Auto-Update: 2024-11-24T21:00:19.584647+00:00

fkie-cad · Nov 24, 2024 · dc1ba28 · dc1ba28
1 parent ac894aa
commit dc1ba28
Show file tree

Hide file tree

Showing 6 changed files with 110 additions and 32 deletions.
diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53899.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53899.json
@@ -2,15 +2,50 @@
   "id": "CVE-2024-53899",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-24T16:15:06.647",
-  "lastModified": "2024-11-24T16:15:06.647",
+  "lastModified": "2024-11-24T19:15:05.010",
   "vulnStatus": "Received",
   "descriptions": [
     {
       "lang": "en",
       "value": "virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 8.4,
+          "baseSeverity": "HIGH",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "NONE",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "HIGH",
+          "integrityImpact": "HIGH",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 2.5,
+        "impactScore": 5.9
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-78"
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://github.com/pypa/virtualenv/issues/2768",

diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53901.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53901.json
@@ -2,15 +2,50 @@
   "id": "CVE-2024-53901",
   "sourceIdentifier": "[email protected]",
   "published": "2024-11-24T17:15:04.990",
-  "lastModified": "2024-11-24T17:15:04.990",
+  "lastModified": "2024-11-24T19:15:05.193",
   "vulnStatus": "Received",
   "descriptions": [
     {
       "lang": "en",
       "value": "The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image."
     }
   ],
-  "metrics": {},
+  "metrics": {
+    "cvssMetricV31": [
+      {
+        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+        "type": "Secondary",
+        "cvssData": {
+          "version": "3.1",
+          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
+          "baseScore": 5.5,
+          "baseSeverity": "MEDIUM",
+          "attackVector": "LOCAL",
+          "attackComplexity": "LOW",
+          "privilegesRequired": "NONE",
+          "userInteraction": "REQUIRED",
+          "scope": "UNCHANGED",
+          "confidentialityImpact": "NONE",
+          "integrityImpact": "NONE",
+          "availabilityImpact": "HIGH"
+        },
+        "exploitabilityScore": 1.8,
+        "impactScore": 3.6
+      }
+    ]
+  },
+  "weaknesses": [
+    {
+      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
+      "type": "Secondary",
+      "description": [
+        {
+          "lang": "en",
+          "value": "CWE-120"
+        }
+      ]
+    }
+  ],
   "references": [
     {
       "url": "https://github.com/briandfoy/cpan-security-advisory/issues/167",

diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7923.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7923.json
@@ -2,9 +2,8 @@
   "id": "CVE-2024-7923",
   "sourceIdentifier": "[email protected]",
   "published": "2024-09-04T14:15:14.800",
-  "lastModified": "2024-09-05T21:38:32.257",
-  "vulnStatus": "Analyzed",
-  "cveTags": [],
+  "lastModified": "2024-11-24T19:15:05.933",
+  "vulnStatus": "Modified",
   "descriptions": [
     {
       "lang": "en",
@@ -23,16 +22,16 @@
         "cvssData": {
           "version": "3.1",
           "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
           "attackVector": "NETWORK",
           "attackComplexity": "LOW",
           "privilegesRequired": "NONE",
           "userInteraction": "NONE",
           "scope": "UNCHANGED",
           "confidentialityImpact": "HIGH",
           "integrityImpact": "HIGH",
-          "availabilityImpact": "HIGH",
-          "baseScore": 9.8,
-          "baseSeverity": "CRITICAL"
+          "availabilityImpact": "HIGH"
         },
         "exploitabilityScore": 3.9,
         "impactScore": 5.9
@@ -45,16 +44,16 @@
         "cvssData": {
           "version": "3.0",
           "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
+          "baseScore": 9.8,
+          "baseSeverity": "CRITICAL",
           "attackVector": "NETWORK",
           "attackComplexity": "LOW",
           "privilegesRequired": "NONE",
           "userInteraction": "NONE",
           "scope": "UNCHANGED",
           "confidentialityImpact": "HIGH",
           "integrityImpact": "HIGH",
-          "availabilityImpact": "HIGH",
-          "baseScore": 9.8,
-          "baseSeverity": "CRITICAL"
+          "availabilityImpact": "HIGH"
         },
         "exploitabilityScore": 3.9,
         "impactScore": 5.9
@@ -64,7 +63,7 @@
   "weaknesses": [
     {
       "source": "[email protected]",
-      "type": "Primary",
+      "type": "Secondary",
       "description": [
         {
           "lang": "en",
@@ -122,6 +121,10 @@
         "Vendor Advisory"
       ]
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:8906",
+      "source": "[email protected]"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2024-7923",
       "source": "[email protected]",

diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9676.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9676.json
@@ -2,9 +2,8 @@
   "id": "CVE-2024-9676",
   "sourceIdentifier": "[email protected]",
   "published": "2024-10-15T16:15:06.933",
-  "lastModified": "2024-11-13T08:15:03.597",
+  "lastModified": "2024-11-24T20:15:05.407",
   "vulnStatus": "Awaiting Analysis",
-  "cveTags": [],
   "descriptions": [
     {
       "lang": "en",
@@ -19,20 +18,20 @@
     "cvssMetricV31": [
       {
         "source": "[email protected]",
-        "type": "Primary",
+        "type": "Secondary",
         "cvssData": {
           "version": "3.1",
           "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
+          "baseScore": 6.5,
+          "baseSeverity": "MEDIUM",
           "attackVector": "NETWORK",
           "attackComplexity": "LOW",
           "privilegesRequired": "LOW",
           "userInteraction": "NONE",
           "scope": "UNCHANGED",
           "confidentialityImpact": "NONE",
           "integrityImpact": "NONE",
-          "availabilityImpact": "HIGH",
-          "baseScore": 6.5,
-          "baseSeverity": "MEDIUM"
+          "availabilityImpact": "HIGH"
         },
         "exploitabilityScore": 2.8,
         "impactScore": 3.6
@@ -42,7 +41,7 @@
   "weaknesses": [
     {
       "source": "[email protected]",
-      "type": "Primary",
+      "type": "Secondary",
       "description": [
         {
           "lang": "en",
@@ -96,6 +95,10 @@
       "url": "https://access.redhat.com/errata/RHSA-2024:9459",
       "source": "[email protected]"
     },
+    {
+      "url": "https://access.redhat.com/errata/RHSA-2024:9926",
+      "source": "[email protected]"
+    },
     {
       "url": "https://access.redhat.com/security/cve/CVE-2024-9676",
       "source": "[email protected]"

diff --git a/README.md b/README.md
@@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
 ### Last Repository Update
 
 ```plain
-2024-11-24T19:00:45.064951+00:00
+2024-11-24T21:00:19.584647+00:00
 ```
 
 ### Most recent CVE Modification Timestamp synchronized with NVD
 
 ```plain
-2024-11-24T17:15:04.990000+00:00
+2024-11-24T20:15:05.407000+00:00
 ```
 
 ### Last Data Feed Release
@@ -38,16 +38,18 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
 
 ### CVEs added in the last Commit
 
-Recently added CVEs: `1`
+Recently added CVEs: `0`
 
-- [CVE-2024-53901](CVE-2024/CVE-2024-539xx/CVE-2024-53901.json) (`2024-11-24T17:15:04.990`)
 
