admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-31T19:00:20.333660+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-31 19:03:21 +00:00
parent 57510cfd46
commit 05eb7a0990
53 changed files with 2369 additions and 345 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2020/CVE-2020-225xx/CVE-2020-22540.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-22540",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-15T23:15:06.730",
"lastModified": "2024-04-16T13:24:07.103",
"lastModified": "2024-10-31T18:35:00.647",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de Cross-Site Scripting (XSS) almacenado en Codoforum v4.9 permite a los atacantes ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado en el componente de nombre de categor\u00eda."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/s4fv4n/0d7a5093886cf41d9c478166e4aeec64",

27
CVE-2021/CVE-2021-474xx/CVE-2021-47439.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47439",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-22T07:15:09.163",
"lastModified": "2024-05-22T12:46:53.887",
"lastModified": "2024-10-31T18:35:01.573",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: dsa: microchip: se agreg\u00f3 la condici\u00f3n para programar ksz_mib_read_work Cuando el m\u00f3dulo ksz se instala y elimina usando rmmod, el kernel falla con un error de desreferencia de puntero nulo. Durante rmmod, la funci\u00f3n ksz_switch_remove intenta cancelar mib_read_workqueue usando la rutina cancel_delayed_work_sync y cancelar el registro del conmutador de dsa. Durante dsa_unregister_switch llama a ksz_mac_link_down, que a su vez reprograma la cola de trabajo ya que mib_interval no es cero. Debido a qu\u00e9 cola se ejecut\u00f3 despu\u00e9s de mib_interval e intenta acceder a dp->slave. Pero el esclavo no est\u00e1 registrado en la funci\u00f3n ksz_switch_remove. Por lo tanto, el kernel falla. Para evitar este bloqueo, antes de cancelar la cola de trabajo, restableci\u00f3 mib_interval a 0. v1 -> v2: -Se elimin\u00f3 la condici\u00f3n if en ksz_mib_read_work"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/383239a33cf29ebee9ce0d4e0e5c900b77a16148",

39
CVE-2023/CVE-2023-401xx/CVE-2023-40105.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40105",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.083",
"lastModified": "2024-02-16T13:37:55.033",
"lastModified": "2024-10-31T17:35:01.983",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En backupAgentCreated de ActivityManagerService.java, existe una forma posible de filtrar datos confidenciales debido a una falta de verificaci\u00f3n de permisos. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/935eb5ed6be35860a99ea242fb753f687d54a308",

39
CVE-2023/CVE-2023-459xx/CVE-2023-45918.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45918",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-16T22:15:07.880",
"lastModified": "2024-10-28T21:15:03.937",
"lastModified": "2024-10-31T18:35:03.080",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,7 +22,42 @@
"value": "ncurses 6.4-20230610 tiene una desreferencia de puntero NULL en tgetstr en tinfo/lib_termcap.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2300290#c1",

27
CVE-2023/CVE-2023-525xx/CVE-2023-52542.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52542",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-04-08T09:15:08.647",
"lastModified": "2024-04-08T18:48:40.217",
"lastModified": "2024-10-31T18:35:03.870",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Vulnerabilidad de verificaci\u00f3n de permisos en el m\u00f3dulo del sistema. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad afectar\u00e1 la disponibilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/3/",

34
CVE-2024/CVE-2024-104xx/CVE-2024-10458.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10458",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:03.623",
"lastModified": "2024-10-31T15:03:37.573",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-31T18:35:04.080",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-104xx/CVE-2024-10459.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10459",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:03.713",
"lastModified": "2024-10-31T15:16:30.147",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-31T18:35:04.883",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-104xx/CVE-2024-10460.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10460",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:03.800",
"lastModified": "2024-10-31T14:32:10.607",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-31T18:35:05.703",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-211xx/CVE-2024-21133.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21133",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-07-16T23:15:13.683",
"lastModified": "2024-07-17T13:34:20.520",
"lastModified": "2024-10-31T18:35:06.540",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujul2024.html",

27
CVE-2024/CVE-2024-232xx/CVE-2024-23231.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23231",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:47.780",
"lastModified": "2024-03-13T22:15:09.780",
"lastModified": "2024-10-31T18:35:07.310",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados para las entradas de registro. Este problema se solucion\u00f3 en macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4, iOS 16.7.6 y iPadOS 16.7.6. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21",

27
CVE-2024/CVE-2024-232xx/CVE-2024-23280.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23280",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:49.740",
"lastModified": "2024-05-07T06:15:08.307",
"lastModified": "2024-10-31T17:35:02.803",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se solucion\u00f3 un problema de inyecci\u00f3n con una validaci\u00f3n mejorada. Este problema se solucion\u00f3 en Safari 17.4, macOS Sonoma 14.4, iOS 17.4 y iPadOS 17.4, watchOS 10.4, tvOS 17.4. Una p\u00e1gina web creada con fines malintencionados puede tomar huellas digitales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/20",

39
CVE-2024/CVE-2024-253xx/CVE-2024-25325.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25325",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-12T08:15:45.370",
"lastModified": "2024-03-12T12:40:13.500",
"lastModified": "2024-10-31T18:35:07.527",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en Employee Management System v.1.0 permite a un atacante local obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado en el par\u00e1metro txtemail en login.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://cxsecurity.com/issue/WLB-2024020062",

39
CVE-2024/CVE-2024-260xx/CVE-2024-26018.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26018",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-03-26T10:15:08.120",
"lastModified": "2024-03-26T12:55:05.010",
"lastModified": "2024-10-31T18:35:08.353",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de Cross-site scripting en TvRock 0.9t8a. Se puede ejecutar un script arbitrario en el navegador web del usuario que accede al sitio web que utiliza el producto. Tenga en cuenta que el desarrollador era inalcanzable, por lo tanto, los usuarios deber\u00edan considerar dejar de usar TvRock 0.9t8a."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN69107517/",

