Auto-Update: 2024-11-07T09:00:28.206426+00:00

CVE-2024/CVE-2024-382xx/CVE-2024-38286.json

@@ -0,0 +1,56 @@
+{
+  "id": "CVE-2024-38286",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-11-07T08:15:13.007",
+  "lastModified": "2024-11-07T08:15:13.007",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M20, from 10.1.0-M1 through 10.1.24, from 9.0.13 through 9.0.89. Older, unsupported versions may also be affected.\n\n\nUsers are recommended to upgrade to version 11.0.0-M21, 10.1.25, or 9.0.90, which fixes the issue.\n\n\n\nApache Tomcat, under certain configurations on any platform, allows an attacker to cause an OutOfMemoryError by abusing the TLS handshake process."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@apache.org",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "CHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH",
+          "baseScore": 8.6,
+          "baseSeverity": "HIGH"
+        },
+        "exploitabilityScore": 3.9,
+        "impactScore": 4.0
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-770"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://lists.apache.org/thread/wms60cvbsz3fpbz9psxtfx8r41jl6d4s",
+      "source": "security@apache.org"
+    }
+  ]
+}

CVE-2024/CVE-2024-440xx/CVE-2024-44082.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-44082",
   "sourceIdentifier": "cve@mitre.org",
   "published": "2024-09-06T01:15:11.150",
-  "lastModified": "2024-09-06T15:15:13.180",
+  "lastModified": "2024-11-07T08:35:04.653",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -15,7 +15,42 @@
       "value": "En OpenStack Ironic anterior a la versi\u00f3n 26.0.1 y en ironic-python-agent anterior a la versi\u00f3n 9.13.1, existe una vulnerabilidad en el procesamiento de im\u00e1genes, en la que un usuario autenticado podr\u00eda utilizar una imagen creada para explotar comportamientos no deseados en qemu-img, incluido un posible acceso no autorizado a datos potencialmente confidenciales. Los detalles de la versi\u00f3n afectada/corregida son: Ironic: <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25.0.0 <26.0.1; Ironic-python-agent: <9.4.2, >=9.5.0 <9.7.1, >=9.8.0 <9.11.1, >=9.12.0 <9.13.1."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "LOW",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "LOW",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "NONE",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-862"
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://bugs.launchpad.net/ironic/+bug/2071740",

CVE-2024/CVE-2024-475xx/CVE-2024-47575.json

@@ -2,8 +2,8 @@
   "id": "CVE-2024-47575",
   "sourceIdentifier": "psirt@fortinet.com",
   "published": "2024-10-23T15:15:30.707",
-  "lastModified": "2024-10-24T18:56:47.930",
-  "vulnStatus": "Analyzed",
+  "lastModified": "2024-11-07T08:15:13.360",
+  "vulnStatus": "Modified",
   "cveTags": [],
   "cisaExploitAdd": "2024-10-23",
   "cisaActionDue": "2024-11-13",
@@ -12,7 +12,7 @@
   "descriptions": [
     {
       "lang": "en",
-      "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.13, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
+      "value": "A missing authentication for critical function in FortiManager 7.6.0, FortiManager 7.4.0 through 7.4.4, FortiManager 7.2.0 through 7.2.7, FortiManager 7.0.0 through 7.0.12, FortiManager 6.4.0 through 6.4.14, FortiManager 6.2.0 through 6.2.12, Fortinet FortiManager Cloud 7.4.1 through 7.4.4, FortiManager Cloud 7.2.1 through 7.2.7, FortiManager Cloud 7.0.1 through 7.0.12, FortiManager Cloud 6.4.1 through 6.4.7 allows attacker to execute arbitrary code or commands via specially crafted requests."
     },
     {
       "lang": "es",

CVE-2024/CVE-2024-93xx/CVE-2024-9341.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-9341",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2024-10-01T19:15:09.500",
-  "lastModified": "2024-11-06T20:15:06.917",
+  "lastModified": "2024-11-07T08:15:13.577",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -80,6 +80,10 @@
       "url": "https://access.redhat.com/errata/RHSA-2024:8690",
       "source": "secalert@redhat.com"
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:8694",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/errata/RHSA-2024:8846",
       "source": "secalert@redhat.com"

