diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26621.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26621.json index 4e9509c0da6..d62844adddd 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26621.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26621.json @@ -2,7 +2,7 @@ "id": "CVE-2024-26621", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:50.340", - "lastModified": "2024-07-08T21:15:11.767", + "lastModified": "2024-07-08T22:15:02.347", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -37,6 +37,10 @@ "url": "http://www.openwall.com/lists/oss-security/2024/07/08/7", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/08/8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-288xx/CVE-2024-28882.json b/CVE-2024/CVE-2024-288xx/CVE-2024-28882.json new file mode 100644 index 00000000000..ba2813da729 --- /dev/null +++ b/CVE-2024/CVE-2024-288xx/CVE-2024-28882.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-28882", + "sourceIdentifier": "security@openvpn.net", + "published": "2024-07-08T22:15:02.410", + "lastModified": "2024-07-08T22:15:02.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "OpenVPN 2.6.10 and earlier in a server role accepts multiple exit notifications from authenticated clients which will extend the validity of a closing session" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@openvpn.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-772" + } + ] + } + ], + "references": [ + { + "url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-28882", + "source": "security@openvpn.net" + }, + { + "url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07634.html", + "source": "security@openvpn.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-36xx/CVE-2024-3653.json b/CVE-2024/CVE-2024-36xx/CVE-2024-3653.json new file mode 100644 index 00000000000..b7cea30066c --- /dev/null +++ b/CVE-2024/CVE-2024-36xx/CVE-2024-3653.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-3653", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-07-08T22:15:02.527", + "lastModified": "2024-07-08T22:15:02.527", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Undertow. This issue requires enabling the learning-push handler in the server's config, which is disabled by default, leaving the maxAge config in the handler unconfigured. The default is -1, which makes the handler vulnerable. If someone overwrites that config, the server is not subject to the attack. The attacker needs to be able to reach the server with a normal HTTP request." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert@redhat.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2024-3653", + "source": "secalert@redhat.com" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2274437", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6387.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6387.json index 984710bd59c..583ce54cccd 100644 --- a/CVE-2024/CVE-2024-63xx/CVE-2024-6387.json +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6387.json @@ -2,7 +2,7 @@ "id": "CVE-2024-6387", "sourceIdentifier": "secalert@redhat.com", "published": "2024-07-01T13:15:06.467", - "lastModified": "2024-07-08T18:15:09.187", + "lastModified": "2024-07-08T23:15:09.673", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -546,6 +546,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:4340", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:4389", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-6387", "source": "secalert@redhat.com", diff --git a/README.md b/README.md index ed158558933..d87f3c4e4de 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-08T22:00:18.654639+00:00 +2024-07-08T23:55:18.235548+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-08T21:15:12.480000+00:00 +2024-07-08T23:15:09.673000+00:00 ``` ### Last Data Feed Release @@ -33,22 +33,23 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -256040 +256042 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2024-38372](CVE-2024/CVE-2024-383xx/CVE-2024-38372.json) (`2024-07-08T21:15:12.033`) -- [CVE-2024-5971](CVE-2024/CVE-2024-59xx/CVE-2024-5971.json) (`2024-07-08T21:15:12.480`) +- [CVE-2024-28882](CVE-2024/CVE-2024-288xx/CVE-2024-28882.json) (`2024-07-08T22:15:02.410`) +- [CVE-2024-3653](CVE-2024/CVE-2024-36xx/CVE-2024-3653.json) (`2024-07-08T22:15:02.527`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `2` -- [CVE-2024-26621](CVE-2024/CVE-2024-266xx/CVE-2024-26621.json) (`2024-07-08T21:15:11.767`) +- [CVE-2024-26621](CVE-2024/CVE-2024-266xx/CVE-2024-26621.json) (`2024-07-08T22:15:02.347`) +- [CVE-2024-6387](CVE-2024/CVE-2024-63xx/CVE-2024-6387.json) (`2024-07-08T23:15:09.673`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 8dcf49aa585..b55aeb2c63f 100644 --- a/_state.csv +++ b/_state.csv @@ -246548,7 +246548,7 @@ CVE-2024-26618,0,0,b4ee02e43411773445d9502213c0c8ee13dbb28e9adadb6062e2443b8f287 CVE-2024-26619,0,0,4bc519bd153c025ad692ee69af117d5945ba0b94f5c3e5862c457953e2f5d4bd,2024-03-12T12:40:13.500000 CVE-2024-2662,0,0,f67fa5f3bbbaf2e8acff0e892a68fc06e4217f99a75dec53361b235392202bd4,2024-05-14T16:13:02.773000 CVE-2024-26620,0,0,d9644d90006553a6ef7df3ce5b7de0b26190c676351738b9b2539bec3ef4ee61,2024-03-12T12:40:13.500000 -CVE-2024-26621,0,1,a9d9b000f77ad54092485ffe5b91dcda30d1e225204d0f7facf40e1fdb4af18d,2024-07-08T21:15:11.767000 +CVE-2024-26621,0,1,c003e8390f599797884d0f74f817457f8dffeb5bc1fad655b9248652bf0c29cc,2024-07-08T22:15:02.347000 CVE-2024-26622,0,0,429b8c79ac7bc8a6f352b05f3ec787ee7dce1baf63c22803c7866fe6ab98869f,2024-06-25T22:15:19.240000 CVE-2024-26623,0,0,5692b1c30d07fd10d73a2d8d099143935e519ebf33db10f9328fbf12228012a8,2024-03-06T15:18:08.093000 CVE-2024-26624,0,0,9575e38401ed951dd513d0e1852942215c7c9e9bc3c5371fd0da3ac3a0eac967,2024-03-27T14:15:10.163000 @@ -248169,6 +248169,7 @@ CVE-2024-28877,0,0,883039bbb8a02fedae5005218a87450c4b734f262948f425805257c253ab9 CVE-2024-28878,0,0,fe5b4dea6079affbe530b6afc0ec6cbc2c58efa98e54aaf61e9565b0ce4541ce,2024-04-15T13:15:51.577000 CVE-2024-2888,0,0,e48cc71bf8d96ab718c88bf59dd81f25047204b13c0446dd48014e6c60fc42d9,2024-03-26T12:55:05.010000 CVE-2024-28880,0,0,d86d3a57226b47e9756d0e2de7fe8eb3bf99b87dc35f89b5848778ed1b1b3b47,2024-07-03T01:51:53.260000 +CVE-2024-28882,1,1,5766d8517049fd3bdedf0eedf7d643a0bd48dc6ec82f46efc1c8f0a681f16d27,2024-07-08T22:15:02.410000 CVE-2024-28883,0,0,0da2cc6c41f6d079048ec96a542a244e3daa5cbbca8e93005185c421836d3999,2024-05-08T17:05:24.083000 CVE-2024-28886,0,0,c5e838328be71c5eb5c783cfb3d7b29e0393c19c1f2fbf543fbfcbc9ad011077,2024-07-03T01:51:54.130000 CVE-2024-28889,0,0,bb3c202469f2e51ff05aa6d43099130e609fec5b2294b197effadcfbe55ab53d,2024-05-08T17:05:24.083000 @@ -253119,6 +253120,7 @@ CVE-2024-3652,0,0,455dabb71414a7592172807b25da69c5818ecc78456d9f87c63904d4c0988a CVE-2024-36523,0,0,779ff20f3e54c54b68fa38cf8a73a6874fca821f18024ef38fb974b398395dd0,2024-06-13T18:36:09.010000 CVE-2024-36527,0,0,5a4da781a91464af6910d804126691f30125cf5f5ae9e52379cc70e43ae0f627,2024-07-03T02:03:14.827000 