admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-06-08T22:00:17.800288+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-06-08 22:03:09 +00:00
parent f83b1473b4
commit 73e9262ac5
4 changed files with 129 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
CVE-2024/CVE-2024-41xx/CVE-2024-4146.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-4146",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-08T20:15:52.117",
"lastModified": "2024-06-08T20:15:52.117",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the `checkProjectAccess` method within the authorization middleware, which fails to adequately verify if a user has the correct permissions to access a specific project. Instead, it only checks if the user is part of the organization owning the project, overlooking the necessary check against the `account_project` table for explicit project access rights. This flaw enables attackers to gain complete control over all resources within a project, including the ability to create, update, read, and delete any resource, compromising the privacy and security of sensitive information."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/c43b6c62035f32ca455f66d5fd22ba661648cde7",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/a749e696-b398-4260-b2d0-b0054b9fffa7",
"source": "security@huntr.dev"
}
]
}

55
CVE-2024/CVE-2024-46xx/CVE-2024-4680.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-4680",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-06-08T20:15:52.347",
"lastModified": "2024-06-08T20:15:52.347",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/c88f6bd2-490d-4930-98dd-03651b20230a",
"source": "security@huntr.dev"
}
]
}

17
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-06-08T18:00:18.479050+00:00
2024-06-08T22:00:17.800288+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-06-08T17:15:42.420000+00:00
2024-06-08T20:15:52.347000+00:00
```
### Last Data Feed Release
@ -33,20 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
253095
253097
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `2`
- [CVE-2024-21748](CVE-2024/CVE-2024-217xx/CVE-2024-21748.json) (`2024-06-08T17:15:42.173`)
- [CVE-2024-22151](CVE-2024/CVE-2024-221xx/CVE-2024-22151.json) (`2024-06-08T17:15:42.420`)
- [CVE-2024-35657](CVE-2024/CVE-2024-356xx/CVE-2024-35657.json) (`2024-06-08T16:15:08.850`)
- [CVE-2024-35659](CVE-2024/CVE-2024-356xx/CVE-2024-35659.json) (`2024-06-08T16:15:09.103`)
- [CVE-2024-35675](CVE-2024/CVE-2024-356xx/CVE-2024-35675.json) (`2024-06-08T16:15:09.360`)
- [CVE-2024-35676](CVE-2024/CVE-2024-356xx/CVE-2024-35676.json) (`2024-06-08T16:15:09.600`)
- [CVE-2024-35678](CVE-2024/CVE-2024-356xx/CVE-2024-35678.json) (`2024-06-08T16:15:09.853`)
- [CVE-2024-4146](CVE-2024/CVE-2024-41xx/CVE-2024-4146.json) (`2024-06-08T20:15:52.117`)
- [CVE-2024-4680](CVE-2024/CVE-2024-46xx/CVE-2024-4680.json) (`2024-06-08T20:15:52.347`)
### CVEs modified in the last Commit

16
_state.csv
View File

@ -243009,7 +243009,7 @@ CVE-2024-21744,0,0,75da6a88047b7dd10fd2808157b826b0359816427c478b970c1329b6cad90
CVE-2024-21745,0,0,bf3a505c3e58c8e06145ffd7ba2bd556421c95bc4b61cb5874ba3a8a81e74cc4,2024-01-11T18:45:19.053000
