From 997e44f9551223ac4807ca7f344ba5d09d2f0601 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Sat, 6 Jul 2024 12:03:23 +0000 Subject: [PATCH] Auto-Update: 2024-07-06T12:00:29.667761+00:00 --- CVE-2024/CVE-2024-372xx/CVE-2024-37208.json | 56 +++++++++++++++++++++ CVE-2024/CVE-2024-372xx/CVE-2024-37234.json | 56 +++++++++++++++++++++ CVE-2024/CVE-2024-372xx/CVE-2024-37260.json | 56 +++++++++++++++++++++ CVE-2024/CVE-2024-394xx/CVE-2024-39486.json | 29 +++++++++++ README.md | 13 +++-- _state.csv | 6 ++- 6 files changed, 210 insertions(+), 6 deletions(-) create mode 100644 CVE-2024/CVE-2024-372xx/CVE-2024-37208.json create mode 100644 CVE-2024/CVE-2024-372xx/CVE-2024-37234.json create mode 100644 CVE-2024/CVE-2024-372xx/CVE-2024-37260.json create mode 100644 CVE-2024/CVE-2024-394xx/CVE-2024-39486.json diff --git a/CVE-2024/CVE-2024-372xx/CVE-2024-37208.json b/CVE-2024/CVE-2024-372xx/CVE-2024-37208.json new file mode 100644 index 00000000000..41d668bcfc4 --- /dev/null +++ b/CVE-2024/CVE-2024-372xx/CVE-2024-37208.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37208", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-06T10:15:01.907", + "lastModified": "2024-07-06T10:15:01.907", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in Robert Macchi WP Scraper.This issue affects WP Scraper: from n/a through 5.7." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-scraper/wordpress-wp-scraper-plugin-5-7-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-372xx/CVE-2024-37234.json b/CVE-2024/CVE-2024-372xx/CVE-2024-37234.json new file mode 100644 index 00000000000..68873f127e7 --- /dev/null +++ b/CVE-2024/CVE-2024-372xx/CVE-2024-37234.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37234", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-06T10:15:02.913", + "lastModified": "2024-07-06T10:15:02.913", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/academy/wordpress-academy-lms-plugin-2-0-2-open-redirection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-372xx/CVE-2024-37260.json b/CVE-2024/CVE-2024-372xx/CVE-2024-37260.json new file mode 100644 index 00000000000..d43cefd42cb --- /dev/null +++ b/CVE-2024/CVE-2024-372xx/CVE-2024-37260.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-37260", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-07-06T10:15:03.190", + "lastModified": "2024-07-06T10:15:03.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/foxiz/wordpress-foxiz-theme-theme-2-3-5-server-side-request-forgery-ssrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-394xx/CVE-2024-39486.json b/CVE-2024/CVE-2024-394xx/CVE-2024-39486.json new file mode 100644 index 00000000000..f2177861fac --- /dev/null +++ b/CVE-2024/CVE-2024-394xx/CVE-2024-39486.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-39486", + "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "published": "2024-07-06T10:15:03.393", + "lastModified": "2024-07-06T10:15:03.