Auto-Update: 2024-08-20T10:00:17.044988+00:00

2025-05-08 11:37:26 +00:00 · 2024-08-20 10:03:14 +00:00 · 2024-08-20 10:03:14 +00:00 · b8b934409d
commit b8b934409d
parent 39d8fd012a
4 changed files with 100 additions and 10 deletions
--- a/CVE-2024/CVE-2024-388xx/CVE-2024-38808.json
+++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38808.json
@ -0,0 +1,44 @@
+{
+  "id": "CVE-2024-38808",
+  "sourceIdentifier": "security@vmware.com",
+  "published": "2024-08-20T08:15:05.023",
+  "lastModified": "2024-08-20T08:15:05.023",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "In Spring Framework versions 5.3.0 - 5.3.38 and older unsupported versions, it is possible for a user to provide a specially crafted Spring Expression Language (SpEL) expression that may cause a denial of service (DoS) condition.\n\nSpecifically, an application is vulnerable when the following is true:\n\n  *  The application evaluates user-supplied SpEL expressions."
+    }
+  ],
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "security@vmware.com",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
+          "attackVector": "NETWORK",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "LOW",
+          "baseScore": 4.3,
+          "baseSeverity": "MEDIUM"
+        },
+        "exploitabilityScore": 2.8,
+        "impactScore": 1.4
+      }
+    ]
+  },
+  "references": [
+    {
+      "url": "https://spring.io/security/cve-2024-38808",
+      "source": "security@vmware.com"
+    }
+  ]
+}
--- a/CVE-2024/CVE-2024-432xx/CVE-2024-43202.json
+++ b/CVE-2024/CVE-2024-432xx/CVE-2024-43202.json
@ -0,0 +1,45 @@
+{
+  "id": "CVE-2024-43202",
+  "sourceIdentifier": "security@apache.org",
+  "published": "2024-08-20T08:15:05.240",
+  "lastModified": "2024-08-20T08:15:05.240",
+  "vulnStatus": "Received",
+  "cveTags": [],
+  "descriptions": [
+    {
+      "lang": "en",
+      "value": "Exposure of Remote Code Execution in Apache Dolphinscheduler.\n\nThis issue affects Apache DolphinScheduler: before 3.2.2. \n\nWe recommend users to upgrade Apache DolphinScheduler to version 3.2.2, which fixes the issue."
+    }
+  ],
+  "metrics": {},
+  "weaknesses": [
+    {
+      "source": "security@apache.org",
+      "type": "Primary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-94"
+        }
+      ]
+    }
+  ],
+  "references": [
+    {
+      "url": "https://github.com/apache/dolphinscheduler/pull/15758",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "https://lists.apache.org/thread/nlmdp7q7l7o3l27778vxc5px24ncr5r5",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "https://lists.apache.org/thread/qbhk9wqyxhrn4z7m4m343wqxpwg926nh",
+      "source": "security@apache.org"
+    },
+    {
+      "url": "https://www.cve.org/CVERecord?id=CVE-2023-49109",
+      "source": "security@apache.org"
+    }
+  ]
+}
--- a/README.md
+++ b/README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update

 ```plain
-2024-08-20T08:00:18.164336+00:00
+2024-08-20T10:00:17.044988+00:00
 ```

 ### Most recent CVE Modification Timestamp synchronized with NVD

 ```plain
-2024-08-20T06:15:05.470000+00:00
+2024-08-20T08:15:05.240000+00:00
 ```

 ### Last Data Feed Release
@ -33,16 +33,15 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 ### Total Number of included CVEs

 ```plain
-260563
+260565
 ```

 ### CVEs added in the last Commit

-Recently added CVEs: `3`
+Recently added CVEs: `2`

- [CVE-2024-43688](CVE-2024/CVE-2024-436xx/CVE-2024-43688.json) (`2024-08-20T06:15:04.983`)
- [CVE-2024-5576](CVE-2024/CVE-2024-55xx/CVE-2024-5576.json) (`2024-08-20T06:15:05.153`)
- [CVE-2024-6847](CVE-2024/CVE-2024-68xx/CVE-2024-6847.json) (`2024-08-20T06:15:05.470`)
+- [CVE-2024-38808](CVE-2024/CVE-2024-388xx/CVE-2024-38808.json) (`2024-08-20T08:15:05.023`)
+- [CVE-2024-43202](CVE-2024/CVE-2024-432xx/CVE-2024-43202.json) (`2024-08-20T08:15:05.240`)


