admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-04T21:00:20.280091+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-04 21:03:20 +00:00
parent 69ef8fe1b0
commit 03a6b1a616
64 changed files with 2757 additions and 434 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2020/CVE-2020-257xx/CVE-2020-25730.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-25730",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-04T08:15:06.283",
"lastModified": "2024-04-04T12:48:41.700",
"lastModified": "2024-11-04T19:35:00.910",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de Cross Site Scripting (XSS) en ZoneMinder anterior a la versi\u00f3n 1.34.21, permite a atacantes remotos ejecutar c\u00f3digo arbitrario, escalar privilegios y obtener informaci\u00f3n confidencial a trav\u00e9s del componente PHP_SELF en classic/views/download.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/ZoneMinder/zoneminder/commit/9268db14a79c4ccd444c2bf8d24e62b13207b413",

27
CVE-2020/CVE-2020-52xx/CVE-2020-5200.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-5200",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-30T18:15:19.650",
"lastModified": "2024-04-30T19:35:36.960",
"lastModified": "2024-11-04T20:35:00.717",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Minerbabe hasta V4.16 se entrega con claves de host SSH integradas en la imagen de instalaci\u00f3n, lo que permite ataques de intermediario y hace que la identificaci\u00f3n de todos los nodos IPv4 p\u00fablicos sea trivial con Shodan.io."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://en.minerbabe.com/pc.html/#/helps/updateLog",

27
CVE-2021/CVE-2021-470xx/CVE-2021-47070.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47070",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-01T22:15:46.920",
"lastModified": "2024-03-01T22:22:25.913",
"lastModified": "2024-11-04T19:35:01.957",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: uio_hv_generic: soluciona otra p\u00e9rdida de memoria en las rutas de manejo de errores. La memoria asignada por 'vmbus_alloc_ring()' al comienzo de la funci\u00f3n de sondeo nunca se libera en la ruta de manejo de errores. Agregue la llamada 'vmbus_free_ring()' que falta. Tenga en cuenta que ya est\u00e1 liberado en la funci\u00f3n .remove."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0b0226be3a52dadd965644bc52a807961c2c26df",

27
CVE-2021/CVE-2021-472xx/CVE-2021-47262.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47262",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:14.930",
"lastModified": "2024-05-21T16:54:26.047",
"lastModified": "2024-11-04T19:35:02.187",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: x86: Garantizar la vivacidad de la VM anidada. Ingrese el mensaje de punto de seguimiento de falla. Utilice la maquinaria __string() proporcionada por el subsistema de seguimiento para hacer una copia de los literales de cadena consumidos por los puntos de seguimiento \"nested VM-Enter failed\". Es necesaria una copia completa para garantizar que el punto de seguimiento no pueda vivir m\u00e1s que los datos o la memoria que consume y para evitar la memoria obsoleta. Debido a que el punto de seguimiento en s\u00ed est\u00e1 definido por kvm, si kvm-intel y/o kvm-amd se construyen como m\u00f3dulos, la memoria que contiene los literales de cadena definidos por los m\u00f3dulos del proveedor se liberar\u00e1 cuando se descargue el m\u00f3dulo, mientras que el punto de seguimiento y sus datos en el b\u00fafer circular permanecer\u00e1 hasta que se descargue kvm (o \"indefinidamente\" si kvm est\u00e1 integrado). Este error ha existido desde que se agreg\u00f3 el punto de seguimiento, pero recientemente qued\u00f3 expuesto mediante una nueva verificaci\u00f3n en el seguimiento para detectar exactamente este tipo de error. fmt: '%s%s ' current_buffer: ' vmx_dirty_log_t-140127 [003] .... kvm_nested_vmenter_failed: ' ADVERTENCIA: CPU: 3 PID: 140134 en kernel/trace/trace.c:3759 trace_check_vprintf+0x3be/0x3e0 CPU: 3 PID: 140134 Comm: less No contaminado 5.13.0-rc1-ce2e73ce600a-req #184 Nombre de hardware: ASUS Q87M-E/Q87M-E, BIOS 1102 03/03/2014 RIP: 0010:trace_check_vprintf+0x3be/0x3e0 C\u00f3digo: < 0f> 0b 44 8b 4c 24 1c e9 a9 fe ff ff c6 44 02 ff 00 49 8b 97 b0 20 RSP: 0018:ffffa895cc37bcb0 EFLAGS: 00010282 RAX: 0000000000000000 RBX: cc37bd08 RCX: 0000000000000027 RDX: 0000000000000027 RSI: 00000000ffffdfff RDI: ffff9766cfad74f8 RBP : ffffffffc0a041d4 R08: ffff9766cfad74f0 R09: ffffa895cc37bad8 R10: 0000000000000001 R11: 00000000000000001 R12: ffffffffc0a041d4 R13: ffffffffc0f4dba8 R 14: 0000000000000000 R15: ffff976409f2c000 FS: 00007f92fa200740(0000) GS:ffff9766cfac0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 00 CR0: 0000000080050033 CR2: 0000559bd11b0000 CR3: 000000019fbaa002 CR4: 00000000001726e0 Seguimiento de llamadas: trace_event_printf+0x5e/0x80 3a/0x60 [kvm] print_trace_line+0x1dd/0x4e0 s_show+0x45/0x150 seq_read_iter+0x2d5/0x4c0 seq_read+0x106/0x150 vfs_read+ 0x98/0x180 ksys_read+0x5f/0xe0 do_syscall_64+0x40/0xb0 entrada_SYSCALL_64_after_hwframe+0x44/0xae"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/796d3bd4ac9316e70c181189318cd2bd98af34bc",

27
CVE-2021/CVE-2021-475xx/CVE-2021-47547.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47547",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-24T15:15:19.570",
"lastModified": "2024-05-24T18:09:20.027",
"lastModified": "2024-11-04T19:35:02.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: tulip: de4x5: soluciona el problema de que la matriz 'lp->phy[8]' puede estar fuera de l\u00edmites En la l\u00ednea 5001, si todos los ID de la matriz 'lp ->phy[8]' no es 0, cuando termina 'for', 'k' es 8. En este momento, la matriz 'lp->phy[8]' puede estar fuera de l\u00edmite."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/12f907cb11576b8cd0b1d95a16d1f10ed5bb7237",

27
CVE-2023/CVE-2023-452xx/CVE-2023-45289.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45289",
"sourceIdentifier": "security@golang.org",
"published": "2024-03-05T23:15:07.137",
"lastModified": "2024-05-01T17:15:25.983",
"lastModified": "2024-11-04T19:35:02.600",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Al seguir una redirecci\u00f3n HTTP a un dominio que no es una coincidencia de subdominio o una coincidencia exacta del dominio inicial, un cliente http.no reenv\u00eda encabezados confidenciales como \"Autorizaci\u00f3n\" o \"Cookie\". Por ejemplo, una redirecci\u00f3n de foo.com a www.foo.com reenviar\u00e1 el encabezado de Autorizaci\u00f3n, pero una redirecci\u00f3n a bar.com no. Una redirecci\u00f3n HTTP creada con fines malintencionados podr\u00eda provocar que se reenv\u00eden inesperadamente encabezados confidenciales."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/4",