CVE-2024/CVE-2024-96xx/CVE-2024-9676.json

@@ -2,7 +2,7 @@
   "id": "CVE-2024-9676",
   "sourceIdentifier": "secalert@redhat.com",
   "published": "2024-10-15T16:15:06.933",
-  "lastModified": "2024-11-06T20:15:07.410",
+  "lastModified": "2024-11-07T08:15:13.787",
   "vulnStatus": "Awaiting Analysis",
   "cveTags": [],
   "descriptions": [
@@ -72,6 +72,10 @@
       "url": "https://access.redhat.com/errata/RHSA-2024:8690",
       "source": "secalert@redhat.com"
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:8694",
+      "source": "secalert@redhat.com"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2024-9676",
       "source": "secalert@redhat.com"

README.md

@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-11-07T07:00:19.420384+00:00
+2024-11-07T09:00:28.206426+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-11-07T06:15:13.930000+00:00
+2024-11-07T08:35:04.653000+00:00
 ```
 
 ### Last Data Feed Release
@@ -33,20 +33,24 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 
 ```plain
-268497
+268498
 ```
 
 ### CVEs added in the last Commit
 
 Recently added CVEs: `1`
 
-- [CVE-2024-10027](CVE-2024/CVE-2024-100xx/CVE-2024-10027.json) (`2024-11-07T06:15:13.930`)
+- [CVE-2024-38286](CVE-2024/CVE-2024-382xx/CVE-2024-38286.json) (`2024-11-07T08:15:13.007`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `0`
+Recently modified CVEs: `4`
 
+- [CVE-2024-44082](CVE-2024/CVE-2024-440xx/CVE-2024-44082.json) (`2024-11-07T08:35:04.653`)
+- [CVE-2024-47575](CVE-2024/CVE-2024-475xx/CVE-2024-47575.json) (`2024-11-07T08:15:13.360`)
+- [CVE-2024-9341](CVE-2024/CVE-2024-93xx/CVE-2024-9341.json) (`2024-11-07T08:15:13.577`)
+- [CVE-2024-9676](CVE-2024/CVE-2024-96xx/CVE-2024-9676.json) (`2024-11-07T08:15:13.787`)
 
 
 ## Download and Usage

_state.csv

@@ -242389,7 +242389,7 @@ CVE-2024-10022,0,0,92e93478773b21ba9b2d43e5c324e5c622d589913a6faa7f64ee1349beb7c
 CVE-2024-10023,0,0,fb7a2d87c1d01f1c0f753ee2a4448f391382353000e2526f44469dfe5432a49f,2024-10-21T13:14:37.300000
 CVE-2024-10024,0,0,341fb3a51358c0d5f83894d8ffa34bc8830630ac4903510ed67f09db34646b2e,2024-10-21T13:15:01.730000
 CVE-2024-10025,0,0,19a46c25128674d2a3df76dfa6881dd0177e057f9e034fa6abc2c0a4e8bba033,2024-10-18T12:52:33.507000
-CVE-2024-10027,1,1,37b4fa01a3595452adcb0d0ea4f4abaad344e155b4566d7d7cc2ae22ea07c248,2024-11-07T06:15:13.930000
+CVE-2024-10027,0,0,37b4fa01a3595452adcb0d0ea4f4abaad344e155b4566d7d7cc2ae22ea07c248,2024-11-07T06:15:13.930000
 CVE-2024-10028,0,0,3efb32d0ea3a8f3bb8e9563cfd9c2e219c2c04ec85bc2ed4f5f1bb43fa35dabb,2024-11-06T18:17:17.287000