27
CVE-2024/CVE-2024-267xx/CVE-2024-26745.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26745",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:07.713",
"lastModified": "2024-04-04T12:48:41.700",
"lastModified": "2024-10-31T18:35:09.190",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: powerpc/pseries/iommu: la tabla IOMMU no est\u00e1 inicializada para kdump sobre SR-IOV Cuando el kernel de kdump intenta copiar datos de volcado sobre SR-IOV, LPAR entra en p\u00e1nico debido a una excepci\u00f3n de puntero NULL: El kernel intent\u00f3 leer la p\u00e1gina del usuario (0): \u00bfintento de explotaci\u00f3n? (uid: 0) ERROR: Desreferencia del puntero NULL del kernel al leer en0x00000000 Faulting instruction address: 0xc000000020847ad4 Oops: Kernel access of bad area, sig: 11 [#1] LE PAGE_SIZE=64K MMU=Radix SMP NR_CPUS=2048 NUMA pSeries Modules linked in: mlx5_core(+) vmx_crypto pseries_wdt papr_scm libnvdimm mlxfw tls psample sunrpc fuse overlay squashfs loop CPU: 12 PID: 315 Comm: systemd-udevd Not tainted 6.4.0-Test102+ #12 Hardware name: IBM,9080-HEX POWER10 (raw) 0x800200 0xf000006 of:IBM,FW1060.00 (NH1060_008) hv:phyp pSeries NIP: c000000020847ad4 LR: c00000002083b2dc CTR: 00000000006cd18c REGS: c000000029162ca0 TRAP: 0300 Not tainted (6.4.0-Test102+) MSR: 800000000280b033 CR: 48288244 XER: 00000008 CFAR: c00000002083b2d8 DAR: 0000000000000000 DSISR: 40000000 IRQMASK: 1 ... NIP _find_next_zero_bit+0x24/0x110 LR bitmap_find_next_zero_area_off+0x5c/0xe0 Call Trace: dev_printk_emit+0x38/0x48 (unreliable) iommu_area_alloc+0xc4/0x180 iommu_range_alloc+0x1e8/0x580 iommu_alloc+0x60/0x130 iommu_alloc_coherent+0x158/0x2b0 dma_iommu_alloc_coherent+0x3c/0x50 dma_alloc_attrs+0x170/0x1f0 mlx5_cmd_init+0xc0/0x760 [mlx5_core] mlx5_function_setup+0xf0/0x510 [mlx5_core] mlx5_init_one+0x84/0x210 [mlx5_core] probe_one+0x118/0x2c0 [mlx5_core] local_pci_probe+0x68/0x110 pci_call_probe+0x68/0x200 pci_device_probe+0xbc/0x1a0 really_probe+0x104/0x540 __driver_probe_device+0xb4/0x230 driver_probe_device+0x54/0x130 __driver_attach+0x158/0x2b0 bus_for_each_dev+0xa8/0x130 driver_attach+0x34/0x50 bus_add_driver+0x16c/0x300 driver_register+0xa4/0x1b0 __pci_register_driver+0x68/0x80 mlx5_init+0xb8/0x100 [mlx5_core] do_one_initcall+0x60/0x300 do_init_module+0x7c/0x2b0. En el momento del volcado de LPAR, antes de que kexec entregue el control al kernel de kdump, los DDW (Dynamic DMA Windows) se escanean y agregan al FDT. Para el caso de SR-IOV, la ventana DMA predeterminada \"ibm,dma-window\" se elimina de FDT y se agrega DDW para el dispositivo. Ahora, kexec entrega el control al kernel kdump. Cuando se inicializa el kernel kdump, se escanean los buses PCI y se crean grupos/tablas IOMMU, en pci_dma_bus_setup_pSeriesLP(). Para el caso SR-IOV, no existe \"ibm,dma-window\". el commit original: b1fc44eaa9ba, corrige la ruta donde la memoria est\u00e1 preasignada (asignada directamente) al DDW. Cuando las TCE se asignan directamente, no es necesario inicializar las tablas IOMMU. iommu_table_setparms_lpar() solo considera la propiedad \"ibm,dma-window\" al inicializar la tabla IOMMU. En el escenario en el que las TCE se asignan din\u00e1micamente para SR-IOV, la tabla IOMMU reci\u00e9n creada no se inicializa. M\u00e1s tarde, cuando el controlador del dispositivo intenta ingresar TCE para el dispositivo SR-IOV, se genera una ejecuci\u00f3n de puntero NULL desde iommu_area_alloc(). La soluci\u00f3n es inicializar la tabla IOMMU con la propiedad DDW almacenada en el FDT. Hay 2 puntos para recordar: 1. Para el adaptador dedicado, el kernel de kdump encontrar\u00eda tanto el valor predeterminado como el DDW en FDT. En este caso, la propiedad DDW se utiliza para inicializar la tabla IOMMU. 2. Un DDW podr\u00eda tener un mapeo directo o din\u00e1mico. El kernel kdump inicializar\u00eda la tabla IOMMU y marcar\u00eda el DDW existente como \"din\u00e1mico\". Esto funciona bien ya que, en el momento de la inicializaci\u00f3n de la tabla, iommu_table_clear() crea algo de espacio en el DDW, para una cantidad predefinida de TCE que son necesarias para que kdump tenga \u00e9xito."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/09a3c1e46142199adcee372a420b024b4fc61051",

27
CVE-2024/CVE-2024-270xx/CVE-2024-27072.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27072",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:51.127",
"lastModified": "2024-10-17T14:15:05.930",
"lastModified": "2024-10-31T17:35:03.127",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: usbtv: Eliminar bloqueos in\u00fatiles en usbtv_video_free() Eliminar llamadas de bloqueos en usbtv_video_free() porque son in\u00fatiles y pueden provocar un punto muerto como se informa aqu\u00ed: https://syzkaller.appspot .com/x/bisect.txt?x=166dc872180000 Tambi\u00e9n elimine la llamada usbtv_stop() ya que se llamar\u00e1 al cancelar el registro del dispositivo. Antes de 'c838530d230b', este problema solo se notaba si se desconectaba mientras se transmit\u00eda y ahora se nota incluso cuando se desconecta mientras no se transmite. [hverkuil: corrige un error ortogr\u00e1fico menor en el mensaje de registro]"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3e7d82ebb86e94643bdb30b0b5b077ed27dce1c2",

39
CVE-2024/CVE-2024-279xx/CVE-2024-27974.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27974",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-03-18T08:15:06.287",
"lastModified": "2024-03-18T12:38:25.490",
"lastModified": "2024-10-31T18:35:09.403",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de Cross-Site Request Forgery en impresoras FUJIFILM que implementan CentreWare Internet Services o Internet Services permite que un atacante remoto no autenticado altere la informaci\u00f3n del usuario. En el caso de que el usuario sea administrador, se podr\u00e1n alterar configuraciones como ID de administrador, contrase\u00f1a, etc. En cuanto a los detalles de los nombres de los productos, n\u00fameros de modelo y versiones afectados, consulte la informaci\u00f3n proporcionada por el proveedor que figura en [Referencias]."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN34328023/",