39
CVE-2023/CVE-2023-500xx/CVE-2023-50059.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50059",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-30T19:15:23.097",
"lastModified": "2024-04-30T19:35:36.960",
"lastModified": "2024-11-04T20:35:01.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema ingalxe.com La plataforma Galxe 1.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s del proceso de autenticaci\u00f3n Web3 de Galxe, el mensaje firmado carece de un nonce (n\u00famero aleatorio)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-338"
}
]
}
],
"references": [
{
"url": "https://galxe.com/",

27
CVE-2023/CVE-2023-520xx/CVE-2023-52066.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52066",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T21:15:14.000",
"lastModified": "2024-11-01T12:57:03.417",
"lastModified": "2024-11-04T19:35:02.827",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se descubri\u00f3 que el commit 76cf5 de http.zig conten\u00eda una vulnerabilidad de inyecci\u00f3n CRLF a trav\u00e9s del par\u00e1metro url."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://github.com/karlseguin/http.zig/issues/25",

27
CVE-2023/CVE-2023-524xx/CVE-2023-52481.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52481",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T06:15:46.060",
"lastModified": "2024-02-29T13:49:29.390",
"lastModified": "2024-11-04T20:35:02.537",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: errata: Agregar workaround de carga especulativa sin privilegios de Cortex-A520 Implementar la workaround para la errata 2966298 de ARM Cortex-A520. En un n\u00facleo Cortex-A520 afectado, una carga sin privilegios ejecutada especulativamente podr\u00eda filtrarse datos de una carga privilegiada a trav\u00e9s de un canal lateral de cach\u00e9. El problema s\u00f3lo existe para cargas dentro de un r\u00e9gimen de traducci\u00f3n con la misma traducci\u00f3n (por ejemplo, el mismo ASID y VMID). Por tanto, el problema s\u00f3lo afecta al retorno a EL0. La soluci\u00f3n es ejecutar un TLBI antes de regresar a EL0 despu\u00e9s de todas las cargas de datos privilegiados. Un TLBI que no se pueda compartir con cualquier direcci\u00f3n es suficiente. El workaround no es necesario si el aislamiento de la tabla de p\u00e1ginas (KPTI) est\u00e1 habilitado, pero por simplicidad lo ser\u00e1. El aislamiento de la tabla de p\u00e1ginas normalmente debe estar deshabilitado para Cortex-A520, ya que admite la funci\u00f3n CSV3 y la funci\u00f3n E0PD (utilizada cuando KASLR est\u00e1 habilitado)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/32b0a4ffcaea44a00a61e40c0d1bcc50362aee25",

39
CVE-2024/CVE-2024-00xx/CVE-2024-0017.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0017",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T20:15:47.513",
"lastModified": "2024-02-16T21:39:50.223",
"lastModified": "2024-11-04T19:35:03.033",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En shouldUseNoOpLocation of CameraActivity.java, hay un posible adjunto confundido debido a una omisi\u00f3n de permisos. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Camera2/+/5c4c4b35754eef319dcd69c422f0b1ac0c823f6e",

12
CVE-2024/CVE-2024-101xx/CVE-2024-10100.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10100",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-17T19:15:21.533",
"lastModified": "2024-10-18T12:52:33.507",
"lastModified": "2024-11-04T19:15:05.297",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -22,19 +22,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]

10
CVE-2024/CVE-2024-101xx/CVE-2024-10101.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10101",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-17T19:15:21.713",
"lastModified": "2024-10-18T12:52:33.507",
"lastModified": "2024-11-04T19:15:05.527",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -22,19 +22,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 2.3,
"impactScore": 4.7
}
]

83
CVE-2024/CVE-2024-105xx/CVE-2024-10598.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10598",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T22:15:02.960",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T19:44:05.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tongda OA 11.2/11.3/11.4/11.5/11.6. This vulnerability affects unknown code of the file general/hr/setting/attendance/leave/data.php of the component Annual Leave Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Tongda OA 11.2/11.3/11.4/11.5/11.6. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo general/hr/setting/attendance/leave/data.php del componente Annual Leave Handler. La manipulaci\u00f3n conduce a una autorizaci\u00f3n indebida. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -106,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -116,22 +150,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2",
"versionEndIncluding": "11.6",
"matchCriteriaId": "C756DF9A-7043-4989-8EC6-5614A809B53B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LvZCh/td/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282610",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282610",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.433495",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

88
CVE-2024/CVE-2024-105xx/CVE-2024-10599.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10599",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T22:15:03.267",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T19:44:59.183",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Tongda OA 2017 up to 11.7. This issue affects some unknown processing of the file /inc/package_static_resources.php. The manipulation leads to resource consumption. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Tongda OA 2017 hasta la versi\u00f3n 11.7. Este problema afecta a algunos procesos desconocidos del archivo /inc/package_static_resources.php. La manipulaci\u00f3n provoca el consumo de recursos. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -106,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -116,22 +150,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndIncluding": "11.7",
"matchCriteriaId": "9BB8B3E0-586B-4775-AE6A-F89D816DF1D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3133D0-47ED-4B20-AE9A-55920B76E55E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LvZCh/td/issues/2",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282611",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282611",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.433496",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

76
CVE-2024/CVE-2024-106xx/CVE-2024-10600.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10600",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T23:15:12.067",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T19:45:26.723",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.6. Affected is an unknown function of the file pda/appcenter/submenu.php. The manipulation of the argument appid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en Tongda OA 2017 hasta la versi\u00f3n 11.6. Se trata de una funci\u00f3n desconocida del archivo pda/appcenter/submenu.php. La manipulaci\u00f3n del argumento appid provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndIncluding": "11.6",
"matchCriteriaId": "97BBFE62-53E4-45AA-8402-EF3F17FCD3A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3133D0-47ED-4B20-AE9A-55920B76E55E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LvZCh/td/issues/3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282612",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282612",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.433497",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

76
CVE-2024/CVE-2024-106xx/CVE-2024-10601.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10601",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-31T23:15:12.343",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T19:45:45.603",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in Tongda OA 2017 up to 11.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /general/address/private/address/query/delete.php. The manipulation of the argument where_repeat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en Tongda OA 2017 hasta la versi\u00f3n 11.10 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /general/address/private/address/query/delete.php. La manipulaci\u00f3n del argumento where_repeat conduce a una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndIncluding": "11.10",
"matchCriteriaId": "0946EEC6-F87E-4290-82B7-A9C870BBC6DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3133D0-47ED-4B20-AE9A-55920B76E55E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LvZCh/td/issues/4",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282613",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282613",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.433498",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

76
CVE-2024/CVE-2024-106xx/CVE-2024-10602.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10602",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T00:15:02.973",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T19:46:22.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tongda OA 2017 up to 11.9 and classified as critical. Affected by this issue is some unknown functionality of the file /general/approve_center/list/input_form/data_picker_link.php. The manipulation of the argument dataSrc leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Tongda OA 2017 hasta la versi\u00f3n 11.9 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /general/approve_center/list/input_form/data_picker_link.php. La manipulaci\u00f3n del argumento dataSrc conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha revelado al p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndIncluding": "11.9",
"matchCriteriaId": "353F28DF-DFC8-4206-A613-5E15AB3F4D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3133D0-47ED-4B20-AE9A-55920B76E55E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LvZCh/td/issues/5",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282614",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282614",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.433499",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

