From 923d2a531c87abffdaec79196eb34dbca6f562b1 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 24 Jun 2024 12:03:11 +0000 Subject: [PATCH] Auto-Update: 2024-06-24T12:00:18.238602+00:00 --- CVE-2024/CVE-2024-298xx/CVE-2024-29868.json | 32 +++++++++++++++ CVE-2024/CVE-2024-61xx/CVE-2024-6160.json | 44 +++++++++++++++++++++ README.md | 17 +++----- _state.csv | 16 ++++---- 4 files changed, 91 insertions(+), 18 deletions(-) create mode 100644 CVE-2024/CVE-2024-298xx/CVE-2024-29868.json create mode 100644 CVE-2024/CVE-2024-61xx/CVE-2024-6160.json diff --git a/CVE-2024/CVE-2024-298xx/CVE-2024-29868.json b/CVE-2024/CVE-2024-298xx/CVE-2024-29868.json new file mode 100644 index 00000000000..91a134ebdcf --- /dev/null +++ b/CVE-2024/CVE-2024-298xx/CVE-2024-29868.json @@ -0,0 +1,32 @@ +{ + "id": "CVE-2024-29868", + "sourceIdentifier": "security@apache.org", + "published": "2024-06-24T10:15:09.387", + "lastModified": "2024-06-24T10:15:09.387", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in Apache StreamPipes\u00a0user self-registration and password recovery mechanism.\nThis allows an attacker to guess the recovery token in a reasonable time and thereby to take over the attacked user's account.\nThis issue affects Apache StreamPipes: from 0.69.0 through 0.93.0.\n\nUsers are recommended to upgrade to version 0.95.0, which fixes the issue.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-338" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/g7t7zctvq2fysrw1x17flnc12592nhx7", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-61xx/CVE-2024-6160.json b/CVE-2024/CVE-2024-61xx/CVE-2024-6160.json new file mode 100644 index 00000000000..d38e870206b --- /dev/null +++ b/CVE-2024/CVE-2024-61xx/CVE-2024-6160.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-6160", + "sourceIdentifier": "cvd@cert.pl", + "published": "2024-06-24T10:15:10.277", + "lastModified": "2024-06-24T10:15:10.277", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "SQL Injection vulnerability in MegaBIP software allows attacker to disclose the contents of the database, obtain session cookies or modify the content of pages.\u00a0This issue affects MegaBIP software versions through 5.12.1." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "cvd@cert.pl", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://cert.pl/en/posts/2024/06/CVE-2024-6160/", + "source": "cvd@cert.pl" + }, + { + "url": "https://cert.pl/posts/2024/06/CVE-2024-6160/", + "source": "cvd@cert.pl" + }, + { + "url": "https://megabip.pl/", + "source": "cvd@cert.pl" + }, + { + "url": "https://www.gov.pl/web/cyfryzacja/rekomendacja-pelnomocnika-rzadu-ds-cyberbezpieczenstwa-dotyczaca-biuletynow-informacji-publicznej", + "source": "cvd@cert.pl" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 3e1edb3fc5d..330c547f9c1 