39
CVE-2024/CVE-2024-285xx/CVE-2024-28515.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28515",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-03T07:15:44.240",
"lastModified": "2024-04-03T12:38:04.840",
"lastModified": "2024-10-31T18:35:10.233",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de desbordamiento de b\u00fafer en CSAPP_Lab CSAPP Lab3 15-213 Fall 20xx permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente lab3 del csapp,lab3/buflab-update.pl."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/heshi906/090b647a76981b8aa621e99fd6e1795d",

39
CVE-2024/CVE-2024-334xx/CVE-2024-33470.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33470",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-24T15:15:23.807",
"lastModified": "2024-05-24T18:09:20.027",
"lastModified": "2024-10-31T18:35:11.050",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en la configuraci\u00f3n de correo electr\u00f3nico SMTP de AVTECH Room Alert 4E v4.4.0 permite a los atacantes obtener acceso a credenciales en texto plano mediante un ataque de transferencia. NOTA: Esta vulnerabilidad solo afecta a productos que ya no son compatibles con el fabricante."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://avtech.com/articles/27443/security-advisory-smtp-password-disclosure-in-dom/",

39
CVE-2024/CVE-2024-338xx/CVE-2024-33869.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33869",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T19:15:03.767",
"lastModified": "2024-07-05T12:55:51.367",
"lastModified": "2024-10-31T18:35:11.883",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en Artifex Ghostscript antes de la versi\u00f3n 10.03.1. El path traversal y la ejecuci\u00f3n de comandos pueden ocurrir (a trav\u00e9s de un documento PostScript manipulado) debido a la reducci\u00f3n de ruta en base/gpmisc.c. Por ejemplo, las restricciones sobre el uso de %pipe% se pueden omitir mediante el nombre de archivo de salida aa/../%pipe%command#."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707691",

27
CVE-2024/CVE-2024-340xx/CVE-2024-34002.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34002",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.130",
"lastModified": "2024-06-03T14:46:24.250",
"lastModified": "2024-10-31T18:35:12.750",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En un entorno de alojamiento compartido que ha sido mal configurado para permitir el acceso al contenido de otros usuarios, un usuario de Moodle con acceso para restaurar m\u00f3dulos de retroalimentaci\u00f3n y acceso directo al servidor web fuera de la ra\u00edz web de Moodle podr\u00eda ejecutar una inclusi\u00f3n de archivo local."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "patrick@puiterwijk.org",

6
CVE-2024/CVE-2024-345xx/CVE-2024-34537.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34537",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-28T14:15:04.740",
"lastModified": "2024-10-29T14:34:50.257",
"lastModified": "2024-10-31T17:15:12.903",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -47,6 +47,10 @@
{
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-011",
"source": "cve@mitre.org"
},
{
"url": "https://www.mgm-sp.com/cve/denial-of-service-in-typo3-bookmark-toolbar",
"source": "cve@mitre.org"
}
]
}

27
CVE-2024/CVE-2024-359xx/CVE-2024-35989.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35989",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-20T10:15:13.190",
"lastModified": "2024-05-20T13:00:04.957",
"lastModified": "2024-10-31T18:35:12.980",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dmaengine: idxd: soluciona errores durante rmmod en plataformas de CPU \u00fanica Durante la eliminaci\u00f3n del controlador idxd, se invoca la devoluci\u00f3n de llamada sin conexi\u00f3n registrada como parte del proceso de limpieza. Sin embargo, en sistemas con una sola CPU en l\u00ednea, no hay ning\u00fan destino v\u00e1lido disponible para migrar el contexto de rendimiento, lo que genera un error del kernel: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 000000000002a2b8 #PF: acceso de escritura del supervisor en modo kernel #PF: error_code(0x0002) - p\u00e1gina no presente PGD 1470e1067 P4D 0 Ups: 0002 [#1] PREEMPT SMP NOPTI CPU: 0 PID: 20 Comm: cpuhp/0 No contaminado 6.8.0-rc6-dsa+ #57 Nombre de hardware: Intel Corporation AvenueCity/AvenueCity, BIOS BHSDCRB1.86B.2492.D03.2307181620 18/07/2023 RIP: 0010:mutex_lock+0x2e/0x50 ... Seguimiento de llamadas: __die+0x24/0x70 page_fault_oops+0x82/0x160 do_user_addr_fault++0x65 /0x6b0 __pfx___rdmsr_safe_on_cpu+0x10/0x10 exc_page_fault+0x7d/0x170 asm_exc_page_fault+0x26/0x30 mutex_lock+0x2e/0x50 mutex_lock+0x1e/0x50 perf_pmu_migrate_context+0x87/0x1f0 f_event_cpu_offline+0x76/0x90 [idxd] cpuhp_invoke_callback+0xa2/0x4f0 __pfx_perf_event_cpu_offline+0x10/0x10 [idxd] cpuhp_thread_fun+0x98/0x150 smpboot_thread_fn+0x27/0x260 smpboot_thread_fn+0x1af/0x260 __pfx_smpboot_thread_fn+0x10/0x10 kthread+0x103/0x140 __pfx_kthread+0x10/0 x10 ret_from_fork+0x31/0x50 __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 Solucione el problema impidiendo la migraci\u00f3n del contexto de rendimiento a un destino no v\u00e1lido."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/023b6390a15a98f9c3aa5e7da78d485d5384a08e",

39
CVE-2024/CVE-2024-377xx/CVE-2024-37763.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37763",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T22:15:03.050",
"lastModified": "2024-07-02T12:09:16.907",
"lastModified": "2024-10-31T18:35:13.207",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "MachForm hasta la versi\u00f3n 19 se ve afectado por cross-site scripting almacenado no autenticada que afecta a los usuarios con sesiones v\u00e1lidas que pueden ver los resultados de los formularios compilados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Atreb92/cve-2024-37763",

14
CVE-2024/CVE-2024-406xx/CVE-2024-40680.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-40680",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-07T14:15:02.350",
"lastModified": "2024-09-13T20:55:57.213",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-31T17:15:12.990",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Operator 2.0.26 and 3.2.4 could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
"value": "IBM MQ 9.3 CD and 9.4 LTS/CD could allow a local user to cause a denial of service due to improper memory allocation causing a segmentation fault."
},
{
"lang": "es",
@ -104,14 +104,6 @@
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297611",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7167732",
"source": "psirt@us.ibm.com",