76
CVE-2024/CVE-2024-106xx/CVE-2024-10655.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10655",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T14:15:05.057",
"lastModified": "2024-11-01T20:25:15.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T19:47:40.207",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tongda OA 2017 up to 11.9. It has been declared as critical. This vulnerability affects unknown code of the file /pda/reportshop/new.php. The manipulation of the argument repid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha detectado una vulnerabilidad en Tongda OA 2017 hasta la versi\u00f3n 11.9. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /pda/reportshop/new.php. La manipulaci\u00f3n del argumento repid provoca una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndIncluding": "11.9",
"matchCriteriaId": "353F28DF-DFC8-4206-A613-5E15AB3F4D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3133D0-47ED-4B20-AE9A-55920B76E55E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LvZCh/td/issues/11",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282670",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282670",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.433515",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

76
CVE-2024/CVE-2024-106xx/CVE-2024-10656.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10656",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T15:15:16.960",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T19:47:22.733",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Tongda OA 2017 up to 11.9. It has been rated as critical. This issue affects some unknown processing of the file /pda/meeting/apply.php. The manipulation of the argument mr_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en Tongda OA 2017 hasta la versi\u00f3n 11.9. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /pda/meeting/apply.php. La manipulaci\u00f3n del argumento mr_id provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.0",
"versionEndIncluding": "11.9",
"matchCriteriaId": "353F28DF-DFC8-4206-A613-5E15AB3F4D7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:2017:*:*:*:*:*:*:*",
"matchCriteriaId": "2F3133D0-47ED-4B20-AE9A-55920B76E55E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LvZCh/td/issues/12",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282671",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282671",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.433517",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

71
CVE-2024/CVE-2024-106xx/CVE-2024-10657.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10657",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T15:15:17.247",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T19:47:03.377",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Tongda OA up to 11.10. Affected is an unknown function of the file /pda/approve_center/prcs_info.php. The manipulation of the argument RUN_ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Tongda OA hasta la versi\u00f3n 11.10. Se ve afectada una funci\u00f3n desconocida del archivo /pda/approve_center/prcs_info.php. La manipulaci\u00f3n del argumento RUN_ID provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2",
"versionEndIncluding": "11.10",
"matchCriteriaId": "E9BC7829-F010-4D46-96CD-0E7475A139E7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LvZCh/td/issues/13",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282672",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282672",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.433528",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

71
CVE-2024/CVE-2024-106xx/CVE-2024-10658.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10658",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-01T15:15:17.500",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T19:46:45.707",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Tongda OA up to 11.10. Affected by this vulnerability is an unknown functionality of the file /pda/approve_center/check_seal.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad clasificada como cr\u00edtica en Tongda OA hasta la versi\u00f3n 11.10. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /pda/approve_center/check_seal.php. La manipulaci\u00f3n del ID del argumento provoca una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,57 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tongda2000:office_anywhere:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2",
"versionEndIncluding": "11.10",
"matchCriteriaId": "E9BC7829-F010-4D46-96CD-0E7475A139E7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LvZCh/td/issues/14",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282673",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282673",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.433529",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

149
CVE-2024/CVE-2024-107xx/CVE-2024-10768.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2024-10768",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T19:15:05.743",
"lastModified": "2024-11-04T19:15:05.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-707"
},
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(two_tables.php).md",
"source": "cna@vuldb.com"
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282988",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282988",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.436531",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2024/CVE-2024-107xx/CVE-2024-10791.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-10791",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T20:15:04.580",
"lastModified": "2024-11-04T20:15:04.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in Codezips Hospital Appointment System 1.0. This issue affects some unknown processing of the file /doctorAction.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting file and parameter names to be affected."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-707"
},
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/3127434/CVE/issues/2",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.282989",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.282989",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.436538",
"source": "cna@vuldb.com"
}
]
}

80
CVE-2024/CVE-2024-227xx/CVE-2024-22733.json
View File

@ -2,20 +2,92 @@
"id": "CVE-2024-22733",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T16:15:08.077",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T20:01:12.483",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TP Link MR200 V4 Firmware version 210201 was discovered to contain a null-pointer-dereference in the web administration panel on /cgi/login via the sign, Action or LoginStatus query parameters which could lead to a denial of service by a local or remote unauthenticated attacker."
},
{
"lang": "es",
"value": " Se descubri\u00f3 que la versi\u00f3n de firmware 210201 de TP Link MR200 V4 contiene una desreferencia de puntero nulo en el panel de administraci\u00f3n web en /cgi/login a trav\u00e9s de los par\u00e1metros de consulta sign, Action o LoginStatus, lo que podr\u00eda provocar una denegaci\u00f3n de servicio por parte de un atacante local o remoto no autenticado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:mr200_firmware:210201:*:*:*:*:*:*:*",
"matchCriteriaId": "1C1DE34A-147D-4532-980B-2C6CC6B247F6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:mr200:4:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB5A797-BD97-481C-A804-1A7B7E090A2F"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://lenoctambule.dev/post/dos-on-tp-link-web-admin-panel",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-250xx/CVE-2024-25082.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25082",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T16:27:58.763",
"lastModified": "2024-05-01T19:15:22.237",
"lastModified": "2024-11-04T19:35:04.633",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Splinefont en FontForge hasta 20230101 permite la inyecci\u00f3n de comandos a trav\u00e9s de archivos creados o comprimidos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/2",

39
CVE-2024/CVE-2024-259xx/CVE-2024-25972.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25972",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-03-01T10:15:07.413",
"lastModified": "2024-03-01T14:04:04.827",
"lastModified": "2024-11-04T20:35:03.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La inicializaci\u00f3n de un recurso con una vulnerabilidad predeterminada insegura en OET-213H-BTS1 vendido en Jap\u00f3n por Atsumi Electric Co., Ltd. permite a un atacante no autenticado adyacente a la red configurar y controlar el producto afectado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN77203800/",

14
CVE-2024/CVE-2024-262xx/CVE-2024-26299.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26299",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-02-27T22:15:15.723",
"lastModified": "2024-02-28T14:06:45.783",
"lastModified": "2024-11-04T19:35:05.457",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt",

27
CVE-2024/CVE-2024-266xx/CVE-2024-26652.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26652",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-27T14:15:10.297",
"lastModified": "2024-03-27T15:49:41.437",
"lastModified": "2024-11-04T20:35:04.647",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: pds_core: corrige posible doble liberaci\u00f3n en la ruta de manejo de errores Cuando auxiliar_device_add() devuelve un error y luego llama a auxiliar_device_uninit(), la funci\u00f3n de devoluci\u00f3n de llamada pdsc_auxbus_dev_release llama a kfree(padev) para liberar memoria. No deber\u00edamos volver a llamar a kfree(padev) en la ruta de manejo de errores. Solucione este problema limpiando el kfree() redundante y devolviendo el manejo de errores al lugar donde ocurrieron los errores."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/995f802abff209514ac2ee03b96224237646cec3",