 
 ### CVEs modified in the last Commit
 
-Recently modified CVEs: `1`
+Recently modified CVEs: `4`
 
-- [CVE-2024-2698](CVE-2024/CVE-2024-26xx/CVE-2024-2698.json) (`2024-11-24T17:15:04.170`)
+- [CVE-2024-53899](CVE-2024/CVE-2024-538xx/CVE-2024-53899.json) (`2024-11-24T19:15:05.010`)
+- [CVE-2024-53901](CVE-2024/CVE-2024-539xx/CVE-2024-53901.json) (`2024-11-24T19:15:05.193`)
+- [CVE-2024-7923](CVE-2024/CVE-2024-79xx/CVE-2024-7923.json) (`2024-11-24T19:15:05.933`)
+- [CVE-2024-9676](CVE-2024/CVE-2024-96xx/CVE-2024-9676.json) (`2024-11-24T20:15:05.407`)
 
 
 ## Download and Usage

diff --git a/_state.csv b/_state.csv
@@ -249703,7 +249703,7 @@ CVE-2024-26976,0,0,8d10f3269d5a91c284741add789c6c97c0f4d58efa40f7803756b8e0c5ff1
 CVE-2024-26977,0,0,497654cb7be192f219ce80826de497c17b0440b7c74d50ac35e9e9acebd5f1a5,2024-10-31T16:35:11.057000
 CVE-2024-26978,0,0,a9fbbccc4c6b6a063b057899168ba5ac729b3dc43f3b1b1773b94be1dcc0247a,2024-11-05T10:16:13.170000
 CVE-2024-26979,0,0,33d8a117099141e9ac17b778389695861dbfcb2a950ec3472e402d03bd709b88,2024-06-12T16:15:11.147000
-CVE-2024-2698,0,1,3bcbedf7a33875ee1bd470896453ab327889f07b5dc5c178d3e55fe1c7582b3e,2024-11-24T17:15:04.170000
+CVE-2024-2698,0,0,3bcbedf7a33875ee1bd470896453ab327889f07b5dc5c178d3e55fe1c7582b3e,2024-11-24T17:15:04.170000
 CVE-2024-26980,0,0,a01b0fb4342bdf39b9da77b70e4a19bcbf069006c4205e781ec1da49d5506883,2024-11-06T16:35:13.217000
 CVE-2024-26981,0,0,b482b645b87a0746c73a4d4320abd2cbdb59b8e0c54a36b544c28c1736ca5091,2024-11-05T10:16:13.467000
 CVE-2024-26982,0,0,1a2169fa3b40190b3ed39d1072c0508ff86c68871ae50c9090fd9edb12452c09,2024-05-03T06:15:10.953000
@@ -267409,9 +267409,9 @@ CVE-2024-5385,0,0,5113296fe5b95e2ca5ffa573f35631b642d4f934e6e56cfebf21d51c8e50ce
 CVE-2024-5387,0,0,d7455745fd4e2043656d894120ace9fd562ab2b459405f5c80fb87774616ea6e,2024-06-03T19:15:09.500000
 CVE-2024-5388,0,0,88068f2d18329bc2e1ad4660154ccfa55826fed94a4e1660b5757c6715c273a8,2024-06-03T19:15:09.557000
 CVE-2024-5389,0,0,f6aaaf23dff2a1d7f90a7950cdbb76e8322ef8c0ff1bf8f6173fe4634d169b69,2024-07-09T19:15:13.853000
-CVE-2024-53899,0,0,8776b881d1b526af943acee6a5cbe80910701b0a63f07ded2f56c709b69dc1d7,2024-11-24T16:15:06.647000
+CVE-2024-53899,0,1,d0ea7e267aee4a6d9fa16def146fbe335177ecebbeec6b6ff276e4832daa8b2b,2024-11-24T19:15:05.010000
 CVE-2024-5390,0,0,577e03013c579fd5ea5c07b95a092cd4d32be3fa4130d25da9e61ffe468007ab,2024-06-04T19:21:08.020000
-CVE-2024-53901,1,1,e1e66ed85a37b9e290968873ec6a4f4ebe6555b8680f60207ddffdfe7c1a37c1,2024-11-24T17:15:04.990000
