Auto-Update: 2024-07-09T02:00:18.305880+00:00

This commit is contained in:
cad-safe-bot 2024-07-09 02:03:11 +00:00
parent 9e22b0cf1e
commit a1c1e195c4
4 changed files with 133 additions and 13 deletions

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-5549",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-07-09T00:15:02.050",
"lastModified": "2024-07-09T00:15:02.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Origin Validation Error in GitHub repository stitionai/devika prior to -."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"references": [
{
"url": "https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afd",
"source": "security@huntr.dev"
}
]
}

View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-5569",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-07-09T00:15:02.320",
"lastModified": "2024-07-09T00:15:02.320",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd",
"source": "security@huntr.dev"
},
{
"url": "https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae",
"source": "security@huntr.dev"
}
]
}

View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-07-08T23:55:18.235548+00:00
2024-07-09T02:00:18.305880+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-07-08T23:15:09.673000+00:00
2024-07-09T00:15:02.320000+00:00
```
### Last Data Feed Release
@ -27,29 +27,27 @@ Repository synchronizes with the NVD every 2 hours.
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
```plain
2024-07-08T00:00:08.667445+00:00
2024-07-09T00:00:08.659079+00:00
```
### Total Number of included CVEs
```plain
256042
256044
```
### CVEs added in the last Commit
Recently added CVEs: `2`
- [CVE-2024-28882](CVE-2024/CVE-2024-288xx/CVE-2024-28882.json) (`2024-07-08T22:15:02.410`)
- [CVE-2024-3653](CVE-2024/CVE-2024-36xx/CVE-2024-3653.json) (`2024-07-08T22:15:02.527`)
- [CVE-2024-5549](CVE-2024/CVE-2024-55xx/CVE-2024-5549.json) (`2024-07-09T00:15:02.050`)
- [CVE-2024-5569](CVE-2024/CVE-2024-55xx/CVE-2024-5569.json) (`2024-07-09T00:15:02.320`)
### CVEs modified in the last Commit
Recently modified CVEs: `2`
Recently modified CVEs: `0`
- [CVE-2024-26621](CVE-2024/CVE-2024-266xx/CVE-2024-26621.json) (`2024-07-08T22:15:02.347`)
- [CVE-2024-6387](CVE-2024/CVE-2024-63xx/CVE-2024-6387.json) (`2024-07-08T23:15:09.673`)
## Download and Usage

View File

@ -246548,7 +246548,7 @@ CVE-2024-26618,0,0,b4ee02e43411773445d9502213c0c8ee13dbb28e9adadb6062e2443b8f287
CVE-2024-26619,0,0,4bc519bd153c025ad692ee69af117d5945ba0b94f5c3e5862c457953e2f5d4bd,2024-03-12T12:40:13.500000
CVE-2024-2662,0,0,f67fa5f3bbbaf2e8acff0e892a68fc06e4217f99a75dec53361b235392202bd4,2024-05-14T16:13:02.773000