27
CVE-2024/CVE-2024-267xx/CVE-2024-26737.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26737",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-03T17:15:51.243",
"lastModified": "2024-04-03T17:24:18.150",
"lastModified": "2024-11-04T19:35:06.193",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Correcci\u00f3n de ejecuci\u00f3ns entre bpf_timer_cancel_and_free y bpf_timer_cancel La siguiente ejecuci\u00f3n es posible entre bpf_timer_cancel_and_free y bpf_timer_cancel. Dirigir\u00e1 una UAF en el temporizador->temporizador. bpf_timer_cancel(); spin_lock(); t = temporizador->tiempo; spin_unlock(); bpf_timer_cancel_and_free(); spin_lock(); t = temporizador->temporizador; temporizador->temporizador = NULL; spin_unlock(); hrtimer_cancel(&t->temporizador); klibre(t); /* UAF en t */ hrtimer_cancel(&t->timer); En bpf_timer_cancel_and_free, este parche libera el temporizador->temporizador despu\u00e9s de un per\u00edodo de gracia de rcu. Esto requiere una adici\u00f3n de rcu_head a \"struct bpf_hrtimer\". Otro kfree(t) ocurre en bpf_timer_init, esto no necesita un kfree_rcu porque todav\u00eda est\u00e1 bajo spin_lock y otros a\u00fan no han visible el temporizador->temporizador. En bpf_timer_cancel, se agrega rcu_read_lock() porque este asistente puede usarse en un contexto de secci\u00f3n no cr\u00edtica para rcu (por ejemplo, desde un programa bpf que se puede dormir). Se han auditado otros usos de temporizador->temporizador en helpers.c, bpf_timer_cancel() es el \u00fanico lugar donde se usa temporizador->temporizador fuera de spin_lock. Otra soluci\u00f3n considerada es marcar una bandera t-> en bpf_timer_cancel y borrarla una vez finalizado hrtimer_cancel(). En bpf_timer_cancel_and_free, est\u00e1 ocupado esperando a que se borre la bandera antes de kfree(t). Este parche incluye una soluci\u00f3n sencilla y libera el temporizador->temporizador despu\u00e9s de un per\u00edodo de gracia de rcu."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0281b919e175bb9c3128bd3872ac2903e9436e3f",

27
CVE-2024/CVE-2024-268xx/CVE-2024-26828.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26828",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T10:15:09.300",
"lastModified": "2024-04-17T12:48:07.510",
"lastModified": "2024-11-04T19:35:06.407",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: corrige el desbordamiento insuficiente en parse_server_interfaces() En este bucle, recorremos el b\u00fafer y despu\u00e9s de cada elemento comprobamos si size_left es mayor que el tama\u00f1o m\u00ednimo que necesitamos. Sin embargo, el problema es que \"bytes_left\" es del tipo ssize_t mientras que sizeof() es del tipo size_t. Eso significa que debido a la promoci\u00f3n de tipo, la comparaci\u00f3n se realiza sin firmar y si nos quedan bytes negativos, el ciclo contin\u00faa en lugar de finalizar."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/7190353835b4a219abb70f90b06cdcae97f11512",

27
CVE-2024/CVE-2024-269xx/CVE-2024-26918.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26918",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T16:15:08.303",
"lastModified": "2024-04-17T16:51:07.347",
"lastModified": "2024-11-04T19:35:06.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: PCI: corrige el requisito de estado activo en el sondeo de PME. La confirmaci\u00f3n observada en las correcciones agreg\u00f3 un requisito falso de que los dispositivos administrados por PM en tiempo de ejecuci\u00f3n deben estar en el estado RPM_ACTIVE para el sondeo de PME. De hecho, s\u00f3lo se deben sondear los dispositivos en estados de bajo consumo de energ\u00eda. Sin embargo, todav\u00eda existe el requisito de que se pueda acceder al espacio de configuraci\u00f3n del dispositivo, lo que tiene implicaciones tanto para el estado actual del dispositivo sondeado como para el puente principal, cuando est\u00e9 presente. No es suficiente asumir que el puente permanece en D0 y se han observado casos en los que el puente pasa la prueba D0, pero el estado PM indica RPM_SUSPENDING y el espacio de configuraci\u00f3n del dispositivo sondeado se vuelve inaccesible durante pci_pme_wakeup(). Por lo tanto, dado que ya se requiere que el puente est\u00e9 en el estado RPM_ACTIVE, formalice esto en el c\u00f3digo y eleve el recuento de uso de PM para mantener el estado mientras se sondea el dispositivo subordinado. Esto resuelve una regresi\u00f3n reportada en el bugzilla a continuaci\u00f3n donde una jerarqu\u00eda Thunderbolt/USB4 no puede buscar un endpoint NVMe conectado aguas abajo de un puente en un estado de energ\u00eda D3hot."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/41044d5360685e78a869d40a168491a70cdb7e73",

27
CVE-2024/CVE-2024-269xx/CVE-2024-26940.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26940",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T06:15:09.343",
"lastModified": "2024-05-01T13:02:20.750",
"lastModified": "2024-11-04T19:35:06.833",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/vmwgfx: cree la entrada debugfs ttm_resource_manager solo si es necesario. El controlador crea /sys/kernel/debug/dri/0/mob_ttm incluso cuando el ttm_resource_manager correspondiente no est\u00e1 asignado. Esto provoca un bloqueo al intentar leer este archivo. Agregue una marca para crear archivos de depuraci\u00f3n mob_ttm, system_mob_ttm y gmr_ttm solo cuando se asigne el ttm_resource_manager correspondiente. crash> bt PID: 3133409 TAREA: ffff8fe4834a5000 CPU: 3 COMANDO: \"grep\" #0 [ffffb954506b3b20] machine_kexec en ffffffffb2a6bec3 #1 [ffffb954506b3b78] __crash_kexec en ffffffffb2bb598a #2 ffb954506b3c38] crash_kexec en ffffffffb2bb68c1 #3 [ffffb954506b3c50] oops_end en ffffffffb2a2a9b1 # 4 [ffffb954506b3c70] no_context en ffffffffb2a7e913 #5 [ffffb954506b3cc8] __bad_area_nosemaphore en ffffffffb2a7ec8c #6 [ffffb954506b3d10] do_page_fault en ffffffffb2a7f887 #7 54506b3d40] page_fault en ffffffffb360116e [excepci\u00f3n RIP: ttm_resource_manager_debug+0x11] RIP: ffffffffc04afd11 RSP: ffffb954506b3df0 RFLAGS: 00010246 RAX: ffff8fe41a6d1200 RBX: 0000000000000000 RCX: 0000000000000940 RDX: 0000000000000000 RSI: ffffffffc04b4338 RDI: 0000000000000000 RBP: ffffb9545 06b3e08 R8: ffff8fee3ffad000 R9: 0000000000000000 R10: ffff8fe41a76a000 R11: 0000000000000001 R12: 00000000ffffffff R13: 0000000000000001 R14: ffff8fe5bb6f3900 R15: ffff8fe41a6d1200 ORIG_RAX: ffffffffffffff CS: 0010 SS : 0018 #8 [ffffb954506b3e00] ttm_resource_manager_show en ffffffffc04afde7 [ttm] #9 [ffffb954506b3e30] seq_read en ffffffffb2d8f9f3 RIP: 00007f4c4eda8985 RSP: RFLAGS: 00000246 RAX: ffffffffffffffda RBX: 000000000037e000 RCX: 00007f4c4eda8985 RDX: 000000000037e000 RSI: 00007f4c41573000 RDI: 00000000000000 03 PBR: 000000000037e000 R8: 0000000000000000 R9: 000000000037fe30 R10: 0000000000000000 R11: 0000000000000246 R12: 00007f4c41573000 R13: 0000000000000003 R14: 00007f4c41572010 R15: 0000000000000003 ORIG_RAX: 0000000000000000 CS: 0033 SS: 002b"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/016119154981d81c9e8f2ea3f56b9e2b4ea14500",