+CVE-2024-53901,0,1,a856ad898af1d7a6e4e72889b89fe64fdf720b1f2234f48473f413bd8403693c,2024-11-24T19:15:05.193000
 CVE-2024-5391,0,0,a7c29f93c1b76aed47351138468a6c5b251b9f9a4ad39cf688118719a36ed1c7,2024-06-07T20:15:12.687000
 CVE-2024-5392,0,0,b24872fec717fdd1d01c0a9d16cd8dae85d0db85954b236e74ba95a5e5c8352c,2024-06-04T19:21:08.117000
 CVE-2024-5393,0,0,295d4f9eb57788d71849a73c0b5d6c4f89e92a1e7613c6c16abcfeb4329f6a42,2024-06-04T19:21:08.420000
@@ -269624,7 +269624,7 @@ CVE-2024-7919,0,0,1863f3ded361827cbb07eac1eea3f3ab9748bf8576157da3db06c534b87a21
 CVE-2024-7920,0,0,03604c94082c1da3fc5c107dc3e686ed281b4a09d67a2a74662346c68cad27ae,2024-08-21T12:31:20.663000
 CVE-2024-7921,0,0,0f227aa56af57464e66f96a1f8f7af9df81009de406656147353a8e23b801955,2024-08-21T12:34:04.490000
 CVE-2024-7922,0,0,c7a8281cc30c452535b1935299b85a2bdb852d82530dc7a36d8d5dc42009e9db,2024-08-20T16:20:25.403000
-CVE-2024-7923,0,0,a94642cade19e0de70e23164876a83c05dc5e46c6b5647239a54e857e3dc0dd4,2024-09-05T21:38:32.257000
+CVE-2024-7923,0,1,50cd8de403c990d941446d2eb9a1d569d9b819c5a55984739c0231290c2249f1,2024-11-24T19:15:05.933000
 CVE-2024-7924,0,0,2cf76ea42b1644543678da9fb702b4f7d4bee65303ff016d26c15c306f799b7f,2024-08-20T16:07:26.443000
 CVE-2024-7925,0,0,34a7774a8c3accfc943090e80e03d9858b71da046812c3f4a53477aade0cc157,2024-08-20T16:06:31.663000
 CVE-2024-7926,0,0,f5e8a6b4f6e219cd0b3c12f926d226c104eacc6cf54d3757ecf364a295049d42,2024-09-04T18:42:49.977000
@@ -270941,7 +270941,7 @@ CVE-2024-9670,0,0,f306c0fbbcbde1e6a65006fd3bdd50d366f02be816ff2a6f00ef3348b3b763
 CVE-2024-9671,0,0,421f1b0ad6825ff096efd81ac122f33bafcdf7b21693a85f65613389bca55f89,2024-10-10T12:51:56.987000
 CVE-2024-9674,0,0,99b8206db3c3741ff50725aa3969c36280edf4a37082b6473da1336e00a39d59,2024-10-22T14:02:50.473000
 CVE-2024-9675,0,0,eca475b135003e7e06db8f69f6d2f142dd27c257379e7a0b16967a90dcf42a39,2024-11-13T08:15:03.170000
-CVE-2024-9676,0,0,1897b84483cd6c89b04e83ecacec899f569bb352f44e2b4ce92e396a9b4e4bef,2024-11-13T08:15:03.597000
+CVE-2024-9676,0,1,2d4dfe68dcd6b64ddbe897411bad54b0333159227c305186e59fa47b6d248933,2024-11-24T20:15:05.407000
 CVE-2024-9677,0,0,944e049c847e061867c66e6b586a0cd99260b04bc2e2059d736567bf47cae00c,2024-10-23T15:12:34.673000
 CVE-2024-9680,0,0,aade85a65f2f99cc47c2fb834c470dcfc4a6380ab6735d9434c311360504724b,2024-11-19T17:29:12.207000
 CVE-2024-9681,0,0,5184b45d0c5be56c6e66f5f4d21584d3fd220046fb9bac6604ac868b54d81bd8,2024-11-06T18:17:17.287000