From 5033851ffc27f0f3340b6f3b16750d0a3beaec27 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 3 Sep 2024 12:03:19 +0000 Subject: [PATCH] Auto-Update: 2024-09-03T12:00:18.444889+00:00 --- CVE-2024/CVE-2024-36xx/CVE-2024-3655.json | 33 +++++++++ CVE-2024/CVE-2024-388xx/CVE-2024-38811.json | 56 +++++++++++++++ CVE-2024/CVE-2024-417xx/CVE-2024-41718.json | 16 +++++ CVE-2024/CVE-2024-455xx/CVE-2024-45586.json | 78 +++++++++++++++++++++ CVE-2024/CVE-2024-455xx/CVE-2024-45587.json | 78 +++++++++++++++++++++ CVE-2024/CVE-2024-455xx/CVE-2024-45588.json | 78 +++++++++++++++++++++ CVE-2024/CVE-2024-59xx/CVE-2024-5953.json | 6 +- CVE-2024/CVE-2024-64xx/CVE-2024-6473.json | 78 +++++++++++++++++++++ CVE-2024/CVE-2024-83xx/CVE-2024-8374.json | 56 +++++++++++++++ README.md | 18 +++-- _state.csv | 12 +++- 11 files changed, 501 insertions(+), 8 deletions(-) create mode 100644 CVE-2024/CVE-2024-36xx/CVE-2024-3655.json create mode 100644 CVE-2024/CVE-2024-388xx/CVE-2024-38811.json create mode 100644 CVE-2024/CVE-2024-417xx/CVE-2024-41718.json create mode 100644 CVE-2024/CVE-2024-455xx/CVE-2024-45586.json create mode 100644 CVE-2024/CVE-2024-455xx/CVE-2024-45587.json create mode 100644 CVE-2024/CVE-2024-455xx/CVE-2024-45588.json create mode 100644 CVE-2024/CVE-2024-64xx/CVE-2024-6473.json create mode 100644 CVE-2024/CVE-2024-83xx/CVE-2024-8374.json diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3655.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3655.json new file mode 100644 index 00000000000..03812262074 --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3655.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-3655", + "sourceIdentifier": "arm-security@arm.com", + "published": "2024-09-03T10:15:06.083", + "lastModified": "2024-09-03T10:15:06.083", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r43p0 through r49p0; Valhall GPU Kernel Driver: from r43p0 through r49p0; Arm 5th Gen GPU Architecture Kernel Driver: from r43p0 through r49p0." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "arm-security@arm.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities", + "source": "arm-security@arm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38811.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38811.json new file mode 100644 index 00000000000..7a1abcbd02d --- /dev/null +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38811.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-38811", + "sourceIdentifier": "security@vmware.com", + "published": "2024-09-03T10:15:05.477", + "lastModified": "2024-09-03T10:15:05.477", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "VMware Fusion (13.x before 13.6) contains a code-execution vulnerability due to the usage of an insecure environment variable.\u00a0A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41718.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41718.json new file mode 100644 index 00000000000..40202a03c3b --- /dev/null +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41718.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2024-41718", + "sourceIdentifier": "vultures@jpcert.or.jp", + "published": "2024-09-03T11:15:15.050", + "lastModified": "2024-09-03T11:15:15.050", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CVE ID. ConsultIDs: CVE-2024-39771. Reason: This CVE ID is a reservation duplicate of CVE-2024-39771. Notes: All CVE users should reference CVE-2024-39771 instead of this CVE ID. All references and descriptions in this CVE ID have been removed to prevent accidental usage." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45586.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45586.json new file mode 100644 index 00000000000..91ed819ed96 --- /dev/null +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45586.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-45586", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-09-03T10:15:06.180", + "lastModified": "2024-09-03T10:15:06.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists due to improper access controls on APIs in the Authentication module of Symphony XTS Web Trading and Mobile Trading platforms (version 2.0.0.1_P160). An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized account take over belonging to other users." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45587.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45587.json new file mode 100644 index 00000000000..6883c98a173 --- /dev/null +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45587.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-45587", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-09-03T10:15:06.373", + "lastModified": "2024-09-03T10:15:06.373", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Transaction module of vulnerable application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to compromise of other user accounts." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45588.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45588.json new file mode 100644 index 00000000000..7f41abed28a --- /dev/null +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45588.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-45588", + "sourceIdentifier": "vdisclose@cert-in.org.in", + "published": "2024-09-03T11:15:15.333", + "lastModified": "2024-09-03T11:15:15.333", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. An authenticated remote attacker could exploit this vulnerability by manipulating parameters through HTTP request which could lead to unauthorized access and modification of sensitive information belonging to other users." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.5, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "vdisclose@cert-in.org.in", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0281", + "source": "vdisclose@cert-in.org.in" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-59xx/CVE-2024-5953.json b/CVE-2024/CVE-2024-59xx/CVE-2024-5953.json index 7abc1d76c8b..748145ff758 100644 --- a/CVE-2024/CVE-2024-59xx/CVE-2024-5953.json +++ b/CVE-2024/CVE-2024-59xx/CVE-2024-5953.json @@ -2,7 +2,7 @@ "id": "CVE-2024-5953", "sourceIdentifier": "secalert@redhat.com", "published": "2024-06-18T10:15:11.170", - "lastModified": "2024-08-21T13:15:04.867", + "lastModified": "2024-09-03T11:15:15.463", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -68,6 +68,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:5690", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:6153", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-5953", "source": "secalert@redhat.com" diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6473.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6473.json new file mode 100644 index 00000000000..fad19d01928 --- /dev/null +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6473.