Auto-Update: 2024-07-19T04:00:17.914996+00:00

2025-07-09 16:05:11 +00:00 · 2024-07-19 04:03:13 +00:00 · 2024-07-19 04:03:13 +00:00 · 4f8445138c
commit 4f8445138c
parent 218312e441
6 changed files with 259 additions and 16 deletions
--- a/CVE-2024/CVE-2024-301xx/CVE-2024-30130.json
+++ b/CVE-2024/CVE-2024-301xx/CVE-2024-30130.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-30130",
+  "sourceIdentifier": "psirt@hcl.com",
+  "published": "2024-07-19T02:15:13.900",
+  "lastModified": "2024-07-19T02:15:13.900",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "HCL Nomad server on Domino is vulnerable to the cache containing sensitive information which could potentially give an attacker the ability to acquire the sensitive information."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "psirt@hcl.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "HIGH",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 3.7,
+          "baseSeverity": "LOW"
+        },
+        "exploitabilityScore": 2.2,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "psirt@hcl.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-525"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0114184",
+      "source": "psirt@hcl.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-351xx/CVE-2024-35198.json
+++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35198.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-35198",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-07-19T02:15:14.150",
+  "lastModified": "2024-07-19T02:15:14.150",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. TorchServe 's check on allowed_urls configuration can be by-passed if the URL contains characters such as \"..\" but it does not prevent the model from being downloaded into the model store. Once a file is downloaded, it can be referenced without providing a URL the second time, which effectively bypasses the allowed_urls security check. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed by validating the URL without characters such as \"..\" before downloading see PR #3082. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 5.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.1,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-706"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/pytorch/serve/pull/3082",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/pytorch/serve/releases/tag/v0.11.0",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/pytorch/serve/security/advisories/GHSA-wxcx-gg9c-fwp2",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-351xx/CVE-2024-35199.json
+++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35199.json
@ -0,0 +1,64 @@
+{
+  "id": "CVE-2024-35199",
+  "sourceIdentifier": "security-advisories@github.com",
+  "published": "2024-07-19T02:15:14.777",
+  "lastModified": "2024-07-19T02:15:14.777",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "TorchServe is a flexible and easy-to-use tool for serving and scaling PyTorch models in production. In affected versions the two gRPC ports 7070 and 7071, are not bound to [localhost](http://localhost/) by default, so when TorchServe is launched, these two interfaces are bound to all interfaces. Customers using PyTorch inference Deep Learning Containers (DLC) through Amazon SageMaker and EKS are not affected. This issue in TorchServe has been fixed in PR #3083. TorchServe release 0.11.0 includes the fix to address this vulnerability. Users are advised to upgrade. There are no known workarounds for this vulnerability."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security-advisories@github.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
+          "attackVector": "ADJACENT_NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.7,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security-advisories@github.com",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-668"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/pytorch/serve/pull/3083",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/pytorch/serve/releases/tag/v0.11.0",
+      "source": "security-advisories@github.com"
+    },
+    {
+      "url": "https://github.com/pytorch/serve/security/advisories/GHSA-hhpg-v63p-wp7w",
+      "source": "security-advisories@github.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-381xx/CVE-2024-38156.json
+++ b/CVE-2024/CVE-2024-381xx/CVE-2024-38156.json
@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-38156",
+  "sourceIdentifier": "secure@microsoft.com",
+  "published": "2024-07-19T02:15:18.140",
+  "lastModified": "2024-07-19T02:15:18.140",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Microsoft Edge (Chromium-based) Spoofing Vulnerability"
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "secure@microsoft.com",
+        "type": "Primary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "CHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "LOW",
+          "availabilityImpact": "NONE",
+          "baseScore": 6.1,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 2.7
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "secure@microsoft.com",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-79"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38156",
+      "source": "secure@microsoft.com"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-18T23:55:18.172716+00:00
+2024-07-19T04:00:17.914996+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-18T23:15:02.280000+00:00
+2024-07-19T02:15:18.140000+00:00
 ```

 ### Last Data Feed Release
@ -27,30 +27,29 @@ Repository synchronizes with the NVD every 2 hours.
 Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)

 ```plain
-2024-07-18T00:00:08.654145+00:00
+2024-07-19T00:00:08.658093+00:00
 ```

 ### Total Number of included CVEs

 ```plain
-257468
+257472
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `4`

- [CVE-2024-40642](CVE-2024/CVE-2024-406xx/CVE-2024-40642.json) (`2024-07-18T23:15:02.000`)
- [CVE-2024-41111](CVE-2024/CVE-2024-411xx/CVE-2024-41111.json) (`2024-07-18T23:15:02.280`)
- [CVE-2024-5997](CVE-2024/CVE-2024-59xx/CVE-2024-5997.json) (`2024-07-18T22:15:03.037`)
+- [CVE-2024-30130](CVE-2024/CVE-2024-301xx/CVE-2024-30130.json) (`2024-07-19T02:15:13.900`)
+- [CVE-2024-35198](CVE-2024/CVE-2024-351xx/CVE-2024-35198.json) (`2024-07-19T02:15:14.150`)
+- [CVE-2024-35199](CVE-2024/CVE-2024-351xx/CVE-2024-35199.json) (`2024-07-19T02:15:14.777`)
+- [CVE-2024-38156](CVE-2024/CVE-2024-381xx/CVE-2024-38156.json) (`2024-07-19T02:15:18.140`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `2`
+Recently modified CVEs: `0`

- [CVE-2024-5564](CVE-2024/CVE-2024-55xx/CVE-2024-5564.json) (`2024-07-18T22:15:02.603`)
- [CVE-2024-6387](CVE-2024/CVE-2024-63xx/CVE-2024-6387.json) (`2024-07-18T22:15:03.630`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -249389,6 +249389,7 @@ CVE-2024-30120,0,0,f704816cf356d01bbdb53903a0b14bef34a589a7c9185030672ca3a1f14e4
 CVE-2024-30125,0,0,50523713db6a7b2d1573a55e869643cc4e94e262a3d88db8abce5aaed3e23f27,2024-07-18T20:15:03.893000
 CVE-2024-30126,0,0,303aee3570715910e878c35e3f9cd5e750bd8f6796f58f1137544879d831e182,2024-07-18T20:15:03.967000
 CVE-2024-3013,0,0,6f68abb10d211d077c48c60372c20fba216cedafa08cc66982d3e5be234b2590,2024-05-17T02:39:40.710000
+CVE-2024-30130,1,1,75f7be8e3e90c38f4e50b354556d9f0d52b1da410eac684665bfcc773b8a0e94,2024-07-19T02:15:13.900000
 CVE-2024-30135,0,0,434c5499719264a4e2ad07af1f36d8ed1af6151b19467e0009865806919aee63,2024-06-28T10:27:00.920000
 CVE-2024-3014,0,0,c46983235075ad6c61a858c21d5be28ec226124df8363686d4a4d1cade05d3fc,2024-05-17T02:39:40.800000
 CVE-2024-3015,0,0,cf3ef36018f814f81d7c4b278b721ac941c52c0f1c0bedc65491406707b51ee6,2024-05-17T02:39:40.887000
@ -252649,6 +252650,8 @@ CVE-2024-35194,0,0,d148be956e67f415d7646ff65de5a97b2b79a6aea2b1221670c2eaf58e45c
 CVE-2024-35195,0,0,6c790b50c3e78a6333f9424d693f4919101146c76421c04d91f2b605ab56962b,2024-06-10T17:16:29.563000
 CVE-2024-35196,0,0,3171bb6143cfc03b7b84aa8a6110c1e96e2a6c63c73dc2a2e171d187a366d6ee,2024-05-31T19:14:47.793000
 CVE-2024-35197,0,0,80436d6dc6299a6bdf0d8897382a6e075fe7db1c6cb2ff2d7a12468a154bde4d,2024-05-24T01:15:30.977000
+CVE-2024-35198,1,1,ce827656bda278bd5a9163870e382c830ea4056e61575ab8d9080a0e6449fcb5,2024-07-19T02:15:14.150000
+CVE-2024-35199,1,1,67ae3f5d844a8c91db5d72f99e41e643c69d465cba20a74e243cb6f9647a934a,2024-07-19T02:15:14.777000
 CVE-2024-3520,0,0,4d2ca8beda165968cfea3b64e955c18436397c1b54474f7a64b510b5eacd13fe,2024-05-02T18:00:37.360000
 CVE-2024-35200,0,0,4e081bc266f3339c234fd0d9836610e298ca5ba3771760c1147fa5a32be6afdb,2024-06-10T18:15:34.983000