8
CVE-2024/CVE-2024-406xx/CVE-2024-40681.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-40681",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-07T15:15:10.167",
"lastModified": "2024-09-09T13:03:38.303",
"lastModified": "2024-10-31T17:15:13.143",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
"value": "IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD could allow an authenticated user in a specifically defined role, to bypass security restrictions and execute actions against the queue manager."
},
{
"lang": "es",
@ -52,10 +52,6 @@
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/297611",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7167732",
"source": "psirt@us.ibm.com"

101
CVE-2024/CVE-2024-44xx/CVE-2024-4468.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4468",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-08T08:15:08.870",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T18:40:45.817",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
@ -39,42 +59,99 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:salonbookingsystem:salon_booking_system:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "10.0",
"matchCriteriaId": "79686948-F4C5-4127-8EC5-877994B66A27"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L10",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L16",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php#L7",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L12",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L16",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/salon-booking-system/trunk/src/SLN/Admin/Tools.php#L231",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLB_Discount/Admin/ExportDiscountsCsv.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3098413/salon-booking-system/trunk/src/SLN/Admin/Tools.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b73f864-68b5-4ba8-93a3-37f2564cc240?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2024/CVE-2024-465xx/CVE-2024-46528.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-46528",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T18:15:03.847",
"lastModified": "2024-10-22T19:35:08.350",
"lastModified": "2024-10-31T17:15:13.250",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere v3.4.1 and v4.1.1 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks."
"value": "An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks."
},
{
"lang": "es",
@ -53,7 +53,11 @@
],
"references": [
{
"url": "http://kubesphere.com",
"url": "https://github.com/kubesphere/kubesphere/issues/6227",
"source": "cve@mitre.org"
},
{
"url": "https://kubesphere.io/",
"source": "cve@mitre.org"
},
{

44
CVE-2024/CVE-2024-46xx/CVE-2024-4661.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4661",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-08T06:15:09.463",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T18:21:43.683",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,14 +39,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webfactoryltd:wp_reset:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.03",
"matchCriteriaId": "3FFC82BC-8A4B-4CB8-9757-F8F82955CB36"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3097597/wp-reset",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0d2dc86e-f937-429f-9baa-0eb0a8715513?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-476xx/CVE-2024-47640.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-47640",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T14:15:06.867",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T17:39:28.907",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in weDevs WP ERP allows Reflected XSS.This issue affects WP ERP: from n/a through 1.13.2."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en weDevs WP ERP permite XSS reflejado. Este problema afecta a WP ERP: desde n/a hasta 1.13.2."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wedevs:wp_erp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.13.3",
"matchCriteriaId": "7281D962-49C1-4240-ABBB-78BBD579983B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/erp/wordpress-wp-erp-plugin-1-13-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

34
CVE-2024/CVE-2024-482xx/CVE-2024-48213.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48213",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-23T22:15:02.600",
"lastModified": "2024-10-31T15:09:20.730",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-31T18:35:14.040",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

43
CVE-2024/CVE-2024-485xx/CVE-2024-48569.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48569",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T18:15:07.567",
"lastModified": "2024-10-30T18:15:07.567",
"lastModified": "2024-10-31T18:35:14.873",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Proactive Risk Manager version 9.1.1.0 is affected by multiple Cross-Site Scripting (XSS) vulnerabilities in the add/edit form fields, at the urls starting with the subpaths: /ar/config/configuation/ and /ar/config/risk-strategy-control/"
},
{
"lang": "es",
"value": "La versi\u00f3n 9.1.1.0 de Proactive Risk Manager se ve afectada por m\u00faltiples vulnerabilidades de Cross Site Scripting (XSS) en los campos de formulario para agregar o editar, en las direcciones URL que comienzan con las subrutas: /ar/config/conguation/ y /ar/config/risk-strategy-control/"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/MarioTesoro/CVE-2024-48569",

43
CVE-2024/CVE-2024-486xx/CVE-2024-48646.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48646",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T18:15:07.640",
"lastModified": "2024-10-30T18:15:07.640",
"lastModified": "2024-10-31T18:35:15.693",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Unrestricted File Upload vulnerability exists in Sage 1000 v7.0.0, which allows authorized users to upload files without proper validation. An attacker could exploit this vulnerability by uploading malicious files, such as HTML, scripts, or other executable content, that may be executed on the server, leading to further system compromise."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de carga de archivos sin restricciones en Sage 1000 v7.0.0 que permite a los usuarios autorizados cargar archivos sin la validaci\u00f3n adecuada. Un atacante podr\u00eda aprovechar esta vulnerabilidad cargando archivos maliciosos, como HTML, scripts u otro contenido ejecutable, que se pueden ejecutar en el servidor, lo que provocar\u00eda un mayor riesgo para el sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md",

43
CVE-2024/CVE-2024-486xx/CVE-2024-48647.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48647",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T18:15:07.743",
"lastModified": "2024-10-30T18:15:07.743",
"lastModified": "2024-10-31T18:35:16.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A file disclosure vulnerability exists in Sage 1000 v7.0.0. This vulnerability allows remote attackers to retrieve arbitrary files from the server's file system by manipulating the URL parameter in HTTP requests. The attacker can exploit this flaw to access sensitive information, including configuration files that may contain credentials and system settings, which could lead to further compromise of the server."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de divulgaci\u00f3n de archivos en Sage 1000 v7.0.0. Esta vulnerabilidad permite a atacantes remotos recuperar archivos arbitrarios del sistema de archivos del servidor manipulando el par\u00e1metro URL en las solicitudes HTTP. El atacante puede aprovechar esta falla para acceder a informaci\u00f3n confidencial, incluidos archivos de configuraci\u00f3n que pueden contener credenciales y configuraciones del sistema, lo que podr\u00eda provocar un mayor compromiso del servidor."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md",

43
CVE-2024/CVE-2024-486xx/CVE-2024-48648.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48648",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-30T18:15:07.813",
"lastModified": "2024-10-30T18:15:07.813",
"lastModified": "2024-10-31T17:35:03.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability exists in the Sage 1000 v 7.0.0. This vulnerability allows attackers to inject malicious scripts into URLs, which are reflected back by the server in the response without proper sanitization or encoding."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross Site Scripting (XSS) Reflejado en Sage 1000 v 7.0.0. Esta vulnerabilidad permite a los atacantes inyectar secuencias de comandos maliciosas en las URL, que el servidor refleja en la respuesta sin la codificaci\u00f3n ni la desinfecci\u00f3n adecuadas."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/hx381/Sage-1000-v7.0.0-Exploit/blob/main/README.md",

