Auto-Update: 2024-07-18T12:00:17.745623+00:00

2025-07-11 16:13:34 +00:00 · 2024-07-18 12:03:13 +00:00 · 2024-07-18 12:03:13 +00:00 · 9f956b8184
commit 9f956b8184
parent 29cd33cfa3
5 changed files with 137 additions and 14 deletions
--- a/CVE-2024/CVE-2024-407xx/CVE-2024-40725.json
+++ b/CVE-2024/CVE-2024-407xx/CVE-2024-40725.json
@ -0,0 +1,33 @@
 {
  "id": "CVE-2024-40725",
  "sourceIdentifier": "security@apache.org",
  "published": "2024-07-18T10:15:02.357",
  "lastModified": "2024-07-18T10:15:02.357",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A partial fix for\u00a0 CVE-2024-39884 in the core of Apache HTTP Server 2.4.61 ignores some use of the legacy content-type based configuration of handlers. \"AddType\" and similar configuration, under some circumstances where files are requested indirectly, result in source code disclosure of local content. For example, PHP scripts may be served instead of interpreted.\n\nUsers are recommended to upgrade to version 2.4.62, which fixes this issue.\n\n"
    }
  ],
  "metrics": {},
  "weaknesses": [
    {
      "source": "security@apache.org",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html",
      "source": "security@apache.org"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-408xx/CVE-2024-40898.json
+++ b/CVE-2024/CVE-2024-408xx/CVE-2024-40898.json
@ -0,0 +1,33 @@
 {
  "id": "CVE-2024-40898",
  "sourceIdentifier": "security@apache.org",
  "published": "2024-07-18T10:15:03.217",
  "lastModified": "2024-07-18T10:15:03.217",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue.\u00a0"
    }
  ],
  "metrics": {},
  "weaknesses": [
    {
      "source": "security@apache.org",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-918"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://httpd.apache.org/security/vulnerabilities_24.html",
      "source": "security@apache.org"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-65xx/CVE-2024-6504.json
+++ b/CVE-2024/CVE-2024-65xx/CVE-2024-6504.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-6504",
  "sourceIdentifier": "cve@rapid7.com",
  "published": "2024-07-18T10:15:03.373",
  "lastModified": "2024-07-18T10:15:03.373",
  "vulnStatus": "Received",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rapid7 InsightVM Console versions below 6.6.260 suffer from a protection mechanism failure whereby an attacker with network access to the InsightVM Console can cause it to overload or crash by sending repeated invalid REST requests in a short timeframe, to the Console's port 443 causing the console to enter an exception handling logging loop, exhausting the CPU.  There is no indication that an attacker can use this method to escalate privilege, acquire unauthorized access to data, or gain control of protected resources. This issue is fixed in version 6.6.261."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "cve@rapid7.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "LOW",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "cve@rapid7.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-693"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://docs.rapid7.com/release-notes/insightvm/20240717/",