 CVE-2024-1003,0,0,5577a6ad54fba7e1e984add6f75aca7e6ad73817623f9ed150fa33b583cd3fae,2024-05-17T02:35:09.147000
 CVE-2024-10033,0,0,e2a4855e02c8a9aa5aec00750ec89db4d8c9b23a9a547fcb7ea42ccd4625cc1e,2024-10-30T18:50:04.137000
@@ -257204,6 +257204,7 @@ CVE-2024-38282,0,0,0b84325e8423ee1d927b510486c46be47f1c2c84d1f4cca17c487d6f5ea39
 CVE-2024-38283,0,0,797ece42e985c33b58c5d43ea734dda88927de464a1a03ca93cecae13e751b09,2024-06-13T18:35:19.777000
 CVE-2024-38284,0,0,165d8c293dff7206e2957622c811a8e8219577c81f47e9f75916b28f253c3103,2024-06-13T18:35:19.777000
 CVE-2024-38285,0,0,7e28442ebee8b34d71e5708e3d778f155bb5ea07375678fa14265f29cc1dda8d,2024-06-13T18:35:19.777000
+CVE-2024-38286,1,1,ebbdf40cfa1688171b1c6fa9d7ab9a9f570e8893a931c047182d1382c373022b,2024-11-07T08:15:13.007000
 CVE-2024-38287,0,0,f05b7fe0906459cf21ff7b461dcdceaa70975d18e173be2ad9f797e07b4a35d2,2024-08-13T13:34:22.057000
 CVE-2024-38288,0,0,9625e03ff55ef3f55d7b160d3881cd5b2a0d9065388436159679245b127f8026,2024-08-13T13:25:45.940000
 CVE-2024-38289,0,0,24caec27f3fd287d9f45fa18aa752285e93a683884225a0a5dc7e5d105a0d1b5,2024-09-09T13:53:35.767000
@@ -261093,7 +261094,7 @@ CVE-2024-44073,0,0,de55f1c002ffa890fb79df1a9da58802af7cfd53cb9325cc406c6e277fabf
 CVE-2024-44076,0,0,d8ab474e3e0cd492e411ba495a07543359555360960989541af9d6ad1fd6855e,2024-08-21T12:33:42.487000
 CVE-2024-44080,0,0,95cfd132c3959e5b8cee93d80afb7c4972ddf15675331913c6c2ff1c379561df,2024-11-01T12:57:35.843000
 CVE-2024-44081,0,0,0173316450abd3875ababea722e12835a4b0684bb0cfa5027f9f633539fd8a6a,2024-11-01T12:57:35.843000
-CVE-2024-44082,0,0,eca3489830dade6ed42141e32f34d30f3f0c158d92e0366e9686c819b89d9a20,2024-09-06T15:15:13.180000
+CVE-2024-44082,0,1,a2636a30c60934fb66a979ddf34d17da0df5248552938cc01615c275ed73f85f,2024-11-07T08:35:04.653000
 CVE-2024-44083,0,0,0fbb97686726ee4d6be299ae185c5a7e6d7807c436d290993d1b41ed0119344c,2024-08-28T15:15:17.050000
 CVE-2024-44085,0,0,388300037fdfaaf78c002cc7963ec532b366316a773d7512847e1899154e3e1a,2024-09-10T15:35:08.883000
 CVE-2024-44087,0,0,9347ed429cee1548d21348e65950e40f41756fec3dfb3e096ea0331b40b59ec8,2024-09-10T12:09:50.377000
@@ -263017,7 +263018,7 @@ CVE-2024-47562,0,0,f948ab473eac72b74771d65275c3bce022b2870f6200aad718c4a235ef7a7
 CVE-2024-47563,0,0,8e14a8aeeab89240dc7f71203e62b9d2c2b2c697ebcb095329938e996837371a,2024-10-11T20:05:05.143000
 CVE-2024-47565,0,0,1f4de7ea43d4059fde3978664bf9271defcef7d2ededc73cf25a3c2fbdf29d8c,2024-10-11T20:05:59.237000
 CVE-2024-4757,0,0,8697ca9e70d5ba37736a0a67620900f7a3da7cbcb97e29086de20de73cd3bfef,2024-07-03T02:08:02.463000