51
CVE-2024/CVE-2024-496xx/CVE-2024-49643.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-49643",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T13:15:06.743",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T18:48:20.883",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan Whitelist allows Reflected XSS.This issue affects Whitelist: from n/a through 3.5."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Abdullah Irfan Whitelist permite XSS reflejado. Este problema afecta a Whitelist: desde n/a hasta 3.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:abdullahirfan:whitelist:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.5",
"matchCriteriaId": "7D614ADA-C6E7-40A5-BFC0-DD380D809819"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fifthsegment-whitelist/wordpress-whitelist-plugin-3-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-496xx/CVE-2024-49645.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-49645",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T13:15:06.960",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T17:59:25.867",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ilias Gomatos Affiliate Platform allows Reflected XSS.This issue affects Affiliate Platform: from n/a through 1.4.8."
},
{
"lang": "es",
"value": " La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Ilias Gomatos Affiliate Platform permite XSS reflejado. Este problema afecta a Affiliate Platform: desde n/a hasta 1.4.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:soft-master:affiliate_platform:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.4.8",
"matchCriteriaId": "CDCCCE04-9C59-4CBE-9583-C19FF3AECD2B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/smdp-affiliate-platform/wordpress-affiliate-platform-plugin-1-4-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

153
CVE-2024/CVE-2024-500xx/CVE-2024-50074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50074",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-29T01:15:04.540",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T18:23:21.567",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,166 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: parport: Soluci\u00f3n adecuada para el acceso fuera de los l\u00edmites a matrices La soluci\u00f3n reciente para los accesos fuera de los l\u00edmites a matrices reemplaz\u00f3 las llamadas sprintf() ciegamente con snprintf(). Sin embargo, dado que snprintf() devuelve el tama\u00f1o que se imprimir\u00e1, no el tama\u00f1o de salida real, el c\u00e1lculo de la longitud a\u00fan puede superar el l\u00edmite dado. Utilice scnprintf() en lugar de snprintf(), que devuelve las letras de salida reales, para abordar el posible acceso fuera de los l\u00edmites correctamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.224",
"versionEndExcluding": "5.10.228",
"matchCriteriaId": "F063567D-B906-4EFC-B8A1-807AF8A51B2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.169",
"matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.114",
"matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.58",
"matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.5",
"matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/02ac3a9ef3a18b58d8f3ea2b6e46de657bf6c4f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1826b6d69bbb7f9ae8711827facbb2ad7f8d0aaa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2a8b26a09c8e3ea03da1ef3cd0ef6b96e559fba6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/440311903231c6e6c9bcf8acb6a2885a422e00bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/66029078fee00646e2e9dbb8f41ff7819f8e7569",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fca048f222ce9dcbde5708ba2bf81d85a4a27952",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

90
CVE-2024/CVE-2024-503xx/CVE-2024-50347.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-50347",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-31T18:15:05.600",
"lastModified": "2024-10-31T18:15:05.600",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. Prior to 1.4.0, there is an issue where verification signatures for requests sent to Reverb's Pusher-compatible API were not being verified. This API is used in scenarios such as broadcasting a message from a backend service or for obtaining statistical information (such as number of connections) about a given channel. This issue only affects the Pusher-compatible API endpoints and not the WebSocket connections themselves. In order to exploit this vulnerability, the application ID which, should never be exposed, would need to be known by an attacker. This vulnerability is fixed in 1.4.0."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:Green",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "GREEN",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://github.com/laravel/reverb/commit/73cc140d76e803b151fc2dd2e4eb3eb784a82ee2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/laravel/reverb/pull/252",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/laravel/reverb/releases/tag/v1.4.0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/laravel/reverb/security/advisories/GHSA-pfrr-xvrf-pxjx",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-503xx/CVE-2024-50356.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-50356",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-31T18:15:05.750",
"lastModified": "2024-10-31T18:15:05.750",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). The password could be reset by anyone who have access to the mail inbox circumventing the 2FA. Even though they wouldn't be able to login by bypassing the 2FA. Only users who have enabled 2FA are affected. Commit ba0007c28ac814260f836849bc07d29beea7deb6 patches this bug."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 0.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
}
],
"references": [
{
"url": "https://github.com/frappe/press/commit/ba0007c28ac814260f836849bc07d29beea7deb6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/frappe/press/security/advisories/GHSA-g7mf-rm73-r7g9",
"source": "security-advisories@github.com"
}
]
}

101
CVE-2024/CVE-2024-50xx/CVE-2024-5087.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5087",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-08T06:15:09.883",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T18:26:54.500",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -39,42 +59,99 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webfactoryltd:minimal_coming_soon_\\&_maintenance_mode:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.39",
"matchCriteriaId": "0290B68A-A94C-4265-ABCE-FF6B26C91263"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/swisskyrepo/PayloadsAllTheThings/blob/master/CRLF%20Injection/README.md",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Not Applicable"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/tags/2.38/framework/wf-licensing.php#L51",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/tags/2.38/framework/wf-licensing.php#L52",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/tags/2.38/framework/wf-licensing.php#L54",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/tags/2.38/framework/wf-licensing.php#L561",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/tags/2.38/framework/wf-licensing.php#L585",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/tags/2.38/framework/wf-licensing.php#L596",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3099123/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/affdaf63-2098-4ad6-b15b-990d1941fecb?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-514xx/CVE-2024-51430.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-51430",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-31T17:15:13.403",
"lastModified": "2024-10-31T17:35:04.600",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in online diagnostic lab management system using php v.1.0 allows a remote attacker to execute arbitrary code via the Test Name parameter on the diagnostic/add-test.php component."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/BLACK-SCORP10/CVE-2024-51430",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com",
"source": "cve@mitre.org"
}
]
}

64
CVE-2024/CVE-2024-514xx/CVE-2024-51478.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-51478",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-31T17:15:13.500",
"lastModified": "2024-10-31T17:15:13.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "YesWiki is a wiki system written in PHP. Prior to 4.4.5, the use of a weak cryptographic algorithm and a hard-coded salt to hash the password reset key allows it to be recovered and used to reset the password of any account. This issue is fixed in 4.4.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://github.com/YesWiki/yeswiki/commit/b5a8f93b87720d5d5f033a4b3a131ce0fb621dbc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/YesWiki/yeswiki/commit/e1285709f6f6a2277bd0075acf369f33cefd78f7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/YesWiki/yeswiki/security/advisories/GHSA-4fvx-h823-38v3",
"source": "security-advisories@github.com"
}
]
}