      "source": "cve@rapid7.com"
    }
  ]
 }
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 ```plain
-2024-07-18T10:00:18.038246+00:00
+2024-07-18T12:00:17.745623+00:00
 ```
 ### Most recent CVE Modification Timestamp synchronized with NVD
 ```plain
-2024-07-18T09:15:02.980000+00:00
+2024-07-18T10:15:03.373000+00:00
 ```
 ### Last Data Feed Release
@ -33,18 +33,16 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs
 ```plain
-257432
+257435
 ```
 ### CVEs added in the last Commit
-Recently added CVEs: `5`
+Recently added CVEs: `3`
- [CVE-2024-29014](CVE-2024/CVE-2024-290xx/CVE-2024-29014.json) (`2024-07-18T08:15:02.173`)
+- [CVE-2024-40725](CVE-2024/CVE-2024-407xx/CVE-2024-40725.json) (`2024-07-18T10:15:02.357`)
- [CVE-2024-3242](CVE-2024/CVE-2024-32xx/CVE-2024-3242.json) (`2024-07-18T09:15:02.337`)
+- [CVE-2024-40898](CVE-2024/CVE-2024-408xx/CVE-2024-40898.json) (`2024-07-18T10:15:03.217`)
- [CVE-2024-40764](CVE-2024/CVE-2024-407xx/CVE-2024-40764.json) (`2024-07-18T08:15:02.340`)
+- [CVE-2024-6504](CVE-2024/CVE-2024-65xx/CVE-2024-6504.json) (`2024-07-18T10:15:03.373`)
 - [CVE-2024-5554](CVE-2024/CVE-2024-55xx/CVE-2024-5554.json) (`2024-07-18T09:15:02.740`)
 - [CVE-2024-5555](CVE-2024/CVE-2024-55xx/CVE-2024-5555.json) (`2024-07-18T09:15:02.980`)
 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -248638,7 +248638,7 @@ CVE-2024-29010,0,0,a9ff9c65174c33f2e792fcb56ee4004994b28661d6208ebb1e88e717582f6
 CVE-2024-29011,0,0,eb92887d9a2ecd248daea80b2641ebf2c57344e5f41ce9050910fcddaf740a0c,2024-05-01T19:50:25.633000
 CVE-2024-29012,0,0,9854a7c749ef4b580fb184d07bfa61dd0b58798d25f74e88968772bdc7b97a82,2024-06-20T12:43:25.663000
 CVE-2024-29013,0,0,484672126a29689243d7bf576a9922dde1cc94a163178a0a8a32a5a36268d182,2024-06-20T12:43:25.663000
-CVE-2024-29014,1,1,405709e3a0547e21309cb04b7f669af7fe1634fc9caff83aa631d67879b4134a,2024-07-18T08:15:02.173000
+CVE-2024-29014,0,0,405709e3a0547e21309cb04b7f669af7fe1634fc9caff83aa631d67879b4134a,2024-07-18T08:15:02.173000
 CVE-2024-29018,0,0,0688752b1434844c55e6cd721e2221622ec0094595898dc16074b9d8a9b658da,2024-03-21T12:58:51.093000
 CVE-2024-29019,0,0,ad22499f8dda93d004eb62f1b9a36df352f03e492a86d6142b84d27273c03d4d,2024-04-11T12:47:44.137000
 CVE-2024-2902,0,0,8f66133d16da6ff672ed0ae058cb886f79d625c60e88da002b56c847ce98f5ef,2024-05-17T02:38:36.520000
@ -250900,7 +250900,7 @@ CVE-2024-32407,0,0,fbfaf7068ca597095592e38589ff8309655659ac5408bc5050ead219b55bb
 CVE-2024-32409,0,0,cdbdcb7de47ba32c82cee0bb38b83e5519f96f658f96608562f1e326a9e11332,2024-07-03T01:56:34.063000
