From b8b934409d661588fd1b6bc598a1b3c53f8ee571 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 20 Aug 2024 10:03:14 +0000 Subject: [PATCH] Auto-Update: 2024-08-20T10:00:17.044988+00:00 --- CVE-2024/CVE-2024-388xx/CVE-2024-38808.json | 44 ++++++++++++++++++++ CVE-2024/CVE-2024-432xx/CVE-2024-43202.json | 45 +++++++++++++++++++++ README.md | 13 +++--- _state.csv | 8 ++-- 4 files changed, 100 insertions(+), 10 deletions(-) create mode 100644 CVE-2024/CVE-2024-388xx/CVE-2024-38808.json create mode 100644 CVE-2024/CVE-2024-432xx/CVE-2024-43202.json diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38808.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38808.json new file mode 100644 index 00000000000..3f88fddc5ef --- /dev/null +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38808.json @@ -0,0 +1,44 @@ +{ + "id": "CVE-2024-38808", + "sourceIdentifier": "security@vmware.com", + "published": "2024-08-20T08:15:05.023", + "lastModified": "2024-08-20T08:15:05.023", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.\n\nSpecifically, an application is vulnerable when the following is true:\n\n * The application evaluates user-supplied SpEL expressions." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@vmware.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://spring.io/security/cve-2024-38808", + "source": "security@vmware.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-432xx/CVE-2024-43202.json b/CVE-2024/CVE-2024-432xx/CVE-2024-43202.json new file mode 100644 index 00000000000..6629f8868ba --- /dev/null +++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43202.json @@ -0,0 +1,45 @@ +{ + "id": "CVE-2024-43202", + "sourceIdentifier": "security@apache.org", + "published": "2024-08-20T08:15:05.240", + "lastModified": "2024-08-20T08:15:05.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Remote Code Execution in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/apache/dolphinscheduler/pull/15758", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh", + "source": "security@apache.org" + }, + { + "url": "https://www.cve.org/CVERecord?id=CVE-2023-49109", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 537ad936c34..8631e19f250 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-08-20T08:00:18.164336+00:00 +2024-08-20T10:00:17.044988+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-08-20T06:15:05.470000+00:00 +2024-08-20T08:15:05.240000+00:00 ``` ### Last Data Feed Release @@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -260563 +260565 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `2` -- [CVE-2024-43688](CVE-2024/CVE-2024-436xx/CVE-2024-43688.json) (`2024-08-20T06:15:04.983`) -- [CVE-2024-5576](CVE-2024/CVE-2024-55xx/CVE-2024-5576.json) (`2024-08-20T06:15:05.153`) -- [CVE-2024-6847](CVE-2024/CVE-2024-68xx/CVE-2024-6847.json) (`2024-08-20T06:15:05.470`) +- [CVE-2024-38808](CVE-2024/CVE-2024-388xx/CVE-2024-38808.json) (`2024-08-20T08:15:05.023`) +- [CVE-2024-43202](CVE-2024/CVE-2024-432xx/CVE-2024-43202.json) (`2024-08-20T08:15:05.240`) ### CVEs modified in the last Commit diff --git a/_state.csv b/_state.csv index 3f5666d68a8..be858f563bf 100644 --- a/_state.csv +++ b/_state.csv @@ -255680,6 +255680,7 @@ CVE-2024-3879,0,0,a6db760401fb215a79d8f48992cc838e1a5c23839a86defd39dd342ef1c5f8 CVE-2024-38791,0,0,5a7109970d4cb90cfbe2865705276e5511d9a261f6cba475b72302a204ad6517,2024-08-02T12:59:43.990000 CVE-2024-3880,0,0,6dd5da57a8412b823038a64a32d07af4547e4dfdd637b54b90b4556bfd34431d,2024-06-04T19:20:26 CVE-2024-38806,0,0,aa1ff0885d521aab036aaf6506258a484aa869322b524482869e0e1df3ac4a48,2024-07-19T13:01:44.567000 +CVE-2024-38808,1,1,bb0e6b8344eeed7e26d70817f6d4edf7cb31c986018adba6a163f9247ea03ce1,2024-08-20T08:15:05.023000 CVE-2024-3881,0,0,3699310594a82ce285b52bf9c21755fa8173160a66408c76064512e538b3fcc8,2024-05-17T02:40:10.360000 CVE-2024-38810,0,0,a603a78d398d7cf9548f67c3689d42cf7b8c56de9aeed74307fe9000f806a658,2024-08-20T04:15:07.993000 