 ### CVEs modified in the last Commit
--- a/_state.csv
+++ b/_state.csv
@ -255680,6 +255680,7 @@ CVE-2024-3879,0,0,a6db760401fb215a79d8f48992cc838e1a5c23839a86defd39dd342ef1c5f8
 CVE-2024-38791,0,0,5a7109970d4cb90cfbe2865705276e5511d9a261f6cba475b72302a204ad6517,2024-08-02T12:59:43.990000
 CVE-2024-3880,0,0,6dd5da57a8412b823038a64a32d07af4547e4dfdd637b54b90b4556bfd34431d,2024-06-04T19:20:26
 CVE-2024-38806,0,0,aa1ff0885d521aab036aaf6506258a484aa869322b524482869e0e1df3ac4a48,2024-07-19T13:01:44.567000
+CVE-2024-38808,1,1,bb0e6b8344eeed7e26d70817f6d4edf7cb31c986018adba6a163f9247ea03ce1,2024-08-20T08:15:05.023000
 CVE-2024-3881,0,0,3699310594a82ce285b52bf9c21755fa8173160a66408c76064512e538b3fcc8,2024-05-17T02:40:10.360000
 CVE-2024-38810,0,0,a603a78d398d7cf9548f67c3689d42cf7b8c56de9aeed74307fe9000f806a658,2024-08-20T04:15:07.993000
 CVE-2024-3882,0,0,8cf286ca42c3a62eccb821d9ac0678dabad594eee248c127390ddaf169987d46,2024-05-17T02:40:10.457000
@ -257758,6 +257759,7 @@ CVE-2024-4318,0,0,7b0a62dc8691f5e6f2210e7e19a78c6d4d5c9f053f662e7593a96cdc8c097a
 CVE-2024-4319,0,0,7ca0245a01df3d5ced472265b32f90c6f6a22a37af3715d5589379ecac1f6a24,2024-06-11T13:54:12.057000
 CVE-2024-43199,0,0,94150f8459e19abf18625a946d8a507867275817cd3d9928084030fcb7fa8330,2024-08-12T12:59:48.253000
 CVE-2024-4320,0,0,f21f873c3bfeb896c071276000f6bbe2ae4420d2f2c3184178334c98a666705b,2024-06-07T14:56:05.647000
+CVE-2024-43202,1,1,4cf9bfa865550a52f74779e98db41652bb1dd380f1d824e207021d345fe4b972,2024-08-20T08:15:05.240000
 CVE-2024-43207,0,0,e22c5710770b6cfc075b06ecdaad97a6d82c458382d84efdd62d5cddbde66f6b,2024-08-19T12:59:59.177000
 CVE-2024-4321,0,0,9cab2a859d144dd765da27aaa03d49bb12083c0b11abfa900a9b065f4ea718e1,2024-05-16T13:03:05.353000
 CVE-2024-43210,0,0,38b1ddd569737ddf84a414c75c09c54bffe5570d779b3b2b7d84160c7c88ff6c,2024-08-13T12:58:25.437000
@ -257909,7 +257911,7 @@ CVE-2024-4365,0,0,63c2db9b70aba81bf4acd057c8457c31612ae1811b001c9773701935bfb8f5
 CVE-2024-4366,0,0,bbfa79c99a69a6ab3a1454de708e5610ad18f6066e78d9171ac36b6f6e6eece9,2024-05-24T13:03:05.093000
 CVE-2024-4367,0,0,53b2562feb1cef4dfbc75c878e502bbc54b7cf80f87613aa8d663f88e3c74ce6,2024-06-10T17:16:33.380000
 CVE-2024-4368,0,0,ebedd608e412600f3409256680729c82fcf5015495435afd7648389243e696e1,2024-07-03T02:07:28.557000
-CVE-2024-43688,1,1,1068839caa9387b68572a7543fc7e73126882927c09ed06aa1c722c6dc16d1ba,2024-08-20T06:15:04.983000
