From ac36be4040fc39b130b1417a08de5df5011b0ede Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 22 Aug 2024 02:03:14 +0000 Subject: [PATCH] Auto-Update: 2024-08-22T02:00:18.321585+00:00 --- CVE-2021/CVE-2021-311xx/CVE-2021-31196.json | 6 ++- CVE-2021/CVE-2021-330xx/CVE-2021-33044.json | 6 ++- CVE-2021/CVE-2021-330xx/CVE-2021-33045.json | 6 ++- CVE-2022/CVE-2022-01xx/CVE-2022-0185.json | 6 ++- CVE-2023/CVE-2023-70xx/CVE-2023-7003.json | 27 ++++++++++++- CVE-2024/CVE-2024-323xx/CVE-2024-32358.json | 4 +- CVE-2024/CVE-2024-373xx/CVE-2024-37353.json | 45 ++------------------- CVE-2024/CVE-2024-420xx/CVE-2024-42056.json | 25 ++++++++++++ CVE-2024/CVE-2024-421xx/CVE-2024-42143.json | 45 ++------------------- CVE-2024/CVE-2024-430xx/CVE-2024-43033.json | 29 +++++++++++++ README.md | 25 +++++++----- _state.csv | 24 ++++++----- 12 files changed, 138 insertions(+), 110 deletions(-) create mode 100644 CVE-2024/CVE-2024-420xx/CVE-2024-42056.json create mode 100644 CVE-2024/CVE-2024-430xx/CVE-2024-43033.json diff --git a/CVE-2021/CVE-2021-311xx/CVE-2021-31196.json b/CVE-2021/CVE-2021-311xx/CVE-2021-31196.json index 96aef511408..de0d3de3ce5 100644 --- a/CVE-2021/CVE-2021-311xx/CVE-2021-31196.json +++ b/CVE-2021/CVE-2021-311xx/CVE-2021-31196.json @@ -2,9 +2,13 @@ "id": "CVE-2021-31196", "sourceIdentifier": "secure@microsoft.com", "published": "2021-07-14T18:15:09.463", - "lastModified": "2023-12-28T23:15:13.237", + "lastModified": "2024-08-22T01:00:01.277", "vulnStatus": "Modified", "cveTags": [], + "cisaExploitAdd": "2024-08-21", + "cisaActionDue": "2024-09-11", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Microsoft Exchange Server Information Disclosure Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-330xx/CVE-2021-33044.json b/CVE-2021/CVE-2021-330xx/CVE-2021-33044.json index 5af9b2afe02..53becd3429d 100644 --- a/CVE-2021/CVE-2021-330xx/CVE-2021-33044.json +++ b/CVE-2021/CVE-2021-330xx/CVE-2021-33044.json @@ -2,9 +2,13 @@ "id": "CVE-2021-33044", "sourceIdentifier": "cybersecurity@dahuatech.com", "published": "2021-09-15T22:15:10.497", - "lastModified": "2021-12-02T13:50:00.800", + "lastModified": "2024-08-22T01:00:01.277", "vulnStatus": "Analyzed", "cveTags": [], + "cisaExploitAdd": "2024-08-21", + "cisaActionDue": "2024-09-11", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Dahua IP Camera Authentication Bypass Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2021/CVE-2021-330xx/CVE-2021-33045.json b/CVE-2021/CVE-2021-330xx/CVE-2021-33045.json index 6767dd628aa..e1edb9dba18 100644 --- a/CVE-2021/CVE-2021-330xx/CVE-2021-33045.json +++ b/CVE-2021/CVE-2021-330xx/CVE-2021-33045.json @@ -2,9 +2,13 @@ "id": "CVE-2021-33045", "sourceIdentifier": "cybersecurity@dahuatech.com", "published": "2021-09-15T22:15:10.687", - "lastModified": "2021-12-02T13:49:55.440", + "lastModified": "2024-08-22T01:00:01.277", "vulnStatus": "Analyzed", "cveTags": [], + "cisaExploitAdd": "2024-08-21", + "cisaActionDue": "2024-09-11", + "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", + "cisaVulnerabilityName": "Dahua IP Camera Authentication Bypass Vulnerability", "descriptions": [ { "lang": "en", diff --git a/CVE-2022/CVE-2022-01xx/CVE-2022-0185.json b/CVE-2022/CVE-2022-01xx/CVE-2022-0185.json index bedee48d39c..cfc588d10ba 100644 --- a/CVE-2022/CVE-2022-01xx/CVE-2022-0185.json +++ b/CVE-2022/CVE-2022-01xx/CVE-2022-0185.json @@ -2,9 +2,13 @@ "id": "CVE-2022-0185", "sourceIdentifier": "secalert@redhat.com", "published": "2022-02-11T18:15:10.890", - "lastModified": "2023-06-26T18:55:31.587", + "lastModified": "2024-08-22T01:00:01.277", "vulnStatus": "Analyzed", "cveTags": [], + "cisaExploitAdd": "2024-08-21", + "cisaActionDue": "2024-09-11", + "cisaRequiredAction": "Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.", + "cisaVulnerabilityName": "Linux Kernel Heap-Based Buffer Overflow", "descriptions": [ { "lang": "en", diff --git a/CVE-2023/CVE-2023-70xx/CVE-2023-7003.json