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/drm_file: Fix pid refcounting race\n\n\nfilp->pid is supposed to be a refcounted pointer; however, before this\npatch, drm_file_update_pid() only increments the refcount of a struct\npid after storing a pointer to it in filp->pid and dropping the\ndev->filelist_mutex, making the following race possible:\n\nprocess A process B\n========= =========\n begin drm_file_update_pid\n mutex_lock(&dev->filelist_mutex)\n rcu_replace_pointer(filp->pid, , 1)\n mutex_unlock(&dev->filelist_mutex)\nbegin drm_file_update_pid\nmutex_lock(&dev->filelist_mutex)\nrcu_replace_pointer(filp->pid, , 1)\nmutex_unlock(&dev->filelist_mutex)\nget_pid()\nsynchronize_rcu()\nput_pid() *** pid B reaches refcount 0 and is freed here ***\n get_pid() *** UAF ***\n synchronize_rcu()\n put_pid()\n\nAs far as I know, this race can only occur with CONFIG_PREEMPT_RCU=y\nbecause it requires RCU to detect a quiescent state in code that is not\nexplicitly calling into the scheduler.\n\nThis race leads to use-after-free of a \"struct pid\".\nIt is probably somewhat hard to hit because process A has to pass\nthrough a synchronize_rcu() operation while process B is between\nmutex_unlock() and get_pid().\n\nFix it by ensuring that by the time a pointer to the current task's pid\nis stored in the file, an extra reference to the pid has been taken.\n\nThis fix also removes the condition for synchronize_rcu(); I think\nthat optimization is unnecessary complexity, since in that case we\nwould usually have bailed out on the lockless check above." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://git.kernel.org/stable/c/0acce2a5c619ef1abdee783d7fea5eac78ce4844", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/16682588ead4a593cf1aebb33b36df4d1e9e4ffa", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/4f2a129b33a2054e62273edd5a051c34c08d96e9", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index c105b26f946..25df51ddb1d 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-06T10:01:02.688999+00:00 +2024-07-06T12:00:29.667761+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-06T09:15:02.050000+00:00 +2024-07-06T10:15:03.393000+00:00 ``` ### Last Data Feed Release @@ -33,14 +33,17 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -255954 +255958 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `4` -- [CVE-2024-5616](CVE-2024/CVE-2024-56xx/CVE-2024-5616.json) (`2024-07-06T09:15:02.050`) +- [CVE-2024-37208](CVE-2024/CVE-2024-372xx/CVE-2024-37208.json) (`2024-07-06T10:15:01.907`) +- [CVE-2024-37234](CVE-2024/CVE-2024-372xx/CVE-2024-37234.json) (`2024-07-06T10:15:02.913`) +- [CVE-2024-37260](CVE-2024/CVE-2024-372xx/CVE-2024-37260.json) (`2024-07-06T10:15:03.190`) +- [CVE-2024-39486](CVE-2024/CVE-2024-394xx/CVE-2024-39486.json) (`2024-07-06T10:15:03.393`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 68a603f77cf..b07d57b3d16 100644 --- a/_state.csv +++ b/_state.csv @@ -253441,6 +253441,7 @@ CVE-2024-37185,0,0,ce3a2eeaa366e0078438541c31768228f57c06809ab185bd78a5053ce3cc0 CVE-2024-3719,0,0,d2320674d04cefde56a0b36b463f74328d6f18494803030bdfe9b0b1b4374afd,2024-06-04T19:20:23.553000 CVE-2024-37198,0,0,8919c8b8db43ac2a9639793fec092e2666b55422ab58e48ee04c39b0bd19361a,2024-06-24T18:55:25.417000 CVE-2024-3720,0,0,f4e69514093cc630aeda39d0a41fe705e0d9916a1077cef429b7dcf05a404308,2024-06-04T19:20:23.660000 +CVE-2024-37208,1,1,7e1627d018918fbe5105fc4fb5063772f37500b3dc14dafb28c1ef266db79c05,2024-07-06T10:15:01.907000 CVE-2024-3721,0,0,ec8dc4b0ad5d1d9ba11acb18015142f7d1715fd653f7ca2987e266e9c9e8ef01,2024-05-17T02:40:05.290000 CVE-2024-37212,0,0,cb0e3003beb0d778b1e3e4d8f1145799c285874f36dc8f863bd0c5bf6222df34,2024-06-24T18:55:34.983000 CVE-2024-3722,0,0,7c1b4fae7e86bf4c1bc76a0d39819ffc592a7b598c7675ac0628daa278671c4c,2024-05-14T16:11:39.510000 @@ -253451,12 +253452,14 @@ CVE-2024-3723,0,0,21c397ab5e875f2652ba15d9001cdd8ef5c5941ff996881e18084aebeaee89 