+CVE-2024-43688,0,0,1068839caa9387b68572a7543fc7e73126882927c09ed06aa1c722c6dc16d1ba,2024-08-20T06:15:04.983000
 CVE-2024-4369,0,0,9bcc319f475d5802b53d6dedcfa6ead4761cbf7c42adde8daf6f3ff8c0c17af2,2024-06-19T18:15:11.820000
 CVE-2024-4370,0,0,3c1f5b342c087fc6587c8bc9012541b58d80e50fdee9d14eea44daecdec82901,2024-05-15T16:40:19.330000
 CVE-2024-4371,0,0,a0b0e0fb8c98057b2328743d7da5c32e9a585001a67e08f1632ceab0df487dfa,2024-07-15T16:42:39.107000
@ -259018,7 +259020,7 @@ CVE-2024-5571,0,0,c5656d92123399f657b6e24b44e300308aef779837a4ed7761c4afb3c16bfa
 CVE-2024-5573,0,0,7ceea6b12b7d23aaf8833561ef8c88372a72278f234f087262af664b087eec6c,2024-08-01T13:59:54.013000
 CVE-2024-5574,0,0,e718295307eca06b04fb56f70dfb8daf0ce4b10163936e86fc3b21a6f71a4423,2024-06-20T12:44:01.637000
 CVE-2024-5575,0,0,1d8c4bc7bfefa9359f03236311a531b02997d0972adc424dea9dbc344e7a3ded,2024-08-01T13:59:54.197000
-CVE-2024-5576,1,1,46f3183fca153a160a5d42081ef252300c631eda81894a40d1555a638eff32db,2024-08-20T06:15:05.153000
+CVE-2024-5576,0,0,46f3183fca153a160a5d42081ef252300c631eda81894a40d1555a638eff32db,2024-08-20T06:15:05.153000
 CVE-2024-5577,0,0,5dd16baf94f18e7abae39f40d89c75af3dba9492f2b1af50e3d8516c5413b1e4,2024-06-17T12:42:04.623000
 CVE-2024-5582,0,0,3868d6c914880d2428453bd960a7aeb89cb5bb99f0fc09b9de444e14a34c6012,2024-07-19T16:05:10.290000
 CVE-2024-5584,0,0,7705ff7ae1b4fd1342d12756cedf379ac85bb5a3b8398b6b986f5e220e43afde,2024-06-11T13:54:12.057000
@ -259932,7 +259934,7 @@ CVE-2024-6833,0,0,b0ea48d29166f6347ac218b4f9f93d3f7fc599fd932b64c35cfa55e5a1a946
 CVE-2024-6834,0,0,23e85f57c9b7230818a4425261a24fd150d79ea72676d6bce04d47efdd69630e,2024-08-01T14:00:44.750000
 CVE-2024-6836,0,0,94c1bcaa18f7036265464de8eba36ccdaae9b63d5d20f60a8cc42904bb485160,2024-07-29T20:20:30.867000
 CVE-2024-6843,0,0,8fef894e2384f8645515841961e4072de1d777c867ccea5d4b735ba4242f90ae,2024-08-19T12:59:59.177000
-CVE-2024-6847,1,1,b54fb8ff4028648c7515bc64dad8a9d53d1cbe5a7e9c05c31e496d5be21972d8,2024-08-20T06:15:05.470000
+CVE-2024-6847,0,0,b54fb8ff4028648c7515bc64dad8a9d53d1cbe5a7e9c05c31e496d5be21972d8,2024-08-20T06:15:05.470000
 CVE-2024-6848,0,0,e171c12c58967922126feefb09977b436bb9e206684562a37899ca6ed3e35d20,2024-07-22T13:00:31.330000
 CVE-2024-6864,0,0,2d76ac334d3eee5b0b1eba0af2d483d4a5a9efba7ce3314f5d6643c1d3224a40,2024-08-20T05:15:12.137000
 CVE-2024-6865,0,0,cb8e3c3258edaecfb2408f04adfa69a3419179f287cf4fd0248689bfb8e952c7,2024-08-05T14:15:34.847000