CVE-2024-26620,0,0,d9644d90006553a6ef7df3ce5b7de0b26190c676351738b9b2539bec3ef4ee61,2024-03-12T12:40:13.500000
CVE-2024-26621,0,1,c003e8390f599797884d0f74f817457f8dffeb5bc1fad655b9248652bf0c29cc,2024-07-08T22:15:02.347000
CVE-2024-26621,0,0,c003e8390f599797884d0f74f817457f8dffeb5bc1fad655b9248652bf0c29cc,2024-07-08T22:15:02.347000
CVE-2024-26622,0,0,429b8c79ac7bc8a6f352b05f3ec787ee7dce1baf63c22803c7866fe6ab98869f,2024-06-25T22:15:19.240000
CVE-2024-26623,0,0,5692b1c30d07fd10d73a2d8d099143935e519ebf33db10f9328fbf12228012a8,2024-03-06T15:18:08.093000
CVE-2024-26624,0,0,9575e38401ed951dd513d0e1852942215c7c9e9bc3c5371fd0da3ac3a0eac967,2024-03-27T14:15:10.163000
@ -248169,7 +248169,7 @@ CVE-2024-28877,0,0,883039bbb8a02fedae5005218a87450c4b734f262948f425805257c253ab9
CVE-2024-28878,0,0,fe5b4dea6079affbe530b6afc0ec6cbc2c58efa98e54aaf61e9565b0ce4541ce,2024-04-15T13:15:51.577000
CVE-2024-2888,0,0,e48cc71bf8d96ab718c88bf59dd81f25047204b13c0446dd48014e6c60fc42d9,2024-03-26T12:55:05.010000
CVE-2024-28880,0,0,d86d3a57226b47e9756d0e2de7fe8eb3bf99b87dc35f89b5848778ed1b1b3b47,2024-07-03T01:51:53.260000
CVE-2024-28882,1,1,5766d8517049fd3bdedf0eedf7d643a0bd48dc6ec82f46efc1c8f0a681f16d27,2024-07-08T22:15:02.410000
CVE-2024-28882,0,0,5766d8517049fd3bdedf0eedf7d643a0bd48dc6ec82f46efc1c8f0a681f16d27,2024-07-08T22:15:02.410000
CVE-2024-28883,0,0,0da2cc6c41f6d079048ec96a542a244e3daa5cbbca8e93005185c421836d3999,2024-05-08T17:05:24.083000
CVE-2024-28886,0,0,c5e838328be71c5eb5c783cfb3d7b29e0393c19c1f2fbf543fbfcbc9ad011077,2024-07-03T01:51:54.130000
CVE-2024-28889,0,0,bb3c202469f2e51ff05aa6d43099130e609fec5b2294b197effadcfbe55ab53d,2024-05-08T17:05:24.083000
@ -253120,7 +253120,7 @@ CVE-2024-3652,0,0,455dabb71414a7592172807b25da69c5818ecc78456d9f87c63904d4c0988a
CVE-2024-36523,0,0,779ff20f3e54c54b68fa38cf8a73a6874fca821f18024ef38fb974b398395dd0,2024-06-13T18:36:09.010000
CVE-2024-36527,0,0,5a4da781a91464af6910d804126691f30125cf5f5ae9e52379cc70e43ae0f627,2024-07-03T02:03:14.827000
CVE-2024-36528,0,0,f25edd031c479e2eb08ab34031d71804f3bb9f2a7bd4f1a1d0b25d391d002135,2024-06-10T18:06:22.600000
CVE-2024-3653,1,1,6ee7ce4c2b79daafec21f757c0f18259c094eb50f64706db24d0e00679c76d83,2024-07-08T22:15:02.527000
CVE-2024-3653,0,0,6ee7ce4c2b79daafec21f757c0f18259c094eb50f64706db24d0e00679c76d83,2024-07-08T22:15:02.527000
CVE-2024-36531,0,0,991b1a5a568679e84b92f85516ddb5ed86f9e4a97046e45c71aa818ce6df4847,2024-06-10T18:06:22.600000
CVE-2024-36532,0,0,b051ad55854f4bc888db3a53610f7bcd9ed49e35c5868005d5e65395b423f5e4,2024-07-03T02:03:15.647000
CVE-2024-3654,0,0,954800a828ed246c147def14a6599156bd18a3e2cc72072dd62b0ab02b4bbf53,2024-04-19T16:19:49.043000
@ -255564,6 +255564,7 @@ CVE-2024-5544,0,0,dc180b504fcb3a2003d6a08111fbd0a7a95f9d21df8e253c1af1716f464343