CVE-2024-37230,0,0,c056784fe1461835022ae4387a349a1e9e9676537a6bd83c972fd23b962299aa,2024-06-24T18:55:55.037000 CVE-2024-37231,0,0,2975c060fd817766775d3e3ec5265250dfcb406eb3856b3f2d8635478d7fc4db,2024-06-24T19:26:47.037000 CVE-2024-37233,0,0,dcdb23af544a8046a4ecb68f34b48a3a15207d5a73bdc6182df1b28a0bb5e19c,2024-06-24T19:26:47.037000 +CVE-2024-37234,1,1,3d8acf0212e714e21ca36535ed076b048335a1b2240ff0a6d0aa50a33b661aee,2024-07-06T10:15:02.913000 CVE-2024-3724,0,0,a2f08bb0a2e36a5c374b862fb3e4beff315b3d6672953c5eeabe10290b435e2c,2024-05-02T18:00:37.360000 CVE-2024-37247,0,0,038744b78f2f2634865ad1661e2c97961d5a301727139375431f6d0656bf9981,2024-06-27T12:47:19.847000 CVE-2024-37248,0,0,99c2cd4652890a37e2628f89e3ffdbcb4a9642bb6a6f401aec3aa06f83017ab1,2024-06-27T12:47:19.847000 CVE-2024-3725,0,0,dd194c190207038aca40dcc17eaac7bd7c6f9f34e04d00c016e0de6cd9837da0,2024-05-02T18:00:37.360000 CVE-2024-37252,0,0,faf33ef7b8f72660b3f71af61d55db3b928cbbfdda8d6a6c03b3fcf0d979da09,2024-06-26T12:44:29.693000 CVE-2024-3726,0,0,5d13f10d5b73efb7ab7c6448eee56ee5b7f1a739226807fb6eef2a4ab850d2f7,2024-05-30T13:15:41.297000 +CVE-2024-37260,1,1,e7a861e832b89ec4413096ab8d21c1e7d48eb0a1e56b026be187a844069b343b,2024-07-06T10:15:03.190000 CVE-2024-3727,0,0,8e07517a9dca0048f3a5546e14ea5eaec2b195c195e356a5ec35a7e996ce9012,2024-07-03T17:15:04.780000 CVE-2024-37273,0,0,8e9dee449ebc3c902c8a48603bfb19c8ba061254dd865164dc4adc81e57806ef,2024-06-11T14:12:23.210000 CVE-2024-37279,0,0,23b5ab6d6e7d20abbef93be4c8b8a6f2f980c082bdec809528b549006da1d24b,2024-06-13T18:35:19.777000 @@ -254180,6 +254183,7 @@ CVE-2024-39482,0,0,b5ca1dd95768db032dce80c55c6258ec99ccbde63e8f741757c09d5b0797c CVE-2024-39483,0,0,eadec7028a472ed93e8a5dff095927eb733e9a05f36586ae19cb293f76cb70c1,2024-07-05T12:55:51.367000 CVE-2024-39484,0,0,b31f852aa24f56cfe148c1d4b3e8b85592312114fff33022a4ab6f2336cd9ae1,2024-07-05T12:55:51.367000 CVE-2024-39485,0,0,9b3768f03e1707409b88b5bf989b1fa63f75e320d3314c45846159b435aec509,2024-07-05T12:55:51.367000 +CVE-2024-39486,1,1,6a96f68c896ee3f5f62aaf7d0c2f5a9013ed4783a42c5e75fa700ffefa70ff24,2024-07-06T10:15:03.393000 CVE-2024-3951,0,0,d1eb572088193a792816003caae4c8900ea1808fb70b3f34eb162771a0d73b1e,2024-05-08T17:05:24.083000 CVE-2024-3952,0,0,92f1da274771947c3cb4a43546670c1af8a997980dc361a71cd2fb07f162ad15,2024-05-14T16:11:39.510000 CVE-2024-3954,0,0,45f1b348fcace6f84e3157e2d0f8a54fc4228bb396d26e03c9556cd235947f43,2024-05-14T16:11:39.510000 @@ -255521,7 +255525,7 @@ CVE-2024-5611,0,0,7f38716b1ccbe035f7f86ea6c7617ab6f4cac8651e00e7906bbdbf77091ab5 CVE-2024-5612,0,0,24bfbb6efa391db3014703335fcf10e8f670f2b2b154031d8b7a312f92d36720,2024-06-07T14:56:05.647000 CVE-2024-5613,0,0,7e758f60ff4a249ae3d985d91b4f3417dc42ff70d8507f5e072b9cf0ad6144fd,2024-06-10T02:52:08.267000 CVE-2024-5615,0,0,d715351de069ee256cfd127ce22346136f76094dbd1f6f173b336f3c2cdc9c0f,2024-06-11T17:55:16.103000 -CVE-2024-5616,1,1,dc636e3941ecbef30c76d8756c4e51d3b0104af0c561655eb861ad296b553f3c,2024-07-06T09:15:02.050000 +CVE-2024-5616,0,0,dc636e3941ecbef30c76d8756c4e51d3b0104af0c561655eb861ad296b553f3c,2024-07-06T09:15:02.050000 CVE-2024-5629,0,0,20478b62dd0cd666624f11f2e5a11c22a9915feb481805651583fe7db0518c7b,2024-06-18T18:31:05.663000 CVE-2024-5635,0,0,2463dd00def60296c968660a2ba7a3c25845ea097c4cd305a7e3f2bd55658946,2024-06-11T16:47:04.413000 CVE-2024-5636,0,0,82666e4630526d7fc8211dab0f89e7e17d4e982c91e038f44b209ae67bb471f3,2024-06-11T17:23:29.670000