From 5ebd9e12c37e80a36521afab25c6c9954cf50748 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sun, 11 Feb 2024 07:00:28 +0000 Subject: [PATCH] Auto-Update: 2024-02-11T07:00:24.772475+00:00 --- CVE-2023/CVE-2023-27xx/CVE-2023-2700.json | 6 +++- CVE-2023/CVE-2023-37xx/CVE-2023-3750.json | 6 +++- CVE-2023/CVE-2023-524xx/CVE-2023-52428.json | 28 +++++++++++++++ CVE-2023/CVE-2023-53xx/CVE-2023-5371.json | 6 +++- CVE-2023/CVE-2023-61xx/CVE-2023-6174.json | 6 +++- CVE-2024/CVE-2024-02xx/CVE-2024-0208.json | 6 +++- CVE-2024/CVE-2024-216xx/CVE-2024-21626.json | 8 +++-- CVE-2024/CVE-2024-232xx/CVE-2024-23222.json | 6 +++- CVE-2024/CVE-2024-257xx/CVE-2024-25718.json | 40 +++++++++++++++++++++ CVE-2024/CVE-2024-257xx/CVE-2024-25722.json | 24 +++++++++++++ README.md | 25 +++++++------ 11 files changed, 143 insertions(+), 18 deletions(-) create mode 100644 CVE-2023/CVE-2023-524xx/CVE-2023-52428.json create mode 100644 CVE-2024/CVE-2024-257xx/CVE-2024-25718.json create mode 100644 CVE-2024/CVE-2024-257xx/CVE-2024-25722.json diff --git a/CVE-2023/CVE-2023-27xx/CVE-2023-2700.json b/CVE-2023/CVE-2023-27xx/CVE-2023-2700.json index 01fd1981e63..73061dcc0b8 100644 --- a/CVE-2023/CVE-2023-27xx/CVE-2023-2700.json +++ b/CVE-2023/CVE-2023-27xx/CVE-2023-2700.json @@ -2,7 +2,7 @@ "id": "CVE-2023-2700", "sourceIdentifier": "secalert@redhat.com", "published": "2023-05-15T22:15:12.207", - "lastModified": "2023-07-06T19:15:10.307", + "lastModified": "2024-02-11T06:15:10.860", "vulnStatus": "Modified", "descriptions": [ { @@ -111,6 +111,10 @@ "Patch" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/", + "source": "secalert@redhat.com" + }, { "url": "https://security.netapp.com/advisory/ntap-20230706-0001/", "source": "secalert@redhat.com" diff --git a/CVE-2023/CVE-2023-37xx/CVE-2023-3750.json b/CVE-2023/CVE-2023-37xx/CVE-2023-3750.json index d5d7d83a6c6..df55ca61bef 100644 --- a/CVE-2023/CVE-2023-37xx/CVE-2023-3750.json +++ b/CVE-2023/CVE-2023-37xx/CVE-2023-3750.json @@ -2,7 +2,7 @@ "id": "CVE-2023-3750", "sourceIdentifier": "secalert@redhat.com", "published": "2023-07-24T16:15:13.267", - "lastModified": "2023-11-07T14:15:21.660", + "lastModified": "2024-02-11T06:15:11.140", "vulnStatus": "Modified", "descriptions": [ { @@ -117,6 +117,10 @@ "Issue Tracking", "Vendor Advisory" ] + }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVK6JKP36CHE7YAFDJNPNLTW4OWJJ7TQ/", + "source": "secalert@redhat.com" } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-524xx/CVE-2023-52428.json b/CVE-2023/CVE-2023-524xx/CVE-2023-52428.json new file mode 100644 index 00000000000..4ca04635122 --- /dev/null +++ b/CVE-2023/CVE-2023-524xx/CVE-2023-52428.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2023-52428", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-11T05:15:08.383", + "lastModified": "2024-02-11T05:15:08.383", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In Connect2id Nimbus JOSE+JWT before 9.37.2, an attacker can cause a denial of service (resource consumption) via a large JWE p2c header value (aka iteration count) for the PasswordBasedDecrypter (PBKDF2) component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/commits/3b3b77e", + "source": "cve@mitre.org" + }, + { + "url": "https://bitbucket.org/connect2id/nimbus-jose-jwt/issues/526/", + "source": "cve@mitre.org" + }, + { + "url": "https://connect2id.com/products/nimbus-jose-jwt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-53xx/CVE-2023-5371.json b/CVE-2023/CVE-2023-53xx/CVE-2023-5371.json index c467b6868f0..72cd637df29 100644 --- a/CVE-2023/CVE-2023-53xx/CVE-2023-5371.json +++ b/CVE-2023/CVE-2023-53xx/CVE-2023-5371.json @@ -2,7 +2,7 @@ "id": "CVE-2023-5371", "sourceIdentifier": "cve@gitlab.com", "published": "2023-10-04T17:15:10.437", - "lastModified": "2024-02-10T02:15:42.320", + "lastModified": "2024-02-11T06:15:11.297", "vulnStatus": "Modified", "descriptions": [ { @@ -120,6 +120,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/", "source": "cve@gitlab.