CVE-2024-5545,0,0,9270f54f7803e859f3c51cd9a03c613d31e2403f79820ead3f02bc3b56a4bf36,2024-07-05T15:12:08.467000
CVE-2024-5547,0,0,10fc933ab96f74e48222460cfee3e0b1d295bbaa26e68f34704c5127d22daf4a,2024-06-27T19:25:12.067000
CVE-2024-5548,0,0,0dab8d0a6f7f4b5d3115df8861f1ab0c0c70d1308be14527ce7ee2ffa61fade4,2024-06-27T19:25:12.067000
CVE-2024-5549,1,1,bf37298d7fdeb39824ffb32e43c6adca372db50cacb1f80a1bed184a37e51d88,2024-07-09T00:15:02.050000
CVE-2024-5550,0,0,e4fc13aea5b719d7c555043aa9a8be47a59e2f4d5eac2e9fa0d5ff8a8edb892f,2024-06-07T14:56:05.647000
CVE-2024-5551,0,0,fe2ff56c261c11c34cfc92fd4dff768d263978728e8caa50b89ded66a68c1f4c,2024-06-17T12:42:04.623000
CVE-2024-5552,0,0,12abaaddd513e722275738643d6cd32f6bb9e257da98294dd5bedf4ad4cbf55d,2024-06-07T14:56:05.647000
@ -255574,6 +255575,7 @@ CVE-2024-5559,0,0,2783b17045adc6e83e5bf6acfe749e5c6489b786d017eb582b973704c839f4
CVE-2024-5560,0,0,f1a6e79f857dcb0da00298e85540b2901c155f3f4e8e842ef291f9f993b61e1f,2024-06-13T18:36:09.010000
CVE-2024-5564,0,0,9795ccf7f64c945419f550534828bd8bef2f36c164c7b95941f181710cd7c39c,2024-06-28T19:15:07.147000
CVE-2024-5565,0,0,e1d36fa68b4a73d6b78bd8eb39c3f27f14d8d32dc884b4fdfa0f8545d690e8d1,2024-07-03T02:09:05.567000
CVE-2024-5569,1,1,ac110bbf906dcc167f158cf33c51b4e9d88846b11b248c4bbd05584d7c26ee60,2024-07-09T00:15:02.320000
CVE-2024-5570,0,0,1f1ed1d460e111500125bee4bd672bf4d3d1893979a351b847eab3c62fb55e82,2024-06-28T10:27:00.920000
CVE-2024-5571,0,0,105c4e644019eeccf72c6e63813cdc36601b1b9a7e3cba5bc172df86631261e6,2024-06-11T17:29:03.277000
CVE-2024-5573,0,0,51a9ffd3da1267c4eef69596ac09c3dbea287270e0762cf7f98d2ed1f452fbf5,2024-06-26T12:44:29.693000
@ -255997,7 +255999,7 @@ CVE-2024-6376,0,0,2eceea6553f0e47a0e34ab01650b7781a20682f6799be39f9cd1e64f3f1985
CVE-2024-6381,0,0,2822fb12d769fe1cca32125b45cae52ba3e5807419213b6087c6db8de8d2b326,2024-07-03T12:53:24.977000
CVE-2024-6382,0,0,9f140af24f460b4413fa844f95383cc153754360a136939b8743c2d8327ebf99,2024-07-03T12:53:24.977000
CVE-2024-6383,0,0,4622f4fc90fbde51d6570a14e2ee494e3e71659c68201475e4e4eb659c036ac0,2024-07-05T12:55:51.367000
CVE-2024-6387,0,1,7f5867e1294b3e462c948da4d260d2a126412a65eb1077fc2911057caa8e959a,2024-07-08T23:15:09.673000
CVE-2024-6387,0,0,7f5867e1294b3e462c948da4d260d2a126412a65eb1077fc2911057caa8e959a,2024-07-08T23:15:09.673000
CVE-2024-6388,0,0,e641c9d869769d4291da87145b48d15b4f200c046d6b100142bc686375a84738,2024-06-27T17:11:52.390000
CVE-2024-6402,0,0,795485c4534407e246daec51c1daaa33b95f6651688fed743a8fb9054cdaedba,2024-07-01T12:37:24.220000
CVE-2024-6403,0,0,e44b9cfa8d9ae367e624a8cdf179ef52ea1e98c2115d7a956299d17747a6a56b,2024-07-01T12:37:24.220000

Can't render this file because it is too large.