 CVE-2024-3241,0,0,30b752b6ef5f38382b5d572e3de76b73f3f6fe3c9ee69699b564850e70a0c6b3,2024-05-14T19:17:55.627000
 CVE-2024-32418,0,0,8172cdb05b747b2afd259a179cd5212ac2debbeaf77726c784f5b816cfdb0abc,2024-07-03T01:56:34.817000
-CVE-2024-3242,1,1,6cafd525a926c5470f9d6d5da47d78f55adbd23a8c62b565e3c027d8d396fc36,2024-07-18T09:15:02.337000
+CVE-2024-3242,0,0,6cafd525a926c5470f9d6d5da47d78f55adbd23a8c62b565e3c027d8d396fc36,2024-07-18T09:15:02.337000
 CVE-2024-32428,0,0,e92a586d0042e2a50a8472dedb0e8a402fc021118b6e178b0be2f35b18ed1a72,2024-04-15T13:15:31.997000
 CVE-2024-32429,0,0,08bf59fbf8ca8215ee905eedbc96639cdf782abe560db5472396d2a8508a1db9,2024-04-15T13:15:31.997000
 CVE-2024-3243,0,0,b3be2b5736d16e5fdb86721d9ee927a8c62b47b675a9c47320a4673743e48844,2024-04-16T13:24:07.103000
@ -255337,6 +255337,7 @@ CVE-2024-40690,0,0,0a05f7a4f7971e105a22713da576e2849ab9ee90c08902f265b260950371b
 CVE-2024-4070,0,0,f50441c69b27e00682c793729b411e41b0ab8839510e28fbeccbd72a35bcaeb5,2024-06-04T19:20:29.567000
 CVE-2024-4071,0,0,5f6b5ae6c8e3d6e0ce3e89718b14a6bb17b22a46ae9131966ebec62404b12da9,2024-05-17T02:40:14.747000
 CVE-2024-4072,0,0,5325ee2ea26a58f6ec285799bb6ee6c62eeadace5f641482183f3a76d39bf009,2024-05-17T02:40:14.847000
 CVE-2024-40725,1,1,f5c6511fd9bf412f8a63ac08dfbc002200876aa5a9fc1750760cf171e8bf54bc,2024-07-18T10:15:02.357000
 CVE-2024-40726,0,0,763881d353b2a872c395d06db8ff47aa2480183ffa56c57536446e062ec43bc5,2024-07-11T15:06:22.967000
 CVE-2024-40727,0,0,b9db12f74fa9e60fafdd87d2e3b118721f9da9edf52efc272fb39aa64e4cd584,2024-07-11T15:06:23.850000
 CVE-2024-40728,0,0,d97174880a17752231869c0d95676d772e9b6b0c723f3642cbcef679b7e80f73,2024-07-11T02:59:17.007000
@ -255358,7 +255359,7 @@ CVE-2024-40741,0,0,ddd0ff9476ed1ff47a6c6ea90383139e3fceeb76685fa77b077d9f9786ebe
 CVE-2024-40742,0,0,a7b4d8a63cd84bbed8ae36225a2d630607182f2ae3b73228fc1ab3090889f783,2024-07-11T15:06:29.580000
 CVE-2024-4075,0,0,29d19ea935c989efa2e770180ba61eb06fe49f0b181d6d812a7498d3145b983a,2024-05-17T02:40:15.170000
 CVE-2024-40750,0,0,123c568c4a271c6bb023f9091df0f00fec1f937f3d0585148d7948581d7b9455,2024-07-11T13:06:13.187000
-CVE-2024-40764,1,1,267f3f3d30a8502468edc23dc8bb5b2360a4ab98ca518100d90deb3a7fdd8159,2024-07-18T08:15:02.340000
+CVE-2024-40764,0,0,267f3f3d30a8502468edc23dc8bb5b2360a4ab98ca518100d90deb3a7fdd8159,2024-07-18T08:15:02.340000
 CVE-2024-4077,0,0,d4f08c4fa42913c8d00f3fecbe96233f1448e9383bf97ebcbeca4cc0f2c8ae2b,2024-04-25T13:18:02.660000
 CVE-2024-4078,0,0,4f6a573d2d42430a81000704c37318a2f1d7afadf71bcba45d97fec5f925233f,2024-05-16T13:03:05.353000
 CVE-2024-4082,0,0,02264cef46dbd3bc30b90eb0e358643df5f32c233cd928965c67d2a95fa3306a,2024-05-14T16:11:39.510000
@ -255368,6 +255369,7 @@ CVE-2024-4085,0,0,7aad6a4056b6c332cceb43166a488ef1c1b3002f44d4bee7dddba365a66e15
