admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 19:47:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-07T18:00:18.677280+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-07 18:03:12 +00:00
parent c53caff8e2
commit 6c74b6201c
21 changed files with 629 additions and 399 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
CVE-2024/CVE-2024-16xx/CVE-2024-1665.json
View File

@ -2,62 +2,14 @@
"id": "CVE-2024-1665",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-04-16T00:15:10.150",
"lastModified": "2024-04-16T13:24:07.103",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-07T17:15:49.850",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "lunary-ai/lunary version 1.0.0 is vulnerable to unauthorized evaluation creation due to missing server-side checks for user account status during evaluation creation. While the web UI restricts evaluation creation to paid accounts, the server-side API endpoint '/v1/evaluations' does not verify if the user has a paid account, allowing users with free or self-hosted accounts to create unlimited evaluations without upgrading their account. This vulnerability is due to the lack of account status validation in the evaluation creation process."
},
{
"lang": "es",
"value": "lunary-ai/lunary versi\u00f3n 1.0.0 es vulnerable a la creaci\u00f3n de evaluaciones no autorizadas debido a que faltan verificaciones del lado del servidor para el estado de la cuenta de usuario durante la creaci\u00f3n de la evaluaci\u00f3n. Si bien la interfaz de usuario web restringe la creaci\u00f3n de evaluaciones a cuentas pagas, el endpoint API del lado del servidor '/v1/evaluations' no verifica si el usuario tiene una cuenta paga, lo que permite a los usuarios con cuentas gratuitas o autohospedadas crear evaluaciones ilimitadas sin actualizar su cuenta. Esta vulnerabilidad se debe a la falta de validaci\u00f3n del estado de la cuenta en el proceso de creaci\u00f3n de la evaluaci\u00f3n."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/c57cd50fa0477fd2a2efe60810c0099eebd66f54",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/c0e6299e-ea45-435c-b849-53d50ffc0e83",
"source": "security@huntr.dev"
}
]
"metrics": {},
"references": []
}

61
CVE-2024/CVE-2024-218xx/CVE-2024-21835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21835",
"sourceIdentifier": "secure@intel.com",
"published": "2024-05-16T21:16:04.483",
"lastModified": "2024-05-17T18:36:05.263",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-07T17:48:28.307",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -16,6 +16,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -39,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
},
{
"source": "secure@intel.com",
"type": "Secondary",
@ -50,10 +80,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01066.html",
"source": "secure@intel.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:intel:extreme_tuning_utility:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.14.0.15",
"matchCriteriaId": "ABD6B5F1-CF79-4232-BF54-CB018507374B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01066.html",
"source": "secure@intel.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-236xx/CVE-2024-23692.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23692",
"sourceIdentifier": "disclosure@vulncheck.com",
"published": "2024-05-31T10:15:09.330",
"lastModified": "2024-06-06T15:15:43.993",
"lastModified": "2024-06-07T17:15:50.027",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,6 +51,10 @@
}
],
"references": [
{
"url": "https://github.com/rapid7/metasploit-framework/pull/19240",
"source": "disclosure@vulncheck.com"
},
{
"url": "https://mohemiv.com/all/rejetto-http-file-server-2-3m-unauthenticated-rce/",
"source": "disclosure@vulncheck.com"

6
CVE-2024/CVE-2024-243xx/CVE-2024-24399.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24399",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-01-25T21:15:09.563",
"lastModified": "2024-04-01T04:15:10.803",
"lastModified": "2024-06-07T16:15:10.223",
"vulnStatus": "Modified",
"descriptions": [
{
@ -82,6 +82,10 @@
{
"url": "https://packetstormsecurity.com/files/176647/Lepton-CMS-7.0.0-Remote-Code-Execution.html",
"source": "cve@mitre.org"
},
{
"url": "https://www.exploit-db.com/exploits/51949",
"source": "cve@mitre.org"
}
]
}