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-06-24T10:00:19.191339+00:00 +2024-06-24T12:00:18.238602+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-06-24T09:15:10.347000+00:00 +2024-06-24T10:15:10.277000+00:00 ``` ### Last Data Feed Release @@ -33,20 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -254985 +254987 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `2` -- [CVE-2024-24554](CVE-2024/CVE-2024-245xx/CVE-2024-24554.json) (`2024-06-24T08:15:09.130`) -- [CVE-2024-27136](CVE-2024/CVE-2024-271xx/CVE-2024-27136.json) (`2024-06-24T08:15:09.297`) -- [CVE-2024-36495](CVE-2024/CVE-2024-364xx/CVE-2024-36495.json) (`2024-06-24T09:15:09.730`) -- [CVE-2024-36496](CVE-2024/CVE-2024-364xx/CVE-2024-36496.json) (`2024-06-24T09:15:09.860`) -- [CVE-2024-36497](CVE-2024/CVE-2024-364xx/CVE-2024-36497.json) (`2024-06-24T09:15:09.973`) -- [CVE-2024-4754](CVE-2024/CVE-2024-47xx/CVE-2024-4754.json) (`2024-06-24T09:15:10.083`) -- [CVE-2024-5683](CVE-2024/CVE-2024-56xx/CVE-2024-5683.json) (`2024-06-24T09:15:10.347`) +- [CVE-2024-29868](CVE-2024/CVE-2024-298xx/CVE-2024-29868.json) (`2024-06-24T10:15:09.387`) +- [CVE-2024-6160](CVE-2024/CVE-2024-61xx/CVE-2024-6160.json) (`2024-06-24T10:15:10.277`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index f0b71adf4d8..7c5504c067e 100644 --- a/_state.csv +++ b/_state.csv @@ -244968,7 +244968,7 @@ CVE-2024-24550,0,0,91ed89072f346ece3378c3b8cc26e70db4dac38421f3f5215f3d25a61fe9e CVE-2024-24551,0,0,2b898e8e8b496b4e3e19967665dd0e050a5aaa08f0403143650c93ddecb810c3,2024-06-24T07:15:14.760000 CVE-2024-24552,0,0,2ca568287ff7a4646bbdcecd6ec42745f8c73fcda46c19750af4c579ffbcbc5d,2024-06-24T07:15:14.903000 CVE-2024-24553,0,0,bea459affabde308db7a87d6a1bd3fb504d4d4f3eafcb8f0a0083fee19b95ab9,2024-06-24T07:15:15.063000 -CVE-2024-24554,1,1,8a71f884ece483692fc8315e1bda1ef879a5a27b3892cd9444f8ec53bc820e6d,2024-06-24T08:15:09.130000 +CVE-2024-24554,0,0,8a71f884ece483692fc8315e1bda1ef879a5a27b3892cd9444f8ec53bc820e6d,2024-06-24T08:15:09.130000 CVE-2024-24556,0,0,5eadc80f5e2b4d40f2247a29eb7c2aa8b2d9f2f191f8cfe4f491f2d184a6cbe7,2024-02-06T19:24:46.810000 CVE-2024-24557,0,0,803986686a1d77830cb33582e01547bf1b4ed013f71e8dbf2a84322efe6db933,2024-02-09T20:21:32.970000 CVE-2024-24558,0,0,26ffac7b2f9dc8041f02bc6fb374f1f9b0b06e69d8b3e191802aa68af28d0bbc,2024-04-23T19:52:49.107000 @@ -246881,7 +246881,7 @@ CVE-2024-27130,0,0,387d6d6bd78861e8f479c2855dcd6ca0a6b290bc9bab5fadd88ddb47cbcf6 CVE-2024-27132,0,0,0d4a858300081e7b1734f10a34971409f661ea8e5d10f439041910c3efb6a17b,2024-02-26T13:42:22.567000 CVE-2024-27133,0,0,1ea41b494ad0a5106ea020fe3275dce436a1bf62da11c275e95a71856ace701b,2024-02-26T13:42:22.567000 CVE-2024-27135,0,0,c0b7364866f5910220db1f3515d91e63f085beb1f854242bc27d0a872c26bbb9,2024-05-01T17:15:30.087000 -CVE-2024-27136,1,1,ba5122bff8d11f89f413f3a3c07e0fd16f5fda04ad923cfc74647c43821a4f5c,2024-06-24T08:15:09.297000 +CVE-2024-27136,0,0,ba5122bff8d11f89f413f3a3c07e0fd16f5fda04ad923cfc74647c43821a4f5c,2024-06-24T08:15:09.297000 CVE-2024-27138,0,0,b099a37bd6bd06771ccd0d4a605b41ff72cf31165d4c7c0ea37d0b28b310e949,2024-05-17T02:37:25.107000 CVE-2024-27139,0,0,5e7888e89d482e3e5f40cfdc640fb4169d86933380e96bafbb3178e764d3924e,2024-05-17T02:37:25.190000 CVE-2024-2714,0,0,14f40cd4bfa53feeb5e4acf18b5d2b179b0ad5429d8ebda8d963bedfd21bc4c2,2024-05-17T02:38:26.850000 @@ -248501,6 +248501,7 @@ CVE-2024-29863,0,0,5ec71e17f35f1b20d68a8fb4a9c7a1d55d3d29cfb9efd5769e3093565fc81 CVE-2024-29864,0,0,a6ff60d6eca0eec860cad03d4ebcf6ddb2a8ce1d06f7fbda3179547925ea7c1b,2024-03-21T12:58:51.093000 CVE-2024-29865,0,0,c71ea820e322882cfd10f1c29db59e00803f8a609d75b87f5e2466dff384d5b6,2024-03-22T15:34:43.663000 CVE-2024-29866,0,0,2169c0f3fed16be1069cbb5502128dfabe18fe6fbc7db4f274cc3c93caea8ddd,2024-03-21T15:24:35.093000 +CVE-2024-29868,1,1,fcd8de6d09688eaf5b0c8e2fa6636f13f4605cc2bc22f7b4f9b1cfc9b60cd8cf,2024-06-24T10:15:09.387000 CVE-2024-2987,0,0,8e4472435dae1bc704d5dce95b8b76dabb2648c6f5bada5b41186e08bd4d1ecf,2024-05-17T02:38:40.867000 CVE-2024-29870,0,0,e30dc3832a6e40f96f36d6a14e8c8edd290056d5cc189e329ff7d917f01a8001,2024-03-21T15:24:35.093000 CVE-2024-29871,0,0,26669ba5bfad06e749b4da0897856b8ae6b3b31b4382f6713c54983091b3efd3,2024-03-21T15:24:35.093000 @@ -252706,9 +252707,9 @@ CVE-2024-36481,0,0,289e7e75bda9b051d0f16493c3f7ea721a35d329796879f3ae868bd0ce7af CVE-2024-36484,0,0,d8980b6175f97dcbe3120732bdd3f5c4554f0bf6402d98cdd4a7efe1e2dc7659,2024-06-21T11:22:01.687000 CVE-2024-36489,0,0,706602251538409bdd6d4f26c7d5b5f5da3d2d56202958896118ef2720f4e680,2024-06-21T11:22:01.687000 CVE-2024-3649,0,0,969867829e20da4acc88ade671a27808c021dddbe3e27e051d2004e683670e61,2024-05-02T18:00:37.360000 -CVE-2024-36495,1,1,6ed534b3914581c2d718a5af5dab95525c5ee99a2e37b7b16e42963dac7da249,2024-06-24T09:15:09.730000 -CVE-2024-36496,1,1,5d4f653e98532d8e3c120ed293c6b23c3e6c972681112b087748cf948d242561,2024-06-24T09:15:09.860000 -CVE-2024-36497,1,1,5127841a489d1ab5caa3b0be5e2e28ad3a89ddbad5090d1bb055835bd029c09b,2024-06-24T09:15:09.973000 +CVE-2024-36495,0,0,6ed534b3914581c2d718a5af5dab95525c5ee99a2e37b7b16e42963dac7da249,2024-06-24T09:15:09.730000 +CVE-2024-36496,0,0,5d4f653e98532d8e3c120ed293c6b23c3e6c972681112b087748cf948d242561,2024-06-24T09:15:09.860000 +CVE-2024-36497,0,0,5127841a489d1ab5caa3b0be5e2e28ad3a89ddbad5090d1bb055835bd029c09b,2024-06-24T09:15:09.973000 CVE-2024-36499,0,0,077c5caf8d301ff2d1947e18a01670bc02e5c0dd9fda48352816e5be2251d0eb,2024-06-17T12:42:04.623000 CVE-2024-3650,0,0,e078ac649d7d0d133fe9598e10336739bc9d365236ed72d408805e3868c3d439,2024-05-02T18:00:37.360000 CVE-2024-36500,0,0,257fd399a14a7141c50c9e2046f94aaac781c0de172f7af5b46d8dab39ba2a83,2024-06-17T12:42:04.623000 @@ -254143,7 +254144,7 @@ CVE-2024-4747,0,0,99152f6494a1192f3bae59b436abcc51d11f811ed1e0a72c2e65c8381fda60 CVE-2024-4749,0,0,676e331864bc41907c4c80c44886e7dac480ef6dea2c29bc22838d992753d4da,2024-06-04T16:57:41.053000 CVE-2024-4750,0,0,423585a3e250903ac62d761ecb0e0e6dc6b4649ccd4411b90275a4e6d2f87495,2024-06-04T16:57:41.053000 CVE-2024-4751,0,0,980cee331660133759599aaa98eeae384de48fe7bcc98af4a2333b20d054b0b6,2024-06-17T12:42:04.623000 -CVE-2024-4754,1,1,cfd9e5babf41a7c2c5cd02f9b538bb66bc8b2969c9bce4d32f39c788fb710059,2024-06-24T09:15:10.083000 +CVE-2024-4754,0,0,cfd9e5babf41a7c2c5cd02f9b538bb66bc8b2969c9bce4d32f39c788fb710059,2024-06-24T09:15:10.083000 CVE-2024-4755,0,0,60cecdfed0bd43adc43dc2d247a1ee989fd3070ddc34fbd20a182a68e206cadc,2024-06-21T11:22:01.687000 CVE-2024-4756,0,0,b303493fc627eee25a3b39c986ea25472e7aab1866612b83c9a7c14522d2c360,2024-06-07T14:56:05.647000 CVE-2024-4760,0,0,8b9593f0d88cbd24a061db082c8cd5c20f19b8a61431542d1ce576639ef3bdc0,2024-05-16T15:44:44.683000 @@ -254748,7 +254749,7 @@ CVE-2024-5673,0,0,f6db27a8b7c99bb0a58922425d96edcb461eeb527f78adfd8d9aed9c993301 CVE-2024-5674,0,0,69b0f5cdcc6414c1b3093ac76e322fc42e17eb869b8f1b328084f458395232cf,2024-06-13T18:36:09.010000 CVE-2024-5675,0,0,c04fc1bf8ef6e3f232c30ddf0bd6a524958c9eab63fe205331e1fedef14ccf13,2024-06-11T18:14:02.017000 CVE-2024-5676,0,0,7110ec4f1d7a030c3f52d0d64b45a1f2c788bd0c12290f7487a0ece147b33240,2024-06-24T05:15:09.600000 -CVE-2024-5683,1,1,776b3afe6ce973fb91d46fd6db99fba176ff636e37c3bc0bd205640173c41437,2024-06-24T09:15:10.347000 +CVE-2024-5683,0,0,776b3afe6ce973fb91d46fd6db99fba176ff636e37c3bc0bd205640173c41437,2024-06-24T09:15:10.347000 CVE-2024-5684,0,0,e183f6f3c944efddc1281bf86b4d20b3677f4c3ab127fc0c8f4bc522f6d9ba19,2024-06-11T18:13:30.163000 CVE-2024-5685,0,0,e8364a4460a12edf9e3cf94a37b74977806b751958607c5dfe543a64e3c22871,2024-06-19T09:15:12.173000 CVE-2024-5686,0,0,5baef36d265e76c8a185391151bfaa15c3d3a21cf5116dcf4f0b4cb376e1e9d1,2024-06-20T12:43:25.663000 @@ -254937,6 +254938,7 @@ CVE-2024-6146,0,0,835232b778d7e80b1c73cad2f19f1275692bff270d5e664fd4c7fc64973110 CVE-2024-6147,0,0,4a4919271ad23db4250af2d646dfd99f64704c8a0c63e163a55ff156915fc472,2024-06-21T11:22:01.687000 CVE-2024-6153,0,0,a3cbabebaa196b7fc704a5b9ef76e592e68ec6c4195aa6f7531f701a27a837d5,2024-06-21T11:22:01.687000 CVE-2024-6154,0,0,14c261dad2c658f3f85287831ecf663ba772d4a017166d6d5d3cda8ce8388677,2024-06-21T11:22:01.687000 +CVE-2024-6160,1,1,ea5b8c23f2f1a390fbb4f3fd30516f8d928c266505891d1767e5480e415f3257,2024-06-24T10:15:10.277000 CVE-2024-6162,0,0,bd502c2e3c0167c78ca1c8188e0261103b8f8aa5eaa8e4a394c72d49dddda11b,2024-06-20T16:07:50.417000 CVE-2024-6176,0,0,855875508d6019a3b7cc5455db83c0ed155c5813092b253896702a30576b2ecb,2024-06-20T12:43:25.663000 CVE-2024-6177,0,0,a0175799dd5324c2ac4fd3e8bb126589ce94cff0760703c070fdf39975a6cb07,2024-06-20T15:17:06.493000