b/CVE-2023/CVE-2023-70xx/CVE-2023-7003.json index 5db47446f8c..2a4b6134638 100644 --- a/CVE-2023/CVE-2023-70xx/CVE-2023-7003.json +++ b/CVE-2023/CVE-2023-70xx/CVE-2023-7003.json @@ -2,7 +2,7 @@ "id": "CVE-2023-7003", "sourceIdentifier": "cret@cert.org", "published": "2024-03-15T17:15:07.630", - "lastModified": "2024-03-17T22:38:29.433", + "lastModified": "2024-08-22T00:35:00.557", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La clave AES utilizada en el proceso de emparejamiento entre una cerradura que usa el firmware Sciener y un teclado inal\u00e1mbrico no es \u00fanica y puede reutilizarse para comprometer otras cerraduras que usan el firmware Sciener." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, "references": [ { "url": "https://alephsecurity.com/2024/03/07/kontrol-lux-lock-2/", diff --git a/CVE-2024/CVE-2024-323xx/CVE-2024-32358.json b/CVE-2024/CVE-2024-323xx/CVE-2024-32358.json index 5f24e44b2de..9b8b8b214ba 100644 --- a/CVE-2024/CVE-2024-323xx/CVE-2024-32358.json +++ b/CVE-2024/CVE-2024-323xx/CVE-2024-32358.json @@ -2,13 +2,13 @@ "id": "CVE-2024-32358", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-25T17:15:50.020", - "lastModified": "2024-08-19T17:15:07.407", + "lastModified": "2024-08-22T01:15:03.350", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function." + "value": "An issue in Jpress v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the custom plug-in module function, a different vulnerability than CVE-2024-43033." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37353.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37353.json index bd44182fff9..26ddff79112 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37353.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37353.json @@ -2,52 +2,15 @@ "id": "CVE-2024-37353", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-21T11:15:10.590", - "lastModified": "2024-07-15T07:15:07.493", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-08-22T00:15:05.760", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio: delete vq in vp_find_vqs_msix() when request_irq() fails\n\nWhen request_irq() fails, error path calls vp_del_vqs(). There, as vq is\npresent in the list, free_irq() is called for the same vector. That\ncauses following splat:\n\n[ 0.414355] Trying to free already-free IRQ 27\n[ 0.414403] WARNING: CPU: 1 PID: 1 at kernel/irq/manage.c:1899 free_irq+0x1a1/0x2d0\n[ 0.414510] Modules linked in:\n[ 0.414540] CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.9.0-rc4+ #27\n[ 0.414540] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014\n[ 0.414540] RIP: 0010:free_irq+0x1a1/0x2d0\n[ 0.414540] Code: 1e 00 48 83 c4 08 48 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc cc 90 8b 74 24 04 48 c7 c7 98 80 6c b1 e8 00 c9 f7 ff 90 <0f> 0b 90 90 48 89 ee 4c 89 ef e8 e0 20 b8 00 49 8b 47 40 48 8b 40\n[ 0.414540] RSP: 0000:ffffb71480013ae0 EFLAGS: 00010086\n[ 0.414540] RAX: 0000000000000000 RBX: ffffa099c2722000 RCX: 0000000000000000\n[ 0.414540] RDX: 0000000000000000 RSI: ffffb71480013998 RDI: 0000000000000001\n[ 0.414540] RBP: 0000000000000246 R08: 00000000ffffdfff R09: 0000000000000001\n[ 0.414540] R10: 00000000ffffdfff R11: ffffffffb18729c0 R12: ffffa099c1c91760\n[ 0.414540] R13: ffffa099c1c916a4 R14: ffffa099c1d2f200 R15: ffffa099c1c91600\n[ 0.414540] FS: 0000000000000000(0000) GS:ffffa099fec40000(0000) knlGS:0000000000000000\n[ 0.414540] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 0.414540] CR2: 0000000000000000 CR3: 0000000008e3e001 CR4: 0000000000370ef0\n[ 0.414540] Call Trace:\n[ 0.414540] \n[ 0.414540] ? __warn+0x80/0x120\n[ 0.414540] ? free_irq+0x1a1/0x2d0\n[ 0.414540] ? report_bug+0x164/0x190\n[ 0.414540] ? handle_bug+0x3b/0x70\n[ 0.414540] ? exc_invalid_op+0x17/0x70\n[ 0.414540] ? asm_exc_invalid_op+0x1a/0x20\n[ 0.414540] ? free_irq+0x1a1/0x2d0\n[ 0.414540] vp_del_vqs+0xc1/0x220\n[ 