82
CVE-2024/CVE-2024-514xx/CVE-2024-51481.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-51481",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-31T17:15:13.723",
"lastModified": "2024-10-31T17:15:13.723",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nix is a package manager for Linux and other Unix systems. On macOS, built-in builders (such as `builtin:fetchurl`, exposed to users with `import <nix/fetchurl.nix>`) were not executed in the macOS sandbox. Thus, these builders (which are running under the `nixbld*` users) had read access to world-readable paths and write access to world-writable paths outside of the sandbox. This issue is fixed in 2.18.9, 2.19.7, 2.20.9, 2.21.5, 2.22.4, 2.23.4, and 2.24.10. Note that sandboxing is not enabled by default on macOS. The Nix sandbox is not primarily intended as a security mechanism, but as an aid to improve reproducibility and purity of Nix builds. However, sandboxing *can* mitigate the impact of other security issues by limiting what parts of the host system a build has access to."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 1.0,
"baseSeverity": "LOW"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://github.com/NixOS/nix/commit/597fcc98e18e3178734d06a9e7306250e8cb8d74",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/NixOS/nix/security/advisories/GHSA-wf4c-57rh-9pjg",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-514xx/CVE-2024-51482.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-51482",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-31T18:15:05.997",
"lastModified": "2024-10-31T18:15:05.997",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ZoneMinder is a free, open source closed-circuit television software application. ZoneMinder v1.37.* <= 1.37.64 is vulnerable to boolean-based SQL Injection in function of web/ajax/event.php. This is fixed in 1.37.64."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/ZoneMinder/zoneminder/commit/9e7d31841ed9678a7dd06869037686fc9925e59f",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-qm8h-3xvf-m7j3",
"source": "security-advisories@github.com"
}
]
}

49
CVE-2024/CVE-2024-56xx/CVE-2024-5613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5613",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-08T06:15:10.143",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T18:31:30.757",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,18 +39,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:awplife:formula:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "0.5.2",
"matchCriteriaId": "790C5D73-ABE7-4839-AF87-AEEA5D2267A7"
}
]
}
]
}
],
"references": [
{
"url": "https://themes.trac.wordpress.org/browser/formula/0.5.1/inc/customizer/customizer-notice/formula-customizer-notify.php?rev=229770#L143",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://themes.trac.wordpress.org/changeset/230569/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/bf391432-d569-4458-947f-fe4a2ebcf8f1?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

49
CVE-2024/CVE-2024-56xx/CVE-2024-5638.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5638",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-08T06:15:10.433",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T18:38:33.640",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,18 +39,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:awplife:formula:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "0.5.2",
"matchCriteriaId": "790C5D73-ABE7-4839-AF87-AEEA5D2267A7"
}
]
}
]
}
],
"references": [
{
"url": "https://themes.trac.wordpress.org/browser/formula/0.5.1/inc/customizer/customizer-notice/formula-customizer-notify.php?rev=229770#L184",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://themes.trac.wordpress.org/changeset/230569/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/193eeb92-f0af-4c6a-ac44-3166023a3006?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

71
CVE-2024/CVE-2024-58xx/CVE-2024-5823.json
View File

@ -2,16 +2,42 @@
"id": "CVE-2024-5823",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-29T13:15:07.380",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T18:05:00.637",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions <= 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior or security settings. Additionally, tampering with these configuration files can result in a denial of service (DoS) condition, disrupting normal system operation."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de sobrescritura de archivos en las versiones de gaizhenbiao/chuanhuchatgpt &lt;= 20240410. Esta vulnerabilidad permite a un atacante obtener acceso no autorizado para sobrescribir archivos de configuraci\u00f3n cr\u00edticos dentro del sistema. La explotaci\u00f3n de esta vulnerabilidad puede provocar cambios no autorizados en el comportamiento del sistema o en la configuraci\u00f3n de seguridad. Adem\u00e1s, la manipulaci\u00f3n de estos archivos de configuraci\u00f3n puede provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS), lo que interrumpe el funcionamiento normal del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -37,8 +63,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-610"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,14 +83,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gaizhenbiao:chuanhuchatgpt:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2024-04-10",
"matchCriteriaId": "F1491457-1C35-46E2-B227-86AD7E60215F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gaizhenbiao/chuanhuchatgpt/commit/720c23d755a4a955dcb0a54e8c200a2247a27f8b",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/ca361701-7d68-4df6-8da0-caad4b85b9ae",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-70xx/CVE-2024-7042.json
View File

@ -2,16 +2,42 @@
"id": "CVE-2024-7042",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-29T13:15:08.883",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T18:36:30.140",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the GraphCypherQAChain class of langchain-ai/langchainjs versions 0.2.5 and all versions with this class allows for prompt injection, leading to SQL injection. This vulnerability permits unauthorized data manipulation, data exfiltration, denial of service (DoS) by deleting all data, breaches in multi-tenant security environments, and data integrity issues. Attackers can create, update, or delete nodes and relationships without proper authorization, extract sensitive data, disrupt services, access data across different tenants, and compromise the integrity of the database."
},
{
"lang": "es",
"value": "Una vulnerabilidad en la clase GraphCypherQAChain de langchain-ai/langchainjs versiones 0.2.5 y todas las versiones con esta clase permite la inyecci\u00f3n r\u00e1pida, lo que lleva a la inyecci\u00f3n SQL. Esta vulnerabilidad permite la manipulaci\u00f3n no autorizada de datos, la exfiltraci\u00f3n de datos, la denegaci\u00f3n de servicio (DoS) mediante la eliminaci\u00f3n de todos los datos, las infracciones en entornos de seguridad de m\u00faltiples tenants y los problemas de integridad de los datos. Los atacantes pueden crear, actualizar o eliminar nodos y relaciones sin la autorizaci\u00f3n adecuada, extraer datos confidenciales, interrumpir servicios, acceder a datos en diferentes tenants y comprometer la integridad de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -47,14 +73,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:langchain:langchain:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.3.1",
"matchCriteriaId": "46A65E02-4E54-49B9-942F-BDD1555CCA4B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/langchain-ai/langchainjs/commit/615b9d9ab30a2d23a2f95fb8d7acfdf4b41ad7a6",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/b612defb-1104-4fff-9fef-001ab07c7b2d",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-74xx/CVE-2024-7472.json
View File

