From a1c1e195c42aa85383ab3b874d3d89b2634bd6a3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 9 Jul 2024 02:03:11 +0000 Subject: [PATCH] Auto-Update: 2024-07-09T02:00:18.305880+00:00 --- CVE-2024/CVE-2024-55xx/CVE-2024-5549.json | 60 +++++++++++++++++++++++ CVE-2024/CVE-2024-55xx/CVE-2024-5569.json | 60 +++++++++++++++++++++++ README.md | 16 +++--- _state.csv | 10 ++-- 4 files changed, 133 insertions(+), 13 deletions(-) create mode 100644 CVE-2024/CVE-2024-55xx/CVE-2024-5549.json create mode 100644 CVE-2024/CVE-2024-55xx/CVE-2024-5569.json diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5549.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5549.json new file mode 100644 index 00000000000..0a015c32469 --- /dev/null +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5549.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-5549", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-07-09T00:15:02.050", + "lastModified": "2024-07-09T00:15:02.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Origin Validation Error in GitHub repository stitionai/devika prior to -." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/stitionai/devika/commit/6acce21fb08c3d1123ef05df6a33912bf0ee77c2", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/7ffeb896-27c8-429d-b241-4f7d6dda0afd", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-55xx/CVE-2024-5569.json b/CVE-2024/CVE-2024-55xx/CVE-2024-5569.json new file mode 100644 index 00000000000..36503ac7d4b --- /dev/null +++ b/CVE-2024/CVE-2024-55xx/CVE-2024-5569.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-5569", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-07-09T00:15:02.320", + "lastModified": "2024-07-09T00:15:02.320", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Denial of Service (DoS) vulnerability exists in the jaraco/zipp library, affecting all versions prior to 3.19.1. The vulnerability is triggered when processing a specially crafted zip file that leads to an infinite loop. This issue also impacts the zipfile module of CPython, as features from the third-party zipp library are later merged into CPython, and the affected code is identical in both projects. The infinite loop can be initiated through the use of functions affecting the `Path` module in both zipp and zipfile, such as `joinpath`, the overloaded division operator, and `iterdir`. Although the infinite loop is not resource exhaustive, it prevents the application from responding. The vulnerability was addressed in version 3.19.1 of jaraco/zipp." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jaraco/zipp/commit/fd604bd34f0343472521a36da1fbd22e793e14fd", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/be898306-11f9-46b4-b28c-f4c4aa4ffbae", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index d87f3c4e4de..dd1803659e8 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-08T23:55:18.235548+00:00 +2024-07-09T02:00:18.305880+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-08T23:15:09.673000+00:00 +2024-07-09T00:15:02.320000+00:00 ``` ### Last Data Feed Release @@ -27,29 +27,27 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-07-08T00:00:08.667445+00:00 +2024-07-09T00:00:08.659079+00:00 ``` ### Total Number of included CVEs ```plain -256042 +256044 ``` ### CVEs added in the last Commit Recently added CVEs: `2` -- [CVE-2024-28882](CVE-2024/CVE-2024-288xx/CVE-2024-28882.json) (`2024-07-08T22:15:02.410`) -- [CVE-2024-3653](CVE-2024/CVE-2024-36xx/CVE-2024-3653.json) (`2024-07-08T22:15:02.527`) +- [CVE-2024-5549](CVE-2024/CVE-2024-55xx/CVE-2024-5549.json) (`2024-07-09T00:15:02.050`) +- [CVE-2024-5569](CVE-2024/CVE-2024-55xx/CVE-2024-5569.json) (`2024-07-09T00:15:02.320`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `0` -- [CVE-2024-26621](CVE-2024/CVE-2024-266xx/CVE-2024-26621.json) (`2024-07-08T22:15:02.347`) -- [CVE-2024-6387](CVE-2024/CVE-2024-63xx/CVE-2024-6387.json) (`2024-07-08T23:15:09.673`) ## Download and Usage diff --git a/_state.csv b/_state.csv index b55aeb2c63f..64d0cd17022 100644 --- a/_state.csv +++ b/_state.csv @@ -246548,7 +246548,7 @@ CVE-2024-26618,0,0,b4ee02e43411773445d9502213c0c8ee13dbb28e9adadb6062e2443b8f287 CVE-2024-26619,0,0,4bc519bd153c025ad692ee69af117d5945ba0b94f5c3e5862c457953e2f5d4bd,2024-03-12T12:40:13.500000 CVE-2024-2662,0,0,f67fa5f3bbbaf2e8acff0e892a68fc06e4217f99a75dec53361b235392202bd4,2024-05-14T16:13:02.773000 CVE-2024-26620,0,0,d9644d90006553a6ef7df3ce5b7de0b26190c676351738b9b2539bec3ef4ee61,2024-03-12T12:40:13.500000 -CVE-2024-26621,0,1,c003e8390f599797884d0f74f817457f8dffeb5bc1fad655b9248652bf0c29cc,2024-07-08T22:15:02.347000 +CVE-2024-26621,0,0,c003e8390f599797884d0f74f817457f8dffeb5bc1fad655b9248652bf0c29cc,2024-07-08T22:15:02.347000 CVE-2024-26622,0,0,429b8c79ac7bc8a6f352b05f3ec787ee7dce1baf63c22803c7866fe6ab98869f,2024-06-25T22:15:19.240000 CVE-2024-26623,0,0,5692b1c30d07fd10d73a2d8d099143935e519ebf33db10f9328fbf12228012a8,2024-03-06T15:18:08.093000 CVE-2024-26624,0,0,9575e38401ed951dd513d0e1852942215c7c9e9bc3c5371fd0da3ac3a0eac967,2024-03-27T14:15:10.163000 @@ -248169,7 +248169,7 @@ CVE-2024-28877,0,0,883039bbb8a02fedae5005218a87450c4b734f262948f425805257c253ab9 CVE-2024-28878,0,0,fe5b4dea6079affbe530b6afc0ec6cbc2c58efa98e54aaf61e9565b0ce4541ce,2024-04-15T13:15:51.577000 CVE-2024-2888,0,0,e48cc71bf8d96ab718c88bf59dd81f25047204b13c0446dd48014e6c60fc42d9,2024-03-26T12:55:05.010000 CVE-2024-28880,0,0,d86d3a57226b47e9756d0e2de7fe8eb3bf99b87dc35f89b5848778ed1b1b3b47,2024-07-03T01:51:53.260000 -CVE-2024-28882,1,1,5766d8517049fd3bdedf0eedf7d643a0bd48dc6ec82f46efc1c8f0a681f16d27,2024-07-08T22:15:02.410000 +CVE-2024-28882,0,0,5766d8517049fd3bdedf0eedf7d643a0bd48dc6ec82f46efc1c8f0a681f16d27,2024-07-08T22:15:02.410000 CVE-2024-28883,0,0,0da2cc6c41f6d079048ec96a542a244e3daa5cbbca8e93005185c421836d3999,2024-05-08T17:05:24.083000 CVE-2024-28886,0,0,c5e838328be71c5eb5c783cfb3d7b29e0393c19c1f2fbf543fbfcbc9ad011077,2024-07-03T01:51:54.130000 CVE-2024-28889,0,0,bb3c202469f2e51ff05aa6d43099130e609fec5b2294b197effadcfbe55ab53d,2024-05-08T17:05:24.083000 @@ -253120,7 +253120,7 @@ CVE-2024-3652,0,0,455dabb71414a7592172807b25da69c5818ecc78456d9f87c63904d4c0988a CVE-2024-36523,0,0,779ff20f3e54c54b68fa38cf8a73a6874fca821f18024ef38fb974b398395dd0,2024-06-13T18:36:09.010000 CVE-2024-36527,0,0,5a4da781a91464af6910d804126691f30125cf5f5ae9e52379cc70e43ae0f627,2024-07-03T02:03:14.827000 CVE-2024-36528,0,0,f25edd031c479e2eb08ab34031d71804f3bb9f2a7bd4f1a1d0b25d391d002135,2024-06-10T18:06:22.600000 -CVE-2024-3653,1,1,6ee7ce4c2b79daafec21f757c0f18259c094eb50f64706db24d0e00679c76d83,2024-07-08T22:15:02.527000 +CVE-2024-3653,0,0,6ee7ce4c2b79daafec21f757c0f18259c094eb50f64706db24d0e00679c76d83,2024-07-08T22:15:02.527000 CVE-2024-36531,0,0,991b1a5a568679e84b92f85516ddb5ed86f9e4a97046e45c71aa818ce6df4847,2024-06-10T18:06:22.600000 CVE-2024-36532,0,0,b051ad55854f4bc888db3a53610f7bcd9ed49e35c5868005d5e65395b423f5e4,2024-07-03T02:03:15.647000 CVE-2024-3654,0,0,954800a828ed246c147def14a6599156bd18a3e2cc72072dd62b0ab02b4bbf53,2024-04-19T16:19:49.043000 @@ -255564,6 +255564,7 @@ CVE-2024-5544,0,0,dc180b504fcb3a2003d6a08111fbd0a7a95f9d21df8e253c1af1716f464343 CVE-2024-5545,0,0,9270f54f7803e859f3c51cd9a03c613d31e2403f79820ead3f02bc3b56a4bf36,2024-07-05T15:12:08.467000 CVE-2024-5547,0,0,10fc933ab96f74e48222460cfee3e0b1d295bbaa26e68f34704c5127d22daf4a,2024-06-27T19:25:12.067000 CVE-2024-5548,0,0,0dab8d0a6f7f4b5d3115df8861f1ab0c0c70d1308be14527ce7ee2ffa61fade4,2024-06-27T19:25:12.067000 +CVE-2024-5549,1,1,bf37298d7fdeb39824ffb32e43c6adca372db50cacb1f80a1bed184a37e51d88,2024-07-09T00:15:02.050000 CVE-2024-5550,0,0,e4fc13aea5b719d7c555043aa9a8be47a59e2f4d5eac2e9fa0d5ff8a8edb892f,2024-06-07T14:56:05.647000 CVE-2024-5551,0,0,fe2ff56c261c11c34cfc92fd4dff768d263978728e8caa50b89ded66a68c1f4c,2024-06-17T12:42:04.623000 CVE-2024-5552,0,0,12abaaddd513e722275738643d6cd32f6bb9e257da98294dd5bedf4ad4cbf55d,2024-06-07T14:56:05.647000 @@ -255574,6 +255575,7 @@ CVE-2024-5559,0,0,2783b17045adc6e83e5bf6acfe749e5c6489b786d017eb582b973704c839f4 CVE-2024-5560,0,0,f1a6e79f857dcb0da00298e85540b2901c155f3f4e8e842ef291f9f993b61e1f,2024-06-13T18:36:09.010000 CVE-2024-5564,0,0,9795ccf7f64c945419f550534828bd8bef2f36c164c7b95941f181710cd7c39c,2024-06-28T19:15:07.147000 CVE-2024-5565,0,0,e1d36fa68b4a73d6b78bd8eb39c3f27f14d8d32dc884b4fdfa0f8545d690e8d1,2024-07-03T02:09:05.567000 +CVE-2024-5569,1,1,ac110bbf906dcc167f158cf33c51b4e9d88846b11b248c4bbd05584d7c26ee60,2024-07-09T00:15:02.320000 CVE-2024-5570,0,0,1f1ed1d460e111500125bee4bd672bf4d3d1893979a351b847eab3c62fb55e82,2024-06-28T10:27:00.920000 CVE-2024-5571,0,0,105c4e644019eeccf72c6e63813cdc36601b1b9a7e3cba5bc172df86631261e6,2024-06-11T17:29:03.277000 CVE-2024-5573,0,0,51a9ffd3da1267c4eef69596ac09c3dbea287270e0762cf7f98d2ed1f452fbf5,2024-06-26T12:44:29.693000 @@ -255997,7 +255999,7 @@ CVE-2024-6376,0,0,2eceea6553f0e47a0e34ab01650b7781a20682f6799be39f9cd1e64f3f1985 CVE-2024-6381,0,0,2822fb12d769fe1cca32125b45cae52ba3e5807419213b6087c6db8de8d2b326,2024-07-03T12:53:24.977000 CVE-2024-6382,0,0,9f140af24f460b4413fa844f95383cc153754360a136939b8743c2d8327ebf99,2024-07-03T12:53:24.977000 CVE-2024-6383,0,0,4622f4fc90fbde51d6570a14e2ee494e3e71659c68201475e4e4eb659c036ac0,2024-07-05T12:55:51.367000 -CVE-2024-6387,0,1,7f5867e1294b3e462c948da4d260d2a126412a65eb1077fc2911057caa8e959a,2024-07-08T23:15:09.673000 +CVE-2024-6387,0,0,7f5867e1294b3e462c948da4d260d2a126412a65eb1077fc2911057caa8e959a,2024-07-08T23:15:09.673000 CVE-2024-6388,0,0,e641c9d869769d4291da87145b48d15b4f200c046d6b100142bc686375a84738,2024-06-27T17:11:52.390000 CVE-2024-6402,0,0,795485c4534407e246daec51c1daaa33b95f6651688fed743a8fb9054cdaedba,2024-07-01T12:37:24.220000 CVE-2024-6403,0,0,e44b9cfa8d9ae367e624a8cdf179ef52ea1e98c2115d7a956299d17747a6a56b,2024-07-01T12:37:24.220000