6
CVE-2024/CVE-2024-276xx/CVE-2024-27622.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27622",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T14:15:49.030",
"lastModified": "2024-03-05T14:27:46.090",
"lastModified": "2024-06-07T16:15:10.387",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -19,6 +19,10 @@
{
"url": "https://github.com/capture0x/CMSMadeSimple/",
"source": "cve@mitre.org"
},
{
"url": "https://packetstormsecurity.com/files/177241/CMS-Made-Simple-2.2.19-Remote-Code-Execution.html",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-301xx/CVE-2024-30162.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-30162",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T17:15:50.170",
"lastModified": "2024-06-07T17:15:50.170",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Invision Community through 4.7.16 allows remote code execution via the applications/core/modules/admin/editor/toolbar.php IPS\\core\\modules\\admin\\editor\\_toolbar::addPlugin() method. This method handles uploaded ZIP files that are extracted into the applications/core/interface/ckeditor/ckeditor/plugins/ directory without properly verifying their content. This can be exploited by admin users (with the toolbar_manage permission) to write arbitrary PHP files into that directory, leading to execution of arbitrary PHP code in the context of the web server user."
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Apr/21",
"source": "cve@mitre.org"
},
{
"url": "https://invisioncommunity.com",
"source": "cve@mitre.org"
}
]
}

24
CVE-2024/CVE-2024-301xx/CVE-2024-30163.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-30163",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T17:15:50.267",
"lastModified": "2024-06-07T17:15:50.267",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Invision Community before 4.7.16 allow SQL injection via the applications/nexus/modules/front/store/store.php IPS\\nexus\\modules\\front\\store\\_store::_categoryView() method, where user input passed through the filter request parameter is not properly sanitized before being used to execute SQL queries. This can be exploited by unauthenticated attackers to carry out Blind SQL Injection attacks."
}
],
"metrics": {},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Apr/20",
"source": "cve@mitre.org"
},
{
"url": "https://invisioncommunity.com/release-notes/4716-r128/",
"source": "cve@mitre.org"
}
]
}

43
CVE-2024/CVE-2024-319xx/CVE-2024-31958.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-31958",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T17:15:50.353",
"lastModified": "2024-06-07T17:15:50.353",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Samsung Mobile Processor EExynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in an Out-of-Bounds Write."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 4.2
}
]
},
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
}
]
}

43
CVE-2024/CVE-2024-319xx/CVE-2024-31959.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-31959",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T17:15:50.563",
"lastModified": "2024-06-07T17:15:50.563",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
}
]
}

43
CVE-2024/CVE-2024-325xx/CVE-2024-32502.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-32502",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T17:15:50.760",
"lastModified": "2024-06-07T17:15:50.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper reference count checking, which can result in a UAF (Use-After-Free) vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
}
]
}

43
CVE-2024/CVE-2024-325xx/CVE-2024-32503.json Normal file
View File

@ -0,0 +1,43 @@
{
"id": "CVE-2024-32503",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T16:15:10.507",
"lastModified": "2024-06-07T16:15:10.507",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper memory deallocation checking, which can result in a UAF (Use-After-Free) vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
}
]
}

6
CVE-2024/CVE-2024-326xx/CVE-2024-32651.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32651",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-26T00:15:08.550",
"lastModified": "2024-04-26T12:58:17.720",
"lastModified": "2024-06-07T17:15:50.990",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -51,6 +51,10 @@
}
],
"references": [
{
"url": "https://blog.hacktivesecurity.com/index.php/2024/05/08/cve-2024-32651-server-side-template-injection-changedetection-io/",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dgtlmoon/changedetection.io/releases/tag/0.45.21",
"source": "security-advisories@github.com"

15
CVE-2024/CVE-2024-33xx/CVE-2024-3380.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-3380",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-07T17:15:51.487",
"lastModified": "2024-06-07T17:15:51.487",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": []
}

55
CVE-2024/CVE-2024-371xx/CVE-2024-37163.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-37163",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-07T17:15:51.230",
"lastModified": "2024-06-07T17:15:51.230",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-319"
}
]
}
],
"references": [
{
"url": "https://github.com/oslabs-beta/SkyScraper/security/advisories/GHSA-vfqg-qhm5-5m3j",
"source": "security-advisories@github.com"
}
]
}