 CVE-2024-4086,0,0,4591112164bebe25a6e3755e5f7d7b3acd1442e1405281bbc9f49b1286c02b38,2024-05-02T18:00:37.360000
 CVE-2024-4087,0,0,559dc8fcb531eb7d96e390fa33463b50a20c5a688e8dbefeb3187bf1d2c5f774,2024-06-03T14:46:24.250000
 CVE-2024-4088,0,0,61cc31924b86843bbd20c326ef7465dc1aa394b548458b2e1a9fc62c09ede628,2024-06-11T17:11:30.193000
 CVE-2024-40898,1,1,ea2ac8aa9f5470fd7c51feeacbe6e9501dc5c5767d66be37a9ce3ef1319cd30d,2024-07-18T10:15:03.217000
 CVE-2024-40899,0,0,399edbb3ae55c9064feee50a907cd0884ae99e053c5b1099ea0c6ce857c84ca0,2024-07-12T16:34:58.687000
 CVE-2024-40900,0,0,7b446ac0e2fb8346f52210e74f60f31139175b44ad58b663c503c1a87553fa71,2024-07-12T16:34:58.687000
 CVE-2024-40901,0,0,c32f4e74e760256a39dcff8a0aaa33652235a20a44936979ccd2be0dbce683a1,2024-07-12T16:34:58.687000
@ -256722,8 +256724,8 @@ CVE-2024-5550,0,0,dab352871e5b1599db274fe7ee72f4ef4902afffcd5667b3ef675a3fe452e4
 CVE-2024-5551,0,0,ca5e789273b5636b74263243545d1f65c528acd57d0658c81bfbbb492d45e594,2024-06-17T12:42:04.623000
 CVE-2024-5552,0,0,7f73b574dd8e83d52dd7f28ecc579b960fbf7de562da98c7e63b5b8e0fd54be8,2024-06-07T14:56:05.647000
 CVE-2024-5553,0,0,c4739ca4bfc71591786473d36aff26ccf561ba778e4c902dca863cedff7bba13,2024-06-13T18:36:09.013000
-CVE-2024-5554,1,1,1fddb13775149d998ecff581e430a013d99ba755bc3a57235fce4c5af979f6af,2024-07-18T09:15:02.740000
+CVE-2024-5554,0,0,1fddb13775149d998ecff581e430a013d99ba755bc3a57235fce4c5af979f6af,2024-07-18T09:15:02.740000
-CVE-2024-5555,1,1,5993f0bcb942313985be154f9cb4e811e5cf399a1b6c11a4ebf7cd26568e8837,2024-07-18T09:15:02.980000
+CVE-2024-5555,0,0,5993f0bcb942313985be154f9cb4e811e5cf399a1b6c11a4ebf7cd26568e8837,2024-07-18T09:15:02.980000
 CVE-2024-5557,0,0,e58f4a9974ae6a6ad512e69202e5dee259550c69c446c060784da606557be50e,2024-06-13T18:36:09.010000
 CVE-2024-5558,0,0,f5606f757a3846688e526f8e8c7b353ed841a6a8222c822314196faac2c09cd1,2024-06-13T18:36:09.010000
 CVE-2024-5559,0,0,0c59604cbf219c2ba1c247f52c304752b12dd0f3c92c8b3c96e21ad233f99b0a,2024-06-13T18:36:09.010000
@ -257317,6 +257319,7 @@ CVE-2024-6488,0,0,0c5ecb49d7296b409f5d61bd70a5d017ad6f69068345855a00f0bd7c78566f
 CVE-2024-6492,0,0,82f79625038ad5debf137137104e45e1e353947b9c4b14df742baece7a047a71,2024-07-17T13:34:20.520000
 CVE-2024-6495,0,0,0b63a825f2423d6e7ce9297b9249f183116fa1df04bb2bd344ba05222b36e9dd,2024-07-12T16:34:58.687000
 CVE-2024-6501,0,0,45d58d6fcd90c3b83531e796541078a549af17f7a81eb1fbfe7d6944aa2bc8ac,2024-07-11T13:06:13.187000
 CVE-2024-6504,1,1,f44a34e9611de1294df33c9b7937894870431037ef5da652daa1afd365b3bd41,2024-07-18T10:15:03.373000
 CVE-2024-6505,0,0,b8708084cd092b6ca88acb18ad5e80f748f8e2829ec040b8958bfe3c1fee2cd6,2024-07-08T15:41:17.883000
 CVE-2024-6506,0,0,58310ca3e68e3dacb16dafd9b32db187bdf111a88d3da008267c8c84bbec48d6,2024-07-05T12:55:51.367000
 CVE-2024-6507,0,0,4e3b24fd61e25de66a6840473e4d19109a713188592b0f05efa1cbb9de33936e,2024-07-08T14:19:21.610000