diff --git a/CVE-2024/CVE-2024-407xx/CVE-2024-40725.json b/CVE-2024/CVE-2024-407xx/CVE-2024-40725.json new file mode 100644 index 00000000000..b6405fbfd37 --- /dev/null +++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40725.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-40725", + "sourceIdentifier": "security@apache.org", + "published": "2024-07-18T10:15:02.357", + "lastModified": "2024-07-18T10:15:02.357", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A partial fix for\u00a0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\n\n" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-668" + } + ] + } + ], + "references": [ + { + "url": "https://httpd.apache.org/security/vulnerabilities_24.html", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-408xx/CVE-2024-40898.json b/CVE-2024/CVE-2024-408xx/CVE-2024-40898.json new file mode 100644 index 00000000000..251f87e632e --- /dev/null +++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40898.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-40898", + "sourceIdentifier": "security@apache.org", + "published": "2024-07-18T10:15:03.217", + "lastModified": "2024-07-18T10:15:03.217", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue.\u00a0" + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://httpd.apache.org/security/vulnerabilities_24.html", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-65xx/CVE-2024-6504.json b/CVE-2024/CVE-2024-65xx/CVE-2024-6504.json new file mode 100644 index 00000000000..4600ca4e376 --- /dev/null +++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6504.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-6504", + "sourceIdentifier": "cve@rapid7.com", + "published": "2024-07-18T10:15:03.373", + "lastModified": "2024-07-18T10:15:03.373", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU. There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@rapid7.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@rapid7.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-693" + } + ] + } + ], + "references": [ + { + "url": "https://docs.rapid7.com/release-notes/insightvm/20240717/", + "source": "cve@rapid7.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index da48c0590df..a5555555332 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-18T10:00:18.038246+00:00 +2024-07-18T12:00:17.745623+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-18T09:15:02.980000+00:00 +2024-07-18T10:15:03.373000+00:00 ``` ### Last Data Feed Release @@ -33,18 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -257432 +257435 ``` ### CVEs added in the last Commit -Recently added CVEs: `5` +Recently added CVEs: `3` -- [CVE-2024-29014](CVE-2024/CVE-2024-290xx/CVE-2024-29014.json) (`2024-07-18T08:15:02.173`) -- [CVE-2024-3242](CVE-2024/CVE-2024-32xx/CVE-2024-3242.json) (`2024-07-18T09:15:02.337`) -- [CVE-2024-40764](CVE-2024/CVE-2024-407xx/CVE-2024-40764.json) (`2024-07-18T08:15:02.340`) -- [CVE-2024-5554](CVE-2024/CVE-2024-55xx/CVE-2024-5554.json) (`2024-07-18T09:15:02.740`) -- [CVE-2024-5555](CVE-2024/CVE-2024-55xx/CVE-2024-5555.json) (`2024-07-18T09:15:02.980`) +- [CVE-2024-40725](CVE-2024/CVE-2024-407xx/CVE-2024-40725.json) (`2024-07-18T10:15:02.357`) +- [CVE-2024-40898](CVE-2024/CVE-2024-408xx/CVE-2024-40898.json) (`2024-07-18T10:15:03.217`) +- [CVE-2024-6504](CVE-2024/CVE-2024-65xx/CVE-2024-6504.json) (`2024-07-18T10:15:03.373`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 