diff --git a/CVE-2024/CVE-2024-56xx/CVE-2024-5616.json b/CVE-2024/CVE-2024-56xx/CVE-2024-5616.json new file mode 100644 index 00000000000..f2dee2c596d --- /dev/null +++ b/CVE-2024/CVE-2024-56xx/CVE-2024-5616.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-5616", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-07-06T09:15:02.050", + "lastModified": "2024-07-06T09:15:02.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview', without the victim's consent. The vulnerability is due to insufficient CSRF protection mechanisms on the model deletion functionality." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/mudler/localai/commit/4e1463fec291612a59a16db60b3fd12d4c49d64b", + "source": "security@huntr.dev" + }, + { + "url": "https://huntr.com/bounties/fd753fb6-ba04-4dd8-abef-918fb97120af", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 09eb436c2f6..c105b26f946 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-06T06:00:28.222474+00:00 +2024-07-06T10:01:02.688999+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-06T05:15:09.990000+00:00 +2024-07-06T09:15:02.050000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,20 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -255953 +255954 ``` ### CVEs added in the last Commit Recently added CVEs: `1` -- [CVE-2024-40594](CVE-2024/CVE-2024-405xx/CVE-2024-40594.json) (`2024-07-06T05:15:09.670`) +- [CVE-2024-5616](CVE-2024/CVE-2024-56xx/CVE-2024-5616.json) (`2024-07-06T09:15:02.050`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `0` -- [CVE-2024-6387](CVE-2024/CVE-2024-63xx/CVE-2024-6387.json) (`2024-07-06T05:15:09.990`) ## Download and Usage diff --git a/_state.csv b/_state.csv index f44d2885e5b..68a603f77cf 100644 --- a/_state.csv +++ b/_state.csv @@ -254291,7 +254291,7 @@ CVE-2024-4056,0,0,8d2872a63b61af99b314442fa34c585e616ec707e8d3b58da8a6d93a2f4a48 CVE-2024-4057,0,0,26b46aa52b04f4ef8890033772544e5e99ad730f84e9e0e97b479cd36cf89ace,2024-07-03T02:07:02.197000 CVE-2024-4058,0,0,c4c95455d6e76cbbdb3e2ad2bd6d39a0a74b9da8ef4ac622e44ffc5e8b4fb2cc,2024-06-07T15:40:49.707000 CVE-2024-4059,0,0,f7356d83fe5fccf2c54f421bb90f2c15bd9bf33edb756392f4236a5836d7af45,2024-05-03T03:16:29.430000 -CVE-2024-40594,1,1,597f8dc65950340ecc007d3a49a39dace07c61b6a108a7836ee9c56ff74539a8,2024-07-06T05:15:09.670000 +CVE-2024-40594,0,0,597f8dc65950340ecc007d3a49a39dace07c61b6a108a7836ee9c56ff74539a8,2024-07-06T05:15:09.670000 CVE-2024-4060,0,0,c4df35b4ba03f25ce9e66ccd2a0f6342dcbc5f1e886657ca582640ee8747c7ed,2024-07-03T02:07:02.533000 CVE-2024-4061,0,0,731822e6f24cd811e7f06812f39ade81c9a66c6b1046f4d45903066a1f181f99,2024-05-21T12:37:59.687000 CVE-2024-4062,0,0,7fcbe6e50148b9b5e05d3025a893191a4aca3bb309243ec182c3df8f6e2a0587,2024-06-04T19:20:29.007000 @@ -255521,6 +255521,7 @@ CVE-2024-5611,0,0,7f38716b1ccbe035f7f86ea6c7617ab6f4cac8651e00e7906bbdbf77091ab5 CVE-2024-5612,0,0,24bfbb6efa391db3014703335fcf10e8f670f2b2b154031d8b7a312f92d36720,2024-06-07T14:56:05.647000 CVE-2024-5613,0,0,7e758f60ff4a249ae3d985d91b4f3417dc42ff70d8507f5e072b9cf0ad6144fd,2024-06-10T02:52:08.267000 CVE-2024-5615,0,0,d715351de069ee256cfd127ce22346136f76094dbd1f6f173b336f3c2cdc9c0f,2024-06-11T17:55:16.103000 +CVE-2024-5616,1,1,dc636e3941ecbef30c76d8756c4e51d3b0104af0c561655eb861ad296b553f3c,2024-07-06T09:15:02.050000 CVE-2024-5629,0,0,20478b62dd0cd666624f11f2e5a11c22a9915feb481805651583fe7db0518c7b,2024-06-18T18:31:05.663000 CVE-2024-5635,0,0,2463dd00def60296c968660a2ba7a3c25845ea097c4cd305a7e3f2bd55658946,2024-06-11T16:47:04.413000 CVE-2024-5636,0,0,82666e4630526d7fc8211dab0f89e7e17d4e982c91e038f44b209ae67bb471f3,2024-06-11T17:23:29.670000 @@ -255913,7 +255914,7 @@ CVE-2024-6376,0,0,2eceea6553f0e47a0e34ab01650b7781a20682f6799be39f9cd1e64f3f1985 CVE-2024-6381,0,0,2822fb12d769fe1cca32125b45cae52ba3e5807419213b6087c6db8de8d2b326,2024-07-03T12:53:24.977000 CVE-2024-6382,0,0,9f140af24f460b4413fa844f95383cc153754360a136939b8743c2d8327ebf99,2024-07-03T12:53:24.977000 CVE-2024-6383,0,0,4622f4fc90fbde51d6570a14e2ee494e3e71659c68201475e4e4eb659c036ac0,2024-07-05T12:55:51.367000 -CVE-2024-6387,0,1,3447d13f8df32b8374fa56f0c906f9985f1608358fe2a683513ec1381568f5f5,2024-07-06T05:15:09.990000 +CVE-2024-6387,0,0,3447d13f8df32b8374fa56f0c906f9985f1608358fe2a683513ec1381568f5f5,2024-07-06T05:15:09.990000 CVE-2024-6388,0,0,e641c9d869769d4291da87145b48d15b4f200c046d6b100142bc686375a84738,2024-06-27T17:11:52.390000 CVE-2024-6402,0,0,795485c4534407e246daec51c1daaa33b95f6651688fed743a8fb9054cdaedba,2024-07-01T12:37:24.220000 CVE-2024-6403,0,0,e44b9cfa8d9ae367e624a8cdf179ef52ea1e98c2115d7a956299d17747a6a56b,2024-07-01T12:37:24.220000