0.414540] vp_find_vqs_msix+0x305/0x470\n[ 0.414540] vp_find_vqs+0x3e/0x1a0\n[ 0.414540] vp_modern_find_vqs+0x1b/0x70\n[ 0.414540] init_vqs+0x387/0x600\n[ 0.414540] virtnet_probe+0x50a/0xc80\n[ 0.414540] virtio_dev_probe+0x1e0/0x2b0\n[ 0.414540] really_probe+0xc0/0x2c0\n[ 0.414540] ? __pfx___driver_attach+0x10/0x10\n[ 0.414540] __driver_probe_device+0x73/0x120\n[ 0.414540] driver_probe_device+0x1f/0xe0\n[ 0.414540] __driver_attach+0x88/0x180\n[ 0.414540] bus_for_each_dev+0x85/0xd0\n[ 0.414540] bus_add_driver+0xec/0x1f0\n[ 0.414540] driver_register+0x59/0x100\n[ 0.414540] ? __pfx_virtio_net_driver_init+0x10/0x10\n[ 0.414540] virtio_net_driver_init+0x90/0xb0\n[ 0.414540] do_one_initcall+0x58/0x230\n[ 0.414540] kernel_init_freeable+0x1a3/0x2d0\n[ 0.414540] ? __pfx_kernel_init+0x10/0x10\n[ 0.414540] kernel_init+0x1a/0x1c0\n[ 0.414540] ret_from_fork+0x31/0x50\n[ 0.414540] ? __pfx_kernel_init+0x10/0x10\n[ 0.414540] ret_from_fork_asm+0x1a/0x30\n[ 0.414540] \n\nFix this by calling deleting the current vq when request_irq() fails." - }, - { - "lang": "es", - "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: virtio: eliminar vq en vp_find_vqs_msix() cuando request_irq() falla Cuando request_irq() falla, la ruta de error llama a vp_del_vqs(). All\u00ed, como vq est\u00e1 presente en la lista, se llama a free_irq() para el mismo vector. Eso provoca el siguiente s\u00edmbolo: [0.414355] Intentando liberar IRQ 27 que ya est\u00e1 libre [0.414403] ADVERTENCIA: CPU: 1 PID: 1 en kernel/irq/manage.c:1899 free_irq+0x1a1/0x2d0 [0.414510] M\u00f3dulos vinculados en: [ 0.414540] CPU: 1 PID: 1 Comunicaciones: swapper/0 No contaminado 6.9.0-rc4+ #27 [ 0.414540] Nombre de hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01 /2014 [0.414540] RIP: 0010:free_irq+0x1a1/0x2d0 [0.414540] C\u00f3digo: 1e 00 48 83 c4 08 48 89 e8 5b 5d 41 5c 41 5d 41 5e 41 5f c3 cc cc cc 90 8b 74 24 04 48 c7 c7 98 80 6c b1 e8 00 c9 f7 ff 90 <0f> 0b 90 90 48 89 ee 4c 89 ef e8 e0 20 b8 00 49 8b 47 40 48 8b 40 [ 0.414540] RSP: 0000:ffffb71480013ae0 EFLAGS: 00010086 [0,414540] RAX : 0000000000000000 RBX: ffffa099c2722000 RCX: 0000000000000000 [ 0.414540] RDX: 0000000000000000 RSI: ffffb71480013998 RDI: 0000000000000 001 [ 0.414540] RBP: 0000000000000246 R08: 00000000ffffdfff R09: 0000000000000001 [ 0.414540] R10: 00000000ffffdfff R11: fffffffb18729c0 fffa099c1c91760 [ 0.414540] R13: fffa099c1c916a4 R14: ffffa099c1d2f200 R15: ffffa099c1c91600 [ 0.414540] FS: 0000000000000000(0000) GS:ffffa099fec40000(0000) knlGS:0000000000000000 [ 0.41454 0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 0.414540] CR2: 0000000000000000 CR3: 0000000008e3e001 CR4: 0000000000370ef0 [0.414540] Seguimiento de llamadas: [0.414540] [0.414540]? __advertir+0x80/0x120 [0.414540]? free_irq+0x1a1/0x2d0 [0.414540]? report_bug+0x164/0x190 [0.414540]? handle_bug+0x3b/0x70 [0.414540]? exc_invalid_op+0x17/0x70 [0.414540]? asm_exc_invalid_op+0x1a/0x20 [0.414540]? free_irq+0x1a1/0x2d0 [ 0.414540] vp_del_vqs+0xc1/0x220 [ 0.414540] vp_find_vqs_msix+0x305/0x470 [ 0.414540] vp_find_vqs+0x3e/0x1a0 [ 0.414540 ] vp_modern_find_vqs+0x1b/0x70 [ 0.414540] init_vqs+0x387/0x600 [ 0.414540] virtnet_probe+ 0x50a/0xc80 [0.414540] virtio_dev_probe+0x1e0/0x2b0 [0.414540]realmente_probe+0xc0/0x2c0 [0.414540]? __pfx___driver_attach+0x10/0x10 [ 0.414540] __driver_probe_device+0x73/0x120 [ 0.414540] driver_probe_device+0x1f/0xe0 [ 0.414540] __driver_attach+0x88/0x180 [ 0.414540] _for_each_dev+0x85/0xd0 [ 0.414540] bus_add_driver+0xec/0x1f0 [ 0.414540] driver_register+ 0x59/0x100 [0,414540]? __pfx_virtio_net_driver_init+0x10/0x10 [ 0.414540] virtio_net_driver_init+0x90/0xb0 [ 0.414540] do_one_initcall+0x58/0x230 [ 0.414540] kernel_init_freeable+0x1a3/0x2d0 [ 0.41 4540] ? __pfx_kernel_init+0x10/0x10 [0.414540] kernel_init+0x1a/0x1c0 [0.414540] ret_from_fork+0x31/0x50 [0.414540]? __pfx_kernel_init+0x10/0x10 [ 0.414540] ret_from_fork_asm+0x1a/0x30 [ 0.414540] Solucione este problema llamando a eliminar el vq actual cuando request_irq() falla." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], "metrics": {}, - "references": [ - { - "url": "https://git.kernel.org/stable/c/04207a9c64e0b16dac842e5b2ecfa53af25bdea7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/42d30da50d5c1ec433fd9551bfddd6887407c352", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/43a9aaf63254ab821f0f25fea25698ebe69ea16a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/7fbe54f02a5c77ff5dd65e8ed0b58e3bd8c43e9c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/89875151fccdd024d571aa884ea97a0128b968b6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/abf001651acd1858252764fa39d79e3d0b5c86b2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/bb61a84793858330ba2ca1d202d3779096f6fb54", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/cb7a7c8144b434e06aba99b13b045a7efe859587", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - } - ] + "references": [] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42056.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42056.json new file mode 100644 index 00000000000..72ef49a51f7 --- /dev/null +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42056.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-42056", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-08-22T01:15:03.460", + "lastModified": "2024-08-22T01:15:03.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Retool (self-hosted enterprise) through 3.40.0 inserts resource authentication credentials into sent data. Credentials for users with \"Use\" permissions can be discovered (by an authenticated attacker) via the /api/resources endpoint. The earliest affected version is 3.18.1." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://docs.retool.com/disclosures/cve-2024-42056", + "source": "cve@mitre.org" + }, + { + "url": "https://docs.retool.com/releases", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-421xx/CVE-2024-42143.json b/CVE-2024/CVE-2024-421xx/CVE-2024-42143.json index 9e344749333..22bb53662e4 100644 --- a/CVE-2024/CVE-2024-421xx/CVE-2024-42143.json +++ b/CVE-2024/CVE-2024-421xx/CVE-2024-42143.json @@ -2,52 +2,15 @@ "id": "CVE-2024-42143", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-07-30T08:15:06.073", - "lastModified": "2024-07-30T13:32:45.943", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-08-22T00:15:06.020", + "vulnStatus": "Rejected", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\norangefs: fix out-of-bounds fsid access\n\nArnd Bergmann sent a patch to fsdevel, he says:\n\n\"orangefs_statfs() copies two consecutive fields of the superblock into\nthe statfs structure, which triggers a warning from the string fortification\nhelpers\"\n\nJan Kara suggested an alternate way to do the patch to make it more readable.\n\nI ran both ideas through xfstests and both seem fine. This patch\nis based on Jan Kara's suggestion." - }, - { - "lang": "es", - "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: orangefs: corrige el acceso fsid fuera de los l\u00edmites Arnd Bergmann envi\u00f3 un parche a fsdevel, dice: \"orangefs_statfs() copia dos campos consecutivos del superbloque en la estructura statfs, lo que activa una advertencia de los ayudantes de fortificaci\u00f3n de cuerdas\" Jan Kara sugiri\u00f3 una forma alternativa de hacer el parche para hacerlo m\u00e1s legible. Ejecut\u00e9 ambas ideas en xfstests y ambas parecen estar bien. Este parche se basa en la sugerencia de Jan Kara." + "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority." } ], "metrics": {}, - "references": [ - { - "url": "https://git.kernel.org/stable/c/137a06dc0ff8b2d2069c2345d015ef0fa71df1ed", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/1617249e24bd04c8047956afb43feec4876d1715", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/53e4efa470d5fc6a96662d2d3322cfc925818517", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/556edaa27c27db24a0f34c78cebef90e5bb6e167", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/6a3cacf6d3cf0278aa90392aef2fc3fe2717a047", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/74159d409da82269311a60256aad8ae8753da450", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/b90176a9553775e23966650e445b1866e62e4924", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - }, - { - "url": "https://git.kernel.org/stable/c/de8a5f7b71800a11fbaffc8ddacf08ead78afcc5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" - } - ] + "references": [] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-430xx/CVE-2024-43033.json b/CVE-2024/CVE-2024-430xx/CVE-2024-43033.json new file mode 100644 index 00000000000..05254acdb2d --- /dev/null +++ b/CVE-2024/CVE-2024-430xx/CVE-2024-43033.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-43033", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-08-22T01:15:03.540", + "lastModified": "2024-08-22T01:15:03.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "JPress through 5.1.1 on Windows has an arbitrary file upload vulnerability that could cause arbitrary code execution via ::$DATA to AttachmentController, such as a .jsp::$DATA file to io.jpress.web.commons.controller.AttachmentController#upload. NOTE: this is unrelated to the attack vector for CVE-2024-32358." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://cwe.mitre.org/data/definitions/69.html", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/JPressProjects/jpress/issues/188", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/lazy-forever/CVE-Reference/tree/main/2024/43033", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 0cdb10ecad4..fdd3060d052 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-21T23:55:17.365780+00:00 +2024-08-22T02:00:18.321585+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-21T23:35:02.710000+00:00 +2024-08-22T01:15:03.540000+00:00 ``` ### Last Data Feed Release @@ -27,28 +27,35 @@ Repository synchronizes with the NVD every 2 hours. Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest) ```plain -2024-08-21T00:00:08.652201+00:00 +2024-08-22T00:00:08.635005+00:00 ``` ### Total Number of included CVEs ```plain -260861 +260863 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `2` -- [CVE-2024-28987](CVE-2024/CVE-2024-289xx/CVE-2024-28987.json) (`2024-08-21T22:15:04.350`) +- [CVE-2024-42056](CVE-2024/CVE-2024-420xx/CVE-2024-42056.json) (`2024-08-22T01:15:03.460`) +- [CVE-2024-43033](CVE-2024/CVE-2024-430xx/CVE-2024-43033.json) (`2024-08-22T01:15:03.540`) ### CVEs modified in the last Commit -Recently modified CVEs: `2` +Recently modified CVEs: `8` -- [CVE-2023-42892](CVE-2023/CVE-2023-428xx/CVE-2023-42892.json) (`2024-08-21T23:35:00.660`) -- [CVE-2024-2262](CVE-2024/CVE-2024-22xx/CVE-2024-2262.json) (`2024-08-21T23:35:02.710`) +- [CVE-2021-31196](CVE-2021/CVE-2021-311xx/CVE-2021-31196.json) (`2024-08-22T01:00:01.277`) +- [CVE-2021-33044](CVE-2021/CVE-2021-330xx/CVE-2021-33044.json) (`2024-08-22T01:00:01.277`) +- [CVE-2021-33045](CVE-2021/CVE-2021-330xx/CVE-2021-33045.json) (`2024-08-22T01:00:01.277`) +- [CVE-2022-0185](CVE-2022/CVE-2022-01xx/CVE-2022-0185.json) (`2024-08-22T01:00:01.277`) +- [CVE-2023-7003](CVE-2023/CVE-2023-70xx/CVE-2023-7003.json) (`2024-08-22T00:35:00.557`) +- [CVE-2024-32358](CVE-2024/CVE-2024-323xx/CVE-2024-32358.json) (`2024-08-22T01:15:03.350`) +- [CVE-2024-37353](CVE-2024/CVE-2024-373xx/CVE-2024-37353.json) (`2024-08-22T00:15:05.760`) +- [CVE-2024-42143](CVE-2024/CVE-2024-421xx/CVE-2024-42143.json) (`2024-08-22T00:15:06.020`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 3891f5018a8..ad7271f9118 100644 --- a/_state.csv +++ b/_state.csv @@ -175250,7 +175250,7 @@ CVE-2021-31192,0,0,fd789248bf776790286911c1cb62d193d3758ca81ef93da2b769e43d45b36 CVE-2021-31193,0,0,077bb091684d98f26b6775e11540d1486855c8b0d31cece055f7164c231d488f,2023-08-02T00:15:14.130000 