-2024-5994,0,0,c1974f8e417911883c192155213f25e6e809cb75c20fd828172f5e744b8258d3,2024-06-17T12:42:04.623000 CVE-2024-5995,0,0,8d0649a03e9f8bd101521287664fde419efa05e0cba1e926a7b9f4f0e9253177,2024-06-17T12:42:04.623000 CVE-2024-5996,0,0,918847ed31e9a63de46ac039dd01d572fa8e980691ed5ebebacc312a719edc7b,2024-06-17T12:42:04.623000 -CVE-2024-5997,1,1,0a1931bc0465b22abf943e4c57713607a31f9a3823cd7d20973f351b47840216,2024-07-18T22:15:03.037000 +CVE-2024-5997,0,0,0a1931bc0465b22abf943e4c57713607a31f9a3823cd7d20973f351b47840216,2024-07-18T22:15:03.037000 CVE-2024-6000,0,0,4ab86aa4bce235d1120437fd5cb3b34fb6bdae181005ebaa070e8c0afe83cf87,2024-06-17T12:42:04.623000 CVE-2024-6003,0,0,14279c0384813c4cf50ab75a79953f2b0469d9bedd7f76c2b6cebfd90962fd14,2024-06-17T16:15:16.027000 CVE-2024-6005,0,0,4d74c6c4a521a164f63a9fe529c141dc8da0592a0575e27e0e62d822beb9b877,2024-06-17T12:42:04.623000 @@ -257297,7 +257301,7 @@ CVE-2024-6381,0,0,2822fb12d769fe1cca32125b45cae52ba3e5807419213b6087c6db8de8d2b3 CVE-2024-6382,0,0,9f140af24f460b4413fa844f95383cc153754360a136939b8743c2d8327ebf99,2024-07-03T12:53:24.977000 CVE-2024-6383,0,0,4622f4fc90fbde51d6570a14e2ee494e3e71659c68201475e4e4eb659c036ac0,2024-07-05T12:55:51.367000 CVE-2024-6385,0,0,13d2095bcd11ed43b6c47262c7b96c8a9e162b20cb975895bc98c3af67d39ff6,2024-07-12T16:49:14.047000 -CVE-2024-6387,0,1,f346d743f5bb5606d45f1c54975e0bb1d7fd5eaa97c805ca92dc259ae0bbb4da,2024-07-18T22:15:03.630000 +CVE-2024-6387,0,0,f346d743f5bb5606d45f1c54975e0bb1d7fd5eaa97c805ca92dc259ae0bbb4da,2024-07-18T22:15:03.630000 CVE-2024-6388,0,0,0ce37f83493b5d79bb3fdc963327390bc09266ac17f5f1de660cf43d4cdce70d,2024-06-27T17:11:52.390000 CVE-2024-6391,0,0,f39301e9680e09028795caddd1f0219ac421e8fbe3773aa2e024531728c8f9e1,2024-07-09T18:19:14.047000 CVE-2024-6392,0,0,f361942df6276a0c96574512bc05717f2075a1be2cafe6840357bf3e68ede92f,2024-07-12T12:49:07.030000