mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-06-24T02:00:17.835136+00:00
This commit is contained in:
cad-safe-bot
parent
0dc0e08886
commit
bff68e47e0
55
CVE-2024/CVE-2024-31xx/CVE-2024-3121.json
Normal file
55
CVE-2024/CVE-2024-31xx/CVE-2024-3121.json
Normal file
@ -0,0 +1,55 @@
|
||||
{
|
||||
"id": "CVE-2024-3121",
|
||||
"sourceIdentifier": "security@huntr.dev",
|
||||
"published": "2024-06-24T00:15:09.680",
|
||||
"lastModified": "2024-06-24T00:15:09.680",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A remote code execution vulnerability exists in the create_conda_env function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the env_name and python_version parameters. This issue could lead to a serious security breach as demonstrated by the ability to execute the 'whoami' command among potentially other harmful commands."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV30": [
|
||||
{
|
||||
"source": "security@huntr.dev",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.0",
|
||||
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "PHYSICAL",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 6.8,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 0.9,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "security@huntr.dev",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-94"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://huntr.com/bounties/db57c343-9b80-4c1c-9ab0-9eef92c9b27b",
|
||||
"source": "security@huntr.dev"
|
||||
}
|
||||
]
|
||||
}
|
||||
24
CVE-2024/CVE-2024-393xx/CVE-2024-39337.json
Normal file
24
CVE-2024/CVE-2024-393xx/CVE-2024-39337.json
Normal file
@ -0,0 +1,24 @@
|
||||
{
|
||||
"id": "CVE-2024-39337",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2024-06-24T00:15:09.577",
|
||||
"lastModified": "2024-06-24T00:15:09.577",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Click Studios Passwordstate Core before 9.8 build 9858 allows Authentication Bypass."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx",
|
||||
"source": "cve@mitre.org"
|
||||
},
|
||||
{
|
||||
"url": "https://www.clickstudios.com.au/security/advisories/",
|
||||
"source": "cve@mitre.org"
|
||||
}
|
||||
]
|
||||
}
|
||||
15
README.md
15
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-06-23T23:55:18.015229+00:00
|
||||
2024-06-24T02:00:17.835136+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-06-23T23:15:09.387000+00:00
|
||||
2024-06-24T00:15:09.680000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -27,22 +27,21 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/releases/latest)
|
||||
|
||||
```plain
|
||||
2024-06-23T00:00:08.669343+00:00
|
||||
2024-06-24T00:00:08.628017+00:00
|
||||
```
|
||||
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
254961
|
||||
254963
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `3`
|
||||
Recently added CVEs: `2`
|
||||
|
||||
- [CVE-2024-39331](CVE-2024/CVE-2024-393xx/CVE-2024-39331.json) (`2024-06-23T22:15:09.370`)
|
||||
- [CVE-2024-39334](CVE-2024/CVE-2024-393xx/CVE-2024-39334.json) (`2024-06-23T23:15:09.387`)
|
||||
- [CVE-2024-6273](CVE-2024/CVE-2024-62xx/CVE-2024-6273.json) (`2024-06-23T22:15:09.490`)
|
||||
- [CVE-2024-3121](CVE-2024/CVE-2024-31xx/CVE-2024-3121.json) (`2024-06-24T00:15:09.680`)
|
||||