 CVE-2024-35204,0,0,0248f812c6eb240110c4167110975a2b8317634bb6300a9657da495b3589cfbb,2024-07-03T02:01:28.703000
@ -254437,6 +254440,7 @@ CVE-2024-3812,0,0,aee0c212c8bdd18b48eb1b3684691508393eebae6c9908dea995a90b32a5da
 CVE-2024-3813,0,0,255e2bbf5db93c0e3292fd35c927e47a1f392d6327b9d4c6707ef52776c11659,2024-06-17T12:42:04.623000
 CVE-2024-3814,0,0,af559420ce1e3044689136ce469515a498db3d8c3f527cd805c49729f88c5c18,2024-06-17T12:42:04.623000
 CVE-2024-3815,0,0,b8c8a85ee4e0df355cab9e3d8b72a412d3d9d1a29cf1232bd66e69ecee9ede27,2024-06-17T12:42:04.623000
+CVE-2024-38156,1,1,f7f21fb570d6c0ca94198f0ff871a07ed29cd48b417a871cc17dfe164ec39c8f,2024-07-19T02:15:18.140000
 CVE-2024-3816,0,0,ca9c8b3746ea2ebbbc383e9aa135dd99550dbafdbe5ff9c69dbe15b33a0feabf,2024-07-03T14:37:07.750000
 CVE-2024-3817,0,0,4cefb34eb15d4ef81a2470a00ac0f43601ef6263c0fd4425e7542c27d02dfa54,2024-04-18T13:04:28.900000
 CVE-2024-3818,0,0,b4c982a18364880791124fa7ba25840b7eb37a53aa1551fa23324d948b6ddd3f,2024-04-19T13:10:25.637000
@ -255349,7 +255353,7 @@ CVE-2024-40639,0,0,8bbb50b2a25542a9b7af4d56fa6e5b2d2c32a2fc32f95961ce4984af08c80
 CVE-2024-4064,0,0,3a1a40467a64f04bfa80ae5c066454b06b4092014a9e47cc1a50eb6eb22d315c,2024-05-17T02:40:14.223000
 CVE-2024-40640,0,0,7e1f28a17873c57850e387e604bc4923eccdf39126e84bd67e6dd03b6e2f6417,2024-07-18T12:28:43.707000
 CVE-2024-40641,0,0,522a4579f3ed40c8409e84cbd3831ae35d4e964d4b63997db7ecee22d7238032,2024-07-18T12:28:43.707000
-CVE-2024-40642,1,1,5b142a0c23048bee352230e29bd9b6aea049a047c91d28a93e8e1bf9291dcc59,2024-07-18T23:15:02
+CVE-2024-40642,0,0,5b142a0c23048bee352230e29bd9b6aea049a047c91d28a93e8e1bf9291dcc59,2024-07-18T23:15:02
 CVE-2024-40644,0,0,ec21deb8add2af254b8f5e6cd02ecd50eda5d4391710c6ebbfc8b842b6e6f777,2024-07-18T17:15:04.850000
 CVE-2024-40647,0,0,712b06a6bbf111257b5f28b032afb53a747641abd080f16989b2ace08b660171,2024-07-18T17:15:05.193000
 CVE-2024-40648,0,0,831fa76acd6e10bbb689b5d3b7c8a50809ee6494334c926a82963decaaa5dc76,2024-07-18T17:15:05.427000
@ -255522,7 +255526,7 @@ CVE-2024-4105,0,0,5dcbaf8d64f37f58816de0666875f99544dc68f0a9ee2a9bf8d53a5a9c6019
 CVE-2024-4106,0,0,3fc11eee434aa540a2e37440bd2e3ba6e18faae117022d3f68496d405f62ba7f,2024-06-26T12:44:29.693000
 CVE-2024-4107,0,0,ce88498baf95f06d1267d29854f2a9888ac0ddfe7fc00ea3036ccad453e487fa,2024-05-14T16:11:39.510000
 CVE-2024-4111,0,0,a3e4bcb39778569b3be84e8d38a6497dbc2fc6b5a3693d9cc21532b8df994ada,2024-06-04T19:20:29.827000
-CVE-2024-41111,1,1,76814d477046cd3d53fff306142e8831b629fe58621f00dcf7da741f8838d6eb,2024-07-18T23:15:02.280000
+CVE-2024-41111,0,0,76814d477046cd3d53fff306142e8831b629fe58621f00dcf7da741f8838d6eb,2024-07-18T23:15:02.280000
 CVE-2024-4112,0,0,66f333e775e64b1480506fa97b6a827bfd5dac62e9e10520346f3a867cac6cdd,2024-05-17T02:40:15.740000
 CVE-2024-4113,0,0,e0d06b1b449a5e3093ad238184a1fc3bb7c021d3199342ed4f77b54476531329,2024-05-17T02:40:15.830000
 CVE-2024-4114,0,0,387f9ca6df27ba000d0f44d990ccd6bb074258bb946c87938379db9652dc0a14,2024-05-17T02:40:15.917000