27
CVE-2024/CVE-2024-273xx/CVE-2024-27393.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27393",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-14T15:12:26.993",
"lastModified": "2024-06-10T17:16:23.223",
"lastModified": "2024-11-04T19:35:07.067",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: xen-netfront: agrega skb_mark_for_recycle faltante. Tenga en cuenta que skb_mark_for_recycle() se introduce m\u00e1s tarde que la etiqueta de correcci\u00f3n en el commit 6a5bcd84e886 (\"page_pool: permitir que los controladores indiquen el reciclaje de SKB\"). Se cree que a la etiqueta de correcciones le faltaba una llamada a page_pool_release_page() entre v5.9 y v5.14, despu\u00e9s de lo cual deber\u00eda haber usado skb_mark_for_recycle(). Desde v6.6, la llamada page_pool_release_page() se elimin\u00f3 (en el commit 535b9c61bdef (\"net: page_pool: hide page_pool_release_page()\") y las personas que llaman restantes se convirtieron (en el commit 6bfef2ec0172 (\"Merge Branch 'net-page_pool-remove-page_pool_release_page'\") ). Esta fuga se hizo visible en la versi\u00f3n 6.8 mediante el commit dba1b8a7ab68 (\"mm/page_pool: captura p\u00e9rdidas de memoria en page_pool\")."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/05/08/4",

43
CVE-2024/CVE-2024-275xx/CVE-2024-27524.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-27524",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T15:15:17.907",
"lastModified": "2024-11-01T20:24:53.730",
"lastModified": "2024-11-04T20:35:04.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the new_ticket.php component."
},
{
"lang": "es",
"value": " La vulnerabilidad de cross site scripting en Chamilo LMS v.1.11.26 permite a un atacante remoto escalar privilegios a trav\u00e9s de un script manipulado espec\u00edficamente para el par\u00e1metro filename del componente new_ticket.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/53275c152275958b33a1f87a21843daa52fb543a",

43
CVE-2024/CVE-2024-275xx/CVE-2024-27525.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-27525",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T15:15:18.003",
"lastModified": "2024-11-01T20:24:53.730",
"lastModified": "2024-11-04T20:35:05.800",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Chamilo LMS v.1.11.26 allows a remote attacker to escalate privileges via a crafted script to the filename parameter of the home.php component."
},
{
"lang": "es",
"value": "La vulnerabilidad de cross site scripting en Chamilo LMS v.1.11.26 permite a un atacante remoto escalar privilegios a trav\u00e9s de un script manipulado espec\u00edficamente para el par\u00e1metro filename del componente home.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/chamilo/chamilo-lms/commit/a63e03ef961e7bf2dab56f4ede6f87edef40ba0c",

25
CVE-2024/CVE-2024-306xx/CVE-2024-30616.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-30616",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.193",
"lastModified": "2024-11-04T19:15:06.193",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30616",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/a1a1e4df70dc65ae4fc7857135f4d3ee185548e7",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-306xx/CVE-2024-30617.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-30617",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.277",
"lastModified": "2024-11-04T19:15:06.277",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-Site Request Forgery (CSRF) vulnerability in Chamilo LMS 1.11.26 \"/main/social/home.php,\" allows attackers to initiate a request that posts a fake post onto the user's social wall without their consent or knowledge."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30617",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/7a0e10cccc92eadae9403925f995b0a8d2d1305e",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-306xx/CVE-2024-30618.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-30618",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.360",
"lastModified": "2024-11-04T19:15:06.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross-Site Scripting (XSS) Vulnerability in Chamilo LMS 1.11.26 allows a remote attacker to execute arbitrary JavaScript in a web browser by including a malicious payload in the 'content' parameter of 'group_topics.php'."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30618",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/3b98682199049ebfb170ace16ada9a7c8e9a6622",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-306xx/CVE-2024-30619.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-30619",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.440",
"lastModified": "2024-11-04T19:15:06.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Chamilo LMS Version 1.11.26 is vulnerable to Incorrect Access Control. A non-authenticated attacker can request the number of messages and the number of online users via \"/main/inc/ajax/message.ajax.php?a=get_count_message\" AND \"/main/inc/ajax/online.ajax.php?a=get_users_online.\""
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30619",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/chamilo/chamilo-lms/commit/bef68ffe0552cd25b0ef760e582e1188f0f6bf4b",
"source": "cve@mitre.org"
}
]
}

39
CVE-2024/CVE-2024-342xx/CVE-2024-34223.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34223",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:38:36.463",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-11-04T19:35:07.467",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de permiso inseguro en /hrm/leaverequest.php en SourceCodester Human Resource Management System 1.0 permite a los atacantes aprobar o rechazar el ticket de licencia."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://github.com/dovankha/CVE-2024-34223",

25
CVE-2024/CVE-2024-348xx/CVE-2024-34885.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-34885",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.560",
"lastModified": "2024-11-04T19:15:06.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request."
}
],
"metrics": {},
"references": [
{
"url": "http://bitrix24.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/DrieVlad/BitrixVulns",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-348xx/CVE-2024-34891.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-34891",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.647",
"lastModified": "2024-11-04T19:15:06.647",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request."
}
],
"metrics": {},
"references": [
{
"url": "http://bitrix24.com",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/DrieVlad/BitrixVulns",
"source": "cve@mitre.org"
}
]
}

39
CVE-2024/CVE-2024-350xx/CVE-2024-35083.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35083",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-23T17:15:30.637",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-11-04T20:35:06.920",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que J2EEFAST v2.7.0 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de la funci\u00f3n findPage en SysLoginInfoMapper.xml."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35083.txt",

10
CVE-2024/CVE-2024-361xx/CVE-2024-36117.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36117",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-19T18:15:11.220",
"lastModified": "2024-06-20T12:43:25.663",
"lastModified": "2024-11-04T19:15:06.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -52,9 +52,17 @@
}
],
"references": [
{
"url": "https://github.com/dzikoysk/reposilite/commit/e172ae4b539c822d0d6e04cf090713c7202a79d6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dzikoysk/reposilite/releases/tag/3.5.12",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/dzikoysk/reposilite/security/advisories/GHSA-82j3-hf72-7x93",
"source": "security-advisories@github.com"
}
]
}

27
CVE-2024/CVE-2024-369xx/CVE-2024-36953.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36953",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-30T16:15:18.233",
"lastModified": "2024-06-27T14:15:15.170",
"lastModified": "2024-11-04T19:35:09.213",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: KVM: arm64: vgic-v2: Verifique vCPU que no sea NULL en vgic_v2_parse_attr() vgic_v2_parse_attr() es responsable de encontrar la vCPU que coincida con el CPUID proporcionado por el usuario, que (de curso) puede no ser v\u00e1lido. Si el ID no es v\u00e1lido, kvm_get_vcpu_by_id() devuelve NULL, que no se maneja correctamente. De manera similar al flujo de uaccess de GICv3, verifique que kvm_get_vcpu_by_id() realmente devuelva algo y falle el ioctl si no."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/01981276d64e542c177b243f7c979fee855d5487",