CVE-2021-31194,0,0,a881a4ba34181125ee9ae9d9c1b01593524b854565df4e5996e91bfacc287967,2023-08-02T00:15:14.223000 CVE-2021-31195,0,0,70601223ee123bbcfc6c70e498c7011bda164e6f4ddb34afe419d104ffa66b25,2023-08-02T00:15:14.323000 -CVE-2021-31196,0,0,dbb1d75a9e52bbec415d403801421b0d96faea550fd87e6c2b35377be6c3e8a5,2023-12-28T23:15:13.237000 +CVE-2021-31196,0,1,fb93d3a83bfcd3219bb93cb91a6b6f7d1215b8129d82080460a2b924115c0821,2024-08-22T01:00:01.277000 CVE-2021-31198,0,0,c30b3a1c57145c6bd60798b28f43bf1b762d20c9da745906c3aa84d02e50db9f,2023-08-02T00:15:14.423000 CVE-2021-31199,0,0,6a10871a43e5aa3edee13eb1b7ba5d0cfbf7151ab2ede6f7ce968c12cd3946fc,2024-07-29T18:06:29.307000 CVE-2021-3120,0,0,08daa0568cd7cfafde23061c9f7b245e79e5316ac276c10375c44ea0d54bbceb,2023-02-01T02:23:04.767000 @@ -176632,8 +176632,8 @@ CVE-2021-33038,0,0,dac16d660e2feefbf92b96e7a088f19c4b57ab3f9c370f8984312334dc53d CVE-2021-3304,0,0,202d5b02361cfffc9ac26371d85d9f6d5b7a327cd54f63176ba37cace2b09997,2021-02-03T15:57:36.243000 CVE-2021-33040,0,0,f098b0323d2d3d9188924a0fba62d940f572312230ace714bf178137b9f4003c,2022-01-22T03:43:00.757000 CVE-2021-33041,0,0,801009080cb74bcaeb9769668dafcd2f33329a4c6045505216b06ebccda3a229,2021-05-25T14:19:37.373000 -CVE-2021-33044,0,0,b2e27a3e17f03b8b02d4d796a87f2ca5b614ef2add2d44132d01a8c0df5527c1,2021-12-02T13:50:00.800000 -CVE-2021-33045,0,0,f06b8b4374759a4a0f3425659a2ff056d67c198de1453765dcbc7b5d57f36679,2021-12-02T13:49:55.440000 +CVE-2021-33044,0,1,40dc7234ffb53f62549d44ed8b7e9976d01cf84629288abc3bdc1ca24b80c96c,2024-08-22T01:00:01.277000 +CVE-2021-33045,0,1,48701037f531df97f66f8ef1a769054b1f375b8e5626d26d5da05fc207ed42ad,2024-08-22T01:00:01.277000 CVE-2021-33046,0,0,df51ebb84eaebbd3f16e1aa7c254d08e225ba451481213919a0081f725a54253,2022-01-25T15:13:08.237000 CVE-2021-3305,0,0,8f56bc14a5d09277ffadae5688ec3e426928e838368e10cd7dc552e63c7d4c01,2023-08-08T14:21:49.707000 CVE-2021-33054,0,0,eb5b2aeaa4e9997c1079356e8cf371d7c22dce0c5894acd423f158722625cd01,2022-03-29T16:38:46.473000 @@ -187600,7 +187600,7 @@ CVE-2022-0181,0,0,49bbaf20babae092248444f6ddc94fd7d8983bfce62fd846eee38d0176c6ca CVE-2022-0182,0,0,f0d9ba9007437f7d7a66a432fc0d00289cffd4600671c3cebf01d89438097bad,2022-01-24T20:27:33.607000 CVE-2022-0183,0,0,3b28f17534e16919c8c20dabb021bcf588ae9e948de688533d018739b0f1c29e,2022-01-26T15:46:06.490000 CVE-2022-0184,0,0,2796a1b3e55d24a7793b73561ae52ebe8b8c9bdb3af4ee6ae87dd4893719740c,2022-01-28T20:58:56.980000 -CVE-2022-0185,0,0,006b7ea832172320065964566ec05983677a23e1b85825d4aeaacb04e7505258,2023-06-26T18:55:31.587000 +CVE-2022-0185,0,1,14ed227991920efe37f4839c18e9a33d5ead36a973e1a060ddaa862c73f0e898,2024-08-22T01:00:01.277000 CVE-2022-0186,0,0,02b43b39b42feadeed2a3b848b36fe00f387679041bd4cddc14b4f50f18f257c,2022-02-28T20:50:11.233000 CVE-2022-0188,0,0,b8ccca23290559a5b11ded28b5901c560a4c58d0a38271ad31544f41df963cc4,2023-11-07T03:41:08.873000 CVE-2022-0189,0,0,266c58e45b9d9e1080790386b72619f2a8170166f33a359753e82bc61cf4178b,2022-03-08T16:22:14.813000 @@ -232293,7 +232293,7 @@ CVE-2023-42889,0,0,1649dc73df9490d9ce669184ee1d4b8722c3b17f66d00680b3c3c34df498b CVE-2023-4289,0,0,97e9dbfb002f991c9b0c7bb56513ad2ad7a34e2cc2f1908f40b15808fc4c7b13,2023-11-07T04:22:25.410000 CVE-2023-42890,0,0,5b8aebb147e55c36aa77d8987a88db8f5e314c8eb5e78fd8ff6fd1567e1228f8,2024-06-12T10:15:26.693000 CVE-2023-42891,0,0,9e832a9c79650ad0321f807def388413064ff2ab68c6ecbf9bb18e2496c75004,2023-12-13T17:46:10.560000 -CVE-2023-42892,0,1,45868be9e713d43fbe1857fd521e7819eff03e6332a2f62faa55e58f6a79244c,2024-08-21T23:35:00.660000 +CVE-2023-42892,0,0,45868be9e713d43fbe1857fd521e7819eff03e6332a2f62faa55e58f6a79244c,2024-08-21T23:35:00.660000 CVE-2023-42893,0,0,86228f691d8da355bd3b4438de2093b85f4b2664c66e7c4126c31aa66313d765,2024-06-10T18:15:23.210000 CVE-2023-42894,0,0,19edfaff52695d01eee4c17779921e72e391b6f067c5c5cef1a5eb99c74b0e19,2024-02-02T03:11:25.083000 