CVE-2024-36528,0,0,f25edd031c479e2eb08ab34031d71804f3bb9f2a7bd4f1a1d0b25d391d002135,2024-06-10T18:06:22.600000 +CVE-2024-3653,1,1,6ee7ce4c2b79daafec21f757c0f18259c094eb50f64706db24d0e00679c76d83,2024-07-08T22:15:02.527000 CVE-2024-36531,0,0,991b1a5a568679e84b92f85516ddb5ed86f9e4a97046e45c71aa818ce6df4847,2024-06-10T18:06:22.600000 CVE-2024-36532,0,0,b051ad55854f4bc888db3a53610f7bcd9ed49e35c5868005d5e65395b423f5e4,2024-07-03T02:03:15.647000 CVE-2024-3654,0,0,954800a828ed246c147def14a6599156bd18a3e2cc72072dd62b0ab02b4bbf53,2024-04-19T16:19:49.043000 @@ -253811,7 +253813,7 @@ CVE-2024-38368,0,0,03b9c449b31d9a7d3f598bc6d45d21df03487372325a1e752596006346b7f CVE-2024-38369,0,0,fdff0768878da5d618998a51bbfecfa3dac560d76fa8e5e20682482a3b336371,2024-06-26T14:47:05.077000 CVE-2024-3837,0,0,83b07e73fbcd3bdc07d74ecd9200ace8bc3f655fb5ef786e0fb5447a3f989592,2024-07-03T02:06:37.303000 CVE-2024-38371,0,0,89525bd0cac36f8169b7c7660aac33ce1fe77dbe859f180f5d0a019c34cd3913,2024-07-01T12:37:24.220000 -CVE-2024-38372,1,1,91bd8059412033e8001c33aac534b968b58d8c95811af77b2cd3f6bdf04cb728,2024-07-08T21:15:12.033000 +CVE-2024-38372,0,0,91bd8059412033e8001c33aac534b968b58d8c95811af77b2cd3f6bdf04cb728,2024-07-08T21:15:12.033000 CVE-2024-38373,0,0,44bd01362bd05dfdecb2d241c2e4e4fe52c2264760c405bf6f3f48fb0d969aff,2024-06-26T15:02:05.100000 CVE-2024-38374,0,0,b039c6889e3b25105130cda3cb4d6252830c58349362eac54e70e39939e4b1b2,2024-07-01T12:37:24.220000 CVE-2024-38375,0,0,ded65bab8580f207fa6313539998812618b08a20bbdd5d51ce7200bdf863d856,2024-06-27T12:47:19.847000 @@ -255790,7 +255792,7 @@ CVE-2024-5965,0,0,e4e5e2ba71d4b8af3ca082d5b983b7d543db2cb3225d3445594ac7257368de CVE-2024-5966,0,0,1094a88c54e4e1132c185deaed255edc11e4f8b40d6974aff38c5955ab97cfc1,2024-06-24T20:00:23.970000 CVE-2024-5967,0,0,a8cf0971f84f68dc327704c7b15af8c68f3ca5a6cf4ca8aa54163d9ca95100d5,2024-06-20T12:44:01.637000 CVE-2024-5970,0,0,118b7b2e028a3447b60495fc36df0133e6c8ea6adad2a5f3d89bac8698786790,2024-06-20T12:44:01.637000 -CVE-2024-5971,1,1,4c029e3f50bafbefeafdd3bea254ba330995380b3f87a3e11bd5645cadf91acc,2024-07-08T21:15:12.480000 +CVE-2024-5971,0,0,4c029e3f50bafbefeafdd3bea254ba330995380b3f87a3e11bd5645cadf91acc,2024-07-08T21:15:12.480000 CVE-2024-5972,0,0,3700c5b3eb4bcd1d3bafe18b568e7aab0a0471128c3ce92a2f73ba8aa9a9cb4f,2024-06-28T19:15:07.500000 CVE-2024-5976,0,0,e855126a3e03657c0f9ccfb70e360e6531fe17aa442fb39ef6227c53616360fe,2024-06-17T12:43:31.090000 CVE-2024-5979,0,0,ecf851c3d3de50590eb0b5525283c723dc89573922e14c045baaee03d0d0831b,2024-06-27T19:25:12.067000 @@ -255995,7 +255997,7 @@ CVE-2024-6376,0,0,2eceea6553f0e47a0e34ab01650b7781a20682f6799be39f9cd1e64f3f1985 CVE-2024-6381,0,0,2822fb12d769fe1cca32125b45cae52ba3e5807419213b6087c6db8de8d2b326,2024-07-03T12:53:24.977000 CVE-2024-6382,0,0,9f140af24f460b4413fa844f95383cc153754360a136939b8743c2d8327ebf99,2024-07-03T12:53:24.977000 CVE-2024-6383,0,0,4622f4fc90fbde51d6570a14e2ee494e3e71659c68201475e4e4eb659c036ac0,2024-07-05T12:55:51.367000 -CVE-2024-6387,0,0,766436ef6b7416726c839fe6e90b4c01e1b8e057fcd323c8b827c2b8744c00d6,2024-07-08T18:15:09.187000 +CVE-2024-6387,0,1,7f5867e1294b3e462c948da4d260d2a126412a65eb1077fc2911057caa8e959a,2024-07-08T23:15:09.673000 CVE-2024-6388,0,0,e641c9d869769d4291da87145b48d15b4f200c046d6b100142bc686375a84738,2024-06-27T17:11:52.390000 CVE-2024-6402,0,0,795485c4534407e246daec51c1daaa33b95f6651688fed743a8fb9054cdaedba,2024-07-01T12:37:24.220000 CVE-2024-6403,0,0,e44b9cfa8d9ae367e624a8cdf179ef52ea1e98c2115d7a956299d17747a6a56b,2024-07-01T12:37:24.220000