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-6473", + "sourceIdentifier": "browser-security@yandex-team.ru", + "published": "2024-09-03T11:15:15.800", + "lastModified": "2024-09-03T11:15:15.800", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Yandex Browser for Desktop before 24.7.1.380 has a DLL Hijacking Vulnerability because an untrusted search path is used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "browser-security@yandex-team.ru", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.4, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "browser-security@yandex-team.ru", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-426" + } + ] + } + ], + "references": [ + { + "url": "https://yandex.com/bugbounty/i/hall-of-fame-browser/", + "source": "browser-security@yandex-team.ru" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-83xx/CVE-2024-8374.json b/CVE-2024/CVE-2024-83xx/CVE-2024-8374.json new file mode 100644 index 00000000000..589cafe0499 --- /dev/null +++ b/CVE-2024/CVE-2024-83xx/CVE-2024-8374.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-8374", + "sourceIdentifier": "596c5446-0ce5-4ba2-aa66-48b3b757a647", + "published": "2024-09-03T10:15:06.483", + "lastModified": "2024-09-03T10:15:06.483", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "UltiMaker Cura slicer versions 5.7.0-beta.1 through 5.7.2 are vulnerable to code injection via the 3MF format reader (/plugins/ThreeMFReader.py). The vulnerability arises from improper handling of the drop_to_buildplate property within 3MF files, which are ZIP archives containing the model data. When a 3MF file is loaded in Cura, the value of the drop_to_buildplate property is passed to the Python eval() function without proper sanitization, allowing an attacker to execute arbitrary code by crafting a malicious 3MF file. This vulnerability poses a significant risk as 3MF files are commonly shared via 3D model databases." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Ultimaker/Cura/commit/285a241eb28da3188c977f85d68937c0dad79c50", + "source": "596c5446-0ce5-4ba2-aa66-48b3b757a647" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c69effefea8..2d45fe00964 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-09-03T10:00:17.576575+00:00 +2024-09-03T12:00:18.444889+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-09-03T06:15:14.413000+00:00 +2024-09-03T11:15:15.800000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,28 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -261732 +261740 ``` ### CVEs added in the last Commit -Recently added CVEs: `0` +Recently added CVEs: `8` +- [CVE-2024-3655](CVE-2024/CVE-2024-36xx/CVE-2024-3655.json) (`2024-09-03T10:15:06.083`) +- [CVE-2024-38811](CVE-2024/CVE-2024-388xx/CVE-2024-38811.json) (`2024-09-03T10:15:05.477`) +- [CVE-2024-41718](CVE-2024/CVE-2024-417xx/CVE-2024-41718.json) (`2024-09-03T11:15:15.050`) +- [CVE-2024-45586](CVE-2024/CVE-2024-455xx/CVE-2024-45586.json) (`2024-09-03T10:15:06.180`) +- [CVE-2024-45587](CVE-2024/CVE-2024-455xx/CVE-2024-45587.json) (`2024-09-03T10:15:06.373`) +- [CVE-2024-45588](CVE-2024/CVE-2024-455xx/CVE-2024-45588.json) (`2024-09-03T11:15:15.333`) +- [CVE-2024-6473](CVE-2024/CVE-2024-64xx/CVE-2024-6473.json) (`2024-09-03T11:15:15.800`) +- [CVE-2024-8374](CVE-2024/CVE-2024-83xx/CVE-2024-8374.json) (`2024-09-03T10:15:06.483`) ### CVEs modified in the last Commit Recently modified CVEs: `1` -- [CVE-2024-37136](CVE-2024/CVE-2024-371xx/CVE-2024-37136.json) (`2024-09-03T06:15:14.413`) +- [CVE-2024-5953](CVE-2024/CVE-2024-59xx/CVE-2024-5953.json) (`2024-09-03T11:15:15.463`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 93d34b14331..4bb8fb9cb10 100644 --- a/_state.csv +++ b/_state.csv @@ -254471,6 +254471,7 @@ CVE-2024-36543,0,0,dbb1c819537d5d2e6ccb57b6fa0d1307530721c713dab080cb8c7f78417a5 