CVE-2023-42896,0,0,3c59c8410e091ed4d59b2693bab0a1053ef27cc19824731090305958b40e4a73,2024-04-08T22:45:48.987000 @@ -240798,7 +240798,7 @@ CVE-2023-6997,0,0,6e27e5b63f0a87af454d1261575dc30b0f4ff5f301848e086587a6cca0abb3 CVE-2023-6998,0,0,148626548a3b7b4ba32190715f2b33394cb592dd0ffc44a66575dc401f00c38f,2024-01-11T20:25:14.163000 CVE-2023-6999,0,0,105a70829f6eff53ac15a557cd0bd3f06555e4d64cccad8e6bdc880dc85be3d9,2024-04-10T13:24:00.070000 CVE-2023-7002,0,0,1f48f06eff9246f8921966d36b30d4b155872d4efce169cac69a0e04e201ed5d,2023-12-29T06:21:43.197000 -CVE-2023-7003,0,0,28c047fed7f7ce7e6706569b453ebee53615053b938df13bc9e37b11d6ffbb7d,2024-03-17T22:38:29.433000 +CVE-2023-7003,0,1,c9538a3f9e2b764a8956538bce79bfef50dacd2aebfd81abf10463acd5e41e44,2024-08-22T00:35:00.557000 CVE-2023-7004,0,0,0728dc204cbeaa6c5f36641971fa126c54b062f00e3abbe5f26f8b69e0e86285,2024-03-17T22:38:29.433000 CVE-2023-7006,0,0,29e74176014e686c3a3cfb19555d8f15ee21a1b3b7966f866291afc04a0d0c38,2024-08-02T21:35:19.700000 CVE-2023-7007,0,0,201bc0fe07d63cae12d37f4e7e0187c4ee161ed55409b97632d99c3e6ac276f1,2024-03-17T22:38:29.433000 @@ -244674,7 +244674,7 @@ CVE-2024-2260,0,0,d237748ae68b04ec0e8b308a9264a7bfcc2df1f036367829588718b7aa93c9 CVE-2024-22601,0,0,01fc61698b671d9d41699ae801e07d490ff49371417b94a20b73f1e5a18d5d63,2024-01-23T14:23:11.057000 CVE-2024-22603,0,0,ea0b9ce8c8784e328d84c25177cb00086a48cdc55b6f8ceac63d2f378c2bfbcc,2024-01-23T14:23:38.480000 CVE-2024-2261,0,0,94580f89d7c004915597bf272bbd269ce7dfae12c0665db2673b0e370152b5ce,2024-04-10T13:23:38.787000 -CVE-2024-2262,0,1,c196f14aa5b00bbc44bab7dfab1f5dd562100fd5692fccb09e47a3d354e2a267,2024-08-21T23:35:02.710000 +CVE-2024-2262,0,0,c196f14aa5b00bbc44bab7dfab1f5dd562100fd5692fccb09e47a3d354e2a267,2024-08-21T23:35:02.710000 CVE-2024-22625,0,0,09ba919b555657d9041c71d104040a9638ad2a55d4ac570ca3cb5ff9ca4f3f1c,2024-01-19T14:40:27.910000 CVE-2024-22626,0,0,b2d09ee8205b56693dca117236e4222a308d96c05721ec5e28000a67ed25cfd7,2024-01-19T14:40:09.903000 CVE-2024-22627,0,0,7de1240a28417cbc53b0ae0bc15d5725aafb2c30be8715fae81f72db699db31b,2024-01-19T14:38:53.237000 @@ -249054,7 +249054,7 @@ CVE-2024-28982,0,0,4cfbf3591cf96f37013314412d2a968313b4953b63ec28142d546cf8f6808 CVE-2024-28983,0,0,57b7369f9816fa1a55923b116dcbb27a793b7aad06b7761c68b9fcd8c194e8f4,2024-06-27T12:47:19.847000 CVE-2024-28984,0,0,276bc8c54cf8ee7419930c3e9177a9acf5146d6167c989ef6d1387fafadac995,2024-06-27T12:47:19.847000 CVE-2024-28986,0,0,1bc724868f1fc8a3c45a5557a2e0154a8318c8e26360517fdaccaced6288454f,2024-08-16T15:04:28.150000 -CVE-2024-28987,1,1,2b7a4cb4f0f73a85316e48fc232cd1fca5926343512eb1d0c499d2216a95433b,2024-08-21T22:15:04.350000 +CVE-2024-28987,0,0,2b7a4cb4f0f73a85316e48fc232cd1fca5926343512eb1d0c499d2216a95433b,2024-08-21T22:15:04.350000 CVE-2024-2899,0,0,0be0fb50fdcc13228c9b49554460e4a306be4c6e83ee7f9bfb94b945f4f9e595,2024-05-17T02:38:36.220000 CVE-2024-28992,0,0,696c70c13cdfd39478c05c8c040491fa3a08d2263d68b357789c3f03fee2f204,2024-07-18T12:28:43.707000 CVE-2024-28993,0,0,929415671d938543e4980e176019e6c6553f30e59f81cf3d32505fa605110cfe,2024-07-18T12:28:43.707000 @@ -251362,7 +251362,7 @@ CVE-2024-32352,0,0,d332e53ad000ad8435c81c28241440757adaa084990611f8a2796504f9f9e CVE-2024-32353,0,0,95056727f707fc243928d89d790259f229ec041cac954a579b9099dbee969c0b,2024-07-03T01:56:22.500000 CVE-2024-32354,0,0,7a51f481a311ea6ef8a37cf0ab90a70652431f14a7a615163cc4248af79f2619,2024-07-03T01:56:23.250000 CVE-2024-32355,0,0,968872e2f9388a4f300a29bf059bb9d041ad5f1af64c12a13c06a0c4c507e69c,2024-07-03T01:56:24.003000 -CVE-2024-32358,0,0,3ebca8ae73e2c2be26b4ababfedc4ad15dcc001bbdfb6be09053bb997464bb6c,2024-08-19T17:15:07.407000 +CVE-2024-32358,0,1,366f5a4644058808cd3d12cfa17bf5b9bc1def8f8014d71541525b45ab692dbf,2024-08-22T01:15:03.350000 CVE-2024-32359,0,0,5f5adaa7c351afc161843c430c2d85ebb8e96c4f13e61a22d9be5940d569bde0,2024-07-03T01:56:24.743000 CVE-2024-3236,0,0,ec36abc2f11295d96bb4af829279736b1662391782f95917c947e11ba35b7504,2024-07-03T02:06:05.707000 