5 changes (1 new | 4 updated):

- 1 new CVEs: CVE-2024-53899 - 4 updated CVEs: CVE-2024-4029, CVE-2024-4436, CVE-2024-4437, CVE-2024-5651
CVEProject · Nov 24, 2024 · aa56386 · aa56386
1 parent eddda6a
commit aa56386
Show file tree

Hide file tree

Showing 7 changed files with 139 additions and 454 deletions.
diff --git a/cves/2024/4xxx/CVE-2024-4029.json b/cves/2024/4xxx/CVE-2024-4029.json
@@ -8,7 +8,7 @@
         "assignerShortName": "redhat",
         "dateReserved": "2024-04-22T13:59:47.506Z",
         "datePublished": "2024-05-02T14:55:27.135Z",
-        "dateUpdated": "2024-11-05T03:03:28.215Z"
+        "dateUpdated": "2024-11-24T16:01:07.405Z"
     },
     "containers": {
         "cna": {
@@ -2227,7 +2227,7 @@
             "providerMetadata": {
                 "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
                 "shortName": "redhat",
-                "dateUpdated": "2024-11-05T03:03:28.215Z"
+                "dateUpdated": "2024-11-24T16:01:07.405Z"
             }
         },
         "adp": [

diff --git a/cves/2024/4xxx/CVE-2024-4436.json b/cves/2024/4xxx/CVE-2024-4436.json
@@ -8,7 +8,7 @@
         "assignerShortName": "redhat",
         "dateReserved": "2024-05-02T16:28:27.069Z",
         "datePublished": "2024-05-08T08:57:12.237Z",
-        "dateUpdated": "2024-09-16T19:30:24.416Z"
+        "dateUpdated": "2024-11-24T16:08:57.869Z"
     },
     "containers": {
         "cna": {
@@ -167,7 +167,7 @@
             "providerMetadata": {
                 "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
                 "shortName": "redhat",
-                "dateUpdated": "2024-09-16T19:30:24.416Z"
+                "dateUpdated": "2024-11-24T16:08:57.869Z"
             }
         },
         "adp": [

diff --git a/cves/2024/4xxx/CVE-2024-4437.json b/cves/2024/4xxx/CVE-2024-4437.json
@@ -8,7 +8,7 @@
         "assignerShortName": "redhat",
         "dateReserved": "2024-05-02T16:28:46.529Z",
         "datePublished": "2024-05-08T08:57:40.229Z",
-        "dateUpdated": "2024-09-16T19:30:28.379Z"
+        "dateUpdated": "2024-11-24T16:09:11.097Z"
     },
     "containers": {
         "cna": {
@@ -167,7 +167,7 @@
             "providerMetadata": {
                 "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
                 "shortName": "redhat",
-                "dateUpdated": "2024-09-16T19:30:28.379Z"
+                "dateUpdated": "2024-11-24T16:09:11.097Z"
             }
         },
         "adp": [

diff --git a/cves/2024/53xxx/CVE-2024-53899.json b/cves/2024/53xxx/CVE-2024-53899.json
@@ -0,0 +1,62 @@
+{
+    "dataType": "CVE_RECORD",
+    "cveMetadata": {
+        "state": "PUBLISHED",
+        "cveId": "CVE-2024-53899",
+        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+        "assignerShortName": "mitre",
+        "dateUpdated": "2024-11-24T16:04:03.381151",
+        "dateReserved": "2024-11-24T00:00:00",
+        "datePublished": "2024-11-24T00:00:00"
+    },
+    "containers": {
+        "cna": {
+            "providerMetadata": {
+                "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
+                "shortName": "mitre",
+                "dateUpdated": "2024-11-24T16:04:03.381151"
+            },
+            "descriptions": [
+                {
+                    "lang": "en",
+                    "value": "virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287."
+                }
+            ],
+            "affected": [
+                {
+                    "vendor": "n/a",
+                    "product": "n/a",
+                    "versions": [
+                        {
+                            "version": "n/a",
+                            "status": "affected"
+                        }
+                    ]
+                }
+            ],
+            "references": [
+                {
+                    "url": "https://github.com/pypa/virtualenv/issues/2768"
+                },
+                {
+                    "url": "https://github.com/pypa/virtualenv/releases/tag/20.26.6"
+                },
+                {
+                    "url": "https://github.com/pypa/virtualenv/pull/2771"
+                }
+            ],
+            "problemTypes": [
+                {
+                    "descriptions": [
+                        {
+                            "type": "text",
+                            "lang": "en",
+                            "description": "n/a"
+                        }
+                    ]
+                }
+            ]
+        }
+    },
+    "dataVersion": "5.1"
+}
diff --git a/cves/2024/5xxx/CVE-2024-5651.json b/cves/2024/5xxx/CVE-2024-5651.json
@@ -8,7 +8,7 @@
         "assignerShortName": "redhat",
         "dateReserved": "2024-06-05T09:57:33.499Z",
         "datePublished": "2024-08-12T05:46:16.035Z",
-        "dateUpdated": "2024-09-16T19:22:16.404Z"
+        "dateUpdated": "2024-11-24T16:03:18.618Z"
     },
     "containers": {
         "cna": {
@@ -151,7 +151,7 @@
             "providerMetadata": {
                 "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
                 "shortName": "redhat",
-                "dateUpdated": "2024-09-16T19:22:16.404Z"
+                "dateUpdated": "2024-11-24T16:03:18.618Z"
             }
         },
         "adp": [

diff --git a/cves/delta.json b/cves/delta.json
@@ -1,19 +1,38 @@
 {
-  "fetchTime": "2024-11-24T16:00:36.925Z",
-  "numberOfChanges": 2,
-  "new": [],
+  "fetchTime": "2024-11-24T16:10:03.898Z",
+  "numberOfChanges": 5,
+  "new": [
+    {
+      "cveId": "CVE-2024-53899",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-53899",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/53xxx/CVE-2024-53899.json",
+      "dateUpdated": "2024-11-24T16:04:03.381151"
+    }
+  ],
   "updated": [
     {
-      "cveId": "CVE-2024-2199",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-2199",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/2xxx/CVE-2024-2199.json",
-      "dateUpdated": "2024-11-24T15:54:58.170Z"
+      "cveId": "CVE-2024-4029",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4029",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4029.json",
+      "dateUpdated": "2024-11-24T16:01:07.405Z"
+    },
+    {
+      "cveId": "CVE-2024-4436",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4436",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4436.json",
+      "dateUpdated": "2024-11-24T16:08:57.869Z"
+    },
+    {
+      "cveId": "CVE-2024-4437",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-4437",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/4xxx/CVE-2024-4437.json",
+      "dateUpdated": "2024-11-24T16:09:11.097Z"
     },
     {
-      "cveId": "CVE-2024-3657",
-      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-3657",
-      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/3xxx/CVE-2024-3657.json",
-      "dateUpdated": "2024-11-24T15:55:00.324Z"
+      "cveId": "CVE-2024-5651",
+      "cveOrgLink": "https://www.cve.org/CVERecord?id=CVE-2024-5651",
+      "githubLink": "https://raw.githubusercontent.com/CVEProject/cvelistV5/main/cves/2024/5xxx/CVE-2024-5651.json",
+      "dateUpdated": "2024-11-24T16:03:18.618Z"
     }
   ],
   "error": []