CVE-2024-3882,0,0,8cf286ca42c3a62eccb821d9ac0678dabad594eee248c127390ddaf169987d46,2024-05-17T02:40:10.457000 @@ -257758,6 +257759,7 @@ CVE-2024-4318,0,0,7b0a62dc8691f5e6f2210e7e19a78c6d4d5c9f053f662e7593a96cdc8c097a CVE-2024-4319,0,0,7ca0245a01df3d5ced472265b32f90c6f6a22a37af3715d5589379ecac1f6a24,2024-06-11T13:54:12.057000 CVE-2024-43199,0,0,94150f8459e19abf18625a946d8a507867275817cd3d9928084030fcb7fa8330,2024-08-12T12:59:48.253000 CVE-2024-4320,0,0,f21f873c3bfeb896c071276000f6bbe2ae4420d2f2c3184178334c98a666705b,2024-06-07T14:56:05.647000 +CVE-2024-43202,1,1,4cf9bfa865550a52f74779e98db41652bb1dd380f1d824e207021d345fe4b972,2024-08-20T08:15:05.240000 CVE-2024-43207,0,0,e22c5710770b6cfc075b06ecdaad97a6d82c458382d84efdd62d5cddbde66f6b,2024-08-19T12:59:59.177000 CVE-2024-4321,0,0,9cab2a859d144dd765da27aaa03d49bb12083c0b11abfa900a9b065f4ea718e1,2024-05-16T13:03:05.353000 CVE-2024-43210,0,0,38b1ddd569737ddf84a414c75c09c54bffe5570d779b3b2b7d84160c7c88ff6c,2024-08-13T12:58:25.437000 @@ -257909,7 +257911,7 @@ CVE-2024-4365,0,0,63c2db9b70aba81bf4acd057c8457c31612ae1811b001c9773701935bfb8f5 CVE-2024-4366,0,0,bbfa79c99a69a6ab3a1454de708e5610ad18f6066e78d9171ac36b6f6e6eece9,2024-05-24T13:03:05.093000 CVE-2024-4367,0,0,53b2562feb1cef4dfbc75c878e502bbc54b7cf80f87613aa8d663f88e3c74ce6,2024-06-10T17:16:33.380000 CVE-2024-4368,0,0,ebedd608e412600f3409256680729c82fcf5015495435afd7648389243e696e1,2024-07-03T02:07:28.557000 -CVE-2024-43688,1,1,1068839caa9387b68572a7543fc7e73126882927c09ed06aa1c722c6dc16d1ba,2024-08-20T06:15:04.983000 +CVE-2024-43688,0,0,1068839caa9387b68572a7543fc7e73126882927c09ed06aa1c722c6dc16d1ba,2024-08-20T06:15:04.983000 CVE-2024-4369,0,0,9bcc319f475d5802b53d6dedcfa6ead4761cbf7c42adde8daf6f3ff8c0c17af2,2024-06-19T18:15:11.820000 CVE-2024-4370,0,0,3c1f5b342c087fc6587c8bc9012541b58d80e50fdee9d14eea44daecdec82901,2024-05-15T16:40:19.330000 CVE-2024-4371,0,0,a0b0e0fb8c98057b2328743d7da5c32e9a585001a67e08f1632ceab0df487dfa,2024-07-15T16:42:39.107000 @@ -259018,7 +259020,7 @@ CVE-2024-5571,0,0,c5656d92123399f657b6e24b44e300308aef779837a4ed7761c4afb3c16bfa CVE-2024-5573,0,0,7ceea6b12b7d23aaf8833561ef8c88372a72278f234f087262af664b087eec6c,2024-08-01T13:59:54.013000 CVE-2024-5574,0,0,e718295307eca06b04fb56f70dfb8daf0ce4b10163936e86fc3b21a6f71a4423,2024-06-20T12:44:01.637000 CVE-2024-5575,0,0,1d8c4bc7bfefa9359f03236311a531b02997d0972adc424dea9dbc344e7a3ded,2024-08-01T13:59:54.197000 -CVE-2024-5576,1,1,46f3183fca153a160a5d42081ef252300c631eda81894a40d1555a638eff32db,2024-08-20T06:15:05.153000 +CVE-2024-5576,0,0,46f3183fca153a160a5d42081ef252300c631eda81894a40d1555a638eff32db,2024-08-20T06:15:05.153000 CVE-2024-5577,0,0,5dd16baf94f18e7abae39f40d89c75af3dba9492f2b1af50e3d8516c5413b1e4,2024-06-17T12:42:04.623000 CVE-2024-5582,0,0,3868d6c914880d2428453bd960a7aeb89cb5bb99f0fc09b9de444e14a34c6012,2024-07-19T16:05:10.290000 CVE-2024-5584,0,0,7705ff7ae1b4fd1342d12756cedf379ac85bb5a3b8398b6b986f5e220e43afde,2024-06-11T13:54:12.057000 @@ -259932,7 +259934,7 @@ CVE-2024-6833,0,0,b0ea48d29166f6347ac218b4f9f93d3f7fc599fd932b64c35cfa55e5a1a946 CVE-2024-6834,0,0,23e85f57c9b7230818a4425261a24fd150d79ea72676d6bce04d47efdd69630e,2024-08-01T14:00:44.750000 CVE-2024-6836,0,0,94c1bcaa18f7036265464de8eba36ccdaae9b63d5d20f60a8cc42904bb485160,2024-07-29T20:20:30.867000 CVE-2024-6843,0,0,8fef894e2384f8645515841961e4072de1d777c867ccea5d4b735ba4242f90ae,2024-08-19T12:59:59.177000 -CVE-2024-6847,1,1,b54fb8ff4028648c7515bc64dad8a9d53d1cbe5a7e9c05c31e496d5be21972d8,2024-08-20T06:15:05.470000 +CVE-2024-6847,0,0,b54fb8ff4028648c7515bc64dad8a9d53d1cbe5a7e9c05c31e496d5be21972d8,2024-08-20T06:15:05.470000 CVE-2024-6848,0,0,e171c12c58967922126feefb09977b436bb9e206684562a37899ca6ed3e35d20,2024-07-22T13:00:31.330000 CVE-2024-6864,0,0,2d76ac334d3eee5b0b1eba0af2d483d4a5a9efba7ce3314f5d6643c1d3224a40,2024-08-20T05:15:12.137000 CVE-2024-6865,0,0,cb8e3c3258edaecfb2408f04adfa69a3419179f287cf4fd0248689bfb8e952c7,2024-08-05T14:15:34.847000