39
CVE-2024/CVE-2024-447xx/CVE-2024-44731.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-44731",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-11T17:15:04.080",
"lastModified": "2024-10-15T12:57:46.880",
"lastModified": "2024-11-04T20:35:07.840",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Mirotalk antes de el commit 9de226 conten\u00eda una vulnerabilidad de cross-site scripting (XSS) basada en DOM que permite a los atacantes ejecutar c\u00f3digo arbitrario mediante el env\u00edo de payloads malipulados en mensajes a otros usuarios mediante conexiones RTC."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://aware7.com/de/blog/schwachstellen-in-videokonferenzsystemen/",

56
CVE-2024/CVE-2024-450xx/CVE-2024-45086.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45086",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-11-04T20:15:05.013",
"lastModified": "2024-11-04T20:15:05.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A privileged user could exploit this vulnerability to expose sensitive information or consume memory resources."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7174745",
"source": "psirt@us.ibm.com"
}
]
}

25
CVE-2024/CVE-2024-451xx/CVE-2024-45185.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-45185",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T20:15:05.257",
"lastModified": "2024-11-04T20:15:05.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS protocol."
}
],
"metrics": {},
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
},
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-45185/",
"source": "cve@mitre.org"
}
]
}

31
CVE-2024/CVE-2024-482xx/CVE-2024-48270.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-48270",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T14:15:06.953",
"lastModified": "2024-11-01T20:25:15.673",
"lastModified": "2024-11-04T19:35:11.057",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the component /logins of oasys v1.1 allows attackers to access sensitive information via a burst attack."
},
{
"lang": "es",
"value": " Un problema en el componente /logins de oasys v1.1 permite a los atacantes acceder a informaci\u00f3n confidencial a trav\u00e9s de un burst attack."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://github.com/majic-banana/vulnerability/blob/main/POC/Verification%20Code%20Reuse--misstt123oasys.md",

43
CVE-2024/CVE-2024-482xx/CVE-2024-48289.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48289",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T15:15:56.560",
"lastModified": "2024-11-01T20:24:53.730",
"lastModified": "2024-11-04T20:35:09.307",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the Bluetooth Low Energy implementation of Cypress Bluetooth SDK v3.66 allows attackers to cause a Denial of Service (DoS) via supplying a crafted LL_PAUSE_ENC_REQ packet."
},
{
"lang": "es",
"value": " Un problema en la implementaci\u00f3n de Bluetooth Low Energy de Cypress Bluetooth SDK v3.66 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante el suministro de un paquete LL_PAUSE_ENC_REQ manipulado espec\u00edficamente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://community.infineon.com/t5/PSoC-4/BLE-SDK-Integer-Overflow/m-p/888037#M49108",

39
CVE-2024/CVE-2024-483xx/CVE-2024-48336.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48336",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T18:15:05.027",
"lastModified": "2024-11-04T18:50:05.607",
"lastModified": "2024-11-04T20:35:10.193",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "The install() function of ProviderInstaller.java in Magisk App before canary version 27007 does not verify the GMS app before loading it, which allows a local untrusted app with no additional privileges to silently execute arbitrary code in the Magisk app and escalate privileges to root via a crafted package, aka Bug #8279. User interaction is not needed for exploitation."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-829"
}
]
}
],
"references": [
{
"url": "https://github.com/canyie/MagiskEoP",

39
CVE-2024/CVE-2024-487xx/CVE-2024-48733.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48733",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T21:15:14.507",
"lastModified": "2024-11-01T13:15:12.390",
"lastModified": "2024-11-04T19:35:11.380",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,7 +22,42 @@
"value": "La vulnerabilidad de inyecci\u00f3n SQL en /SASStudio/sasexec/sessions/{sessionID}/sql en SAS Studio 9.4 permite a un atacante remoto ejecutar comandos SQL arbitrarios a trav\u00e9s de la solicitud del cuerpo POST."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "http://sas.com",

39
CVE-2024/CVE-2024-487xx/CVE-2024-48734.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48734",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T21:15:14.563",
"lastModified": "2024-11-01T13:15:12.510",
"lastModified": "2024-11-04T19:35:12.597",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,7 +22,42 @@
"value": "*La carga de archivos sin restricciones en /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} en SAS Studio 9.4 permite que atacantes remotos carguen archivos maliciosos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "http://sas.com",

43
CVE-2024/CVE-2024-508xx/CVE-2024-50801.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-50801",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T19:15:13.313",
"lastModified": "2024-11-01T12:57:03.417",
"lastModified": "2024-11-04T19:35:13.810",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/collections.php. The vulnerability is exploitable via the id parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en AbanteCart 1.4.0 en la funci\u00f3n update() en public_html/admin/controller/responses/listing_grid/collections.php. La vulnerabilidad se puede explotar a trav\u00e9s del par\u00e1metro id."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://chiggerlor.substack.com/p/cve-2024-50801-and-and-cve-2024-50802",

43
CVE-2024/CVE-2024-508xx/CVE-2024-50802.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-50802",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T19:15:13.413",
"lastModified": "2024-11-01T12:57:03.417",
"lastModified": "2024-11-04T19:35:14.907",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability was discovered in AbanteCart 1.4.0 in the update() function in public_html/admin/controller/responses/listing_grid/email_templates.php. The vulnerability is exploitable via the id parameter."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en AbanteCart 1.4.0 en la funci\u00f3n update() en public_html/admin/controller/responses/listing_grid/email_templates.php. La vulnerabilidad se puede explotar a trav\u00e9s del par\u00e1metro id."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://chiggerlor.substack.com/p/cve-2024-50801-and-and-cve-2024-50802",

39
CVE-2024/CVE-2024-513xx/CVE-2024-51328.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-51328",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T18:15:05.393",
"lastModified": "2024-11-04T18:50:05.607",
"lastModified": "2024-11-04T19:35:16.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51328%20-%20Stored%20XSS%20",

31
CVE-2024/CVE-2024-514xx/CVE-2024-51406.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-51406",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T14:15:07.073",
"lastModified": "2024-11-01T20:25:15.673",
"lastModified": "2024-11-04T19:35:17.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Floodlight SDN Open Flow Controller v.1.2 has an issue that allows local hosts to build fake LLDP packets that allow specific clusters to be missed by Floodlight, which in turn leads to missed hosts inside and outside the cluster."
},
{
"lang": "es",
"value": " Floodlight SDN Open Flow Controller v.1.2 tiene un problema que permite que los hosts locales creen paquetes LLDP falsos que hacen que Floodlight no detecte cl\u00fasteres espec\u00edficos, lo que a su vez genera que no se detecten hosts dentro y fuera del cl\u00faster."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://github.com/floodlight/floodlight",

31
CVE-2024/CVE-2024-514xx/CVE-2024-51407.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-51407",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T14:15:07.193",
"lastModified": "2024-11-01T20:24:53.730",
"lastModified": "2024-11-04T20:35:11.350",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Floodlight SDN OpenFlow Controller v.1.2 has an issue that allows local hosts to construct false broadcast ports causing inter-host communication anomalies."
},
{
"lang": "es",
"value": " Floodlight SDN OpenFlow Controller v.1.2 tiene un problema que permite que los hosts locales construyan puertos de transmisi\u00f3n falsos, lo que provoca anomal\u00edas de comunicaci\u00f3n entre hosts."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://github.com/floodlight/floodlight",