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/", + "source": "cve@gitlab.com" + }, { "url": "https://security.gentoo.org/glsa/202402-09", "source": "cve@gitlab.com" diff --git a/CVE-2023/CVE-2023-61xx/CVE-2023-6174.json b/CVE-2023/CVE-2023-61xx/CVE-2023-6174.json index 10ab6864897..a12d42d7f4e 100644 --- a/CVE-2023/CVE-2023-61xx/CVE-2023-6174.json +++ b/CVE-2023/CVE-2023-61xx/CVE-2023-6174.json @@ -2,7 +2,7 @@ "id": "CVE-2023-6174", "sourceIdentifier": "cve@gitlab.com", "published": "2023-11-16T12:15:07.240", - "lastModified": "2024-02-10T02:15:42.427", + "lastModified": "2024-02-11T06:15:11.437", "vulnStatus": "Modified", "descriptions": [ { @@ -126,6 +126,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/", "source": "cve@gitlab.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/", + "source": "cve@gitlab.com" + }, { "url": "https://security.gentoo.org/glsa/202402-09", "source": "cve@gitlab.com" diff --git a/CVE-2024/CVE-2024-02xx/CVE-2024-0208.json b/CVE-2024/CVE-2024-02xx/CVE-2024-0208.json index f9012da4c47..f85004a64d5 100644 --- a/CVE-2024/CVE-2024-02xx/CVE-2024-0208.json +++ b/CVE-2024/CVE-2024-02xx/CVE-2024-0208.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0208", "sourceIdentifier": "cve@gitlab.com", "published": "2024-01-03T08:15:10.340", - "lastModified": "2024-02-10T02:15:42.520", + "lastModified": "2024-02-11T06:15:11.573", "vulnStatus": "Modified", "descriptions": [ { @@ -125,6 +125,10 @@ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/", "source": "cve@gitlab.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/", + "source": "cve@gitlab.com" + }, { "url": "https://www.wireshark.org/security/wnpa-sec-2024-01.html", "source": "cve@gitlab.com", diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21626.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21626.json index a5ea081ec39..2a979085afb 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21626.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21626.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21626", "sourceIdentifier": "security-advisories@github.com", "published": "2024-01-31T22:15:53.780", - "lastModified": "2024-02-09T15:38:09.697", - "vulnStatus": "Analyzed", + "lastModified": "2024-02-11T06:15:11.683", + "vulnStatus": "Modified", "descriptions": [ { "lang": "en", @@ -163,6 +163,10 @@ "Vendor Advisory" ] }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/", + "source": "security-advisories@github.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/", "source": "security-advisories@github.com", diff --git a/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json b/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json index d40f5bfc96e..c815dcd2551 100644 --- a/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json +++ b/CVE-2024/CVE-2024-232xx/CVE-2024-23222.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23222", "sourceIdentifier": "product-security@apple.com", "published": "2024-01-23T01:15:11.500", - "lastModified": "2024-02-09T02:15:09.197", + "lastModified": "2024-02-11T06:15:11.833", "vulnStatus": "Modified", "cisaExploitAdd": "2024-01-23", "cisaActionDue": "2024-02-13", @@ -185,6 +185,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/02/05/8", "source": "product-security@apple.com" }, + { + "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/", + "source": "product-security@apple.com" + }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/", "source": "product-security@apple.com" diff --git a/CVE-2024/CVE-2024-257xx/CVE-2024-25718.json b/CVE-2024/CVE-2024-257xx/CVE-2024-25718.json new file mode 100644 index 00000000000..e5b596df31d --- /dev/null +++ b/CVE-2024/CVE-2024-257xx/CVE-2024-25718.