15
CVE-2024/CVE-2024-41xx/CVE-2024-4152.json Normal file
View File

@ -0,0 +1,15 @@
{
"id": "CVE-2024-4152",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-07T17:15:51.580",
"lastModified": "2024-06-07T17:15:51.580",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {},
"references": []
}

54
CVE-2024/CVE-2024-41xx/CVE-2024-4153.json
View File

@ -2,58 +2,14 @@
"id": "CVE-2024-4153",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-05-22T10:15:08.647",
"lastModified": "2024-05-22T12:46:53.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-07T17:15:51.640",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in lunary-ai/lunary version 1.2.2 allows attackers to bypass user creation limits and potentially evade payment requirements. The issue arises from an undefined behavior when handling input to the API, specifically through a POST request to the /v1/users endpoint. By crafting a request with a new user's email and assigning them an 'admin' role, attackers can invite additional users beyond the set limit. This vulnerability could be exploited to add an unlimited number of users without adhering to the intended restrictions."
},
{
"lang": "es",
"value": "Una vulnerabilidad en lunary-ai/lunary versi\u00f3n 1.2.2 permite a los atacantes eludir los l\u00edmites de creaci\u00f3n de usuarios y potencialmente evadir los requisitos de pago. El problema surge de un comportamiento indefinido al manejar la entrada a la API, espec\u00edficamente a trav\u00e9s de una solicitud POST al endpoint /v1/users. Al elaborar una solicitud con el correo electr\u00f3nico de un nuevo usuario y asignarle una funci\u00f3n de \"administrador\", los atacantes pueden invitar a usuarios adicionales m\u00e1s all\u00e1 del l\u00edmite establecido. Esta vulnerabilidad podr\u00eda aprovecharse para agregar un n\u00famero ilimitado de usuarios sin cumplir con las restricciones previstas."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-475"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/336db0ae-fe33-44b9-ba9d-bf117e0d90c4",
"source": "security@huntr.dev"
}
]
"metrics": {},
"references": []
}

54
CVE-2024/CVE-2024-51xx/CVE-2024-5132.json
View File

@ -2,58 +2,14 @@
"id": "CVE-2024-5132",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:16:05.300",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-07T17:15:51.840",
"vulnStatus": "Rejected",
"descriptions": [
{
"lang": "en",
"value": "In lunary-ai/lunary version 1.2.2, a business logic error allows users to bypass the intended limitations on team member invitations and additions, regardless of their subscription plan. The vulnerability arises due to the lack of validation against the predefined member limits in the SEAT_ALLOWANCE constants during the invitation and joining processes. This issue enables users on any plan, including the free plan, to invite and add more members to a team than allowed, effectively circumventing the system's subscription model. The flaw is located in the backend's handling of user invitations and additions, specifically in the /api/v1/auth/index.ts and /api/v1/users.ts endpoints, where the system fails to check the current number of team members against the allowed limits before proceeding with the invitation and addition operations."
},
{
"lang": "es",
"value": "En lunary-ai/lunary versi\u00f3n 1.2.2, un error de l\u00f3gica empresarial permite a los usuarios eludir las limitaciones previstas en las invitaciones y adiciones de miembros del equipo, independientemente de su plan de suscripci\u00f3n. La vulnerabilidad surge debido a la falta de validaci\u00f3n de los l\u00edmites de miembros predefinidos en las constantes SEAT_ALLOWANCE durante los procesos de invitaci\u00f3n y uni\u00f3n. Este problema permite a los usuarios de cualquier plan, incluido el plan gratuito, invitar y agregar a un equipo m\u00e1s miembros de los permitidos, eludiendo efectivamente el modelo de suscripci\u00f3n del sistema. La falla se encuentra en el manejo por parte del backend de las invitaciones y adiciones de usuarios, espec\u00edficamente en los endpoints /api/v1/auth/index.ts y /api/v1/users.ts, donde el sistema no puede verificar el n\u00famero actual de miembros del equipo. contra los l\u00edmites permitidos antes de proceder con las operaciones de invitaci\u00f3n y adici\u00f3n."
"value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-840"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/1a2d462f-ce25-410c-80f1-10546f963d7c",
"source": "security@huntr.dev"
}
]
"metrics": {},
"references": []
}