CVE-2024-21746,0,0,e13769683ec9c62111f20b97f6ef184f25eb2eb50093fc969d075bb8b1fa4761,2024-05-17T18:36:05.263000
CVE-2024-21747,0,0,35403744e7ef40fd68d659ac75e691394b3bec12407204459bb0ee7326018ec4,2024-01-11T18:45:06.960000
CVE-2024-21748,1,1,8a200e9a2d0294df8cb36cad80d7c4bd76889bfdfbbd4e2eb89f1c10b11620c7,2024-06-08T17:15:42.173000
CVE-2024-21748,0,0,8a200e9a2d0294df8cb36cad80d7c4bd76889bfdfbbd4e2eb89f1c10b11620c7,2024-06-08T17:15:42.173000
CVE-2024-21749,0,0,977e78c03c745b3f2715cc5017eb627860eddebef9d26895b59c2bc8df042370,2024-02-29T13:49:47.277000
CVE-2024-21750,0,0,3e8fbe0cb62c8e56d68418bdaca88bd6a5a9359bd561d57e9822bcdabaea5468,2024-02-03T00:41:15.460000
CVE-2024-21752,0,0,80a5a3aff28e680d194d956f222c96b3f36d11392adc2ff7fd485136323ef565,2024-02-29T13:49:29.390000
@ -243250,7 +243250,7 @@ CVE-2024-22148,0,0,eb4d4a193f2153f5fe3df79c79a6ba27f52e6d1edc409f8c9f4419f061b12
CVE-2024-22149,0,0,993c76a1c016f836df9d96f9ff69fb5ecade44a2c16fb44ee1e8795031628948,2024-03-27T12:29:30.307000
CVE-2024-2215,0,0,bab2a3391ec80ee40463865cb86e61a9df2c78bd495d21727bd044393f96dc6c,2024-05-01T18:15:19.133000
CVE-2024-22150,0,0,73a6449bdd862cb4aceb7dfcabf00926f0730684d1b40796cd1922a1d89122f5,2024-02-06T15:42:52.927000
CVE-2024-22151,1,1,05ef63363544cb6a0926a906eb7a46306e8c0e25f5dda118a41897c4adb12723,2024-06-08T17:15:42.420000
CVE-2024-22151,0,0,05ef63363544cb6a0926a906eb7a46306e8c0e25f5dda118a41897c4adb12723,2024-06-08T17:15:42.420000
CVE-2024-22152,0,0,77741f5ed7ba0cff2726117ba8b408bddeb0ad8028c0019d800ba91134fb10eb,2024-01-30T17:36:20.533000
CVE-2024-22153,0,0,183cafa541cc9d6796e6f60d4f84cc3fefe9e93bd9495a8b813ab36c05739148,2024-02-06T15:43:49.957000
CVE-2024-22154,0,0,c5d6f5ccc259910245679ed3525d0fea5ed728e2e4ec972b00aa2e1bbd5206eb,2024-01-31T20:20:56.647000
@ -251143,8 +251143,8 @@ CVE-2024-35652,0,0,9510ec3ad0224331e475c18e35d7d417da7a9c92aa8f4cfe1b6338dfa113c
CVE-2024-35653,0,0,4b4970e5c1ab1eb20df6ebb598ecfea858a4722a1a783fe88469bdbb9ecad5dd,2024-06-06T13:37:21.420000
CVE-2024-35654,0,0,3cac475a93442101684fae84c2c521be626ce332985f59ed92e31d95d1644e3b,2024-06-04T16:57:41.053000
CVE-2024-35655,0,0,601e442a18c4da5a8735e92d8f9fc475270b1e233cb1966c02ba478a71ba1edc,2024-06-05T20:26:14.720000
CVE-2024-35657,1,1,b495f6eb6f600a15a4f0633d9ef74d133f633540bac91d9a975a3fc73c99d577,2024-06-08T16:15:08.850000
CVE-2024-35659,1,1,08837d467eb2c4f6f42cf294692520fdde74cc9e93dd0f8f269796baf7c9422c,2024-06-08T16:15:09.103000
CVE-2024-35657,0,0,b495f6eb6f600a15a4f0633d9ef74d133f633540bac91d9a975a3fc73c99d577,2024-06-08T16:15:08.850000
CVE-2024-35659,0,0,08837d467eb2c4f6f42cf294692520fdde74cc9e93dd0f8f269796baf7c9422c,2024-06-08T16:15:09.103000
CVE-2024-3566,0,0,e417ef1ceca67d3a9a8ba800520d4a9974bcf4eba2e3e6325dafdfbfe6af8d6b,2024-04-10T19:49:51.183000
CVE-2024-35664,0,0,d0ccb41b020f67bf412b857dae6270e1516e989b566d9599ae1771894ea37eb6,2024-06-05T20:24:24.730000
CVE-2024-35666,0,0,5e133046a1ca74936bb3d36f8c7ff239458fb6b767b78411013c1064b6040b1e,2024-06-05T19:56:00.610000
@ -251154,9 +251154,9 @@ CVE-2024-35670,0,0,73750f9851edcb4e69a614add6516a80303684a17d124f9c4de5d312adb90