@ -2,16 +2,42 @@
"id": "CVE-2024-7472",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-29T13:15:09.093",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-31T18:46:32.497",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lunary-ai/lunary v1.2.26 contains an email injection vulnerability in the Send email verification API (/v1/users/send-verification) and Sign up API (/auth/signup). An unauthenticated attacker can inject data into outgoing emails by bypassing the extractFirstName function using a different whitespace character (e.g., \\xa0). This vulnerability can be exploited to conduct phishing attacks, damage the application's brand, cause legal and compliance issues, and result in financial impact due to unauthorized email usage."
},
{
"lang": "es",
"value": "lunary-ai/lunary v1.2.26 contiene una vulnerabilidad de inyecci\u00f3n de correo electr\u00f3nico en la API de verificaci\u00f3n de env\u00edo de correo electr\u00f3nico (/v1/users/send-verification) y la API de registro (/auth/signup). Un atacante no autenticado puede inyectar datos en los correos electr\u00f3nicos salientes al omitir la funci\u00f3n extractFirstName utilizando un car\u00e1cter de espacio en blanco diferente (por ejemplo, \\xa0). Esta vulnerabilidad se puede explotar para realizar ataques de phishing, da\u00f1ar la marca de la aplicaci\u00f3n, causar problemas legales y de cumplimiento y generar un impacto financiero debido al uso no autorizado del correo electr\u00f3nico."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -37,8 +63,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,14 +83,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:lunary:lunary:1.2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "85C53140-9D39-4835-A1FA-24F98F18FD27"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/lunary-ai/lunary/commit/a39837d7c49936a0c435d241f37ca2ea7904d2cd",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/dc1feec6-1efb-4538-9b56-ab25deb80948",
"source": "security@huntr.dev"
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-78xx/CVE-2024-7883.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-7883",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-10-31T17:15:14.013",
"lastModified": "2024-10-31T17:15:14.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When using Arm Cortex-M Security Extensions (CMSE), Secure stack \ncontents can be leaked to Non-secure state via floating-point registers \nwhen a Secure to Non-secure function call is made that returns a \nfloating-point value and when this is the first use of floating-point \nsince entering Secure state. This allows an attacker to read a limited \nquantity of Secure stack contents with an impact on confidentiality. \nThis issue is specific to code generated using LLVM-based compilers."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "arm-security@arm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "arm-security@arm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-226"
}
]
}
],
"references": [
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Cortex-M%20Security%20Extensions%20Vulnerability",
"source": "arm-security@arm.com"
}
]
}

18
CVE-2024/CVE-2024-96xx/CVE-2024-9675.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-9675",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-09T15:15:17.837",
"lastModified": "2024-10-30T23:15:14.133",
"lastModified": "2024-10-31T17:15:14.250",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -64,6 +64,22 @@
"url": "https://access.redhat.com/errata/RHSA-2024:8679",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:8703",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:8707",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:8708",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:8709",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-9675",
"source": "secalert@redhat.com"