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2024-25718", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-11T05:15:08.463", + "lastModified": "2024-02-11T05:15:08.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://diff.hex.pm/diff/samly/1.3.0..1.4.0", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/dropbox/samly", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/dropbox/samly/pull/13", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/dropbox/samly/pull/13/commits/812b5c3ad076dc9c9334c1a560c8e6470607d1eb", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/handnot2/samly", + "source": "cve@mitre.org" + }, + { + "url": "https://hex.pm/packages/samly", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-257xx/CVE-2024-25722.json b/CVE-2024/CVE-2024-257xx/CVE-2024-25722.json new file mode 100644 index 00000000000..68ba8c18bb8 --- /dev/null +++ b/CVE-2024/CVE-2024-257xx/CVE-2024-25722.json @@ -0,0 +1,24 @@ +{ + "id": "CVE-2024-25722", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-02-11T05:15:08.523", + "lastModified": "2024-02-11T05:15:08.523", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/netease-youdao/QAnything/commit/35753b892c2c4361b318d68dfa3e251c85ce889c", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/netease-youdao/QAnything/compare/v1.1.1...v1.2.0", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index b6f51385f28..ba6b648f0ea 100644 --- a/README.md +++ b/README.md @@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-02-11T05:00:23.814178+00:00 +2024-02-11T07:00:24.772475+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-02-11T04:15:08.100000+00:00 +2024-02-11T06:15:11.833000+00:00 ``` ### Last Data Feed Release @@ -29,24 +29,29 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -238115 +238118 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `3` -* [CVE-2023-52427](CVE-2023/CVE-2023-524xx/CVE-2023-52427.json) (`2024-02-11T04:15:08.100`) -* [CVE-2024-1431](CVE-2024/CVE-2024-14xx/CVE-2024-1431.json) (`2024-02-11T03:15:07.733`) -* [CVE-2024-1432](CVE-2024/CVE-2024-14xx/CVE-2024-1432.json) (`2024-02-11T03:15:08.930`) -* [CVE-2024-25714](CVE-2024/CVE-2024-257xx/CVE-2024-25714.json) (`2024-02-11T03:15:09.393`) -* [CVE-2024-25715](CVE-2024/CVE-2024-257xx/CVE-2024-25715.json) (`2024-02-11T03:15:09.453`) +* [CVE-2023-52428](CVE-2023/CVE-2023-524xx/CVE-2023-52428.json) (`2024-02-11T05:15:08.383`) +* [CVE-2024-25718](CVE-2024/CVE-2024-257xx/CVE-2024-25718.json) (`2024-02-11T05:15:08.463`) +* [CVE-2024-25722](CVE-2024/CVE-2024-257xx/CVE-2024-25722.json) (`2024-02-11T05:15:08.523`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `7` +* [CVE-2023-2700](CVE-2023/CVE-2023-27xx/CVE-2023-2700.json) (`2024-02-11T06:15:10.860`) +* [CVE-2023-3750](CVE-2023/CVE-2023-37xx/CVE-2023-3750.json) (`2024-02-11T06:15:11.140`) +* [CVE-2023-5371](CVE-2023/CVE-2023-53xx/CVE-2023-5371.json) (`2024-02-11T06:15:11.297`) +* [CVE-2023-6174](CVE-2023/CVE-2023-61xx/CVE-2023-6174.json) (`2024-02-11T06:15:11.437`) +* [CVE-2024-0208](CVE-2024/CVE-2024-02xx/CVE-2024-0208.json) (`2024-02-11T06:15:11.573`) +* [CVE-2024-21626](CVE-2024/CVE-2024-216xx/CVE-2024-21626.json) (`2024-02-11T06:15:11.683`) +* [CVE-2024-23222](CVE-2024/CVE-2024-232xx/CVE-2024-23222.json) (`2024-02-11T06:15:11.833`) ## Download and Usage