-CVE-2024-47575,0,0,45fa428c1b4284f712341ec98e74ee7d5ba71df025a020ce212880fb54ef8dfe,2024-10-24T18:56:47.930000
+CVE-2024-47575,0,1,a30cb3c357cadcf4065ffad1cb190461e408941ff04f60436dffb3440f9de684,2024-11-07T08:15:13.360000
 CVE-2024-4758,0,0,725af37997323245576176c0490558b45926193602683436c3054da734872332,2024-07-03T02:08:02.707000
 CVE-2024-4759,0,0,88e594c7c898a4e82a1a8532a1f049d1a9fe25baf60278988c21dabe64f2896b,2024-07-03T02:08:02.923000
 CVE-2024-47594,0,0,1ae534f7a3c1c97ead2076790a49a30a6aebae2067756e88afe36b9237831ffa,2024-10-10T12:57:21.987000
@@ -268114,7 +268115,7 @@ CVE-2024-9327,0,0,9bb62fae114b1c29588ad2672d640859a17a9f3af7375a799fc34e218e9d39
 CVE-2024-9328,0,0,a5f7378f6f2f1cd502f7cde1b5f6090c2d79ebec3e3af2aa2eaafb1f04d0c325,2024-10-01T11:34:57.773000
 CVE-2024-9329,0,0,45383f73609cef2d97bbcc2a37f0da26902c147f00f71a92dd725b6696a1e709,2024-10-07T15:52:47.267000
 CVE-2024-9333,0,0,29d3d497691b594c7c49948d48e229bbe8c23108f2eef552b2f92cd89acf1f06,2024-10-04T13:50:43.727000
-CVE-2024-9341,0,0,c98b60eddd0169df613fb8aaf3d2ac969a4fdceebcb7e9147fd8771afde7bcb8,2024-11-06T20:15:06.917000
+CVE-2024-9341,0,1,72a5678c25fa1efebda3b3bdc035f57c27c8a6deb35e9011d7464b351ef8a7b9,2024-11-07T08:15:13.577000
 CVE-2024-9344,0,0,d870e129ed50c7683cdbbee07d60a73dcd8b852b9805e9d5932c8a41008c379e,2024-10-08T15:06:57.470000
 CVE-2024-9345,0,0,b08be38bdc65e7df784af6af5cf36510583fc49f8a0ab62bc24aed87f83f55d0,2024-10-08T16:10:17.567000
 CVE-2024-9346,0,0,62d32d35d45fd426e51a0ed8886468a70178025d3407ee17aee209be78f55958,2024-10-15T12:58:51.050000
@@ -268319,7 +268320,7 @@ CVE-2024-9670,0,0,f306c0fbbcbde1e6a65006fd3bdd50d366f02be816ff2a6f00ef3348b3b763
 CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f89,2024-10-10T12:51:56.987000
 CVE-2024-9674,0,0,99b8206db3c3741ff50725aa3969c36280edf4a37082b6473da1336e00a39d59,2024-10-22T14:02:50.473000
 CVE-2024-9675,0,0,3cadd63f68fceef4cb7f647684ea61e6a2900e849efc03dcf4b2582d5452b03c,2024-11-06T20:15:07.083000
-CVE-2024-9676,0,0,46624241f6a62cf8ced9778d99fdffe768deb7f9be20051bd0eb0c649c38f427,2024-11-06T20:15:07.410000
+CVE-2024-9676,0,1,c26f83a1825f9e52aa788fe6cbc7d3dbaa6cae2f1e6ce5a4edc281b1aed00613,2024-11-07T08:15:13.787000
 CVE-2024-9677,0,0,944e049c847e061867c66e6b586a0cd99260b04bc2e2059d736567bf47cae00c,2024-10-23T15:12:34.673000
 CVE-2024-9680,0,0,db0e4e19e09673238ffe3dfbb8e95974e9346a75b4fd6d9319c03e5970bb644e,2024-10-16T15:07:36.123000
 CVE-2024-9681,0,0,5184b45d0c5be56c6e66f5f4d21584d3fd220046fb9bac6604ac868b54d81bd8,2024-11-06T18:17:17.287000