73
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-10-31T17:00:20.597318+00:00
2024-10-31T19:00:20.333660+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-10-31T16:48:41.553000+00:00
2024-10-31T18:48:20.883000+00:00
```
### Last Data Feed Release
@ -33,50 +33,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
267735
267742
```
### CVEs added in the last Commit
Recently added CVEs: `6`
Recently added CVEs: `7`
- [CVE-2024-48910](CVE-2024/CVE-2024-489xx/CVE-2024-48910.json) (`2024-10-31T15:15:15.720`)
- [CVE-2024-50354](CVE-2024/CVE-2024-503xx/CVE-2024-50354.json) (`2024-10-31T16:15:05.763`)
- [CVE-2024-51255](CVE-2024/CVE-2024-512xx/CVE-2024-51255.json) (`2024-10-31T16:15:06.033`)
- [CVE-2024-51260](CVE-2024/CVE-2024-512xx/CVE-2024-51260.json) (`2024-10-31T16:15:06.113`)
- [CVE-2024-8185](CVE-2024/CVE-2024-81xx/CVE-2024-8185.json) (`2024-10-31T16:15:06.267`)
- [CVE-2024-8553](CVE-2024/CVE-2024-85xx/CVE-2024-8553.json) (`2024-10-31T15:15:17.243`)
- [CVE-2024-50347](CVE-2024/CVE-2024-503xx/CVE-2024-50347.json) (`2024-10-31T18:15:05.600`)
- [CVE-2024-50356](CVE-2024/CVE-2024-503xx/CVE-2024-50356.json) (`2024-10-31T18:15:05.750`)
- [CVE-2024-51430](CVE-2024/CVE-2024-514xx/CVE-2024-51430.json) (`2024-10-31T17:15:13.403`)
- [CVE-2024-51478](CVE-2024/CVE-2024-514xx/CVE-2024-51478.json) (`2024-10-31T17:15:13.500`)
- [CVE-2024-51481](CVE-2024/CVE-2024-514xx/CVE-2024-51481.json) (`2024-10-31T17:15:13.723`)
- [CVE-2024-51482](CVE-2024/CVE-2024-514xx/CVE-2024-51482.json) (`2024-10-31T18:15:05.997`)
- [CVE-2024-7883](CVE-2024/CVE-2024-78xx/CVE-2024-7883.json) (`2024-10-31T17:15:14.013`)
### CVEs modified in the last Commit
Recently modified CVEs: `117`
Recently modified CVEs: `44`
- [CVE-2024-48311](CVE-2024/CVE-2024-483xx/CVE-2024-48311.json) (`2024-10-31T16:35:19.993`)
- [CVE-2024-48807](CVE-2024/CVE-2024-488xx/CVE-2024-48807.json) (`2024-10-31T15:35:39.950`)
- [CVE-2024-49632](CVE-2024/CVE-2024-496xx/CVE-2024-49632.json) (`2024-10-31T16:31:51.467`)
- [CVE-2024-49634](CVE-2024/CVE-2024-496xx/CVE-2024-49634.json) (`2024-10-31T16:30:35.667`)
- [CVE-2024-49635](CVE-2024/CVE-2024-496xx/CVE-2024-49635.json) (`2024-10-31T15:27:24.033`)
- [CVE-2024-49638](CVE-2024/CVE-2024-496xx/CVE-2024-49638.json) (`2024-10-31T15:56:45.253`)
- [CVE-2024-49639](CVE-2024/CVE-2024-496xx/CVE-2024-49639.json) (`2024-10-31T15:58:48.317`)
- [CVE-2024-49640](CVE-2024/CVE-2024-496xx/CVE-2024-49640.json) (`2024-10-31T16:04:01.113`)
- [CVE-2024-49641](CVE-2024/CVE-2024-496xx/CVE-2024-49641.json) (`2024-10-31T16:05:44.353`)
- [CVE-2024-51242](CVE-2024/CVE-2024-512xx/CVE-2024-51242.json) (`2024-10-31T16:35:20.873`)
- [CVE-2024-51243](CVE-2024/CVE-2024-512xx/CVE-2024-51243.json) (`2024-10-31T15:35:40.967`)
- [CVE-2024-51254](CVE-2024/CVE-2024-512xx/CVE-2024-51254.json) (`2024-10-31T15:35:41.800`)
- [CVE-2024-51419](CVE-2024/CVE-2024-514xx/CVE-2024-51419.json) (`2024-10-31T15:35:42.590`)
- [CVE-2024-51424](CVE-2024/CVE-2024-514xx/CVE-2024-51424.json) (`2024-10-31T16:35:21.660`)
- [CVE-2024-51425](CVE-2024/CVE-2024-514xx/CVE-2024-51425.json) (`2024-10-31T16:35:22.463`)
- [CVE-2024-51426](CVE-2024/CVE-2024-514xx/CVE-2024-51426.json) (`2024-10-31T15:35:43.373`)
- [CVE-2024-51427](CVE-2024/CVE-2024-514xx/CVE-2024-51427.json) (`2024-10-31T15:35:44.180`)
- [CVE-2024-5143](CVE-2024/CVE-2024-51xx/CVE-2024-5143.json) (`2024-10-31T15:35:44.950`)
- [CVE-2024-5498](CVE-2024/CVE-2024-54xx/CVE-2024-5498.json) (`2024-10-31T15:35:45.733`)
- [CVE-2024-7473](CVE-2024/CVE-2024-74xx/CVE-2024-7473.json) (`2024-10-31T15:11:45.557`)
- [CVE-2024-7774](CVE-2024/CVE-2024-77xx/CVE-2024-7774.json) (`2024-10-31T15:39:04.510`)
- [CVE-2024-7783](CVE-2024/CVE-2024-77xx/CVE-2024-7783.json) (`2024-10-31T15:49:02.870`)
- [CVE-2024-7962](CVE-2024/CVE-2024-79xx/CVE-2024-7962.json) (`2024-10-31T16:14:52.337`)
- [CVE-2024-8143](CVE-2024/CVE-2024-81xx/CVE-2024-8143.json) (`2024-10-31T16:23:35.827`)
- [CVE-2024-9505](CVE-2024/CVE-2024-95xx/CVE-2024-9505.json) (`2024-10-31T16:39:41.193`)
- [CVE-2024-34002](CVE-2024/CVE-2024-340xx/CVE-2024-34002.json) (`2024-10-31T18:35:12.750`)
- [CVE-2024-34537](CVE-2024/CVE-2024-345xx/CVE-2024-34537.json) (`2024-10-31T17:15:12.903`)
- [CVE-2024-35989](CVE-2024/CVE-2024-359xx/CVE-2024-35989.json) (`2024-10-31T18:35:12.980`)
- [CVE-2024-37763](CVE-2024/CVE-2024-377xx/CVE-2024-37763.json) (`2024-10-31T18:35:13.207`)
- [CVE-2024-40680](CVE-2024/CVE-2024-406xx/CVE-2024-40680.json) (`2024-10-31T17:15:12.990`)
- [CVE-2024-40681](CVE-2024/CVE-2024-406xx/CVE-2024-40681.json) (`2024-10-31T17:15:13.143`)
- [CVE-2024-4468](CVE-2024/CVE-2024-44xx/CVE-2024-4468.json) (`2024-10-31T18:40:45.817`)
- [CVE-2024-46528](CVE-2024/CVE-2024-465xx/CVE-2024-46528.json) (`2024-10-31T17:15:13.250`)
- [CVE-2024-4661](CVE-2024/CVE-2024-46xx/CVE-2024-4661.json) (`2024-10-31T18:21:43.683`)
- [CVE-2024-47640](CVE-2024/CVE-2024-476xx/CVE-2024-47640.json) (`2024-10-31T17:39:28.907`)
- [CVE-2024-48213](CVE-2024/CVE-2024-482xx/CVE-2024-48213.json) (`2024-10-31T18:35:14.040`)
- [CVE-2024-48569](CVE-2024/CVE-2024-485xx/CVE-2024-48569.json) (`2024-10-31T18:35:14.873`)
- [CVE-2024-48646](CVE-2024/CVE-2024-486xx/CVE-2024-48646.json) (`2024-10-31T18:35:15.693`)
- [CVE-2024-48647](CVE-2024/CVE-2024-486xx/CVE-2024-48647.json) (`2024-10-31T18:35:16.527`)
- [CVE-2024-48648](CVE-2024/CVE-2024-486xx/CVE-2024-48648.json) (`2024-10-31T17:35:03.713`)
- [CVE-2024-49643](CVE-2024/CVE-2024-496xx/CVE-2024-49643.json) (`2024-10-31T18:48:20.883`)
- [CVE-2024-49645](CVE-2024/CVE-2024-496xx/CVE-2024-49645.json) (`2024-10-31T17:59:25.867`)
- [CVE-2024-50074](CVE-2024/CVE-2024-500xx/CVE-2024-50074.json) (`2024-10-31T18:23:21.567`)
- [CVE-2024-5087](CVE-2024/CVE-2024-50xx/CVE-2024-5087.json) (`2024-10-31T18:26:54.500`)
- [CVE-2024-5613](CVE-2024/CVE-2024-56xx/CVE-2024-5613.json) (`2024-10-31T18:31:30.757`)
- [CVE-2024-5638](CVE-2024/CVE-2024-56xx/CVE-2024-5638.json) (`2024-10-31T18:38:33.640`)
- [CVE-2024-5823](CVE-2024/CVE-2024-58xx/CVE-2024-5823.json) (`2024-10-31T18:05:00.637`)
- [CVE-2024-7042](CVE-2024/CVE-2024-70xx/CVE-2024-7042.json) (`2024-10-31T18:36:30.140`)
- [CVE-2024-7472](CVE-2024/CVE-2024-74xx/CVE-2024-7472.json) (`2024-10-31T18:46:32.497`)
- [CVE-2024-9675](CVE-2024/CVE-2024-96xx/CVE-2024-9675.json) (`2024-10-31T17:15:14.250`)
## Download and Usage

335
_state.csv
View File

File diff suppressed because it is too large Load Diff