955532c1f5a..29bf95080ed 100644 --- a/_state.csv +++ b/_state.csv @@ -248638,7 +248638,7 @@ CVE-2024-29010,0,0,a9ff9c65174c33f2e792fcb56ee4004994b28661d6208ebb1e88e717582f6 CVE-2024-29011,0,0,eb92887d9a2ecd248daea80b2641ebf2c57344e5f41ce9050910fcddaf740a0c,2024-05-01T19:50:25.633000 CVE-2024-29012,0,0,9854a7c749ef4b580fb184d07bfa61dd0b58798d25f74e88968772bdc7b97a82,2024-06-20T12:43:25.663000 CVE-2024-29013,0,0,484672126a29689243d7bf576a9922dde1cc94a163178a0a8a32a5a36268d182,2024-06-20T12:43:25.663000 -CVE-2024-29014,1,1,405709e3a0547e21309cb04b7f669af7fe1634fc9caff83aa631d67879b4134a,2024-07-18T08:15:02.173000 +CVE-2024-29014,0,0,405709e3a0547e21309cb04b7f669af7fe1634fc9caff83aa631d67879b4134a,2024-07-18T08:15:02.173000 CVE-2024-29018,0,0,0688752b1434844c55e6cd721e2221622ec0094595898dc16074b9d8a9b658da,2024-03-21T12:58:51.093000 CVE-2024-29019,0,0,ad22499f8dda93d004eb62f1b9a36df352f03e492a86d6142b84d27273c03d4d,2024-04-11T12:47:44.137000 CVE-2024-2902,0,0,8f66133d16da6ff672ed0ae058cb886f79d625c60e88da002b56c847ce98f5ef,2024-05-17T02:38:36.520000 @@ -250900,7 +250900,7 @@ CVE-2024-32407,0,0,fbfaf7068ca597095592e38589ff8309655659ac5408bc5050ead219b55bb CVE-2024-32409,0,0,cdbdcb7de47ba32c82cee0bb38b83e5519f96f658f96608562f1e326a9e11332,2024-07-03T01:56:34.063000 CVE-2024-3241,0,0,30b752b6ef5f38382b5d572e3de76b73f3f6fe3c9ee69699b564850e70a0c6b3,2024-05-14T19:17:55.627000 CVE-2024-32418,0,0,8172cdb05b747b2afd259a179cd5212ac2debbeaf77726c784f5b816cfdb0abc,2024-07-03T01:56:34.817000 -CVE-2024-3242,1,1,6cafd525a926c5470f9d6d5da47d78f55adbd23a8c62b565e3c027d8d396fc36,2024-07-18T09:15:02.337000 +CVE-2024-3242,0,0,6cafd525a926c5470f9d6d5da47d78f55adbd23a8c62b565e3c027d8d396fc36,2024-07-18T09:15:02.337000 CVE-2024-32428,0,0,e92a586d0042e2a50a8472dedb0e8a402fc021118b6e178b0be2f35b18ed1a72,2024-04-15T13:15:31.997000 CVE-2024-32429,0,0,08bf59fbf8ca8215ee905eedbc96639cdf782abe560db5472396d2a8508a1db9,2024-04-15T13:15:31.997000 CVE-2024-3243,0,0,b3be2b5736d16e5fdb86721d9ee927a8c62b47b675a9c47320a4673743e48844,2024-04-16T13:24:07.103000 @@ -255337,6 +255337,7 @@ CVE-2024-40690,0,0,0a05f7a4f7971e105a22713da576e2849ab9ee90c08902f265b260950371b CVE-2024-4070,0,0,f50441c69b27e00682c793729b411e41b0ab8839510e28fbeccbd72a35bcaeb5,2024-06-04T19:20:29.567000 CVE-2024-4071,0,0,5f6b5ae6c8e3d6e0ce3e89718b14a6bb17b22a46ae9131966ebec62404b12da9,2024-05-17T02:40:14.747000 CVE-2024-4072,0,0,5325ee2ea26a58f6ec285799bb6ee6c62eeadace5f641482183f3a76d39bf009,2024-05-17T02:40:14.847000 +CVE-2024-40725,1,1,f5c6511fd9bf412f8a63ac08dfbc002200876aa5a9fc1750760cf171e8bf54bc,2024-07-18T10:15:02.357000 CVE-2024-40726,0,0,763881d353b2a872c395d06db8ff47aa2480183ffa56c57536446e062ec43bc5,2024-07-11T15:06:22.967000 CVE-2024-40727,0,0,b9db12f74fa9e60fafdd87d2e3b118721f9da9edf52efc272fb39aa64e4cd584,2024-07-11T15:06:23.850000 CVE-2024-40728,0,0,d97174880a17752231869c0d95676d772e9b6b0c723f3642cbcef679b7e80f73,2024-07-11T02:59:17.007000 @@ -255358,7 +255359,7 @@ CVE-2024-40741,0,0,ddd0ff9476ed1ff47a6c6ea90383139e3fceeb76685fa77b077d9f9786ebe CVE-2024-40742,0,0,a7b4d8a63cd84bbed8ae36225a2d630607182f2ae3b73228fc1ab3090889f783,2024-07-11T15:06:29.580000 CVE-2024-4075,0,0,29d19ea935c989efa2e770180ba61eb06fe49f0b181d6d812a7498d3145b983a,2024-05-17T02:40:15.170000 CVE-2024-40750,0,0,123c568c4a271c6bb023f9091df0f00fec1f937f3d0585148d7948581d7b9455,2024-07-11T13:06:13.187000 -CVE-2024-40764,1,1,267f3f3d30a8502468edc23dc8bb5b2360a4ab98ca518100d90deb3a7fdd8159,2024-07-18T08:15:02.340000 +CVE-2024-40764,0,0,267f3f3d30a8502468edc23dc8bb5b2360a4ab98ca518100d90deb3a7fdd8159,2024-07-18T08:15:02.340000 CVE-2024-4077,0,0,d4f08c4fa42913c8d00f3fecbe96233f1448e9383bf97ebcbeca4cc0f2c8ae2b,2024-04-25T13:18:02.660000 CVE-2024-4078,0,0,4f6a573d2d42430a81000704c37318a2f1d7afadf71bcba45d97fec5f925233f,2024-05-16T13:03:05.353000 CVE-2024-4082,0,0,02264cef46dbd3bc30b90eb0e358643df5f32c233cd928965c67d2a95fa3306a,2024-05-14T16:11:39.510000 @@ -255368,6 +255369,7 @@ CVE-2024-4085,0,0,7aad6a4056b6c332cceb43166a488ef1c1b3002f44d4bee7dddba365a66e15 CVE-2024-4086,0,0,4591112164bebe25a6e3755e5f7d7b3acd1442e1405281bbc9f49b1286c02b38,2024-05-02T18:00:37.360000 CVE-2024-4087,0,0,559dc8fcb531eb7d96e390fa33463b50a20c5a688e8dbefeb3187bf1d2c5f774,2024-06-03T14:46:24.250000 CVE-2024-4088,0,0,61cc31924b86843bbd20c326ef7465dc1aa394b548458b2e1a9fc62c09ede628,2024-06-11T17:11:30.193000 +CVE-2024-40898,1,1,ea2ac8aa9f5470fd7c51feeacbe6e9501dc5c5767d66be37a9ce3ef1319cd30d,2024-07-18T10:15:03.217000 CVE-2024-40899,0,0,399edbb3ae55c9064feee50a907cd0884ae99e053c5b1099ea0c6ce857c84ca0,2024-07-12T16:34:58.687000 CVE-2024-40900,0,0,7b446ac0e2fb8346f52210e74f60f31139175b44ad58b663c503c1a87553fa71,2024-07-12T16:34:58.687000 CVE-2024-40901,0,0,c32f4e74e760256a39dcff8a0aaa33652235a20a44936979ccd2be0dbce683a1,2024-07-12T16:34:58.687000 @@ -256722,8 +256724,8 @@ CVE-2024-5550,0,0,dab352871e5b1599db274fe7ee72f4ef4902afffcd5667b3ef675a3fe452e4 CVE-2024-5551,0,0,ca5e789273b5636b74263243545d1f65c528acd57d0658c81bfbbb492d45e594,2024-06-17T12:42:04.623000 CVE-2024-5552,0,0,7f73b574dd8e83d52dd7f28ecc579b960fbf7de562da98c7e63b5b8e0fd54be8,2024-06-07T14:56:05.647000 CVE-2024-5553,0,0,c4739ca4bfc71591786473d36aff26ccf561ba778e4c902dca863cedff7bba13,2024-06-13T18:36:09.013000 -CVE-2024-5554,1,1,1fddb13775149d998ecff581e430a013d99ba755bc3a57235fce4c5af979f6af,2024-07-18T09:15:02.740000 -CVE-2024-5555,1,1,5993f0bcb942313985be154f9cb4e811e5cf399a1b6c11a4ebf7cd26568e8837,2024-07-18T09:15:02.980000 +CVE-2024-5554,0,0,1fddb13775149d998ecff581e430a013d99ba755bc3a57235fce4c5af979f6af,2024-07-18T09:15:02.740000 +CVE-2024-5555,0,0,5993f0bcb942313985be154f9cb4e811e5cf399a1b6c11a4ebf7cd26568e8837,2024-07-18T09:15:02.980000 CVE-2024-5557,0,0,e58f4a9974ae6a6ad512e69202e5dee259550c69c446c060784da606557be50e,2024-06-13T18:36:09.010000 CVE-2024-5558,0,0,f5606f757a3846688e526f8e8c7b353ed841a6a8222c822314196faac2c09cd1,2024-06-13T18:36:09.010000 CVE-2024-5559,0,0,0c59604cbf219c2ba1c247f52c304752b12dd0f3c92c8b3c96e21ad233f99b0a,2024-06-13T18:36:09.010000 @@ -257317,6 +257319,7 @@ CVE-2024-6488,0,0,0c5ecb49d7296b409f5d61bd70a5d017ad6f69068345855a00f0bd7c78566f CVE-2024-6492,0,0,82f79625038ad5debf137137104e45e1e353947b9c4b14df742baece7a047a71,2024-07-17T13:34:20.520000 CVE-2024-6495,0,0,0b63a825f2423d6e7ce9297b9249f183116fa1df04bb2bd344ba05222b36e9dd,2024-07-12T16:34:58.687000 CVE-2024-6501,0,0,45d58d6fcd90c3b83531e796541078a549af17f7a81eb1fbfe7d6944aa2bc8ac,2024-07-11T13:06:13.187000 +CVE-2024-6504,1,1,f44a34e9611de1294df33c9b7937894870431037ef5da652daa1afd365b3bd41,2024-07-18T10:15:03.373000 CVE-2024-6505,0,0,b8708084cd092b6ca88acb18ad5e80f748f8e2829ec040b8958bfe3c1fee2cd6,2024-07-08T15:41:17.883000 CVE-2024-6506,0,0,58310ca3e68e3dacb16dafd9b32db187bdf111a88d3da008267c8c84bbec48d6,2024-07-05T12:55:51.367000 CVE-2024-6507,0,0,4e3b24fd61e25de66a6840473e4d19109a713188592b0f05efa1cbb9de33936e,2024-07-08T14:19:21.610000