@ -256757,7 +256761,7 @@ CVE-2024-5557,0,0,e58f4a9974ae6a6ad512e69202e5dee259550c69c446c060784da606557be5
 CVE-2024-5558,0,0,f5606f757a3846688e526f8e8c7b353ed841a6a8222c822314196faac2c09cd1,2024-06-13T18:36:09.010000
 CVE-2024-5559,0,0,0c59604cbf219c2ba1c247f52c304752b12dd0f3c92c8b3c96e21ad233f99b0a,2024-06-13T18:36:09.010000
 CVE-2024-5560,0,0,3f42aec8823e745767fb091b3297e1872303ba832aca849be344540d1aa59c5f,2024-06-13T18:36:09.010000
-CVE-2024-5564,0,1,48b3aa05acc355f2d607057679b53b78d9ae8ba82afb6b85a7c30394b0ea59fa,2024-07-18T22:15:02.603000
+CVE-2024-5564,0,0,48b3aa05acc355f2d607057679b53b78d9ae8ba82afb6b85a7c30394b0ea59fa,2024-07-18T22:15:02.603000
 CVE-2024-5565,0,0,e1d36fa68b4a73d6b78bd8eb39c3f27f14d8d32dc884b4fdfa0f8545d690e8d1,2024-07-03T02:09:05.567000
 CVE-2024-5566,0,0,a945a0a6dfd60ba4f2475074f739c9c903faf3b04e2fc6dbcbd43f919a80fa3c,2024-07-17T13:34:20.520000
 CVE-2024-5569,0,0,b9fd3bed59b5f668c54b0264622201b8600e789b08e0f56eae05ce6b6e8c76ce,2024-07-09T18:19:14.047000
@ -257047,7 +257051,7 @@ CVE-2024-5993,0,0,b45a0ae570b278a2a66647d60174ec8036c753d27cba9d6e9660698bbc3fa2
 CVE-2024-5994,0,0,c1974f8e417911883c192155213f25e6e809cb75c20fd828172f5e744b8258d3,2024-06-17T12:42:04.623000
 CVE-2024-5995,0,0,8d0649a03e9f8bd101521287664fde419efa05e0cba1e926a7b9f4f0e9253177,2024-06-17T12:42:04.623000
 CVE-2024-5996,0,0,918847ed31e9a63de46ac039dd01d572fa8e980691ed5ebebacc312a719edc7b,2024-06-17T12:42:04.623000
-CVE-2024-5997,1,1,0a1931bc0465b22abf943e4c57713607a31f9a3823cd7d20973f351b47840216,2024-07-18T22:15:03.037000
+CVE-2024-5997,0,0,0a1931bc0465b22abf943e4c57713607a31f9a3823cd7d20973f351b47840216,2024-07-18T22:15:03.037000
 CVE-2024-6000,0,0,4ab86aa4bce235d1120437fd5cb3b34fb6bdae181005ebaa070e8c0afe83cf87,2024-06-17T12:42:04.623000
 CVE-2024-6003,0,0,14279c0384813c4cf50ab75a79953f2b0469d9bedd7f76c2b6cebfd90962fd14,2024-06-17T16:15:16.027000
 CVE-2024-6005,0,0,4d74c6c4a521a164f63a9fe529c141dc8da0592a0575e27e0e62d822beb9b877,2024-06-17T12:42:04.623000
@ -257297,7 +257301,7 @@ CVE-2024-6381,0,0,2822fb12d769fe1cca32125b45cae52ba3e5807419213b6087c6db8de8d2b3
 CVE-2024-6382,0,0,9f140af24f460b4413fa844f95383cc153754360a136939b8743c2d8327ebf99,2024-07-03T12:53:24.977000
 CVE-2024-6383,0,0,4622f4fc90fbde51d6570a14e2ee494e3e71659c68201475e4e4eb659c036ac0,2024-07-05T12:55:51.367000
 CVE-2024-6385,0,0,13d2095bcd11ed43b6c47262c7b96c8a9e162b20cb975895bc98c3af67d39ff6,2024-07-12T16:49:14.047000
-CVE-2024-6387,0,1,f346d743f5bb5606d45f1c54975e0bb1d7fd5eaa97c805ca92dc259ae0bbb4da,2024-07-18T22:15:03.630000
+CVE-2024-6387,0,0,f346d743f5bb5606d45f1c54975e0bb1d7fd5eaa97c805ca92dc259ae0bbb4da,2024-07-18T22:15:03.630000
 CVE-2024-6388,0,0,0ce37f83493b5d79bb3fdc963327390bc09266ac17f5f1de660cf43d4cdce70d,2024-06-27T17:11:52.390000
 CVE-2024-6391,0,0,f39301e9680e09028795caddd1f0219ac421e8fbe3773aa2e024531728c8f9e1,2024-07-09T18:19:14.047000
 CVE-2024-6392,0,0,f361942df6276a0c96574512bc05717f2075a1be2cafe6840357bf3e68ede92f,2024-07-12T12:49:07.030000