CVE-2024-35672,0,0,55d6b261119374cd3faa4eaa39d96a050af2ec6d719a35d44d5d1508f743f033,2024-06-05T12:53:50.240000
CVE-2024-35673,0,0,b2fbe24f0db2be82a21d56e6af9fa939a75372c8c56128cfd1a449a3505ad62c,2024-06-06T14:17:35.017000
CVE-2024-35674,0,0,61cb77c7b559c0aea326b97e0a24dca407c217fd649698447cd12a1a2e660866,2024-06-06T14:17:35.017000
CVE-2024-35675,1,1,afefeae0626faf0ab7e687bb516cbf242d1a658ce09b79851683f4d446d8c36e,2024-06-08T16:15:09.360000
CVE-2024-35676,1,1,92e4bad0831687f9ba07db0a9dcd15e4d676c502b28f29721bd65d23685c5c53,2024-06-08T16:15:09.600000
CVE-2024-35678,1,1,6fea3aad3546cfc07fcd5233b09c4fc2f32a6ba00e205e5c3d07305588dffb18,2024-06-08T16:15:09.853000
CVE-2024-35675,0,0,afefeae0626faf0ab7e687bb516cbf242d1a658ce09b79851683f4d446d8c36e,2024-06-08T16:15:09.360000
CVE-2024-35676,0,0,92e4bad0831687f9ba07db0a9dcd15e4d676c502b28f29721bd65d23685c5c53,2024-06-08T16:15:09.600000
CVE-2024-35678,0,0,6fea3aad3546cfc07fcd5233b09c4fc2f32a6ba00e205e5c3d07305588dffb18,2024-06-08T16:15:09.853000
CVE-2024-35679,0,0,c2537b8bfee1e87793a14a7eb60805fe43149544cc87e07ecc93e7765f611d08,2024-06-08T15:15:50.130000
CVE-2024-3568,0,0,573133d2a7191a46b0975280ef7162f7787321191e0ad33f2c4c70c7e8d9c3f5,2024-04-10T19:49:51.183000
CVE-2024-35681,0,0,83766e7ea9a4d320afc194ec01aa03dfe48354cc5e68bcbddc913c40511474f5,2024-06-08T15:15:50.343000
@ -252124,6 +252124,7 @@ CVE-2024-4140,0,0,bb3e400fe6c4b8cf6821bf141f5d1d6536fc52c547337b85d936fc6d6f95cc
CVE-2024-4141,0,0,569cd2fcd9188d9eabeb08d432690880975d5549c17482aa7e239fef9c6bb2e6,2024-04-24T19:58:40.710000
CVE-2024-4142,0,0,6297707db3df670a282f3d4e6720e4836d7467220b5fcc108ef053e6a6308f68,2024-05-02T13:27:25.103000
CVE-2024-4144,0,0,804f070eb7c147c92dd9f6be5c3d4dba7563c2bc35d2c208518fc5d01b232644,2024-05-14T19:17:55.627000
CVE-2024-4146,1,1,77c1608f631074e85978e51b0f1275774840b11b9c279d4a356c25da785ac59e,2024-06-08T20:15:52.117000
CVE-2024-4148,0,0,99472767520f10bad17ca80099c5e2a59b64c04b882cb0fc99c8823f2860bd7b,2024-06-03T14:46:24.250000
CVE-2024-4150,0,0,faed1039ecc56269b946edc3dde84ea0ad72d4967895c1be6d39f317de75f649,2024-05-14T16:11:39.510000
CVE-2024-4151,0,0,500903b4f0f30e11a0df3621c175651eac21ce51d803c0af0322e88c41c92b80,2024-05-20T15:17:54.513000
@ -252512,6 +252513,7 @@ CVE-2024-4675,0,0,99967e72c6db427644f71025f45ebd19c1eab605b7a577005e0fc9cbd63578
CVE-2024-4676,0,0,03b11ebef33b72c901a614142723e2f321de82dd9b411ea63d35e0e5603a1dbe,2024-06-04T19:20:45.727000
CVE-2024-4677,0,0,4f9a6dbfe0985e347bcfdc5f5094e8d31b426c2eea19d3640641b70b147444d5,2024-06-04T19:20:45.830000
CVE-2024-4678,0,0,01142dfedc6c508e55644d22f55fc9a4940aaf8f07d20367187d47b4f0bad3bd,2024-06-04T19:20:45.930000
CVE-2024-4680,1,1,178cd6f020c8e8e31182c49ff0d5f1a0c67d9b92f45d6bd38df461cfe82f75cd,2024-06-08T20:15:52.347000
CVE-2024-4681,0,0,cbc732229963bbfca1edc5d61a36a5e284d1f38ffec8898ba583cf654e3600fa,2024-06-04T19:20:46.033000
CVE-2024-4682,0,0,c25a0dc6cb7913ea1ac2615ef6eb1a11963ee089c245bdcd830e79d2927cdae4,2024-06-04T19:20:46.140000
CVE-2024-4683,0,0,d6b53bad3485867a856925350aee804f1541a87acce19d197fd49944e1400e44,2024-06-04T19:20:46.247000

Can't render this file because it is too large.