4
CVE-2024/CVE-2024-56xx/CVE-2024-5636.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5636",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-06-05T01:15:11.470",
"lastModified": "2024-06-05T12:53:50.240",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-06-07T17:15:52.007",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{
"lang": "en",

2
CVE-2024/CVE-2024-57xx/CVE-2024-5734.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-5734",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-06-07T12:15:09.463",
"lastModified": "2024-06-07T14:56:05.647",
"lastModified": "2024-06-07T17:15:52.140",
"vulnStatus": "Undergoing Analysis",
"descriptions": [
{

61
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-06-07T16:00:18.905202+00:00
2024-06-07T18:00:18.677280+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-06-07T15:40:49.707000+00:00
2024-06-07T17:48:28.307000+00:00
```
### Last Data Feed Release
@ -33,53 +33,38 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
252995
253004
```
### CVEs added in the last Commit
Recently added CVEs: `9`
- [CVE-2024-31878](CVE-2024/CVE-2024-318xx/CVE-2024-31878.json) (`2024-06-07T14:15:10.017`)
- [CVE-2024-36773](CVE-2024/CVE-2024-367xx/CVE-2024-36773.json) (`2024-06-07T15:15:50.063`)
- [CVE-2024-36787](CVE-2024/CVE-2024-367xx/CVE-2024-36787.json) (`2024-06-07T15:15:50.140`)
- [CVE-2024-36788](CVE-2024/CVE-2024-367xx/CVE-2024-36788.json) (`2024-06-07T15:15:50.233`)
- [CVE-2024-36789](CVE-2024/CVE-2024-367xx/CVE-2024-36789.json) (`2024-06-07T15:15:50.323`)
- [CVE-2024-36790](CVE-2024/CVE-2024-367xx/CVE-2024-36790.json) (`2024-06-07T15:15:50.407`)
- [CVE-2024-36792](CVE-2024/CVE-2024-367xx/CVE-2024-36792.json) (`2024-06-07T15:15:50.493`)
- [CVE-2024-37160](CVE-2024/CVE-2024-371xx/CVE-2024-37160.json) (`2024-06-07T14:15:10.440`)
- [CVE-2024-37162](CVE-2024/CVE-2024-371xx/CVE-2024-37162.json) (`2024-06-07T15:15:50.617`)
- [CVE-2024-30162](CVE-2024/CVE-2024-301xx/CVE-2024-30162.json) (`2024-06-07T17:15:50.170`)
- [CVE-2024-30163](CVE-2024/CVE-2024-301xx/CVE-2024-30163.json) (`2024-06-07T17:15:50.267`)
- [CVE-2024-31958](CVE-2024/CVE-2024-319xx/CVE-2024-31958.json) (`2024-06-07T17:15:50.353`)
- [CVE-2024-31959](CVE-2024/CVE-2024-319xx/CVE-2024-31959.json) (`2024-06-07T17:15:50.563`)
- [CVE-2024-32502](CVE-2024/CVE-2024-325xx/CVE-2024-32502.json) (`2024-06-07T17:15:50.760`)
- [CVE-2024-32503](CVE-2024/CVE-2024-325xx/CVE-2024-32503.json) (`2024-06-07T16:15:10.507`)
- [CVE-2024-3380](CVE-2024/CVE-2024-33xx/CVE-2024-3380.json) (`2024-06-07T17:15:51.487`)
- [CVE-2024-37163](CVE-2024/CVE-2024-371xx/CVE-2024-37163.json) (`2024-06-07T17:15:51.230`)
- [CVE-2024-4152](CVE-2024/CVE-2024-41xx/CVE-2024-4152.json) (`2024-06-07T17:15:51.580`)
### CVEs modified in the last Commit
Recently modified CVEs: `183`
Recently modified CVEs: `10`