- [CVE-2024-39337](CVE-2024/CVE-2024-393xx/CVE-2024-39337.json) (`2024-06-24T00:15:09.577`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
@ -249462,6 +249462,7 @@ CVE-2024-31206,0,0,bd1cbc8a5901cc2b410cb59c86ef8c814546918b6efc52403de5ae308d36d
|
||||
CVE-2024-31207,0,0,af1a3137415a749d0a1549c9f6fa25303b24e194f3861bc2095545bb707985a2,2024-04-04T16:33:06.610000
|
||||
CVE-2024-31208,0,0,3b50aadb71f25a9cf7ee15f4c1f11e4e7c181ffc1eae0b9bc067f01e2c928e28,2024-05-03T03:16:28.857000
|
||||
CVE-2024-31209,0,0,dc7f150a1f8931f337c3d30121f71937562fb9b370a799204e5d75b796fcdc02,2024-04-04T16:33:06.610000
|
||||
CVE-2024-3121,1,1,55334ecd2c29cda963388103b75e6243cd2af3528469cd1facc04d3d39e0f871,2024-06-24T00:15:09.680000
|
||||
CVE-2024-31210,0,0,0c3a74f1634842d277fcf52471d61be8d27ebe967ace4d479af8f65fffdace19,2024-04-05T12:40:52.763000
|
||||
CVE-2024-31211,0,0,37f6ef15b9def8ff0d686fae9ad61ad1a082be15bc6a18f70a40cbfe15e962e2,2024-04-05T12:40:52.763000
|
||||
CVE-2024-31212,0,0,bc73795c68873aacd12eddecc823b76392ffac886146f1dd814e2d43e468bb84,2024-04-05T12:40:52.763000
|
||||
@ -253489,8 +253490,9 @@ CVE-2024-3929,0,0,31d0a734bfd88727a2a61deb7a29595ac9c8ac4a930ee35c31639990489d02
|
||||
CVE-2024-3931,0,0,ff26b5a8728d6a7f3e1f8095f9d431d98f0c624577950ceaf4dc1cf9ad688034,2024-06-06T20:15:13.933000
|
||||
CVE-2024-3932,0,0,371291a71f9c99e371f96e7d7b61e3e11967567047c07fae80310c4772d1c0c7,2024-06-06T20:15:14.030000
|
||||
CVE-2024-3933,0,0,1d08d4e317596700be65ef5300f76b449794bb2d8b1542a98c34b9cd74fea015,2024-05-28T12:39:28.377000
|
||||
CVE-2024-39331,1,1,0004c9080d524d1b169c2f47687275982d21fd1cdd7181b1048338d08a3deaa0,2024-06-23T22:15:09.370000
|
||||
CVE-2024-39334,1,1,91d0b0de89be300a86a73b924fe0e63e4dd8272867397f0b420a2f8d6e51abda,2024-06-23T23:15:09.387000
|
||||
CVE-2024-39331,0,0,0004c9080d524d1b169c2f47687275982d21fd1cdd7181b1048338d08a3deaa0,2024-06-23T22:15:09.370000
|
||||
CVE-2024-39334,0,0,91d0b0de89be300a86a73b924fe0e63e4dd8272867397f0b420a2f8d6e51abda,2024-06-23T23:15:09.387000
|
||||
CVE-2024-39337,1,1,0f7a6ca5ea40d60b939f5d1147a0b6871b2f3fa97346a61ede14b029a2e9b5dc,2024-06-24T00:15:09.577000
|
||||
CVE-2024-3936,0,0,1a9ebdb5653b792bdb8abb0138184d539d6d0e0c9af8da519de630a92cc0aee0,2024-05-02T18:00:37.360000
|
||||
CVE-2024-3937,0,0,47b49a69bcae07617978c4de23b5bd0d4eef565a4a3d61421481625d7a4abea5,2024-05-29T13:02:09.280000
|
||||
CVE-2024-3939,0,0,8db4cbfcc78e197894431199cdad6af4ac1ac13ee2f1028e231ba1f907931766,2024-05-28T12:39:28.377000
|
||||
@ -254959,4 +254961,4 @@ CVE-2024-6266,0,0,70666cb36be680ae24e3b529873b2f76b9772ce56140af79219b2227eed230
|
||||
CVE-2024-6267,0,0,9ee9d3ae56be6680575548576947e037de2c4b890a9205e4f9e207294729b9e2,2024-06-23T09:15:11.320000
|
||||
CVE-2024-6268,0,0,d5f22f854a068a47453548a1178f4ed15437dffc736d923ed553c44b59a8eea7,2024-06-23T10:15:09.753000
|
||||
CVE-2024-6269,0,0,1e8f9e9c3bfd0a35fc5f3a43852838aac6176b60453f405532505e06c6623810,2024-06-23T12:15:09.710000
|
||||
CVE-2024-6273,1,1,2a20125ff6fb39b88ec3a7ac35b04aea41f736595011e009df3ffdaa1143e961,2024-06-23T22:15:09.490000
|
||||
CVE-2024-6273,0,0,2a20125ff6fb39b88ec3a7ac35b04aea41f736595011e009df3ffdaa1143e961,2024-06-23T22:15:09.490000
|
||||
|
||||
|
Can't render this file because it is too large.
|
Loading…
x
Reference in New Issue
Block a user