18
CVE-2024/CVE-2024-60xx/CVE-2024-6080.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-6080",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-06-17T23:15:51.583",
"lastModified": "2024-09-20T00:27:34.317",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-04T19:15:07.323",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks."
"value": "A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code of the component incontrolWebcam Service. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early about this disclosure and plans to provide a solution within the next few weeks."
},
{
"lang": "es",
@ -133,6 +133,10 @@
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
},
{
"lang": "en",
"value": "CWE-428"
@ -158,6 +162,14 @@
}
],
"references": [
{
"url": "https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.268822",
"source": "cna@vuldb.com",

69
CVE-2024/CVE-2024-78xx/CVE-2024-7807.json
View File

@ -2,16 +2,42 @@
"id": "CVE-2024-7807",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-29T13:15:10.360",
"lastModified": "2024-10-29T14:35:21.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-04T20:47:21.767",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously process each character, rendering ChuanhuChatGPT inaccessible. This uncontrolled resource consumption can lead to prolonged unavailability of the service, disrupting operations and causing potential data inaccessibility and loss of productivity."
},
{
"lang": "es",
"value": " Una vulnerabilidad en la versi\u00f3n 20240628 de gaizhenbiao/chuanhuchatgpt permite un ataque de denegaci\u00f3n de servicio (DOS). Al cargar un archivo, si un atacante agrega una gran cantidad de caracteres al final de un l\u00edmite de varias partes, el sistema procesar\u00e1 continuamente cada car\u00e1cter, lo que har\u00e1 que ChuanhuChatGPT sea inaccesible. Este consumo descontrolado de recursos puede provocar una indisponibilidad prolongada del servicio, lo que interrumpir\u00e1 las operaciones y provocar\u00e1 una posible inaccesibilidad de los datos y una p\u00e9rdida de productividad."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -37,8 +63,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -57,14 +93,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:20240628:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC10782-5CE4-4545-A3F3-499CB770338B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/919222d285d73b9dcd71fb34de379eef8c90d175",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/db67276d-36ee-4487-9165-b621c67ef8a3",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit"
]
}
]
}

26
CVE-2024/CVE-2024-93xx/CVE-2024-9324.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-9324",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-09-29T07:15:02.740",
"lastModified": "2024-10-07T16:05:50.067",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-04T19:15:07.587",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relat\u00f3rio de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20."
"value": "A vulnerability was found in Intelbras InControl up to 2.21.57. It has been rated as critical. Affected by this issue is some unknown functionality of the file /v1/operador/ of the component Relat\u00f3rio de Operadores Page. The manipulation of the argument fields leads to code injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-07-19 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20."
},
{
"lang": "es",
@ -130,9 +130,17 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-707"
},
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-94"
@ -140,7 +148,7 @@
]
},
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
@ -169,6 +177,14 @@
}
],
"references": [
{
"url": "https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.278828",
"source": "cna@vuldb.com",

18
CVE-2024/CVE-2024-93xx/CVE-2024-9325.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-9325",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-09-29T08:15:02.243",
"lastModified": "2024-10-07T16:06:49.923",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-04T19:15:07.790",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\\Program Files (x86)\\Intelbras\\Incontrol Cliente\\incontrol_webcam\\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20."
"value": "A vulnerability classified as critical has been found in Intelbras InControl up to 2.21.56. This affects an unknown part of the file C:\\Program Files (x86)\\Intelbras\\Incontrol Cliente\\incontrol_webcam\\incontrol-service-watchdog.exe. The manipulation leads to unquoted search path. It is possible to launch the attack on the local host. Upgrading to version 2.21.58 is able to address this issue. It is recommended to upgrade the affected component. The vendor was informed early on 2024-08-05 about this issue. The release of a fixed version 2.21.58 was announced for the end of August 2024 but then was postponed until 2024-09-20."
},
{
"lang": "es",
@ -133,6 +133,10 @@
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
},
{
"lang": "en",
"value": "CWE-428"
@ -159,6 +163,14 @@
}
],
"references": [
{
"url": "https://backend.intelbras.com/sites/default/files/2024-10/Aviso%20de%20Seguran%C3%A7a%20-%20Incontrol%202.21.56%20e%202.21.57.pdf",
"source": "cna@vuldb.com"
},
{
"url": "https://download.cronos.intelbras.com.br/download/INCONTROL/INCONTROL-WEB/prod/INCONTROL-WEB-2.21.58-233dfd1ac1e2ca3eabb71c854005c78b.exe",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.278829",
"source": "cna@vuldb.com",