- [CVE-2024-5425](CVE-2024/CVE-2024-54xx/CVE-2024-5425.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5426](CVE-2024/CVE-2024-54xx/CVE-2024-5426.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5438](CVE-2024/CVE-2024-54xx/CVE-2024-5438.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5452](CVE-2024/CVE-2024-54xx/CVE-2024-5452.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5478](CVE-2024/CVE-2024-54xx/CVE-2024-5478.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5480](CVE-2024/CVE-2024-54xx/CVE-2024-5480.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5481](CVE-2024/CVE-2024-54xx/CVE-2024-5481.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5482](CVE-2024/CVE-2024-54xx/CVE-2024-5482.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5505](CVE-2024/CVE-2024-55xx/CVE-2024-5505.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5506](CVE-2024/CVE-2024-55xx/CVE-2024-5506.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5507](CVE-2024/CVE-2024-55xx/CVE-2024-5507.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5508](CVE-2024/CVE-2024-55xx/CVE-2024-5508.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5509](CVE-2024/CVE-2024-55xx/CVE-2024-5509.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5542](CVE-2024/CVE-2024-55xx/CVE-2024-5542.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5550](CVE-2024/CVE-2024-55xx/CVE-2024-5550.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5552](CVE-2024/CVE-2024-55xx/CVE-2024-5552.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5599](CVE-2024/CVE-2024-55xx/CVE-2024-5599.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5607](CVE-2024/CVE-2024-56xx/CVE-2024-5607.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5612](CVE-2024/CVE-2024-56xx/CVE-2024-5612.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5637](CVE-2024/CVE-2024-56xx/CVE-2024-5637.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5640](CVE-2024/CVE-2024-56xx/CVE-2024-5640.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5645](CVE-2024/CVE-2024-56xx/CVE-2024-5645.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5732](CVE-2024/CVE-2024-57xx/CVE-2024-5732.json) (`2024-06-07T15:15:51.007`)
- [CVE-2024-5733](CVE-2024/CVE-2024-57xx/CVE-2024-5733.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-5734](CVE-2024/CVE-2024-57xx/CVE-2024-5734.json) (`2024-06-07T14:56:05.647`)
- [CVE-2024-1665](CVE-2024/CVE-2024-16xx/CVE-2024-1665.json) (`2024-06-07T17:15:49.850`)
- [CVE-2024-21835](CVE-2024/CVE-2024-218xx/CVE-2024-21835.json) (`2024-06-07T17:48:28.307`)
- [CVE-2024-23692](CVE-2024/CVE-2024-236xx/CVE-2024-23692.json) (`2024-06-07T17:15:50.027`)
- [CVE-2024-24399](CVE-2024/CVE-2024-243xx/CVE-2024-24399.json) (`2024-06-07T16:15:10.223`)
- [CVE-2024-27622](CVE-2024/CVE-2024-276xx/CVE-2024-27622.json) (`2024-06-07T16:15:10.387`)
- [CVE-2024-32651](CVE-2024/CVE-2024-326xx/CVE-2024-32651.json) (`2024-06-07T17:15:50.990`)
- [CVE-2024-4153](CVE-2024/CVE-2024-41xx/CVE-2024-4153.json) (`2024-06-07T17:15:51.640`)
- [CVE-2024-5132](CVE-2024/CVE-2024-51xx/CVE-2024-5132.json) (`2024-06-07T17:15:51.840`)
- [CVE-2024-5636](CVE-2024/CVE-2024-56xx/CVE-2024-5636.json) (`2024-06-07T17:15:52.007`)
- [CVE-2024-5734](CVE-2024/CVE-2024-57xx/CVE-2024-5734.json) (`2024-06-07T17:15:52.140`)
## Download and Usage

409
_state.csv
View File

File diff suppressed because it is too large Load Diff