CVE-2024-32368,0,0,a245b295adfa06788541a26df62f1afc9fccb21b7ad815d7b584befe0d95c5a6,2024-07-03T01:56:25.517000 @@ -254814,7 +254814,7 @@ CVE-2024-3735,0,0,3bc0e7ae2360c04d22daf0f12463798d07ea71d58fa91621d2a939f364ece4 CVE-2024-37350,0,0,db322a02568c197ff2f4cce28d07f13a6d84645dcf6fb2d6d98030bff57992f6,2024-06-21T11:22:01.687000 CVE-2024-37351,0,0,5d28c3ae9e671d4e970680119129fdfd5cef4f93d0af956f6a6aef99cac6535d,2024-06-21T11:22:01.687000 CVE-2024-37352,0,0,8cb2d15b6cc19b492a4019e2458fe1e37bdb4a8988d34a37da730385b336d322,2024-06-21T11:22:01.687000 -CVE-2024-37353,0,0,c6152a221561636c2fe4ba4f6cf4f868aaffea4898d44131fed2d002096c0cd1,2024-07-15T07:15:07.493000 +CVE-2024-37353,0,1,7ff7b7453550602b650cfdec5ef1242f502029e3779b416a04c17939bc6e63d5,2024-08-22T00:15:05.760000 CVE-2024-37354,0,0,1c9c2b9759a27bc79306f5cb9126cef72a7c04362733e7564295ad2108318e7a,2024-06-25T18:50:42.040000 CVE-2024-37356,0,0,87be71b6c397fc4ae7045a825136d0160763f40b355adc848988c0a36a53749b,2024-07-15T07:15:07.650000 CVE-2024-3736,0,0,b941adb3999a1882f23d91471ffa003b4e585e64ac32ac14e9275a75eb2f6460,2024-06-04T19:20:23.987000 @@ -257354,6 +257354,7 @@ CVE-2024-42052,0,0,af8a8292a6e99512114005b6f9d58ed4fc7c685aefbfc72a703623fe55284 CVE-2024-42053,0,0,a6062e6a4bcd11b760655238c4a48736a58caa8e1af15eed073e37dfa30638ab,2024-08-01T13:59:21.227000 CVE-2024-42054,0,0,7cefcb5df710c5d52c7b44743e7320cbb773b7864f3adff97191d41734299500,2024-07-29T14:12:08.783000 CVE-2024-42055,0,0,38832abf63aaabdc907feb9726d6725f630aba764b55549d89c565bd77d3378b,2024-07-29T14:12:08.783000 +CVE-2024-42056,1,1,225b1fd12c6d746c38c59f9e16c64e10d3dd59af4a39c13cb79938a59c76ad33,2024-08-22T01:15:03.460000 CVE-2024-4206,0,0,094d5b07d12006961f56a1900b69d613595338528ec5cf7d408eb10d270cfa9f,2024-06-11T10:15:13.553000 CVE-2024-42062,0,0,4478fdb9b22ea23c1311199bc27883e40d46ca58109e564d83bc2207123d372b,2024-08-19T14:15:22.663000 CVE-2024-42063,0,0,ab1fc80f4d5a337fc787a5927c5a2799f0f954cb8192994c0bb80d8c74f4b1de,2024-07-29T16:21:52.517000 @@ -257443,7 +257444,7 @@ CVE-2024-4214,0,0,6dc95cb08891bc473beaea6b69701e404acb0b7494c8f630888ffa867e36a2 CVE-2024-42140,0,0,0babbeff90d18990e82915128cb00994f264aea6fea3405acf7415ca1a84060f,2024-07-30T13:32:45.943000 CVE-2024-42141,0,0,db183b6c33e94886efc2c75f26bcbef46be70e3efb08ba3376b4b377f728d920,2024-07-30T13:32:45.943000 CVE-2024-42142,0,0,ac8a77e5f376a6960fcc1efb160dcd9b39865732a8e7c6e5248ae7e8814cf081,2024-07-30T13:32:45.943000 -CVE-2024-42143,0,0,93d07b4d2bf550afca42a397b757f626c8030aed4b52ad3c2e5a59b8f25aa169,2024-07-30T13:32:45.943000 +CVE-2024-42143,0,1,b791ee8584aad3fab0f6133b2c42055a932f86f21da9efd809060c7844d97c38,2024-08-22T00:15:06.020000 CVE-2024-42144,0,0,e5c21b4c9eddff64d5a0d83eb17a4af393a8e8cc5218a1d4bd948e45a6afb780,2024-07-30T13:32:45.943000 CVE-2024-42145,0,0,a448e3c1383099fefdc00f942a6c3fb1a7a8eacac6267abd9d8600f8c195e000,2024-07-30T13:32:45.943000 CVE-2024-42146,0,0,5965ab1472d6386a707c678e04edf7b1fc9b55dd002222344e4b70614b23a1bb,2024-07-30T13:32:45.943000 @@ -257885,6 +257886,7 @@ CVE-2024-4302,0,0,3989b291497fea424d341ee8d50afc238ccc795cfb4606a4430491f615d9ea CVE-2024-43022,0,0,60b15925d48bd4a0544b6a90b44d37dd7b45f132534cfb6161c485e040769eb2,2024-08-21T18:35:09.733000 CVE-2024-43027,0,0,023646627aeb42c9f27c70e233b2b26c2ec04024033b793398340bc23e8b2b89,2024-08-21T17:25:08.560000 CVE-2024-4303,0,0,83a712aebf2d4281174fc319c5a3b5ed1f6b2a8b7c1590974611c884faeb0657,2024-04-29T12:42:03.667000 +CVE-2024-43033,1,1,e8533627052d4649c417305975c4df483fc45f5b3e90153706e26934604007fc,2024-08-22T01:15:03.540000 CVE-2024-4304,0,0,cc036c021f3a6e70e19e6533fc0c5b7e8e9615d68f40d67450c876ce97ebcd8f,2024-04-29T12:42:03.667000 CVE-2024-43042,0,0,b853bda14fa02964a16c19d1896f72364ccfb9e1c7f5c0faac2a5ae6d185d191,2024-08-19T13:00:23.117000 CVE-2024-43044,0,0,0f847f7b25552f59db6fe108bc5868ae7095ef3bf92eb01d14caa8a1c32e542a,2024-08-16T17:19:30.643000