CVE-2024-36547,0,0,1b4cc0318f47a7d1f45dacca15d9b24343df7af637add62667d3afc6feef36f0,2024-08-19T17:35:18.467000 CVE-2024-36548,0,0,e144d04945e12f1b5c400dc40c85f1ddfbf9c8356b7dd5897c3f62cd196828a6,2024-08-19T16:35:18.257000 CVE-2024-36549,0,0,55197a9eb0c500888bab7cc4a629fb75ed440d45a5f54f4b25e5199e4a6cc60a,2024-08-14T20:35:11.993000 +CVE-2024-3655,1,1,b0d84350c0dd06dc6f2f09d18a4968bc6d721fe573425885478ce6d0797caaa6,2024-09-03T10:15:06.083000 CVE-2024-36550,0,0,d598c384dd8bbd4edfd1900743514ac3a937e6a8f9e3bb960c12f741aca4d680,2024-08-21T16:35:07.113000 CVE-2024-36568,0,0,c947aedd82bb9149f6d5ed733e385977abac9a86db57bbcbe31097874b0b1009,2024-07-03T02:03:17.227000 CVE-2024-36569,0,0,360f77d552cdb048cab439a5bee7725cd5b340a5088e797dd6c6cd06c49b10f6,2024-07-03T02:03:18.013000 @@ -254815,7 +254816,7 @@ CVE-2024-37132,0,0,32a23a7a93e12576e3cef44acbc1e26d96ab3673ab3a48bd46dd4729adbac CVE-2024-37133,0,0,00b1139f9174975ec5c3de34a64ed678ba7d69bbdd2f853dfe982f25e03c56e7,2024-07-03T18:01:19.487000 CVE-2024-37134,0,0,8ed9324b0e419d00f56c9177e18aa3c394712dc2a31ec456c168c8f73d2e83d7,2024-07-03T18:01:30.463000 CVE-2024-37135,0,0,1825f0bbd6a3644a5defcb06610c875a4d62a2c01b0edfc19cfb2bb9d9e24173,2024-08-01T12:42:36.933000 -CVE-2024-37136,0,1,6a9d00a093266316317a07fef895592f2ac076cdfa0af5c999542bb5d5263d86,2024-09-03T06:15:14.413000 +CVE-2024-37136,0,0,6a9d00a093266316317a07fef895592f2ac076cdfa0af5c999542bb5d5263d86,2024-09-03T06:15:14.413000 CVE-2024-37137,0,0,015bdbe57b75c18c5c9568a3702d89c1497d9ae0c088b4ae375896212249bae1,2024-06-28T10:27:00.920000 CVE-2024-37138,0,0,0a1a2faf5915443beb4b9b146b70944e6a09572b5304f90b5e8531aa017e41a8,2024-06-26T12:44:29.693000 CVE-2024-37139,0,0,8bcc51f0578107c550f57eda3e8f8169088ed87cca1e5fda916b143e22a12acf,2024-06-26T12:44:29.693000 @@ -255965,6 +255966,7 @@ CVE-2024-38807,0,0,6663b89433c5ca3162ac8e0676fc16d9b92af7b1823f84debbce11cbc23a4 CVE-2024-38808,0,0,53d74bad70081ff05a1300457357e667e449199d0759115b64cb9ca097eeea3f,2024-08-20T15:44:20.567000 CVE-2024-3881,0,0,3699310594a82ce285b52bf9c21755fa8173160a66408c76064512e538b3fcc8,2024-05-17T02:40:10.360000 CVE-2024-38810,0,0,a8d05ba61ad79ab8e573251f3391c7e33071f14ecb67883defa939520cad5b0a,2024-08-20T15:44:20.567000 +CVE-2024-38811,1,1,6bc5d6bd0751749cef9e15461420301c783b175b7b7172b62120263e5858779e,2024-09-03T10:15:05.477000 CVE-2024-3882,0,0,8cf286ca42c3a62eccb821d9ac0678dabad594eee248c127390ddaf169987d46,2024-05-17T02:40:10.457000 CVE-2024-3883,0,0,e6bda202b9fd54c10f25f29dd8ae0cebb83b1538aee636944c2fd66bf4045fff,2024-05-02T13:27:25.103000 CVE-2024-3885,0,0,9b28a2ee85edfe77753e71858fb1438bd68a9b6ee299843f3a5752cca4753d01,2024-05-02T18:00:37.360000 @@ -257443,6 +257445,7 @@ CVE-2024-41709,0,0,6713bfc73e81c65bc7923627db30413fcbe413ec587fff89449c3abd86e7e CVE-2024-4171,0,0,87597e8caa4479ab69c883527c35fc22af72d614757313d16953f50dcfa107c2,2024-06-04T19:20:31.980000 CVE-2024-41710,0,0,60d485e1ae4ab9a6a76b69400c8e45c5632e291398c40e0cff7baeda3bb118be,2024-08-14T18:35:06.257000 CVE-2024-41711,0,0,a7d50100784e2b53720ec9203abd546adbf9c7f45f11894e83b991465b2f1919,2024-08-14T16:35:15.033000 +CVE-2024-41718,1,1,7651686104923551937c1bf922db9a37da5f3ad1631e564fe3c0dca9a6e79a72,2024-09-03T11:15:15.050000 CVE-2024-41719,0,0,9153c34983715c653b1c300082bd1504f28f779a4622f52f1934f7c462bf8faf,2024-08-19T18:40:35.203000 CVE-2024-4172,0,0,ae5cefdd41ee745a5f3463347f20f3f77110439c81ed1ad285dedf4b40da1c57,2024-06-04T19:20:32.077000 CVE-2024-41720,0,0,2d7bee1f981165f1c9cbab9643ce597269a916a15ed0d381724ec0dadf39a971,2024-08-30T17:49:42.047000 @@ -258961,6 +258964,9 @@ CVE-2024-4555,0,0,2d6c47296afeedb2c6a7f60677f2d88681b96e578cfefc1913928dc16b7bb8 CVE-2024-4556,0,0,7d09fa247082252ffb6b7dda6aa600cf3ff3bf7dd0d9af7b07da29fff8c7a6fb,2024-08-28T12:57:17.117000 CVE-2024-4557,0,0,66c84ceab02c8adff7c7e309e3c388a17800860cf81ce53b59e1c60dda9ffb15,2024-06-28T13:19:24.767000 CVE-2024-4558,0,0,f33120bad100499bf0c3c5e20b119cff8d6ade1c8324fe8cac904ff1ff2e147b,2024-07-30T02:15:08.293000 +CVE-2024-45586,1,1,e73dfe8cee280e7aa0d7fe5d45338ea9a412a68a40fb17b2fb3c440d1fb0f02d,2024-09-03T10:15:06.180000 +CVE-2024-45587,1,1,bac2b4c1db11b0ffa47a02fbcfe52b4c553b3666dd9b6fa6f964745c04e28707,2024-09-03T10:15:06.373000 +CVE-2024-45588,1,1,adb3ed3fdc330cba62d6202b0f2162681dbb6ecc8ed0ff5cffd950d01f28836d,2024-09-03T11:15:15.333000 CVE-2024-4559,0,0,bf46d9d7302afe42ee4323175537eeb1eb701f6d945f2b96b5e6acc4bfa04589,2024-07-03T02:07:46.003000 CVE-2024-4560,0,0,3d2b06b4cd5ab2760bd3f364e15c96b4f7456a14baec47a1cd857fe992686648,2024-05-14T16:11:39.510000 CVE-2024-4561,0,0,8ef61ebc386f7e587b6eb6df8054d64514729591e443c5ac6735c0df58420e0f,2024-05-15T16:40:19.330000 @@ -260170,7 +260176,7 @@ CVE-2024-5949,0,0,4572c12d3ad878ee653901722f7c16c0dabd647af42f6f6ae5a5828547615d CVE-2024-5950,0,0,f2973766f812398c51fdc9e52a19a5f151706c2da451b30e218939a121000c2a,2024-08-07T18:12:58.253000 CVE-2024-5951,0,0,6febf2923b11ad8e5c0b580c95ce8478dd937b62c84a55da1a853959f3aac15d,2024-08-07T18:12:55.977000 CVE-2024-5952,0,0,4b0244413edcc544ed5c05479b5dbc3eeb5d75652ce440b39e8ad3eb0aaa28bb,2024-08-07T17:50:09.493000 -CVE-2024-5953,0,0,e9574cc1fd34f1e834cbe0d5750f95c4489259c54c4b5423533e702bf4652353,2024-08-21T13:15:04.867000 +CVE-2024-5953,0,1,b751d8c3256cadea715af09554e498d62ce421392f8f753ae9bea01ad7d81fc9,2024-09-03T11:15:15.463000 CVE-2024-5961,0,0,458be8cb6fdb0d558a4d51d11b5f294250dd9695661afd805b88290bb2df249d,2024-06-17T12:42:04.623000 CVE-2024-5963,0,0,a4cccf44b2eb0314cba658473713210aafeaf2066181b69f96f839930da4f321,2024-08-06T16:30:24.547000 CVE-2024-5964,0,0,d6f5f38a4c6449f04f742ee04a5db3f604bc83ddff32647d9051bd1d156e71e9,2024-07-18T12:28:43.707000 @@ -260585,6 +260591,7 @@ CVE-2024-6469,0,0,8a9cc14cdc15687cebe1f067587bd279bfc289daac6283040462018576c0d5 CVE-2024-6470,0,0,c9a33c23ec7370c50b4df58ad71ec5e181cf8d29947a984c43804e0a58dc7723,2024-07-05T12:55:51.367000 CVE-2024-6471,0,0,09d48a1225aac8158aa4c1ca2c8aef77a523ae62ed5b11e34f01b64da625d366,2024-08-23T16:47:32.537000 CVE-2024-6472,0,0,06cfc3c26e9764572c1adb3e446cad13cb9599b02c4c47946f6698a134e25867,2024-08-06T16:31:05.780000 +CVE-2024-6473,1,1,6ebf405f7667c509cbabbc002f353e009331cd448e0c1b62c24fe5a4baecc4af,2024-09-03T11:15:15.800000 CVE-2024-6477,0,0,af465e59718721c7b727c1ec6a265ade947c829c05464c1090814aa1a74a6b13,2024-08-05T12:41:45.957000 CVE-2024-6481,0,0,8a6ed16cb15e9b1be7b8ecc3c869a269748ddec5ecbc3504e8d7f068ea116af3,2024-08-08T14:35:14.190000 CVE-2024-6484,0,0,bc633abd6bfb9da06585afdfb273066dfbc508847026385eb612d46f7c70ed29,2024-07-11T18:09:58.777000 @@ -261730,4 +261737,5 @@ CVE-2024-8366,0,0,aa72fcd41b228be7b06f6c9a81ecf2f8f9fd5e20be0db7cf0df490a8a5890f CVE-2024-8367,0,0,8148f938d91de1e8fd6536b835fce7d047e450cd706d113fc44497b29c91e0fa,2024-09-01T04:15:14.107000 CVE-2024-8368,0,0,b6512ddcc37b6e90aa53a67b75199705c7ccbc726e2c91253f9dcb246f9ed10e,2024-09-01T05:15:12.187000 CVE-2024-8370,0,0,fc6619055deaa0369ad7ec9ea228a5984b89e76836c9bae412619b763ebbc1d6,2024-09-01T22:15:14.117000 +CVE-2024-8374,1,1,d6438bd8e120c367e525d81987d685338641f243da94dfadc466af2540001eff,2024-09-03T10:15:06.483000 CVE-2024-8380,0,0,59536f41ae8eb3ab90b4321adcf0c677bff349890fe9496a5f0af1786eb08033,2024-09-03T01:15:13.690000