Auto-Update: 2024-07-04T18:02:10.871503+00:00

2025-06-19 17:31:42 +00:00 · 2024-07-04 18:05:04 +00:00 · 2024-07-04 18:05:04 +00:00 · 795d1278a7
commit 795d1278a7
parent 5e5d53e58c
7 changed files with 226 additions and 11 deletions
--- a/CVE-2024/CVE-2024-399xx/CVE-2024-39930.json
+++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39930.json
@ -0,0 +1,48 @@
+{
+  "id": "CVE-2024-39930",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-04T16:15:02.277",
+  "lastModified": "2024-07-04T16:15:02.277",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.9,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/gogs/gogs/releases",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-399xx/CVE-2024-39931.json
+++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39931.json
@ -0,0 +1,48 @@
+{
+  "id": "CVE-2024-39931",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-04T16:15:02.503",
+  "lastModified": "2024-07-04T16:15:02.503",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Gogs through 0.13.0 allows deletion of internal files."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.9,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/gogs/gogs/releases",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-399xx/CVE-2024-39932.json
+++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39932.json
@ -0,0 +1,48 @@
+{
+  "id": "CVE-2024-39932",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-04T16:15:02.707",
+  "lastModified": "2024-07-04T16:15:02.707",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Gogs through 0.13.0 allows argument injection during the previewing of changes."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH",
+          "baseScore": 9.9,
+          "baseSeverity": "CRITICAL"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 6.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/gogs/gogs/releases",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-399xx/CVE-2024-39933.json
+++ b/CVE-2024/CVE-2024-399xx/CVE-2024-39933.json
@ -0,0 +1,48 @@
+{
+  "id": "CVE-2024-39933",
+  "sourceIdentifier": "cve@mitre.org",
+  "published": "2024-07-04T16:15:02.900",
+  "lastModified": "2024-07-04T16:15:02.900",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Gogs through 0.13.0 allows argument injection during the tagging of a new release."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "cve@mitre.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 7.7,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.1,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://github.com/gogs/gogs/releases",
+      "source": "cve@mitre.org"
+    },
+    {
+      "url": "https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/",
+      "source": "cve@mitre.org"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-65xx/CVE-2024-6513.json
+++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6513.json
@ -0,0 +1,16 @@
+{
+  "id": "CVE-2024-6513",
+  "sourceIdentifier": "secalert@redhat.com",
+  "published": "2024-07-04T16:15:03.103",
+  "lastModified": "2024-07-04T16:15:03.103",
+  "vulnStatus": "Rejected",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Rejected reason: CVE assigned by mistake as a duplicate."
+    }
+  ],
+  "metrics": {},
+  "references": []
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-07-04T16:01:28.152660+00:00
+2024-07-04T18:02:10.871503+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-07-04T15:15:10.323000+00:00
+2024-07-04T16:15:03.103000+00:00
 ```

 ### Last Data Feed Release
@ -33,22 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-255873
+255878
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `2`
+Recently added CVEs: `5`

- [CVE-2024-22277](CVE-2024/CVE-2024-222xx/CVE-2024-22277.json) (`2024-07-04T14:15:01.990`)
- [CVE-2024-39929](CVE-2024/CVE-2024-399xx/CVE-2024-39929.json) (`2024-07-04T15:15:10.323`)
+- [CVE-2024-39930](CVE-2024/CVE-2024-399xx/CVE-2024-39930.json) (`2024-07-04T16:15:02.277`)
+- [CVE-2024-39931](CVE-2024/CVE-2024-399xx/CVE-2024-39931.json) (`2024-07-04T16:15:02.503`)
+- [CVE-2024-39932](CVE-2024/CVE-2024-399xx/CVE-2024-39932.json) (`2024-07-04T16:15:02.707`)
+- [CVE-2024-39933](CVE-2024/CVE-2024-399xx/CVE-2024-39933.json) (`2024-07-04T16:15:02.900`)
+- [CVE-2024-6513](CVE-2024/CVE-2024-65xx/CVE-2024-6513.json) (`2024-07-04T16:15:03.103`)