82
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-11-04T19:00:20.374735+00:00
2024-11-04T21:00:20.280091+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-11-04T18:55:38.580000+00:00
2024-11-04T20:47:21.767000+00:00
```
### Last Data Feed Release
@ -33,56 +33,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
268156
268166
```
### CVEs added in the last Commit
Recently added CVEs: `12`
Recently added CVEs: `10`
- [CVE-2024-10766](CVE-2024/CVE-2024-107xx/CVE-2024-10766.json) (`2024-11-04T18:15:04.330`)
- [CVE-2024-34882](CVE-2024/CVE-2024-348xx/CVE-2024-34882.json) (`2024-11-04T18:15:04.683`)
- [CVE-2024-34883](CVE-2024/CVE-2024-348xx/CVE-2024-34883.json) (`2024-11-04T18:15:04.787`)
- [CVE-2024-34887](CVE-2024/CVE-2024-348xx/CVE-2024-34887.json) (`2024-11-04T18:15:04.867`)
- [CVE-2024-48336](CVE-2024/CVE-2024-483xx/CVE-2024-48336.json) (`2024-11-04T18:15:05.027`)
- [CVE-2024-48809](CVE-2024/CVE-2024-488xx/CVE-2024-48809.json) (`2024-11-04T17:15:07.880`)
- [CVE-2024-51127](CVE-2024/CVE-2024-511xx/CVE-2024-51127.json) (`2024-11-04T18:15:05.113`)
- [CVE-2024-51136](CVE-2024/CVE-2024-511xx/CVE-2024-51136.json) (`2024-11-04T17:15:08.050`)
- [CVE-2024-51326](CVE-2024/CVE-2024-513xx/CVE-2024-51326.json) (`2024-11-04T18:15:05.207`)
- [CVE-2024-51327](CVE-2024/CVE-2024-513xx/CVE-2024-51327.json) (`2024-11-04T18:15:05.310`)
- [CVE-2024-51328](CVE-2024/CVE-2024-513xx/CVE-2024-51328.json) (`2024-11-04T18:15:05.393`)
- [CVE-2024-51329](CVE-2024/CVE-2024-513xx/CVE-2024-51329.json) (`2024-11-04T18:15:05.480`)
- [CVE-2024-10768](CVE-2024/CVE-2024-107xx/CVE-2024-10768.json) (`2024-11-04T19:15:05.743`)
- [CVE-2024-10791](CVE-2024/CVE-2024-107xx/CVE-2024-10791.json) (`2024-11-04T20:15:04.580`)
- [CVE-2024-30616](CVE-2024/CVE-2024-306xx/CVE-2024-30616.json) (`2024-11-04T19:15:06.193`)
- [CVE-2024-30617](CVE-2024/CVE-2024-306xx/CVE-2024-30617.json) (`2024-11-04T19:15:06.277`)
- [CVE-2024-30618](CVE-2024/CVE-2024-306xx/CVE-2024-30618.json) (`2024-11-04T19:15:06.360`)
- [CVE-2024-30619](CVE-2024/CVE-2024-306xx/CVE-2024-30619.json) (`2024-11-04T19:15:06.440`)
- [CVE-2024-34885](CVE-2024/CVE-2024-348xx/CVE-2024-34885.json) (`2024-11-04T19:15:06.560`)
- [CVE-2024-34891](CVE-2024/CVE-2024-348xx/CVE-2024-34891.json) (`2024-11-04T19:15:06.647`)
- [CVE-2024-45086](CVE-2024/CVE-2024-450xx/CVE-2024-45086.json) (`2024-11-04T20:15:05.013`)
- [CVE-2024-45185](CVE-2024/CVE-2024-451xx/CVE-2024-45185.json) (`2024-11-04T20:15:05.257`)
### CVEs modified in the last Commit
Recently modified CVEs: `173`
Recently modified CVEs: `52`
- [CVE-2024-51249](CVE-2024/CVE-2024-512xx/CVE-2024-51249.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51251](CVE-2024/CVE-2024-512xx/CVE-2024-51251.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51253](CVE-2024/CVE-2024-512xx/CVE-2024-51253.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51408](CVE-2024/CVE-2024-514xx/CVE-2024-51408.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51556](CVE-2024/CVE-2024-515xx/CVE-2024-51556.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51557](CVE-2024/CVE-2024-515xx/CVE-2024-51557.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51558](CVE-2024/CVE-2024-515xx/CVE-2024-51558.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51559](CVE-2024/CVE-2024-515xx/CVE-2024-51559.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51560](CVE-2024/CVE-2024-515xx/CVE-2024-51560.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51561](CVE-2024/CVE-2024-515xx/CVE-2024-51561.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51582](CVE-2024/CVE-2024-515xx/CVE-2024-51582.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51626](CVE-2024/CVE-2024-516xx/CVE-2024-51626.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51661](CVE-2024/CVE-2024-516xx/CVE-2024-51661.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51665](CVE-2024/CVE-2024-516xx/CVE-2024-51665.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51672](CVE-2024/CVE-2024-516xx/CVE-2024-51672.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51677](CVE-2024/CVE-2024-516xx/CVE-2024-51677.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51678](CVE-2024/CVE-2024-516xx/CVE-2024-51678.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51680](CVE-2024/CVE-2024-516xx/CVE-2024-51680.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51681](CVE-2024/CVE-2024-516xx/CVE-2024-51681.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51682](CVE-2024/CVE-2024-516xx/CVE-2024-51682.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51683](CVE-2024/CVE-2024-516xx/CVE-2024-51683.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-51685](CVE-2024/CVE-2024-516xx/CVE-2024-51685.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-6536](CVE-2024/CVE-2024-65xx/CVE-2024-6536.json) (`2024-11-04T17:35:41.007`)
- [CVE-2024-9147](CVE-2024/CVE-2024-91xx/CVE-2024-9147.json) (`2024-11-04T18:50:05.607`)
- [CVE-2024-9287](CVE-2024/CVE-2024-92xx/CVE-2024-9287.json) (`2024-11-04T18:15:05.627`)
- [CVE-2024-26828](CVE-2024/CVE-2024-268xx/CVE-2024-26828.json) (`2024-11-04T19:35:06.407`)
- [CVE-2024-26918](CVE-2024/CVE-2024-269xx/CVE-2024-26918.json) (`2024-11-04T19:35:06.627`)
- [CVE-2024-26940](CVE-2024/CVE-2024-269xx/CVE-2024-26940.json) (`2024-11-04T19:35:06.833`)
- [CVE-2024-27393](CVE-2024/CVE-2024-273xx/CVE-2024-27393.json) (`2024-11-04T19:35:07.067`)
- [CVE-2024-27524](CVE-2024/CVE-2024-275xx/CVE-2024-27524.json) (`2024-11-04T20:35:04.913`)
- [CVE-2024-27525](CVE-2024/CVE-2024-275xx/CVE-2024-27525.json) (`2024-11-04T20:35:05.800`)
- [CVE-2024-34223](CVE-2024/CVE-2024-342xx/CVE-2024-34223.json) (`2024-11-04T19:35:07.467`)
- [CVE-2024-35083](CVE-2024/CVE-2024-350xx/CVE-2024-35083.json) (`2024-11-04T20:35:06.920`)
- [CVE-2024-36117](CVE-2024/CVE-2024-361xx/CVE-2024-36117.json) (`2024-11-04T19:15:06.733`)
- [CVE-2024-36953](CVE-2024/CVE-2024-369xx/CVE-2024-36953.json) (`2024-11-04T19:35:09.213`)
- [CVE-2024-44731](CVE-2024/CVE-2024-447xx/CVE-2024-44731.json) (`2024-11-04T20:35:07.840`)
- [CVE-2024-48270](CVE-2024/CVE-2024-482xx/CVE-2024-48270.json) (`2024-11-04T19:35:11.057`)
- [CVE-2024-48289](CVE-2024/CVE-2024-482xx/CVE-2024-48289.json) (`2024-11-04T20:35:09.307`)
- [CVE-2024-48336](CVE-2024/CVE-2024-483xx/CVE-2024-48336.json) (`2024-11-04T20:35:10.193`)
- [CVE-2024-48733](CVE-2024/CVE-2024-487xx/CVE-2024-48733.json) (`2024-11-04T19:35:11.380`)
- [CVE-2024-48734](CVE-2024/CVE-2024-487xx/CVE-2024-48734.json) (`2024-11-04T19:35:12.597`)
- [CVE-2024-50801](CVE-2024/CVE-2024-508xx/CVE-2024-50801.json) (`2024-11-04T19:35:13.810`)
- [CVE-2024-50802](CVE-2024/CVE-2024-508xx/CVE-2024-50802.json) (`2024-11-04T19:35:14.907`)
- [CVE-2024-51328](CVE-2024/CVE-2024-513xx/CVE-2024-51328.json) (`2024-11-04T19:35:16.150`)
- [CVE-2024-51406](CVE-2024/CVE-2024-514xx/CVE-2024-51406.json) (`2024-11-04T19:35:17.410`)
- [CVE-2024-51407](CVE-2024/CVE-2024-514xx/CVE-2024-51407.json) (`2024-11-04T20:35:11.350`)
- [CVE-2024-6080](CVE-2024/CVE-2024-60xx/CVE-2024-6080.json) (`2024-11-04T19:15:07.323`)
- [CVE-2024-7807](CVE-2024/CVE-2024-78xx/CVE-2024-7807.json) (`2024-11-04T20:47:21.767`)
- [CVE-2024-9324](CVE-2024/CVE-2024-93xx/CVE-2024-9324.json) (`2024-11-04T19:15:07.587`)
- [CVE-2024-9325](CVE-2024/CVE-2024-93xx/CVE-2024-9325.json) (`2024-11-04T19:15:07.790`)
## Download and Usage

480
_state.csv
View File

File diff suppressed because it is too large Load Diff