Auto-Update: 2024-07-04T23:55:29.304506+00:00

2025-05-30 18:21:17 +00:00 · 2024-07-04 23:58:25 +00:00 · 2024-07-04 23:58:25 +00:00 · 7869728e72
commit 7869728e72
parent 5fb099a490
4 changed files with 111 additions and 10 deletions
--- a/CVE-2024/CVE-2024-399xx/CVE-2024-39937.json
+++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39937.json
@ -0,0 +1,48 @@
+{
+  "id": "CVE-2024-39937",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-04T22:15:02.210",
+  "lastModified": "2024-07-04T22:15:02.210",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/bytehunter-rat/supOS-BUG/blob/main/supOSDirectoryTraversal.md",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.supos.com/supOSindex",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-399xx/CVE-2024-39943.json
+++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39943.json
@ -0,0 +1,52 @@
+{
+  "id": "CVE-2024-39943",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-04T23:15:09.940",
+  "lastModified": "2024-07-04T23:15:09.940",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "rejetto HFS (aka HTTP File Server) 3 before 0.52.10 on Linux, UNIX, and macOS allows OS command execution by remote authenticated users (if they have Upload permissions). This occurs because a shell is used to execute df (i.e., with execSync instead of spawnSync in child_process in Node.js)."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.9,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/rejetto/hfs/commit/305381bd36eee074fb238b64302a252668daad1d",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://github.com/rejetto/hfs/compare/v0.52.9...v0.52.10",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.rejetto.com/wiki/index.php/HFS:_Working_with_uploads",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-04T22:00:23.855767+00:00
+2024-07-04T23:55:29.304506+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-04T21:15:10.403000+00:00
+2024-07-04T23:15:09.940000+00:00
 ```

 ### Last Data Feed Release
@ -33,22 +33,21 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-255886
+255888
 ```

 ### CVEs added in the last Commit

 Recently added CVEs: `2`

- [CVE-2024-39935](CVE-2024/CVE-2024-399xx/CVE-2024-39935.json) (`2024-07-04T21:15:10.077`)
- [CVE-2024-39936](CVE-2024/CVE-2024-399xx/CVE-2024-39936.json) (`2024-07-04T21:15:10.180`)
+- [CVE-2024-39937](CVE-2024/CVE-2024-399xx/CVE-2024-39937.json) (`2024-07-04T22:15:02.210`)
+- [CVE-2024-39943](CVE-2024/CVE-2024-399xx/CVE-2024-39943.json) (`2024-07-04T23:15:09.940`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2024-6488](CVE-2024/CVE-2024-64xx/CVE-2024-6488.json) (`2024-07-04T21:15:10.403`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -254185,9 +254185,11 @@ CVE-2024-39931,0,0,344e1125fce2a708cd0a7659223ec19cdd698a80f41e308b2f4f40a3d93ac
 CVE-2024-39932,0,0,5e4272e9d0dd9401714213f00c1f63699f061b026540df960a62aedeac1dbca4,2024-07-04T16:15:02.707000
 CVE-2024-39933,0,0,e770b0700b1b578e89eeefbea1daf93cbdb4de4c1196c535b6cafa82bc86fc2a,2024-07-04T16:15:02.900000
 CVE-2024-39934,0,0,00c0ccfbd3241171fde97351b4b48f02266ea6fad6011bbce1bf251e8c022dd0,2024-07-04T19:15:10.967000
-CVE-2024-39935,1,1,a658bbc79f734f0a81d2f2e451a0e3b9a7765f0aa075531349a9ba1c6352693d,2024-07-04T21:15:10.077000
-CVE-2024-39936,1,1,57e400c9488ff3d9764124aeac52d597ae0f014081f81bf3f1dbb1e2fa9af230,2024-07-04T21:15:10.180000
+CVE-2024-39935,0,0,a658bbc79f734f0a81d2f2e451a0e3b9a7765f0aa075531349a9ba1c6352693d,2024-07-04T21:15:10.077000
+CVE-2024-39936,0,0,57e400c9488ff3d9764124aeac52d597ae0f014081f81bf3f1dbb1e2fa9af230,2024-07-04T21:15:10.180000
+CVE-2024-39937,1,1,761e8fe9611936cf6aa35f0c4bb95fff0382c3bfb4415f789c53a259e4868536,2024-07-04T22:15:02.210000
 CVE-2024-3994,0,0,292539249e741e7003c555a5d4fa2182b15a01b393fb04fa15e675750c01906e,2024-04-25T13:18:02.660000
+CVE-2024-39943,1,1,033ec7aa4086e5ed5a873e071d2374d990f3d11eb868ce51dbd8789a12d574f4,2024-07-04T23:15:09.940000
 CVE-2024-3995,0,0,a7fe690817691037765b680c602849c2a36e767bb2849159693fe5a7864f46cb,2024-07-01T14:15:05.680000
 CVE-2024-3997,0,0,507ae8762d75f9d68eda75aa3a6fbbaf1b3579404dfa0ecd9f2978d2aa87a55f,2024-05-24T01:15:30.977000
 CVE-2024-3999,0,0,4248dd2372447004bc43614b1896e27a040049c0dba411de9512ee0e6f816fb7,2024-07-03T15:44:56.130000
@ -255880,7 +255882,7 @@ CVE-2024-6464,0,0,8fab89d1b3aef32a257cf0d7fb909cce6ac18d5ef8dc898bb9f0cc6c52356c
 CVE-2024-6469,0,0,af3fa5ade340d0b228353896e96620b5cb15d570ccca154043a04cdd86241984,2024-07-03T12:53:24.977000
 CVE-2024-6470,0,0,758942473ba4664d9706c7b27089a9d538cad027719295d3c67dfb54a747e72b,2024-07-03T13:15:03.703000
 CVE-2024-6471,0,0,33db1e0271959450d1204c1eba113a94befddf6a5610d2c3f2f72d1021d9b28f,2024-07-03T14:15:06.490000
-CVE-2024-6488,0,1,0c5ecb49d7296b409f5d61bd70a5d017ad6f69068345855a00f0bd7c78566faa,2024-07-04T21:15:10.403000
+CVE-2024-6488,0,0,0c5ecb49d7296b409f5d61bd70a5d017ad6f69068345855a00f0bd7c78566faa,2024-07-04T21:15:10.403000
 CVE-2024-6506,0,0,f64c6542ddc1860dd875b3613d62502bf6eb753475b36b267157e30bbe0eab6c,2024-07-04T13:15:10.240000
 CVE-2024-6507,0,0,7fc34ffc93e91ceb57cb62db5fda91831601bb47254c70726f80d542d50ab8bd,2024-07-04T12:15:03.963000
 CVE-2024-6511,0,0,13032e0f940591a484293a07a862271ed8d2856d5582bbc0f01657029640c8b1,2024-07-04T19:15:11.207000