 ### CVEs modified in the last Commit

-Recently modified CVEs: `1`
+Recently modified CVEs: `0`

- [CVE-2024-21520](CVE-2024/CVE-2024-215xx/CVE-2024-21520.json) (`2024-07-04T15:15:10.210`)


 ## Download and Usage
--- a/_state.csv
+++ b/_state.csv
@ -243342,7 +243342,7 @@ CVE-2024-21517,0,0,186f90d2088e8e33683da894eb00f6f13b8f4ae5479bdad5267ce001807a5
 CVE-2024-21518,0,0,01d6f2ab49352480cf19019c7c7e4b7fa996341e6363bf5c2aff55de9f9b49d0,2024-07-03T01:46:43.670000
 CVE-2024-21519,0,0,bf9643fa21c9312ad7f9de95a92dae918c8943fd492bc976b0551db532a526a1,2024-06-27T13:15:55.027000
 CVE-2024-2152,0,0,3cc97618eb3606d7138054800fe4c9dd1b810706cf75a720e72d22a25acc79fd,2024-05-17T02:38:04.770000
-CVE-2024-21520,0,1,a0a1b113a382a8f0d2c8531b6b39066eaa70707f33ee106e6bb420796b3de015,2024-07-04T15:15:10.210000
+CVE-2024-21520,0,0,a0a1b113a382a8f0d2c8531b6b39066eaa70707f33ee106e6bb420796b3de015,2024-07-04T15:15:10.210000
 CVE-2024-2153,0,0,32d949763a8c44673b751742c2df9fc58704fdbb602a296b8827b8bcaaa1ed2f,2024-05-17T02:38:04.867000
 CVE-2024-2154,0,0,ad1f5443da5008cd83aa665fb0ec59294e0b766fedda6af927118b7949d4ad34,2024-05-17T02:38:04.970000
 CVE-2024-2155,0,0,c86c3d15a9193973ee1ceda0debbe4aef69c0b1f1d6389239087d9ae6543935d,2024-05-17T02:38:05.063000
@ -243835,7 +243835,7 @@ CVE-2024-22273,0,0,16868e6e004c6ea2c682b722d1af123cd0ac6fcfe5ea535614be88cbaef5c
 CVE-2024-22274,0,0,87361af428d962de76a852670d2cc5984c82c5471ebe2a2d40c0bfba59a3e184,2024-07-03T01:47:13.067000
 CVE-2024-22275,0,0,d091ffc8d821e68d75dc2e136f38c753791a1420e1604ca18001c3ee3e374585,2024-05-22T12:46:53.887000
 CVE-2024-22276,0,0,84ef821328733e6d2023f2ca9295825f754ca59ef6a3ea10fbc3d2996560b9b8,2024-06-28T10:27:00.920000
-CVE-2024-22277,1,1,5d54c5740ef2a90f4eaffad78041bbf0524c60e809e6a6c6e79304ef0f306dc2,2024-07-04T14:15:01.990000
+CVE-2024-22277,0,0,5d54c5740ef2a90f4eaffad78041bbf0524c60e809e6a6c6e79304ef0f306dc2,2024-07-04T14:15:01.990000
 CVE-2024-22279,0,0,ff0edd9c060816dc238726f665fb413b790bba614b84113a6241bd5b06ac695f,2024-06-12T18:04:20.147000
 CVE-2024-2228,0,0,9da409d4c88fb5c41c04e34c5096b8810f55668a8720e19e0dcad976dea69ce5,2024-03-22T19:02:10.300000
 CVE-2024-22282,0,0,53d62e993d25bddde67f64a9b7b05dfd45a21e7eb7c9bf0be8fb90ec2911d888,2024-02-06T16:55:19.983000
@ -254174,8 +254174,12 @@ CVE-2024-3990,0,0,7879115af68e1891db08bd2dafc44fb55db15680f59885de2ed87fd5c16d94
 CVE-2024-3991,0,0,f4b27e31b2ebe06401478accd9d85264142bf207d27ef139c240399354705c4f,2024-05-02T18:00:37.360000
 CVE-2024-3992,0,0,ff644523dcb07d662c2bf53b9e125872cf5c9b9df16e03b5f8dec25363b303ae,2024-06-17T12:42:04.623000
 CVE-2024-39920,0,0,8281f1288058876e172a78a04b7e10123b671826d2c29ba249d059d614d38347,2024-07-03T12:53:24.977000
-CVE-2024-39929,1,1,cf5d8cc3088017350f8fafafc8f29dd7664dcda46f2c4ba2922b28cf1942dccf,2024-07-04T15:15:10.323000
+CVE-2024-39929,0,0,cf5d8cc3088017350f8fafafc8f29dd7664dcda46f2c4ba2922b28cf1942dccf,2024-07-04T15:15:10.323000
 CVE-2024-3993,0,0,a2f94f13d02cfe8603a71433706e6cc2c5ad0c0e3e2fd5d51c299cf3fc301a73,2024-07-03T02:06:58.160000
+CVE-2024-39930,1,1,c9bc32e6cdb5f84ae20f0bbafebd539d8b9ce97eccd6c3ad4d901e67bdb0c0af,2024-07-04T16:15:02.277000
+CVE-2024-39931,1,1,344e1125fce2a708cd0a7659223ec19cdd698a80f41e308b2f4f40a3d93ac22e,2024-07-04T16:15:02.503000
+CVE-2024-39932,1,1,5e4272e9d0dd9401714213f00c1f63699f061b026540df960a62aedeac1dbca4,2024-07-04T16:15:02.707000
+CVE-2024-39933,1,1,e770b0700b1b578e89eeefbea1daf93cbdb4de4c1196c535b6cafa82bc86fc2a,2024-07-04T16:15:02.900000
 CVE-2024-3994,0,0,292539249e741e7003c555a5d4fa2182b15a01b393fb04fa15e675750c01906e,2024-04-25T13:18:02.660000
 CVE-2024-3995,0,0,a7fe690817691037765b680c602849c2a36e767bb2849159693fe5a7864f46cb,2024-07-01T14:15:05.680000
 CVE-2024-3997,0,0,507ae8762d75f9d68eda75aa3a6fbbaf1b3579404dfa0ecd9f2978d2aa87a55f,2024-05-24T01:15:30.977000
@ -255872,3 +255876,4 @@ CVE-2024-6471,0,0,33db1e0271959450d1204c1eba113a94befddf6a5610d2c3f2f72d1021d9b2
 CVE-2024-6488,0,0,41fc5abcd5ea3e9bb883e6ccb6f9823e582dfd700e5d2a53a889772d0ec7808d,2024-07-03T19:15:05.143000
 CVE-2024-6506,0,0,f64c6542ddc1860dd875b3613d62502bf6eb753475b36b267157e30bbe0eab6c,2024-07-04T13:15:10.240000
 CVE-2024-6507,0,0,7fc34ffc93e91ceb57cb62db5fda91831601bb47254c70726f80d542d50ab8bd,2024-07-04T12:15:03.963000
+CVE-2024-6513,1,1,bb977a38eaef5aa918756b3907c97d9805111d3bc118dcf2b0096d1bbd202aea,2024-07-04T16:15:03.103000