From 458b3961cb736e23bae733887c315047d6f9529a Mon Sep 17 00:00:00 2001 From: ghost Date: Mon, 2 Sep 2024 05:11:39 +0000 Subject: [PATCH] =?UTF-8?q?chore:=20generate=20CVEs=20metadata=20?= =?UTF-8?q?=F0=9F=A4=96?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- cves.json | 1 + cves.json-checksum.txt | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/cves.json b/cves.json index c228c76710..e55cbd2565 100644 --- a/cves.json +++ b/cves.json @@ -2557,6 +2557,7 @@ {"ID":"CVE-2024-6396","Info":{"Name":"Aimhubio Aim Server 3.19.3 - Arbitrary File Overwrite","Severity":"critical","Description":"A vulnerability in the `_backup_run` function in aimhubio/aim version 3.19.3 allows remote attackers to overwrite any file on the host server and exfiltrate arbitrary data. The vulnerability arises due to improper handling of the `run_hash` and `repo.path` parameters, which can be manipulated to create and write to arbitrary file paths. This can lead to denial of service by overwriting critical system files, loss of private data, and potential remote code execution.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6396.yaml"} {"ID":"CVE-2024-6587","Info":{"Name":"LiteLLM - Server-Side Request Forgery","Severity":"high","Description":"LiteLLM vulnerable to Server-Side Request Forgery (SSRF) vulnerability Exposes OpenAI API Keys.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6587.yaml"} {"ID":"CVE-2024-6646","Info":{"Name":"Netgear-WN604 downloadFile.php - Information Disclosure","Severity":"medium","Description":"There is an information leakage vulnerability in the downloadFile.php interface of Netgear WN604. A remote attacker using file authentication can use this vulnerability to obtain the administrator account and password information of the wireless router, causing the router's background to be controlled. The attacker can initiate damage to the wireless network or further threaten it.\n","Classification":{"CVSSScore":"5.3"}},"file_path":"http/cves/2024/CVE-2024-6646.yaml"} +{"ID":"CVE-2024-6670","Info":{"Name":"WhatsUp Gold HasErrors SQL Injection - Authentication Bypass","Severity":"critical","Description":"In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password.\n","Classification":{"CVSSScore":"9.8"}},"file_path":"http/cves/2024/CVE-2024-6670.yaml"} {"ID":"CVE-2024-6746","Info":{"Name":"EasySpider 0.6.2 - Arbitrary File Read","Severity":"medium","Description":"A vulnerability classified as problematic was found in NaiboWang EasySpider 0.6.2 on Windows. Affected by this vulnerability is an unknown functionality of the file \\EasySpider\\resources\\app\\server.js of the component HTTP GET Request Handler. The manipulation with the input /../../../../../../../../../Windows/win.ini leads to path traversal: '../filedir'. The attack needs to be done within the local network.\n","Classification":{"CVSSScore":"4.3"}},"file_path":"http/cves/2024/CVE-2024-6746.yaml"} {"ID":"CVE-2024-6781","Info":{"Name":"Calibre \u003c= 7.14.0 Arbitrary File Read","Severity":"high","Description":"Arbitrary file read via Calibre’s content server in Calibre \u003c= 7.14.0.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6781.yaml"} {"ID":"CVE-2024-6782","Info":{"Name":"Calibre \u003c= 7.14.0 Remote Code Execution","Severity":"critical","Description":"Unauthenticated remote code execution via Calibre’s content server in Calibre \u003c= 7.14.0.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"http/cves/2024/CVE-2024-6782.yaml"} diff --git a/cves.json-checksum.txt b/cves.json-checksum.txt index f655f4161a..97455cc1a1 100644 --- a/cves.json-checksum.txt +++ b/cves.json-checksum.txt @@ -1 +1 @@ -b0de9ef772e026448b817fe6fca06d41 +726970f054c86e6c01c06b453414a818